use of org.apache.solr.security.AuthorizationResponse in project lucene-solr by apache.
the class HttpSolrCall method call.
/**
* This method processes the request.
*/
public Action call() throws IOException {
MDCLoggingContext.reset();
MDCLoggingContext.setNode(cores);
if (cores == null) {
sendError(503, "Server is shutting down or failed to initialize");
return RETURN;
}
if (solrDispatchFilter.abortErrorMessage != null) {
sendError(500, solrDispatchFilter.abortErrorMessage);
return RETURN;
}
try {
init();
/* Authorize the request if
1. Authorization is enabled, and
2. The requested resource is not a known static file
*/
if (cores.getAuthorizationPlugin() != null && shouldAuthorize()) {
AuthorizationContext context = getAuthCtx();
log.debug("AuthorizationContext : {}", context);
AuthorizationResponse authResponse = cores.getAuthorizationPlugin().authorize(context);
if (authResponse.statusCode == AuthorizationResponse.PROMPT.statusCode) {
Map<String, String> headers = (Map) getReq().getAttribute(AuthenticationPlugin.class.getName());
if (headers != null) {
for (Map.Entry<String, String> e : headers.entrySet()) response.setHeader(e.getKey(), e.getValue());
}
log.debug("USER_REQUIRED " + req.getHeader("Authorization") + " " + req.getUserPrincipal());
}
if (!(authResponse.statusCode == HttpStatus.SC_ACCEPTED) && !(authResponse.statusCode == HttpStatus.SC_OK)) {
log.info("USER_REQUIRED auth header {} context : {} ", req.getHeader("Authorization"), context);
sendError(authResponse.statusCode, "Unauthorized request, Response code: " + authResponse.statusCode);
return RETURN;
}
}
HttpServletResponse resp = response;
switch(action) {
case ADMIN:
handleAdminRequest();
return RETURN;
case REMOTEQUERY:
remoteQuery(coreUrl + path, resp);
return RETURN;
case PROCESS:
final Method reqMethod = Method.getMethod(req.getMethod());
HttpCacheHeaderUtil.setCacheControlHeader(config, resp, reqMethod);
// if we fail cache validation, execute the query
if (config.getHttpCachingConfig().isNever304() || !HttpCacheHeaderUtil.doCacheHeaderValidation(solrReq, req, reqMethod, resp)) {
SolrQueryResponse solrRsp = new SolrQueryResponse();
/* even for HEAD requests, we need to execute the handler to
* ensure we don't get an error (and to make sure the correct
* QueryResponseWriter is selected and we get the correct
* Content-Type)
*/
SolrRequestInfo.setRequestInfo(new SolrRequestInfo(solrReq, solrRsp));
execute(solrRsp);
HttpCacheHeaderUtil.checkHttpCachingVeto(solrRsp, resp, reqMethod);
Iterator<Map.Entry<String, String>> headers = solrRsp.httpHeaders();
while (headers.hasNext()) {
Map.Entry<String, String> entry = headers.next();
resp.addHeader(entry.getKey(), entry.getValue());
}
QueryResponseWriter responseWriter = getResponseWriter();
if (invalidStates != null)
solrReq.getContext().put(CloudSolrClient.STATE_VERSION, invalidStates);
writeResponse(solrRsp, responseWriter, reqMethod);
}
return RETURN;
default:
return action;
}
} catch (Throwable ex) {
sendError(ex);
// walk the the entire cause chain to search for an Error
Throwable t = ex;
while (t != null) {
if (t instanceof Error) {
if (t != ex) {
log.error("An Error was wrapped in another exception - please report complete stacktrace on SOLR-6161", ex);
}
throw (Error) t;
}
t = t.getCause();
}
return RETURN;
} finally {
MDCLoggingContext.clear();
}
}
use of org.apache.solr.security.AuthorizationResponse in project ranger by apache.
the class RangerSolrAuthorizer method authorize.
@Override
public AuthorizationResponse authorize(AuthorizationContext context) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerSolrAuthorizer.init(context)");
}
AuthorizationResponse ret = null;
try {
activatePluginClassLoader();
ret = rangerSolrAuthorizerImpl.authorize(context);
} finally {
deactivatePluginClassLoader();
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerSolrAuthorizer.init(context)");
}
return ret;
}
use of org.apache.solr.security.AuthorizationResponse in project testcases by coheigea.
the class SolrAuthorizationMockTest method performTest.
private void performTest(final int expectedStatus, String user, String group, RequestType requestType, String ipAddress) throws Exception {
Map<String, Object> requestParameters = new HashMap<>();
requestParameters.put("userPrincipal", user);
requestParameters.put("collectionRequests", "docs");
requestParameters.put("requestType", requestType);
if (ipAddress != null) {
requestParameters.put("ipAddress", ipAddress);
}
final AuthorizationContext context = new MockAuthorizationContext(requestParameters);
if (group != null) {
UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { group });
ugi.doAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
AuthorizationResponse authResp = plugin.authorize(context);
Assert.assertEquals(expectedStatus, authResp.statusCode);
return null;
}
});
} else {
AuthorizationResponse authResp = plugin.authorize(context);
Assert.assertEquals(expectedStatus, authResp.statusCode);
}
}
Aggregations