You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by janhoy <gi...@git.apache.org> on 2018/10/09 13:41:27 UTC
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
GitHub user janhoy opened a pull request:
https://github.com/apache/lucene-solr/pull/465
SOLR-7896: Add a login page to Admin UI, with initial support for Basic Auth
First cut for basic auth
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/cominvent/lucene-solr solr7896-admin-login
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/lucene-solr/pull/465.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #465
----
commit 217e0a546a6c64dca32c4c1828435eec1972bfb1
Author: Jan Høydahl <ja...@...>
Date: 2018-10-09T11:49:25Z
SOLR-7896: Add a login page to Admin UI, with initial support for Basic Auth
commit 818f71010a7e970fee346ffeeb2e827c846883f7
Author: Jan Høydahl <ja...@...>
Date: 2018-10-09T13:33:31Z
More docs
Handle more errors
Use external base64 library
Fix precommit
commit 0d8155b55a28dd1d40786c1b4e6edb2a4f55a8b6
Author: Jan Høydahl <ja...@...>
Date: 2018-10-09T13:36:06Z
Merge branch 'master' into solr7896-admin-login
# Conflicts:
# solr/solrj/src/java/org/apache/solr/client/solrj/request/MultiContentWriterRequest.java
----
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Posted by janhoy <gi...@git.apache.org>.
Github user janhoy commented on a diff in the pull request:
https://github.com/apache/lucene-solr/pull/465#discussion_r223860727
--- Diff: solr/webapp/web/index.html ---
@@ -61,9 +62,11 @@
<script src="libs/highlight.js"></script>
<script src="libs/d3.js"></script>
<script src="libs/jquery-ui.min.js"></script>
+ <script src="libs/angular-utf8-base64.min.js"></script>
--- End diff --
Used for base64 encoding of Basic header. Could not find any base64 code in our Admin UI or libs already, else I'd use that.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Posted by janhoy <gi...@git.apache.org>.
Github user janhoy closed the pull request at:
https://github.com/apache/lucene-solr/pull/465
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Posted by janhoy <gi...@git.apache.org>.
Github user janhoy commented on a diff in the pull request:
https://github.com/apache/lucene-solr/pull/465#discussion_r223863279
--- Diff: solr/webapp/web/js/angular/app.js ---
@@ -365,12 +370,62 @@ solrAdminApp.config([
$rootScope.exceptions[rejection.config.url] = rejection.data.error;
}
return $q.reject(rejection);
- }
+ };
+
+ return {request: started, response: ended, responseError: failed};
+})
+// Intercept authentication request from Solr and forward to /solr/#/login
+.factory('authInterceptor', function($q, $rootScope, $location, $timeout, $injector) {
+ var started = function(config) {
+ if (sessionStorage.getItem("auth.header")) {
+ config.headers['Authorization'] = sessionStorage.getItem("auth.header");
+ }
+ return config || $q.when(config);
+ };
+
+ var ended = function(response) {
+ if ($location.path() !== '/login') {
+ sessionStorage.removeItem("http401");
+ sessionStorage.removeItem("auth.statusText");
+ }
+ return response || $q.when(response);
+ };
+
+ var failed = function(rejection) {
+ if (rejection.status === 401) {
+ var headers = rejection.headers();
+ var wwwAuthHeader = headers['www-authenticate'];
+ sessionStorage.setItem("auth.wwwAuthHeader", wwwAuthHeader);
+ sessionStorage.setItem("auth.statusText", rejection.statusText);
+ var authDataHeader = headers['X-Solr-AuthData'];
+ if (authDataHeader !== null) {
+ sessionStorage.setItem("auth.config", authDataHeader);
+ }
+ if ($location.path() === '/login') {
+ sessionStorage.setItem("auth.location", "/");
--- End diff --
Normally users will be redirected to Login page from whatever page that tried to do a restricted API call to Solr, and will be redirected back to that page after login. However, if user explicitly navigates to Login tab, this makes sure he'll be redirected to Dashboard instead of remaining on the Login page.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Posted by janhoy <gi...@git.apache.org>.
Github user janhoy commented on a diff in the pull request:
https://github.com/apache/lucene-solr/pull/465#discussion_r223859201
--- Diff: solr/webapp/web/WEB-INF/web.xml ---
@@ -33,7 +33,7 @@
-->
<init-param>
<param-name>excludePatterns</param-name>
- <param-value>/partials/.+,/libs/.+,/css/.+,/js/.+,/img/.+,/tpl/.+</param-value>
+ <param-value>/partials/.+,/libs/.+,/css/.+,/js/.+,/img/.+,/templates/.+</param-value>
--- End diff --
`/tpl/` was remnants from old UI. Don't remember why I added `/templates/`, as we don't seem to use that either?
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Posted by janhoy <gi...@git.apache.org>.
