You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by no...@apache.org on 2016/02/04 11:25:05 UTC
lucene-solr git commit: SOLR-8029 Security API test now randomly uses
v2 API
Repository: lucene-solr
Updated Branches:
refs/heads/apiv2 8b8c9461f -> 292fe4a19
SOLR-8029 Security API test now randomly uses v2 API
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/292fe4a1
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/292fe4a1
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/292fe4a1
Branch: refs/heads/apiv2
Commit: 292fe4a19ca96d65a6e0e2bd6213f82371714a4a
Parents: 8b8c946
Author: Noble Paul <no...@apache.org>
Authored: Thu Feb 4 15:54:45 2016 +0530
Committer: Noble Paul <no...@apache.org>
Committed: Thu Feb 4 15:54:45 2016 +0530
----------------------------------------------------------------------
.../security/RuleBasedAuthorizationPlugin.java | 6 ++-
.../java/org/apache/solr/v2api/V2HttpCall.java | 6 +--
.../solr/security/BasicAuthIntegrationTest.java | 48 ++++++++++++--------
.../solr/client/solrj/impl/CloudSolrClient.java | 5 +-
4 files changed, 39 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/292fe4a1/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java b/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
index 49e335a..a3f1f95 100644
--- a/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
@@ -445,7 +445,7 @@ public class RuleBasedAuthorizationPlugin implements AuthorizationPlugin, Config
private static final Map<String, Map<String,Object>> well_known_permissions = (Map) Utils.fromJSONString(
" { " +
" security-edit :{" +
- " path:['/admin/authentication','/admin/authorization']," +
+ " path:['/admin/authentication','/admin/authorization', '/v2/cluster/security/authentication', '/v2/cluster/security/authorization']," +
" collection:null," +
" method:POST }," +
" security-read :{" +
@@ -470,7 +470,9 @@ public class RuleBasedAuthorizationPlugin implements AuthorizationPlugin, Config
" update :{" +
" path:'/update/*'}," +
" read :{" +
- " path:['/select', '/get','/browse','/tvrh','/terms','/clustering','/elevate', '/export','/spell','/clustering']}," +
+ " path:['/select', '/get','/browse','/tvrh'," +
+ "'/terms','/clustering','/elevate', '/export'," +
+ "'/spell','/clustering', '/sql']}," +
" config-edit:{" +
" method:POST," +
" path:'/config/*'}," +
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/292fe4a1/solr/core/src/java/org/apache/solr/v2api/V2HttpCall.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/v2api/V2HttpCall.java b/solr/core/src/java/org/apache/solr/v2api/V2HttpCall.java
index 67a6c12..185f208 100644
--- a/solr/core/src/java/org/apache/solr/v2api/V2HttpCall.java
+++ b/solr/core/src/java/org/apache/solr/v2api/V2HttpCall.java
@@ -71,7 +71,6 @@ public class V2HttpCall extends HttpSolrCall {
private V2Api api;
private List<String> pieces;
private String prefix;
- private String fullPath;
HashMap<String, String> parts = new HashMap<>();
static final Set<String> knownPrefixes = ImmutableSet.of("cluster", "node", "collections", "cores", "c");
static final Set<String> commonPaths4ContainerLevelAndCoreLevel = ImmutableSet.of("collections", "cores", "c");
@@ -82,7 +81,8 @@ public class V2HttpCall extends HttpSolrCall {
}
protected void init() throws Exception {
- fullPath = path = path.substring(3);//strip off '/v2'
+ String path = this.path;
+ String fullPath = path = path.substring(3);//strip off '/v2'
try {
pieces = PathTrie.getParts(path);
if (pieces.size() == 0) {
@@ -124,7 +124,7 @@ public class V2HttpCall extends HttpSolrCall {
throw new SolrException(SolrException.ErrorCode.NOT_FOUND, "no core retrieved for " + corename);
- path = path.substring(prefix.length() + pieces.get(1).length() + 2);
+ this.path = path = path.substring(prefix.length() + pieces.get(1).length() + 2);
api = getApiInfo(core.getRequestHandlers(), path, req.getMethod(), cores, prefix, fullPath, parts);
MDCLoggingContext.setCore(core);
parseRequest();
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/292fe4a1/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
