You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by ja...@apache.org on 2019/01/17 13:25:16 UTC

[lucene-solr] branch master updated: SOLR-13116: Add Admin UI login support for Kerberos

This is an automated email from the ASF dual-hosted git repository.

janhoy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git


The following commit(s) were added to refs/heads/master by this push:
     new e515a91  SOLR-13116: Add Admin UI login support for Kerberos
e515a91 is described below

commit e515a9140677d76d4d74a32f6c8ca03a2b2f72c5
Author: Jan Høydahl <ja...@apache.org>
AuthorDate: Thu Jan 17 14:25:08 2019 +0100

    SOLR-13116: Add Admin UI login support for Kerberos
---
 solr/CHANGES.txt                                |  2 ++
 solr/webapp/web/css/angular/login.css           |  6 ++++++
 solr/webapp/web/js/angular/controllers/login.js | 12 ++++++++----
 solr/webapp/web/partials/login.html             | 18 +++++++++++++++++-
 4 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 5b569e7..93fc6ff 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -209,6 +209,8 @@ New Features
 
 * SOLR-7896: Add a login page to Admin UI, with initial support for Basic Auth (janhoy)
 
+* SOLR-13116: Add Admin UI login support for Kerberos (janhoy, Jason Gerlowski) 
+
 * SOLR-11126: New Node-level health check handler at /admin/info/healthcheck and /node/health paths that
   checks if the node is live, connected to zookeeper and not shutdown. (Anshum Gupta, Amrit Sarkar, shalin)
   
diff --git a/solr/webapp/web/css/angular/login.css b/solr/webapp/web/css/angular/login.css
index 52ad4e0..6d6c908 100644
--- a/solr/webapp/web/css/angular/login.css
+++ b/solr/webapp/web/css/angular/login.css
@@ -41,6 +41,12 @@ limitations under the License.
   margin-bottom: 1rem;
 }
 
+#content #login a
+{
+  color: #0000bf;
+  cursor: pointer;
+}
+
 #content #login .login-error
 {
   font-size: 1rem;
diff --git a/solr/webapp/web/js/angular/controllers/login.js b/solr/webapp/web/js/angular/controllers/login.js
index 9935191..e87f2a8 100644
--- a/solr/webapp/web/js/angular/controllers/login.js
+++ b/solr/webapp/web/js/angular/controllers/login.js
@@ -27,9 +27,13 @@ solrAdminApp.controller('LoginController',
         var authScheme = sessionStorage.getItem("auth.scheme");
         if (wwwAuthHeader) {
           // Parse www-authenticate header
-          var wwwHeader = wwwAuthHeader.match(/(\w+)\s+(.*)/);
-          authScheme = wwwHeader[1];
-          var authParams = www_auth_parse_params(wwwHeader[2]);
+          var wwwHeader = wwwAuthHeader.match(/(\w+)(\s+)?(.*)/);
+          authScheme = "unknown";
+          var authParams = {};
+          if (wwwHeader && wwwHeader.length >= 1)
+            authScheme = wwwHeader[1]; 
+          if (wwwHeader && wwwHeader.length >= 3)
+            authParams = www_auth_parse_params(wwwHeader[3]);
           if (typeof authParams === 'string' || authParams instanceof String) {
             $scope.authParamsError = authParams;
           } else {
@@ -43,7 +47,7 @@ solrAdminApp.controller('LoginController',
           sessionStorage.setItem("auth.scheme", authScheme);
         }
 
-        var supportedSchemes = ['Basic', 'Bearer'];
+        var supportedSchemes = ['Basic', 'Bearer', 'Negotiate'];
         $scope.authSchemeSupported = supportedSchemes.includes(authScheme);
         $scope.authScheme = sessionStorage.getItem("auth.scheme");
         $scope.authRealm = sessionStorage.getItem("auth.realm");
diff --git a/solr/webapp/web/partials/login.html b/solr/webapp/web/partials/login.html
index 10a3caf..d5dba14 100644
--- a/solr/webapp/web/partials/login.html
+++ b/solr/webapp/web/partials/login.html
@@ -60,7 +60,23 @@ limitations under the License.
 
   </div>
 
-
+  <div ng-show="authScheme === 'Negotiate'">
+    <h1>Kerberos Authentication</h1>
+    <p>Your browser did not provide the required information to authenticate using Kerberos. 
+      Please check that your computer has a valid ticket for communicating with Solr, 
+      and that your browser is properly configured to provide that ticket when required. 
+      For more information, consult 
+      <a href="https://lucene.apache.org/solr/guide/kerberos-authentication-plugin.html">
+        Solr's Kerberos documentation
+      </a>.
+    </p>
+    The response from the server was:
+    <hr/>
+    <pre>HTTP 401 {{statusText}}
+WWW-Authenticate: {{wwwAuthHeader}}</pre>
+    <hr/>
+  </div>
+  
   <div ng-show="!authSchemeSupported">
     <h1>Authentication scheme not supported</h1>