Github user janhoy commented on a diff in the pull request:
https://github.com/apache/lucene-solr/pull/465#discussion_r223860298
--- Diff: solr/webapp/web/css/angular/login.css ---
@@ -0,0 +1,103 @@
+/*
+
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+*/
+
+#content #login
+{
+ background-position: 0 50%;
+ padding-left: 21px;
+ vertical-align: center;
+ horiz-align: center;
+}
+
+#content #login h1,
+#content #login .h1 {
+ font-size: 2.5rem;
+}
+
+#content #login h2,
+#content #login .h2 {
+ font-size: 2rem;
+}
+
+#content #login p
+{
+ margin-top: 0;
+ margin-bottom: 1rem;
+}
+
+#content #login .login-error
+{
+ font-size: 1rem;
+ color: red;
+ margin-top: 10px;
+ margin-bottom: 10px;
+}
+
+#content #login button {
+ border-radius: 0;
+}
+
+#content #login button:focus {
+ outline: 1px dotted;
+ outline: 5px auto -webkit-focus-ring-color;
+}
+
+#content #login .btn {
--- End diff --
Borrowed some styles from bootstrap css (MIT). It is just some selective cut+paste so I did not add anything to `NOTICE.txt`. Should I? Anyway, we should probably style the login page differently, perhaps as a modal prompt.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Posted by janhoy <gi...@git.apache.org>.
Github user janhoy commented on a diff in the pull request:
https://github.com/apache/lucene-solr/pull/465#discussion_r223866955
--- Diff: solr/webapp/web/partials/login.html ---
@@ -0,0 +1,80 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<div id="login" class="clearfix">
+
+ <div ng-show="authScheme === 'Basic'">
+ <h1>Basic Authentication</h1>
+ <div class="login-error" ng-show="statusText !== 'require authentication' || authParamsError !== null">
+ {{statusText}}{{authParamsError}}
+ </div>
+ <div ng-show="!isLoggedIn()">
+ <p>
+ Solr requires authentication for resource {{authLocation === '/' ? 'Dashboard' : authLocation}}.<br/>
+ Please log in with your username and password for realm {{authRealm}}.
+ </p>
+ <br/>
+ <div ng-show="error" class="alert alert-danger">{{error}}</div>
+ <form name="form" ng-submit="login()" role="form">
+ <div class="form-group">
+ <label for="username">Username</label>
+ <input type="text" name="username" id="username" class="form-control" ng-model="username" required />
+ <span ng-show="form.username.$dirty && form.username.$error.required" class="help-block">Username is required</span>
+ </div>
+ <div class="form-group">
+ <label for="password">Password</label>
+ <input type="password" name="password" id="password" class="form-control" ng-model="password" required />
+ <span ng-show="form.password.$dirty && form.password.$error.required" class="help-block">Password is required</span>
+ </div>
+ <br/>
+ <div class="form-actions">
+ <button type="submit" ng-disabled="form.$invalid" class="btn btn-danger">Login</button>
+ </div>
+ </form>
+ </div>
+
+ <div ng-show="isLoggedIn()">
+ <p>
+ Logged in as user {{authLoggedinUser}}. Realm={{authRealm}}.<br/>
+ </p>
+ <br/>
+ <form name="logoutForm" ng-submit="logout()" role="form" ng-show="isLoggedIn()">
+ <div class="form-actions">
+ <button type="submit" class="btn btn-danger">Logout</button>
+ </div>
+ </form>
+ </div>
+
+ </div>
+
--- End diff --
The idea is that future authentication schemes can add their UI here and code hooks to `login.js` and thus have a very simple extension mechanism. While the ideal would be a true pluggable experience for 3rd party auth to also work, I have not attempted that in this iteration. Ideas of how to achieve that are welcome!
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Posted by janhoy <gi...@git.apache.org>.
Github user janhoy commented on a diff in the pull request:
https://github.com/apache/lucene-solr/pull/465#discussion_r223855611
--- Diff: solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java ---
@@ -180,8 +193,16 @@ public boolean getBlockUnknown(){
return blockUnknown;
}
- public static final String BLOCK_UNKNOWN = "blockUnknown";
- private static final Set<String> PROPS = ImmutableSet.of(BLOCK_UNKNOWN);
-
-
+ public static final String PROPERTY_BLOCK_UNKNOWN = "blockUnknown";
+ public static final String PROPERTY_REALM = "realm";
+ private static final Set<String> PROPS = ImmutableSet.of(PROPERTY_BLOCK_UNKNOWN, PROPERTY_REALM);
--- End diff --
BasicAuth reads the "realm" property and defaults to "solr", but there was no means of setting the property. Also there was no documentation of "realm", so added that to RefGuide.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Posted by janhoy <gi...@git.apache.org>.
Github user janhoy commented on a diff in the pull request:
https://github.com/apache/lucene-solr/pull/465#discussion_r223857445
--- Diff: solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java ---
@@ -342,18 +342,6 @@ public void doFilter(ServletRequest _request, ServletResponse _response, FilterC
}
}
- AtomicReference<HttpServletRequest> wrappedRequest = new AtomicReference<>();
- if (!authenticateRequest(request, response, wrappedRequest)) { // the response and status code have already been sent
--- End diff --
In order to load static Admin UI without auth prompt, we need to move auth below check for `excludePatterns`.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org