index 271adeb..083c601 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
@@ -18,7 +18,6 @@ package org.apache.solr.security;
*/
-import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.util.ArrayList;
import java.util.Collections;
@@ -37,7 +36,6 @@ import org.apache.http.message.AbstractHttpMessage;
import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils;
import org.apache.solr.client.solrj.SolrRequest;
-import org.apache.solr.client.solrj.SolrServerException;
import org.apache.solr.client.solrj.embedded.JettySolrRunner;
import org.apache.solr.client.solrj.impl.CloudSolrClient;
import org.apache.solr.client.solrj.impl.HttpSolrClient;
@@ -56,7 +54,6 @@ import org.apache.solr.common.util.ContentStreamBase;
import org.apache.solr.common.util.NamedList;
import org.apache.solr.common.util.StrUtils;
import org.apache.solr.common.util.Utils;
-import org.apache.solr.util.CommandOperation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -73,12 +70,22 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
protected void doExtraTests(MiniSolrCloudCluster miniCluster, SolrZkClient zkClient, ZkStateReader zkStateReader,
CloudSolrClient cloudSolrClient, String defaultCollName) throws Exception {
- NamedList<Object> rsp = cloudSolrClient.request(new GenericSolrRequest(SolrRequest.METHOD.GET, "/admin/authentication", new ModifiableSolrParams()));
- assertNotNull(rsp.get(CommandOperation.ERR_MSGS));
- zkClient.setData("/security.json", STD_CONF.replaceAll("'", "\"").getBytes(UTF_8), true);
- String baseUrl = getRandomReplica(zkStateReader.getClusterState().getCollection(defaultCollName), random()).getStr(BASE_URL_PROP);
+
+ String authcPrefix = "/admin/authentication";
+ String authzPrefix = "/admin/authorization";
+ if(random().nextBoolean()){
+ authcPrefix = "/v2/cluster/security/authentication";
+ authzPrefix = "/v2/cluster/security/authorization";
+ }
+ String old = cloudSolrClient.getDefaultCollection();
+ cloudSolrClient.setDefaultCollection(null);
+
+ NamedList<Object> rsp;
HttpClient cl = cloudSolrClient.getLbClient().getHttpClient();
- verifySecurityStatus(cl, baseUrl + "/admin/authentication", "authentication/class", "solr.BasicAuthPlugin", 20);
+ String baseUrl = getRandomReplica(zkStateReader.getClusterState().getCollection(defaultCollName), random()).getStr(BASE_URL_PROP);
+ verifySecurityStatus(cl,baseUrl+ authcPrefix,"/errorMessages", null,20);
+ zkClient.setData("/security.json", STD_CONF.replaceAll("'", "\"").getBytes(UTF_8), true);
+ verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/class", "solr.BasicAuthPlugin", 20);
boolean found = false;
for (JettySolrRunner jettySolrRunner : miniCluster.getJettySolrRunners()) {
@@ -86,7 +93,7 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
found = true;
jettySolrRunner.stop();
jettySolrRunner.start();
- verifySecurityStatus(cl, baseUrl + "/admin/authentication", "authentication/class", "solr.BasicAuthPlugin", 20);
+ verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/class", "solr.BasicAuthPlugin", 20);
break;
}
}
@@ -96,7 +103,7 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
"'set-user': {'harry':'HarryIsCool'}\n" +
"}";
- GenericSolrRequest genericReq = new GenericSolrRequest(SolrRequest.METHOD.POST, "/admin/authentication", new ModifiableSolrParams());
+ GenericSolrRequest genericReq = new GenericSolrRequest(SolrRequest.METHOD.POST, authcPrefix, new ModifiableSolrParams());
genericReq.setContentStreams(Collections.singletonList(new ContentStreamBase.ByteArrayStream(command.getBytes(UTF_8), "")));
try {
cloudSolrClient.request(genericReq);
@@ -107,22 +114,22 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
"'set-user': {'harry':'HarryIsUberCool'}\n" +
"}";
- HttpPost httpPost = new HttpPost(baseUrl + "/admin/authentication");
+ HttpPost httpPost = new HttpPost(baseUrl + authcPrefix);
setBasicAuthHeader(httpPost, "solr", "SolrRocks");
httpPost.setEntity(new ByteArrayEntity(command.getBytes(UTF_8)));
httpPost.addHeader("Content-Type", "application/json; charset=UTF-8");
