You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by ab...@apache.org on 2017/01/19 15:32:41 UTC
[32/38] lucene-solr:jira/solr-9857: SOLR-9984: Deprecate
GenericHadoopAuthPlugin in favor of HadoopAuthPlugin
SOLR-9984: Deprecate GenericHadoopAuthPlugin in favor of HadoopAuthPlugin
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/1a05d6f4
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/1a05d6f4
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/1a05d6f4
Branch: refs/heads/jira/solr-9857
Commit: 1a05d6f4f1a6e7c99662549c8f24a11727d86b2f
Parents: 9f58b6c
Author: Ishan Chattopadhyaya <ic...@gmail.com>
Authored: Thu Jan 19 09:35:59 2017 +0530
Committer: Ishan Chattopadhyaya <ic...@gmail.com>
Committed: Thu Jan 19 09:35:59 2017 +0530
----------------------------------------------------------------------
solr/CHANGES.txt | 8 +
.../solr/security/GenericHadoopAuthPlugin.java | 245 +------------------
.../apache/solr/security/HadoopAuthPlugin.java | 2 +-
3 files changed, 14 insertions(+), 241 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/1a05d6f4/solr/CHANGES.txt
----------------------------------------------------------------------
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index aab5116..62b8818 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -94,6 +94,12 @@ Jetty 9.3.14.v20161028
Detailed Change List
----------------------
+Upgrade Notes
+----------------------
+
+* SOLR-9984: GenericHadoopAuthPlugin is deprecated in favor of HadoopAuthPlugin. Simply changing the
+ name of the class in the security configurations should suffice while upgrading.
+
New Features
----------------------
@@ -122,6 +128,8 @@ Other Changes
----------------------
* SOLR-9980: Expose configVersion in core admin status (Jessica Cheng Mallet via Tom�s Fern�ndez L�bbe)
+* SOLR-9984: Deprecate GenericHadoopAuthPlugin in favor of HadoopAuthPlugin (Ishan Chattopadhyaya)
+
================== 6.4.0 ==================
Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/1a05d6f4/solr/core/src/java/org/apache/solr/security/GenericHadoopAuthPlugin.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/security/GenericHadoopAuthPlugin.java b/solr/core/src/java/org/apache/solr/security/GenericHadoopAuthPlugin.java
index e5fe349..3d63fd6 100644
--- a/solr/core/src/java/org/apache/solr/security/GenericHadoopAuthPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/GenericHadoopAuthPlugin.java
@@ -16,251 +16,16 @@
*/
package org.apache.solr.security;
-import static org.apache.solr.security.RequestContinuesRecorderAuthenticationHandler.REQUEST_CONTINUES_ATTR;
-import static org.apache.solr.security.HadoopAuthFilter.DELEGATION_TOKEN_ZK_CLIENT;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.lang.invoke.MethodHandles;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Optional;
-
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
-
-import org.apache.commons.collections.iterators.IteratorEnumeration;
-import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
-import org.apache.solr.client.solrj.impl.HttpClientBuilderFactory;
-import org.apache.solr.client.solrj.impl.Krb5HttpClientBuilder;
-import org.apache.solr.client.solrj.impl.SolrHttpClientBuilder;
-import org.apache.solr.cloud.ZkController;
-import org.apache.solr.common.SolrException;
-import org.apache.solr.common.SolrException.ErrorCode;
-import org.apache.solr.common.util.SuppressForbidden;
import org.apache.solr.core.CoreContainer;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
/**
- * This class implements a generic plugin which can use authentication schemes exposed by the
- * Hadoop framework. This plugin supports following features
- * - integration with authentication mehcanisms (e.g. kerberos)
- * - Delegation token support
- * - Proxy users (or secure impersonation) support
- *
- * This plugin enables defining configuration parameters required by the undelying Hadoop authentication
- * mechanism. These configuration parameters can either be specified as a Java system property or the default
- * value can be specified as part of the plugin configuration.
- *
- * The proxy users are configured by specifying relevant Hadoop configuration parameters. Please note that
- * the delegation token support must be enabled for using the proxy users support.
- *
- * For Solr internal communication, this plugin enables configuring {@linkplain HttpClientBuilderFactory}
- * implementation (e.g. based on kerberos).
+ * * @deprecated Use {@link HadoopAuthPlugin}. For backcompat against Solr 6.4.
