You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by no...@apache.org on 2015/08/06 21:24:42 UTC
svn commit: r1694558 - in /lucene/dev/branches/branch_5x: ./ solr/
solr/core/ solr/core/src/java/org/apache/solr/security/
solr/core/src/test/org/apache/solr/cloud/
solr/core/src/test/org/apache/solr/handler/admin/
solr/core/src/test/org/apache/solr/se...
Author: noble
Date: Thu Aug 6 19:24:41 2015
New Revision: 1694558
URL: http://svn.apache.org/r1694558
Log:
SOLR-7837: An AuthenticationPlugin which implements the HTTP BasicAuth protocol and stores credentials securely in ZooKeeper
Added:
lucene/dev/branches/branch_5x/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
- copied unchanged from r1694555, lucene/dev/trunk/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
lucene/dev/branches/branch_5x/solr/core/src/java/org/apache/solr/security/Sha256AuthenticationProvider.java
- copied unchanged from r1694555, lucene/dev/trunk/solr/core/src/java/org/apache/solr/security/Sha256AuthenticationProvider.java
lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/handler/admin/SecurityConfHandlerTest.java
- copied, changed from r1694555, lucene/dev/trunk/solr/core/src/test/org/apache/solr/handler/admin/SecurityConfHandlerTest.java
lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
- copied, changed from r1694555, lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/security/TestSha256AuthenticationProvider.java
- copied, changed from r1694555, lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/TestSha256AuthenticationProvider.java
Modified:
lucene/dev/branches/branch_5x/ (props changed)
lucene/dev/branches/branch_5x/solr/ (props changed)
lucene/dev/branches/branch_5x/solr/CHANGES.txt (contents, props changed)
lucene/dev/branches/branch_5x/solr/core/ (props changed)
lucene/dev/branches/branch_5x/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudCluster.java
Modified: lucene/dev/branches/branch_5x/solr/CHANGES.txt
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_5x/solr/CHANGES.txt?rev=1694558&r1=1694557&r2=1694558&view=diff
==============================================================================
--- lucene/dev/branches/branch_5x/solr/CHANGES.txt (original)
+++ lucene/dev/branches/branch_5x/solr/CHANGES.txt Thu Aug 6 19:24:41 2015
@@ -134,6 +134,9 @@ New Features
* SOLR-7838: An authorizationPlugin interface where the access control rules are stored/managed in
ZooKeeper (Noble Paul, Anshum Gupta, Ishan Chattopadhyaya)
+* SOLR-7837: An AuthenticationPlugin which implements the HTTP BasicAuth protocol and stores credentials
+ securely in ZooKeeper (Noble Paul, Anshum Gupta,Ishan Chattopadhyaya)
+
Bug Fixes
----------------------
Modified: lucene/dev/branches/branch_5x/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_5x/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java?rev=1694558&r1=1694557&r2=1694558&view=diff
==============================================================================
--- lucene/dev/branches/branch_5x/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java (original)
+++ lucene/dev/branches/branch_5x/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java Thu Aug 6 19:24:41 2015
@@ -73,7 +73,7 @@ public class RuleBasedAuthorizationPlugi
if (key.toString().startsWith(s)) {
List<Permission> l = super.get(s);
if (l != null) {
- result = result == null ? new ArrayList<>() : new ArrayList<>(result);
+ result = result == null ? new ArrayList<Permission>() : new ArrayList<>(result);
result.addAll(l);
}
}
Modified: lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudCluster.java
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudCluster.java?rev=1694558&r1=1694557&r2=1694558&view=diff
==============================================================================
--- lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudCluster.java (original)
+++ lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudCluster.java Thu Aug 6 19:24:41 2015
@@ -17,6 +17,14 @@ package org.apache.solr.cloud;
* limitations under the License.
