Example 1 with AuthorizationContext
use of org.apache.solr.security.AuthorizationContext in project lucene-solr by apache.
the class HttpSolrCall method call.
/**
* This method processes the request.
*/
public Action call() throws IOException {
MDCLoggingContext.reset();
MDCLoggingContext.setNode(cores);
if (cores == null) {
sendError(503, "Server is shutting down or failed to initialize");
return RETURN;
}
if (solrDispatchFilter.abortErrorMessage != null) {
sendError(500, solrDispatchFilter.abortErrorMessage);
return RETURN;
}
try {
init();
/* Authorize the request if
1. Authorization is enabled, and
2. The requested resource is not a known static file
*/
if (cores.getAuthorizationPlugin() != null && shouldAuthorize()) {
AuthorizationContext context = getAuthCtx();
log.debug("AuthorizationContext : {}", context);
AuthorizationResponse authResponse = cores.getAuthorizationPlugin().authorize(context);
if (authResponse.statusCode == AuthorizationResponse.PROMPT.statusCode) {
Map<String, String> headers = (Map) getReq().getAttribute(AuthenticationPlugin.class.getName());
if (headers != null) {
for (Map.Entry<String, String> e : headers.entrySet()) response.setHeader(e.getKey(), e.getValue());
}
log.debug("USER_REQUIRED " + req.getHeader("Authorization") + " " + req.getUserPrincipal());
}
if (!(authResponse.statusCode == HttpStatus.SC_ACCEPTED) && !(authResponse.statusCode == HttpStatus.SC_OK)) {
log.info("USER_REQUIRED auth header {} context : {} ", req.getHeader("Authorization"), context);
sendError(authResponse.statusCode, "Unauthorized request, Response code: " + authResponse.statusCode);
return RETURN;
}
}
HttpServletResponse resp = response;
switch(action) {
case ADMIN:
handleAdminRequest();
return RETURN;
case REMOTEQUERY:
remoteQuery(coreUrl + path, resp);
return RETURN;
case PROCESS:
final Method reqMethod = Method.getMethod(req.getMethod());
HttpCacheHeaderUtil.setCacheControlHeader(config, resp, reqMethod);
// if we fail cache validation, execute the query
if (config.getHttpCachingConfig().isNever304() || !HttpCacheHeaderUtil.doCacheHeaderValidation(solrReq, req, reqMethod, resp)) {
SolrQueryResponse solrRsp = new SolrQueryResponse();
/* even for HEAD requests, we need to execute the handler to
* ensure we don't get an error (and to make sure the correct
* QueryResponseWriter is selected and we get the correct
* Content-Type)
*/
SolrRequestInfo.setRequestInfo(new SolrRequestInfo(solrReq, solrRsp));
execute(solrRsp);
HttpCacheHeaderUtil.checkHttpCachingVeto(solrRsp, resp, reqMethod);
Iterator<Map.Entry<String, String>> headers = solrRsp.httpHeaders();
while (headers.hasNext()) {
Map.Entry<String, String> entry = headers.next();
resp.addHeader(entry.getKey(), entry.getValue());
}
QueryResponseWriter responseWriter = getResponseWriter();
if (invalidStates != null)
solrReq.getContext().put(CloudSolrClient.STATE_VERSION, invalidStates);
writeResponse(solrRsp, responseWriter, reqMethod);
}
return RETURN;
default:
return action;
}
} catch (Throwable ex) {
sendError(ex);
// walk the the entire cause chain to search for an Error
Throwable t = ex;
while (t != null) {
if (t instanceof Error) {
if (t != ex) {
log.error("An Error was wrapped in another exception - please report complete stacktrace on SOLR-6161", ex);
}
throw (Error) t;
}
t = t.getCause();
}
return RETURN;
} finally {
MDCLoggingContext.clear();
}
}
Also used :
SolrQueryResponse(org.apache.solr.response.SolrQueryResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthorizationContext(org.apache.solr.security.AuthorizationContext)
Method(org.apache.solr.servlet.cache.Method)
AuthorizationResponse(org.apache.solr.security.AuthorizationResponse)
QueryResponseWriter(org.apache.solr.response.QueryResponseWriter)
SolrRequestInfo(org.apache.solr.request.SolrRequestInfo)
Map(java.util.Map)
ValidatingJsonMap(org.apache.solr.common.util.ValidatingJsonMap)
SimpleOrderedMap(org.apache.solr.common.util.SimpleOrderedMap)
HashMap(java.util.HashMap)
Example 2 with AuthorizationContext
use of org.apache.solr.security.AuthorizationContext in project lucene-solr by apache.
