You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by no...@apache.org on 2021/11/04 10:42:39 UTC
[solr] 01/01: untested patch
This is an automated email from the ASF dual-hosted git repository.
noble pushed a commit to branch jira/SOLR-15768
in repository https://gitbox.apache.org/repos/asf/solr.git
commit 9788ad22fd9c9f348c88d03dcf31b25848601d43
Author: Noble Paul <no...@gmail.com>
AuthorDate: Thu Nov 4 21:42:20 2021 +1100
untested patch
---
solr/core/src/java/org/apache/solr/api/AnnotatedApi.java | 12 +++++++++---
.../java/org/apache/solr/handler/admin/ZookeeperReadAPI.java | 9 ++++++++-
2 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/solr/core/src/java/org/apache/solr/api/AnnotatedApi.java b/solr/core/src/java/org/apache/solr/api/AnnotatedApi.java
index 2aa65fe..6e7de18 100644
--- a/solr/core/src/java/org/apache/solr/api/AnnotatedApi.java
+++ b/solr/core/src/java/org/apache/solr/api/AnnotatedApi.java
@@ -74,6 +74,7 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea
private final Map<String, Cmd> commands ;
private final Cmd singletonCommand;
private final Api fallback;
+ private final PermissionNameProvider permissionNameProvider;
@Override
public void close() throws IOException {
@@ -111,6 +112,7 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea
} catch (IllegalAccessException e) {
throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Method may be non-public/inaccessible", e);
}
+ PermissionNameProvider pnp = obj instanceof PermissionNameProvider ? (PermissionNameProvider) obj : null;
if (klas.isAnnotationPresent(EndPoint.class)) {
EndPoint endPoint = klas.getAnnotation(EndPoint.class);
List<Method> methods = new ArrayList<>();
@@ -129,7 +131,7 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea
throw new RuntimeException("No method with @Command in class: " + klas.getName());
}
SpecProvider specProvider = readSpec(endPoint, methods);
- return Collections.singletonList(new AnnotatedApi(specProvider, endPoint, commands, null));
+ return Collections.singletonList(new AnnotatedApi(specProvider, endPoint, commands, null, pnp));
} else {
List<Api> apis = new ArrayList<>();
for (Method m : klas.getMethods()) {
@@ -137,7 +139,7 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea
if (endPoint == null) continue;
Cmd cmd = new Cmd("", obj, m);
SpecProvider specProvider = readSpec(endPoint, Collections.singletonList(m));
- apis.add(new AnnotatedApi(specProvider, endPoint, Collections.singletonMap("", cmd), null));
+ apis.add(new AnnotatedApi(specProvider, endPoint, Collections.singletonMap("", cmd), null, pnp));
}
if (!allowEmpty && apis.isEmpty()) {
throw new RuntimeException("Invalid Class : " + klas.getName() + " No @EndPoints");
@@ -147,12 +149,16 @@ public class AnnotatedApi extends Api implements PermissionNameProvider , Closea
}
}
- protected AnnotatedApi(SpecProvider specProvider, EndPoint endPoint, Map<String, Cmd> commands, Api fallback) {
+ protected AnnotatedApi(SpecProvider specProvider, EndPoint endPoint, Map<String, Cmd> commands, Api fallback,
+ PermissionNameProvider permissionNameProvider) {
super(specProvider);
this.endPoint = endPoint;
this.fallback = fallback;
this.commands = commands;
this.singletonCommand = commands.get("");
+ this.permissionNameProvider = permissionNameProvider == null ?
+ request -> endPoint.permission() :
+ permissionNameProvider;
}
@Override
diff --git a/solr/core/src/java/org/apache/solr/handler/admin/ZookeeperReadAPI.java b/solr/core/src/java/org/apache/solr/handler/admin/ZookeeperReadAPI.java
index 0220ca5..f0dab4a 100644
--- a/solr/core/src/java/org/apache/solr/handler/admin/ZookeeperReadAPI.java
+++ b/solr/core/src/java/org/apache/solr/handler/admin/ZookeeperReadAPI.java
@@ -39,6 +39,8 @@ import org.apache.solr.core.CoreContainer;
import org.apache.solr.handler.RequestHandlerUtils;
import org.apache.solr.request.SolrQueryRequest;
import org.apache.solr.response.SolrQueryResponse;
+import org.apache.solr.security.AuthorizationContext;
+import org.apache.solr.security.PermissionNameProvider;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.data.Stat;
@@ -56,7 +58,7 @@ import static org.apache.solr.security.PermissionNameProvider.Name.ZK_READ_PERM;
* @lucene.experimental
*/
-public class ZookeeperReadAPI {
+public class ZookeeperReadAPI implements PermissionNameProvider {
private final CoreContainer coreContainer;
public ZookeeperReadAPI(CoreContainer coreContainer) {
@@ -144,4 +146,9 @@ public class ZookeeperReadAPI {
ew.put("dataLength", stat.getDataLength());
}
+ @Override
+ public Name getPermissionName(AuthorizationContext ctx) {
+ String path = ctx.getResource();
+ return path.contains("/security.json") ? Name.SECURITY_READ_PERM : ZK_READ_PERM;
+ }
}