*/
+import java.io.File;
+import java.io.IOException;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.atomic.AtomicInteger;
+
import com.carrotsearch.randomizedtesting.rules.SystemPropertiesRestoreRule;
import org.apache.lucene.util.LuceneTestCase;
import org.apache.lucene.util.LuceneTestCase.SuppressSysoutChecks;
@@ -45,14 +53,6 @@ import org.junit.rules.TestRule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.File;
-import java.io.IOException;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.concurrent.atomic.AtomicInteger;
-
/**
* Test of the MiniSolrCloudCluster functionality. Keep in mind,
* MiniSolrCloudCluster is designed to be used outside of the Lucene test
@@ -194,6 +194,7 @@ public class TestMiniSolrCloudCluster ex
assertTrue(e.code() >= 500 && e.code() < 600);
}
+ doExtraTests(miniCluster, zkClient, zkStateReader,cloudSolrClient, collectionName);
// delete the collection we created earlier
miniCluster.deleteCollection(collectionName);
AbstractDistribZkTestBase.waitForCollectionToDisappear(collectionName, zkStateReader, true, true, 330);
@@ -204,6 +205,9 @@ public class TestMiniSolrCloudCluster ex
}
}
+ protected void doExtraTests(MiniSolrCloudCluster miniCluster, SolrZkClient zkClient, ZkStateReader zkStateReader, CloudSolrClient cloudSolrClient,
+ String defaultCollName) throws Exception { /*do nothing*/ }
+
@Test
public void testErrorsInStartup() throws Exception {
Copied: lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/handler/admin/SecurityConfHandlerTest.java (from r1694555, lucene/dev/trunk/solr/core/src/test/org/apache/solr/handler/admin/SecurityConfHandlerTest.java)
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/handler/admin/SecurityConfHandlerTest.java?p2=lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/handler/admin/SecurityConfHandlerTest.java&p1=lucene/dev/trunk/solr/core/src/test/org/apache/solr/handler/admin/SecurityConfHandlerTest.java&r1=1694555&r2=1694558&rev=1694558&view=diff
==============================================================================
--- lucene/dev/trunk/solr/core/src/test/org/apache/solr/handler/admin/SecurityConfHandlerTest.java (original)
+++ lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/handler/admin/SecurityConfHandlerTest.java Thu Aug 6 19:24:41 2015
@@ -27,6 +27,7 @@ import java.util.Map;
import org.apache.solr.SolrTestCaseJ4;
import org.apache.solr.common.cloud.ZkStateReader.ConfigData;
import org.apache.solr.common.params.ModifiableSolrParams;
+import org.apache.solr.common.util.ContentStream;
import org.apache.solr.common.util.ContentStreamBase;
import org.apache.solr.common.util.Utils;
import org.apache.solr.request.LocalSolrQueryRequest;
@@ -45,12 +46,12 @@ public class SecurityConfHandlerTest ext
"'set-user': {'tom':'TomIsCool'},\n" +
"'set-user':{ 'tom':'TomIsUberCool'}\n" +
"}";
- LocalSolrQueryRequest req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
- req.getContext().put("httpMethod","POST");
- req.getContext().put("path","/admin/authentication");
- ContentStreamBase.ByteArrayStream o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8),"");
- req.setContentStreams(Collections.singletonList(o));
- handler.handleRequestBody(req,new SolrQueryResponse());
+ LocalSolrQueryRequest req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
+ req.getContext().put("httpMethod", "POST");
+ req.getContext().put("path", "/admin/authentication");
+ ContentStreamBase.ByteArrayStream o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
+ req.setContentStreams(Collections.<ContentStream>singletonList(o));
+ handler.handleRequestBody(req, new SolrQueryResponse());
BasicAuthPlugin basicAuth = new BasicAuthPlugin();
ConfigData securityCfg = (ConfigData) handler.m.get("/security.json");
@@ -61,9 +62,9 @@ public class SecurityConfHandlerTest ext
"'set-user': {'harry':'HarryIsCool'},\n" +
"'delete-user': ['tom','harry']\n" +
"}";
- o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8),"");
- req.setContentStreams(Collections.singletonList(o));
- handler.handleRequestBody(req,new SolrQueryResponse());
+ o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
+ req.setContentStreams(Collections.<ContentStream>singletonList(o));
+ handler.handleRequestBody(req, new SolrQueryResponse());
securityCfg = (ConfigData) handler.m.get("/security.json");
assertEquals(3, securityCfg.version);
Map result = (Map) securityCfg.data.get("authentication");
@@ -71,7 +72,6 @@ public class SecurityConfHandlerTest ext
assertTrue(result.isEmpty());
-
command = "{'set-user-role': { 'tom': ['admin','dev']},\n" +