the class HttpSolrCall method getAuthCtx.
private AuthorizationContext getAuthCtx() {
String resource = getPath();
SolrParams params = getQueryParams();
final ArrayList<CollectionRequest> collectionRequests = new ArrayList<>();
if (getCollectionsList() != null) {
for (String collection : getCollectionsList()) {
collectionRequests.add(new CollectionRequest(collection));
}
}
// Extract collection name from the params in case of a Collection Admin request
if (getPath().equals("/admin/collections")) {
if (CREATE.isEqual(params.get("action")) || RELOAD.isEqual(params.get("action")) || DELETE.isEqual(params.get("action")))
collectionRequests.add(new CollectionRequest(params.get("name")));
else if (params.get(COLLECTION_PROP) != null)
collectionRequests.add(new CollectionRequest(params.get(COLLECTION_PROP)));
}
// Handle the case when it's a /select request and collections are specified as a param
if (resource.equals("/select") && params.get("collection") != null) {
collectionRequests.clear();
for (String collection : params.get("collection").split(",")) {
collectionRequests.add(new CollectionRequest(collection));
}
}
// Populate the request type if the request is select or update
if (requestType == RequestType.UNKNOWN) {
if (resource.startsWith("/select") || resource.startsWith("/get"))
requestType = RequestType.READ;
if (resource.startsWith("/update"))
requestType = RequestType.WRITE;
}
// the purpose of processing this request.
if (getCore() != null && (getCollectionsList() == null || getCollectionsList().size() == 0)) {
collectionRequests.add(new CollectionRequest(getCore().getCoreDescriptor().getCollectionName()));
}
if (getQueryParams().get(COLLECTION_PROP) != null)
collectionRequests.add(new CollectionRequest(getQueryParams().get(COLLECTION_PROP)));
return new AuthorizationContext() {
@Override
public SolrParams getParams() {
return null == solrReq ? null : solrReq.getParams();
}
@Override
public Principal getUserPrincipal() {
return getReq().getUserPrincipal();
}
@Override
public String getHttpHeader(String s) {
return getReq().getHeader(s);
}
@Override
public Enumeration getHeaderNames() {
return getReq().getHeaderNames();
}
@Override
public List<CollectionRequest> getCollectionRequests() {
return collectionRequests;
}
@Override
public RequestType getRequestType() {
return requestType;
}
public String getResource() {
return path;
}
@Override
public String getHttpMethod() {
return getReq().getMethod();
}
@Override
public Object getHandler() {
return _getHandler();
}
@Override
public String toString() {
StringBuilder response = new StringBuilder("userPrincipal: [").append(getUserPrincipal()).append("]").append(" type: [").append(requestType.toString()).append("], collections: [");
for (CollectionRequest collectionRequest : collectionRequests) {
response.append(collectionRequest.collectionName).append(", ");
}
if (collectionRequests.size() > 0)
response.delete(response.length() - 1, response.length());
response.append("], Path: [").append(resource).append("]");
response.append(" path : ").append(path).append(" params :").append(getParams());
return response.toString();
}
@Override
public String getRemoteAddr() {
return getReq().getRemoteAddr();
}
@Override
public String getRemoteHost() {
return getReq().getRemoteHost();
}
};
}
Also used :
CollectionRequest(org.apache.solr.security.AuthorizationContext.CollectionRequest)
ArrayList(java.util.ArrayList)
ModifiableSolrParams(org.apache.solr.common.params.ModifiableSolrParams)
SolrParams(org.apache.solr.common.params.SolrParams)
MapSolrParams(org.apache.solr.common.params.MapSolrParams)
AuthorizationContext(org.apache.solr.security.AuthorizationContext)
Aggregations
AuthorizationContext (org.apache.solr.security.AuthorizationContext)2
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
MapSolrParams (org.apache.solr.common.params.MapSolrParams)1
ModifiableSolrParams (org.apache.solr.common.params.ModifiableSolrParams)1
SolrParams (org.apache.solr.common.params.SolrParams)1
SimpleOrderedMap (org.apache.solr.common.util.SimpleOrderedMap)1
ValidatingJsonMap (org.apache.solr.common.util.ValidatingJsonMap)1
SolrRequestInfo (org.apache.solr.request.SolrRequestInfo)1
QueryResponseWriter (org.apache.solr.response.QueryResponseWriter)1
SolrQueryResponse (org.apache.solr.response.SolrQueryResponse)1
CollectionRequest (org.apache.solr.security.AuthorizationContext.CollectionRequest)1
AuthorizationResponse (org.apache.solr.security.AuthorizationResponse)1
Method (org.apache.solr.servlet.cache.Method)1
