You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@manifoldcf.apache.org by kw...@apache.org on 2016/08/30 23:40:39 UTC
svn commit: r1758509 - in
/manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch:
MCFAuthorizer.java MCFAuthorizerPlugin.java
MCFAuthorizerRestSearchAction.java
Author: kwright
Date: Tue Aug 30 23:40:39 2016
New Revision: 1758509
URL: http://svn.apache.org/viewvc?rev=1758509&view=rev
Log:
Do some fixes, but everything still pretty broken
Modified:
manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizer.java
manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizerPlugin.java
manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizerRestSearchAction.java
Modified: manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizer.java
URL: http://svn.apache.org/viewvc/manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizer.java?rev=1758509&r1=1758508&r2=1758509&view=diff
==============================================================================
--- manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizer.java (original)
+++ manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizer.java Tue Aug 30 23:40:39 2016
@@ -22,9 +22,9 @@ import java.io.*;
import java.util.*;
import java.net.*;
-import org.elasticsearch.index.query.FilterBuilder;
-import org.elasticsearch.index.query.BoolFilterBuilder;
-import org.elasticsearch.index.query.TermFilterBuilder;
+import org.elasticsearch.index.query.QueryBuilder;
+import org.elasticsearch.index.query.BoolQueryBuilder;
+import org.elasticsearch.index.query.TermQueryBuilder;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.logging.ESLogger;
@@ -119,7 +119,7 @@ public class MCFAuthorizer
*@param authenticatedUserNamesAndDomains is a list of user names and its domains in the form "user:mcfdomain".
*@return the filter builder.
*/
- public FilterBuilder buildAuthorizationFilter(String[] authenticatedUserNamesAndDomains)
+ public QueryBuilder buildAuthorizationFilter(String[] authenticatedUserNamesAndDomains)
throws MCFAuthorizerException{
Map<String,String> domainMap = new HashMap<String,String>();
for(String buffer : authenticatedUserNamesAndDomains){
@@ -136,9 +136,9 @@ public class MCFAuthorizer
/** Main method for building a filter representing appropriate security.
*@param domainMap is a map from MCF authorization domain name to user name,
* and describes a complete user identity.
- *@return the filter builder.
+ *@return the query builder.
*/
- public FilterBuilder buildAuthorizationFilter(Map<String,String> domainMap)
+ public QueryBuilder buildAuthorizationFilter(Map<String,String> domainMap)
throws MCFAuthorizerException
{
if (authorityBaseURL == null)
@@ -167,9 +167,9 @@ public class MCFAuthorizer
/** Main method for building a filter representing appropriate security.
*@param authenticatedUserName is a user name in the form "user:mcfdomain".
- *@return the filter builder.
+ *@return the query builder.
*/
- public FilterBuilder buildAuthorizationFilter(String authenticatedUserName)
+ public QueryBuilder buildAuthorizationFilter(String authenticatedUserName)
throws MCFAuthorizerException
{
return buildAuthorizationFilter(authenticatedUserName, "");
@@ -178,9 +178,9 @@ public class MCFAuthorizer
/** Main method for building a filter representing appropriate security.
*@param authenticatedUserName is a user name in the form "user".
*@param authenticatedUserDomain is the corresponding MCF authorization domain.
- *@return the filter builder.
+ *@return the query builder.
*/
- public FilterBuilder buildAuthorizationFilter(String authenticatedUserName, String authenticatedUserDomain)
+ public QueryBuilder buildAuthorizationFilter(String authenticatedUserName, String authenticatedUserDomain)
throws MCFAuthorizerException
{
Map<String,String> domainMap = new HashMap<String,String>();
@@ -192,17 +192,17 @@ public class MCFAuthorizer
*@param userAccessTokens are a set of tokens to use to construct the filter (presumably from mod_authz_annotate, upstream)
*@return the wrapped query enforcing ManifoldCF security.
*/
- public FilterBuilder buildAuthorizationFilter(List<String> userAccessTokens)
+ public QueryBuilder buildAuthorizationFilter(List<String> userAccessTokens)
throws MCFAuthorizerException
{
- BoolFilterBuilder bq = new BoolFilterBuilder();
+ BoolQueryBuilder bq = new BoolQueryBuilder();
- FilterBuilder allowShareOpen = new TermFilterBuilder(fieldAllowShare,NOSECURITY_TOKEN);
- FilterBuilder denyShareOpen = new TermFilterBuilder(fieldDenyShare,NOSECURITY_TOKEN);
- FilterBuilder allowParentOpen = new TermFilterBuilder(fieldAllowParent,NOSECURITY_TOKEN);
- FilterBuilder denyParentOpen = new TermFilterBuilder(fieldDenyParent,NOSECURITY_TOKEN);
- FilterBuilder allowDocumentOpen = new TermFilterBuilder(fieldAllowDocument,NOSECURITY_TOKEN);
- FilterBuilder denyDocumentOpen = new TermFilterBuilder(fieldDenyDocument,NOSECURITY_TOKEN);
+ QueryBuilder allowShareOpen = new TermQueryBuilder(fieldAllowShare,NOSECURITY_TOKEN);
+ QueryBuilder denyShareOpen = new TermQueryBuilder(fieldDenyShare,NOSECURITY_TOKEN);
+ QueryBuilder allowParentOpen = new TermQueryBuilder(fieldAllowParent,NOSECURITY_TOKEN);
+ QueryBuilder denyParentOpen = new TermQueryBuilder(fieldDenyParent,NOSECURITY_TOKEN);
+ QueryBuilder allowDocumentOpen = new TermQueryBuilder(fieldAllowDocument,NOSECURITY_TOKEN);
+ QueryBuilder denyDocumentOpen = new TermQueryBuilder(fieldDenyDocument,NOSECURITY_TOKEN);
if (userAccessTokens == null || userAccessTokens.size() == 0)
{
@@ -233,21 +233,21 @@ public class MCFAuthorizer
* ((fieldAllowShare is empty AND fieldDenyShare is empty) OR fieldAllowShare HAS token1 OR fieldAllowShare HAS token2 ...)