"'set-permission':{'name': 'security-edit',\n" +
" 'role': 'admin'\n" +
@@ -85,10 +85,10 @@ public class SecurityConfHandlerTest ext
"}";
req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
- req.getContext().put("httpMethod","POST");
- req.getContext().put("path","/admin/authorization");
- o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8),"");
- req.setContentStreams(Collections.singletonList(o));
+ req.getContext().put("httpMethod", "POST");
+ req.getContext().put("path", "/admin/authorization");
+ o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
+ req.setContentStreams(Collections.<ContentStream>singletonList(o));
SolrQueryResponse rsp = new SolrQueryResponse();
handler.handleRequestBody(req, rsp);
assertNull(rsp.getValues().get(CommandOperation.ERR_MSGS));
@@ -109,10 +109,10 @@ public class SecurityConfHandlerTest ext
"'set-user-role':{'tom':null}\n" +
"}";
req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
- req.getContext().put("httpMethod","POST");
- req.getContext().put("path","/admin/authorization");
- o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8),"");
- req.setContentStreams(Collections.singletonList(o));
+ req.getContext().put("httpMethod", "POST");
+ req.getContext().put("path", "/admin/authorization");
+ o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
+ req.setContentStreams(Collections.<ContentStream>singletonList(o));
rsp = new SolrQueryResponse();
handler.handleRequestBody(req, rsp);
assertNull(rsp.getValues().get(CommandOperation.ERR_MSGS));
@@ -124,17 +124,17 @@ public class SecurityConfHandlerTest ext
assertNull(permissions.get("some-permission"));
command = "{\n" +
"'set-permission':{'name': 'security-edit',\n" +
- " 'method':'POST',"+ // security edit is a well-known permission , only role attribute should be provided
+ " 'method':'POST'," + // security edit is a well-known permission , only role attribute should be provided
" 'role': 'admin'\n" +
" }}";
req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
- req.getContext().put("httpMethod","POST");
- req.getContext().put("path","/admin/authorization");
- o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8),"");
- req.setContentStreams(Collections.singletonList(o));
+ req.getContext().put("httpMethod", "POST");
+ req.getContext().put("path", "/admin/authorization");
+ o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
+ req.setContentStreams(Collections.<ContentStream>singletonList(o));
rsp = new SolrQueryResponse();
handler.handleRequestBody(req, rsp);
- List l = (List) ((Map) ((List)rsp.getValues().get("errorMessages")).get(0)).get("errorMessages");
+ List l = (List) ((Map) ((List) rsp.getValues().get("errorMessages")).get(0)).get("errorMessages");
assertEquals(1, l.size());
}
@@ -146,17 +146,17 @@ public class SecurityConfHandlerTest ext
final RuleBasedAuthorizationPlugin rulesBasedAuthorizationPlugin = new RuleBasedAuthorizationPlugin();
- public MockSecurityHandler() {
+ public MockSecurityHandler() {
super(null);
m = new HashMap<>();
- ConfigData data = new ConfigData(makeMap("authentication", makeMap("class", "solr."+ BasicAuthPlugin.class.getSimpleName())), 1);
- data.data.put("authorization", makeMap("class", "solr."+RuleBasedAuthorizationPlugin.class.getSimpleName()));
+ ConfigData data = new ConfigData(makeMap("authentication", makeMap("class", "solr." + BasicAuthPlugin.class.getSimpleName())), 1);
+ data.data.put("authorization", makeMap("class", "solr." + RuleBasedAuthorizationPlugin.class.getSimpleName()));
m.put("/security.json", data);
- basicAuthPlugin.init(new HashMap<>());
+ basicAuthPlugin.init(new HashMap<String, Object>());
- rulesBasedAuthorizationPlugin.init(new HashMap<>());
+ rulesBasedAuthorizationPlugin.init(new HashMap<String, Object>());
}
public Map<String, Object> getM() {
@@ -200,37 +200,36 @@ public class SecurityConfHandlerTest ext
String command = "{\n" +
"'set-user': {'solr':'SolrRocks'}\n" +
"}";
- LocalSolrQueryRequest req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
- req.getContext().put("httpMethod","POST");
- req.getContext().put("path","/admin/authentication");
- ContentStreamBase.ByteArrayStream o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8),"");
- req.setContentStreams(Collections.singletonList(o));
+ LocalSolrQueryRequest req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
+ req.getContext().put("httpMethod", "POST");
+ req.getContext().put("path", "/admin/authentication");
+ ContentStreamBase.ByteArrayStream o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
+ req.setContentStreams(Collections.<ContentStream>singletonList(o));