*/
-public class GenericHadoopAuthPlugin extends AuthenticationPlugin implements HttpClientBuilderPlugin {
- private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- /**
- * A property specifying the type of authentication scheme to be configured.
- */
- private static final String HADOOP_AUTH_TYPE = "type";
-
- /**
- * A property specifies the value of the prefix to be used to define Java system property
- * for configuring the authentication mechanism. The name of the Java system property is
- * defined by appending the configuration parmeter namne to this prefix value e.g. if prefix
- * is 'solr' then the Java system property 'solr.kerberos.principal' defines the value of
- * configuration parameter 'kerberos.principal'.
- */
- private static final String SYSPROP_PREFIX_PROPERTY = "sysPropPrefix";
-
- /**
- * A property specifying the configuration parameters required by the authentication scheme
- * defined by {@linkplain #HADOOP_AUTH_TYPE} property.
- */
- private static final String AUTH_CONFIG_NAMES_PROPERTY = "authConfigs";
-
- /**
- * A property specifying the {@linkplain HttpClientBuilderFactory} used for the Solr internal
- * communication.
- */
- private static final String HTTPCLIENT_BUILDER_FACTORY = "clientBuilderFactory";
-
- /**
- * A property specifying the default values for the configuration parameters specified by the
- * {@linkplain #AUTH_CONFIG_NAMES_PROPERTY} property. The default values are specified as a
- * collection of key-value pairs (i.e. property-name : default_value).
- */
- private static final String DEFAULT_AUTH_CONFIGS_PROPERTY = "defaultConfigs";
-
- /**
- * A property which enable (or disable) the delegation tokens functionality.
- */
- private static final String DELEGATION_TOKEN_ENABLED_PROPERTY = "enableDelegationToken";
-
- /**
- * A property which enables initialization of kerberos before connecting to Zookeeper.
- */
- private static final String INIT_KERBEROS_ZK = "initKerberosZk";
-
- /**
- * A property which configures proxy users for the underlying Hadoop authentication mechanism.
- * This configuration is expressed as a collection of key-value pairs (i.e. property-name : value).
- */
- public static final String PROXY_USER_CONFIGS = "proxyUserConfigs";
-
- private AuthenticationFilter authFilter;
- private HttpClientBuilderFactory factory = null;
- private final CoreContainer coreContainer;
+@Deprecated
+public class GenericHadoopAuthPlugin extends HadoopAuthPlugin {
public GenericHadoopAuthPlugin(CoreContainer coreContainer) {
- this.coreContainer = coreContainer;
- }
-
- @SuppressWarnings("rawtypes")
- @Override
- public void init(Map<String,Object> pluginConfig) {
- try {
- String delegationTokenEnabled = (String)pluginConfig.getOrDefault(DELEGATION_TOKEN_ENABLED_PROPERTY, "false");
- authFilter = (Boolean.parseBoolean(delegationTokenEnabled)) ? new HadoopAuthFilter() : new AuthenticationFilter();
-
- // Initialize kerberos before initializing curator instance.
- boolean initKerberosZk = Boolean.parseBoolean((String)pluginConfig.getOrDefault(INIT_KERBEROS_ZK, "false"));
- if (initKerberosZk) {
- (new Krb5HttpClientBuilder()).getBuilder();
- }
-
- FilterConfig conf = getInitFilterConfig(pluginConfig);
- authFilter.init(conf);
-
- String httpClientBuilderFactory = (String)pluginConfig.get(HTTPCLIENT_BUILDER_FACTORY);
- if (httpClientBuilderFactory != null) {
- Class c = Class.forName(httpClientBuilderFactory);
- factory = (HttpClientBuilderFactory)c.newInstance();
- }
-
- } catch (ServletException | ClassNotFoundException | InstantiationException | IllegalAccessException e) {
- throw new SolrException(ErrorCode.SERVER_ERROR, "Error initializing kerberos authentication plugin: "+e);
- }
+ super(coreContainer);
}
- @SuppressWarnings("unchecked")
- protected FilterConfig getInitFilterConfig(Map<String, Object> pluginConfig) {
- Map<String, String> params = new HashMap<>();
-
- String type = (String) Objects.requireNonNull(pluginConfig.get(HADOOP_AUTH_TYPE));
- params.put(HADOOP_AUTH_TYPE, type);
-
- String sysPropPrefix = (String) pluginConfig.getOrDefault(SYSPROP_PREFIX_PROPERTY, "solr.");
- Collection<String> authConfigNames = (Collection<String>) pluginConfig.