* AND fieldDenyShare DOESN'T_HAVE token1 AND fieldDenyShare DOESN'T_HAVE token2 ...
*/
- protected static FilterBuilder calculateCompleteSubquery(String allowField, String denyField, FilterBuilder allowOpen, FilterBuilder denyOpen, List<String> userAccessTokens)
+ protected static QueryBuilder calculateCompleteSubquery(String allowField, String denyField, QueryBuilder allowOpen, QueryBuilder denyOpen, List<String> userAccessTokens)
{
- BoolFilterBuilder bq = new BoolFilterBuilder();
+ BoolQueryBuilder bq = new BoolQueryBuilder();
// No ES equivalent - hope this is done right inside
//bq.setMaxClauseCount(1000000);
// Add the empty-acl case
- BoolFilterBuilder subUnprotectedClause = new BoolFilterBuilder();
+ BoolQueryBuilder subUnprotectedClause = new BoolQueryBuilder();
subUnprotectedClause.must(allowOpen);
subUnprotectedClause.must(denyOpen);
bq.should(subUnprotectedClause);
for (String accessToken : userAccessTokens)
{
- bq.should(new TermFilterBuilder(allowField,accessToken));
- bq.mustNot(new TermFilterBuilder(denyField,accessToken));
+ bq.should(new TermQueryBuilder(allowField,accessToken));
+ bq.mustNot(new TermQueryBuilder(denyField,accessToken));
}
return bq;
}
Modified: manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizerPlugin.java
URL: http://svn.apache.org/viewvc/manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizerPlugin.java?rev=1758509&r1=1758508&r2=1758509&view=diff
==============================================================================
--- manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizerPlugin.java (original)
+++ manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizerPlugin.java Tue Aug 30 23:40:39 2016
@@ -18,14 +18,13 @@
*/
package org.apache.manifoldcf.elasticsearch;
-import org.elasticsearch.common.inject.Module;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.logging.Loggers;
-import org.elasticsearch.plugins.AbstractPlugin;
+import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.rest.RestModule;
-public class MCFAuthorizerPlugin extends AbstractPlugin
+public class MCFAuthorizerPlugin extends Plugin
{
private final ESLogger log = Loggers.getLogger(this.getClass());
@@ -45,9 +44,7 @@ public class MCFAuthorizerPlugin extends
}
@Override
- public void processModule(Module module) {
- if (module instanceof RestModule) {
- ((RestModule) module).addRestAction(MCFAuthorizerRestSearchAction.class);
- }
+ public void onModule(RestModule module) {
+ module.addRestAction(MCFAuthorizerRestSearchAction.class);
}
}
Modified: manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizerRestSearchAction.java
URL: http://svn.apache.org/viewvc/manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizerRestSearchAction.java?rev=1758509&r1=1758508&r2=1758509&view=diff
==============================================================================
--- manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizerRestSearchAction.java (original)
+++ manifoldcf/integration/elasticsearch-2.0/trunk/src/main/java/org/apache/manifoldcf/elasticsearch/MCFAuthorizerRestSearchAction.java Tue Aug 30 23:40:39 2016
@@ -29,7 +29,6 @@ import org.elasticsearch.rest.action.sup
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
-import org.elasticsearch.ElasticsearchIllegalArgumentException;
import org.elasticsearch.action.support.IndicesOptions;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.unit.TimeValue;
@@ -72,7 +71,7 @@ public class MCFAuthorizerRestSearchActi
boolean isTemplateRequest = request.path().endsWith("/template");
if(request.hasContent() || request.hasParam("source")) {
- FilterBuilder authorizationFilter = authorizer.buildAuthorizationFilter(authenticatedUserNamesAndDomains);
+ QueryBuilder authorizationFilter = authorizer.buildAuthorizationFilter(authenticatedUserNamesAndDomains);
FilteredQueryBuilder filteredQueryBuilder;
ObjectMapper objectMapper = new ObjectMapper();
@@ -123,7 +122,7 @@ public class MCFAuthorizerRestSearchActi
String queryString = request.param("q");
if(queryString != null) {
String[] authenticatedUserNamesAndDomains = request.param("u").split(",");
- FilterBuilder authorizationFilter = authorizer.buildAuthorizationFilter(authenticatedUserNamesAndDomains);
+ QueryBuilder authorizationFilter = authorizer.buildAuthorizationFilter(authenticatedUserNamesAndDomains);
QueryStringQueryBuilder from = QueryBuilders.queryStringQuery(queryString);
from.defaultField(request.param("df"));
from.analyzer(request.param("analyzer"));
@@ -154,7 +153,7 @@ public class MCFAuthorizerRestSearchActi
if(searchSourceBuilder == null) {
searchSourceBuilder = new SearchSourceBuilder();
}
- FilterBuilder authorizationFilter = authorizer.buildAuthorizationFilter(request.param("u"));
+ QueryBuilder authorizationFilter = authorizer.buildAuthorizationFilter(request.param("u"));
searchSourceBuilder.query(QueryBuilders.filteredQuery(QueryBuilders.matchAllQuery(),authorizationFilter));
}
}