handleRequestBody(req, new SolrQueryResponse());
command = "{'set-user-role': { 'solr': 'admin'},\n" +
"'set-permission':{'name': 'security-edit', 'role': 'admin'}" +
"}";
req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
- req.getContext().put("httpMethod","POST");
- req.getContext().put("path","/admin/authorization");
- o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8),"");
- req.setContentStreams(Collections.singletonList(o));
+ req.getContext().put("httpMethod", "POST");
+ req.getContext().put("path", "/admin/authorization");
+ o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
+ req.setContentStreams(Collections.<ContentStream>singletonList(o));
SolrQueryResponse rsp = new SolrQueryResponse();
handleRequestBody(req, rsp);
Map<String, Object> data = ((ConfigData) m.get("/security.json")).data;
- ((Map)data.get("authentication")).remove("");
- ((Map)data.get("authorization")).remove("");
- return Utils.toJSONString (data);
+ ((Map) data.get("authentication")).remove("");
+ ((Map) data.get("authorization")).remove("");
+ return Utils.toJSONString(data);
}
}
- public static void main(String[] args) throws Exception{
+ public static void main(String[] args) throws Exception {
System.out.println(new MockSecurityHandler().getStandardJson());
}
-
}
Copied: lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java (from r1694555, lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java)
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java?p2=lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java&p1=lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java&r1=1694555&r2=1694558&rev=1694558&view=diff
==============================================================================
--- lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java (original)
+++ lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java Thu Aug 6 19:24:41 2015
@@ -47,6 +47,7 @@ import org.apache.solr.common.cloud.Solr
import org.apache.solr.common.cloud.ZkStateReader;
import org.apache.solr.common.params.ModifiableSolrParams;
import org.apache.solr.common.util.Base64;
+import org.apache.solr.common.util.ContentStream;
import org.apache.solr.common.util.ContentStreamBase;
import org.apache.solr.common.util.NamedList;
import org.apache.solr.common.util.StrUtils;
@@ -82,7 +83,7 @@ public class BasicAuthIntegrationTest ex
"}";
GenericSolrRequest genericReq = new GenericSolrRequest(SolrRequest.METHOD.POST, "/admin/authentication", new ModifiableSolrParams());
- genericReq.setContentStreams(Collections.singletonList(new ContentStreamBase.ByteArrayStream(command.getBytes(UTF_8), "")));
+ genericReq.setContentStreams(Collections.<ContentStream>singletonList(new ContentStreamBase.ByteArrayStream(command.getBytes(UTF_8), "")));
try {
cloudSolrClient.request(genericReq);
fail("Should have failed with a 401");
Copied: lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/security/TestSha256AuthenticationProvider.java (from r1694555, lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/TestSha256AuthenticationProvider.java)
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/security/TestSha256AuthenticationProvider.java?p2=lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/security/TestSha256AuthenticationProvider.java&p1=lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/TestSha256AuthenticationProvider.java&r1=1694555&r2=1694558&rev=1694558&view=diff
==============================================================================
--- lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/TestSha256AuthenticationProvider.java (original)
+++ lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/security/TestSha256AuthenticationProvider.java Thu Aug 6 19:24:41 2015
@@ -27,12 +27,12 @@ import org.apache.solr.util.CommandOpera
public class TestSha256AuthenticationProvider extends SolrTestCaseJ4 {
public void testAuthenticate(){
Sha256AuthenticationProvider zkAuthenticationProvider = new Sha256AuthenticationProvider();
- zkAuthenticationProvider.init(Collections.emptyMap());
+ zkAuthenticationProvider.init(Collections.<String,Object>emptyMap());
String pwd = "My#$Password";
String user = "noble";
Map latestConf = new LinkedHashMap<>();
- Map<String, Object> params = Collections.singletonMap(user, pwd);
+ Map<String, Object> params = Collections.<String, Object>singletonMap(user, pwd);
Map<String, Object> result = zkAuthenticationProvider.edit(latestConf,
Collections.singletonList(new CommandOperation("set-user",params )));
zkAuthenticationProvider = new Sha256AuthenticationProvider();