Search in sources :

Example 1 with AuthorizationResponse

use of org.apache.solr.security.AuthorizationResponse in project lucene-solr by apache.

the class HttpSolrCall method call.

/**
   * This method processes the request.
   */
public Action call() throws IOException {
    MDCLoggingContext.reset();
    MDCLoggingContext.setNode(cores);
    if (cores == null) {
        sendError(503, "Server is shutting down or failed to initialize");
        return RETURN;
    }
    if (solrDispatchFilter.abortErrorMessage != null) {
        sendError(500, solrDispatchFilter.abortErrorMessage);
        return RETURN;
    }
    try {
        init();
        /* Authorize the request if
       1. Authorization is enabled, and
       2. The requested resource is not a known static file
        */
        if (cores.getAuthorizationPlugin() != null && shouldAuthorize()) {
            AuthorizationContext context = getAuthCtx();
            log.debug("AuthorizationContext : {}", context);
            AuthorizationResponse authResponse = cores.getAuthorizationPlugin().authorize(context);
            if (authResponse.statusCode == AuthorizationResponse.PROMPT.statusCode) {
                Map<String, String> headers = (Map) getReq().getAttribute(AuthenticationPlugin.class.getName());
                if (headers != null) {
                    for (Map.Entry<String, String> e : headers.entrySet()) response.setHeader(e.getKey(), e.getValue());
                }
                log.debug("USER_REQUIRED " + req.getHeader("Authorization") + " " + req.getUserPrincipal());
            }
            if (!(authResponse.statusCode == HttpStatus.SC_ACCEPTED) && !(authResponse.statusCode == HttpStatus.SC_OK)) {
                log.info("USER_REQUIRED auth header {} context : {} ", req.getHeader("Authorization"), context);
                sendError(authResponse.statusCode, "Unauthorized request, Response code: " + authResponse.statusCode);
                return RETURN;
            }
        }
        HttpServletResponse resp = response;
        switch(action) {
            case ADMIN:
                handleAdminRequest();
                return RETURN;
            case REMOTEQUERY:
                remoteQuery(coreUrl + path, resp);
                return RETURN;
            case PROCESS:
                final Method reqMethod = Method.getMethod(req.getMethod());
                HttpCacheHeaderUtil.setCacheControlHeader(config, resp, reqMethod);
                // if we fail cache validation, execute the query
                if (config.getHttpCachingConfig().isNever304() || !HttpCacheHeaderUtil.doCacheHeaderValidation(solrReq, req, reqMethod, resp)) {
                    SolrQueryResponse solrRsp = new SolrQueryResponse();
                    /* even for HEAD requests, we need to execute the handler to
               * ensure we don't get an error (and to make sure the correct
               * QueryResponseWriter is selected and we get the correct
               * Content-Type)
               */
                    SolrRequestInfo.setRequestInfo(new SolrRequestInfo(solrReq, solrRsp));
                    execute(solrRsp);
                    HttpCacheHeaderUtil.checkHttpCachingVeto(solrRsp, resp, reqMethod);
                    Iterator<Map.Entry<String, String>> headers = solrRsp.httpHeaders();
                    while (headers.hasNext()) {
                        Map.Entry<String, String> entry = headers.next();
                        resp.addHeader(entry.getKey(), entry.getValue());
                    }
                    QueryResponseWriter responseWriter = getResponseWriter();
                    if (invalidStates != null)
                        solrReq.getContext().put(CloudSolrClient.STATE_VERSION, invalidStates);
                    writeResponse(solrRsp, responseWriter, reqMethod);
                }
                return RETURN;
            default:
                return action;
        }
    } catch (Throwable ex) {
        sendError(ex);
        // walk the the entire cause chain to search for an Error
        Throwable t = ex;
        while (t != null) {
            if (t instanceof Error) {
                if (t != ex) {
                    log.error("An Error was wrapped in another exception - please report complete stacktrace on SOLR-6161", ex);
                }
                throw (Error) t;
            }
            t = t.getCause();
        }
        return RETURN;
    } finally {
        MDCLoggingContext.clear();
    }
}
Also used : SolrQueryResponse(org.apache.solr.response.SolrQueryResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthorizationContext(org.apache.solr.security.AuthorizationContext) Method(org.apache.solr.servlet.cache.Method) AuthorizationResponse(org.apache.solr.security.AuthorizationResponse) QueryResponseWriter(org.apache.solr.response.QueryResponseWriter) SolrRequestInfo(org.apache.solr.request.SolrRequestInfo) Map(java.util.Map) ValidatingJsonMap(org.apache.solr.common.util.ValidatingJsonMap) SimpleOrderedMap(org.apache.solr.common.util.SimpleOrderedMap) HashMap(java.util.HashMap)

Example 2 with AuthorizationResponse

use of org.apache.solr.security.AuthorizationResponse in project ranger by apache.

the class RangerSolrAuthorizer method authorize.

@Override
public AuthorizationResponse authorize(AuthorizationContext context) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerSolrAuthorizer.init(context)");
    }
    AuthorizationResponse ret = null;
    try {
        activatePluginClassLoader();
        ret = rangerSolrAuthorizerImpl.authorize(context);
    } finally {
        deactivatePluginClassLoader();
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerSolrAuthorizer.init(context)");
    }
    return ret;
}
Also used : AuthorizationResponse(org.apache.solr.security.AuthorizationResponse)

Example 3 with AuthorizationResponse

use of org.apache.solr.security.AuthorizationResponse in project testcases by coheigea.

the class SolrAuthorizationMockTest method performTest.

private void performTest(final int expectedStatus, String user, String group, RequestType requestType, String ipAddress) throws Exception {
    Map<String, Object> requestParameters = new HashMap<>();
    requestParameters.put("userPrincipal", user);
    requestParameters.put("collectionRequests", "docs");
    requestParameters.put("requestType", requestType);
    if (ipAddress != null) {
        requestParameters.put("ipAddress", ipAddress);
    }
    final AuthorizationContext context = new MockAuthorizationContext(requestParameters);
    if (group != null) {
        UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { group });
        ugi.doAs(new PrivilegedExceptionAction<Void>() {

            public Void run() throws Exception {
                AuthorizationResponse authResp = plugin.authorize(context);
                Assert.assertEquals(expectedStatus, authResp.statusCode);
                return null;
            }
        });
    } else {
        AuthorizationResponse authResp = plugin.authorize(context);
        Assert.assertEquals(expectedStatus, authResp.statusCode);
    }
}
Also used : HashMap(java.util.HashMap) AuthorizationContext(org.apache.solr.security.AuthorizationContext) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) AuthorizationResponse(org.apache.solr.security.AuthorizationResponse)

Aggregations

AuthorizationResponse (org.apache.solr.security.AuthorizationResponse)3 HashMap (java.util.HashMap)2 AuthorizationContext (org.apache.solr.security.AuthorizationContext)2 Map (java.util.Map)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1 SimpleOrderedMap (org.apache.solr.common.util.SimpleOrderedMap)1 ValidatingJsonMap (org.apache.solr.common.util.ValidatingJsonMap)1 SolrRequestInfo (org.apache.solr.request.SolrRequestInfo)1 QueryResponseWriter (org.apache.solr.response.QueryResponseWriter)1 SolrQueryResponse (org.apache.solr.response.SolrQueryResponse)1 Method (org.apache.solr.servlet.cache.Method)1