- getOrDefault(AUTH_CONFIG_NAMES_PROPERTY, Collections.emptyList());
- Map<String,String> authConfigDefaults = (Map<String,String>) pluginConfig
- .getOrDefault(DEFAULT_AUTH_CONFIGS_PROPERTY, Collections.emptyMap());
- Map<String,String> proxyUserConfigs = (Map<String,String>) pluginConfig
- .getOrDefault(PROXY_USER_CONFIGS, Collections.emptyMap());
-
- for ( String configName : authConfigNames) {
- String systemProperty = sysPropPrefix + configName;
- String defaultConfigVal = authConfigDefaults.get(configName);
- String configVal = System.getProperty(systemProperty, defaultConfigVal);
- if (configVal != null) {
- params.put(configName, configVal);
- }
- }
-
- // Configure proxy user settings.
- params.putAll(proxyUserConfigs);
-
- final ServletContext servletContext = new AttributeOnlyServletContext();
- log.info("Params: "+params);
-
- ZkController controller = coreContainer.getZkController();
- if (controller != null) {
- servletContext.setAttribute(DELEGATION_TOKEN_ZK_CLIENT, controller.getZkClient());
- }
-
- FilterConfig conf = new FilterConfig() {
- @Override
- public ServletContext getServletContext() {
- return servletContext;
- }
-
- @Override
- public Enumeration<String> getInitParameterNames() {
- return new IteratorEnumeration(params.keySet().iterator());
- }
-
- @Override
- public String getInitParameter(String param) {
- return params.get(param);
- }
-
- @Override
- public String getFilterName() {
- return "HadoopAuthFilter";
- }
- };
-
- return conf;
- }
-
- @Override
- public boolean doAuthenticate(ServletRequest request, ServletResponse response, FilterChain filterChain)
- throws Exception {
- final HttpServletResponse frsp = (HttpServletResponse)response;
-
- // Workaround until HADOOP-13346 is fixed.
- HttpServletResponse rspCloseShield = new HttpServletResponseWrapper(frsp) {
- @SuppressForbidden(reason = "Hadoop DelegationTokenAuthenticationFilter uses response writer, this" +
- "is providing a CloseShield on top of that")
- @Override
- public PrintWriter getWriter() throws IOException {
- final PrintWriter pw = new PrintWriterWrapper(frsp.getWriter()) {
- @Override
- public void close() {};
- };
- return pw;
- }
- };
- authFilter.doFilter(request, rspCloseShield, filterChain);
-
- if (authFilter instanceof HadoopAuthFilter) { // delegation token mgmt.
- String requestContinuesAttr = (String)request.getAttribute(REQUEST_CONTINUES_ATTR);
- if (requestContinuesAttr == null) {
- log.warn("Could not find " + REQUEST_CONTINUES_ATTR);
- return false;
- } else {
- return Boolean.parseBoolean(requestContinuesAttr);
- }
- }
-
- return true;
- }
-
- @Override
- public SolrHttpClientBuilder getHttpClientBuilder(SolrHttpClientBuilder builder) {
- return (factory != null) ? factory.getHttpClientBuilder(Optional.ofNullable(builder)) : builder;
- }
-
- @Override
- public void close() throws IOException {
- if (authFilter != null) {
- authFilter.destroy();
- }
- if (factory != null) {
- factory.close();
- }
- }
-}
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/1a05d6f4/solr/core/src/java/org/apache/solr/security/HadoopAuthPlugin.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/security/HadoopAuthPlugin.java b/solr/core/src/java/org/apache/solr/security/HadoopAuthPlugin.java
index db0f639..1f0d5ad 100644
--- a/solr/core/src/java/org/apache/solr/security/HadoopAuthPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/HadoopAuthPlugin.java
@@ -135,7 +135,7 @@ public class HadoopAuthPlugin extends AuthenticationPlugin {
authFilter.init(conf);
} catch (ServletException e) {
- throw new SolrException(ErrorCode.SERVER_ERROR, "Error initializing GenericHadoopAuthPlugin: "+e);
+ throw new SolrException(ErrorCode.SERVER_ERROR, "Error initializing " + getClass().getName() + ": "+e);
}
}