- verifySecurityStatus(cl, baseUrl + "/admin/authentication", "authentication.enabled", "true", 20);
+ verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication.enabled", "true", 20);
HttpResponse r = cl.execute(httpPost);
int statusCode = r.getStatusLine().getStatusCode();
assertEquals("proper_cred sent, but access denied", 200, statusCode);
baseUrl = getRandomReplica(zkStateReader.getClusterState().getCollection(defaultCollName), random()).getStr(BASE_URL_PROP);
- verifySecurityStatus(cl, baseUrl + "/admin/authentication", "authentication/credentials/harry", NOT_NULL_PREDICATE, 20);
+ verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/credentials/harry", NOT_NULL_PREDICATE, 20);
command = "{\n" +
"'set-user-role': {'harry':'admin'}\n" +
"}";
- httpPost = new HttpPost(baseUrl + "/admin/authorization");
+ httpPost = new HttpPost(baseUrl + authzPrefix);
setBasicAuthHeader(httpPost, "solr", "SolrRocks");
httpPost.setEntity(new ByteArrayEntity(command.getBytes(UTF_8)));
httpPost.addHeader("Content-Type", "application/json; charset=UTF-8");
@@ -130,10 +137,10 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
assertEquals(200, r.getStatusLine().getStatusCode());
baseUrl = getRandomReplica(zkStateReader.getClusterState().getCollection(defaultCollName), random()).getStr(BASE_URL_PROP);
- verifySecurityStatus(cl, baseUrl+"/admin/authorization", "authorization/user-role/harry", NOT_NULL_PREDICATE, 20);
+ verifySecurityStatus(cl, baseUrl+ authzPrefix, "authorization/user-role/harry", NOT_NULL_PREDICATE, 20);
- httpPost = new HttpPost(baseUrl + "/admin/authorization");
+ httpPost = new HttpPost(baseUrl + authzPrefix);
setBasicAuthHeader(httpPost, "harry", "HarryIsUberCool");
httpPost.setEntity(new ByteArrayEntity(Utils.toJSON(singletonMap("set-permission", Utils.makeMap
("name", "x-update",
@@ -142,19 +149,19 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
"role", "dev")))));
httpPost.addHeader("Content-Type", "application/json; charset=UTF-8");
- verifySecurityStatus(cl, baseUrl + "/admin/authorization", "authorization/user-role/harry", NOT_NULL_PREDICATE, 20);
+ verifySecurityStatus(cl, baseUrl + authzPrefix, "authorization/user-role/harry", NOT_NULL_PREDICATE, 20);
r = cl.execute(httpPost);
assertEquals(200, r.getStatusLine().getStatusCode());
- verifySecurityStatus(cl, baseUrl+"/admin/authorization", "authorization/permissions[1]/collection", "x", 20);
+ verifySecurityStatus(cl, baseUrl+ authzPrefix, "authorization/permissions[1]/collection", "x", 20);
- httpPost = new HttpPost(baseUrl + "/admin/authorization");
+ httpPost = new HttpPost(baseUrl + authzPrefix);
setBasicAuthHeader(httpPost, "harry", "HarryIsUberCool");
httpPost.setEntity(new ByteArrayEntity(Utils.toJSON(singletonMap("set-permission", Utils.makeMap
("name","collection-admin-edit", "role", "admin" )))));
r = cl.execute(httpPost);
- verifySecurityStatus(cl, baseUrl+"/admin/authorization", "authorization/permissions[2]/name", "collection-admin-edit", 20);
+ verifySecurityStatus(cl, baseUrl+ authzPrefix, "authorization/permissions[2]/name", "collection-admin-edit", 20);
CollectionAdminRequest.Reload reload = new CollectionAdminRequest.Reload();
reload.setCollectionName(cloudSolrClient.getDefaultCollection());
@@ -185,6 +192,7 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
} catch (HttpSolrClient.RemoteSolrException e) {
}
+ cloudSolrClient.setDefaultCollection(old);
}
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/292fe4a1/solr/solrj/src/java/org/apache/solr/client/solrj/impl/CloudSolrClient.java
----------------------------------------------------------------------
diff --git a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/CloudSolrClient.java b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/CloudSolrClient.java
index 639807c..93622e1 100644
--- a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/CloudSolrClient.java
+++ b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/CloudSolrClient.java
@@ -811,7 +811,10 @@ public class CloudSolrClient extends SolrClient {
COLLECTIONS_HANDLER_PATH,
CONFIGSETS_HANDLER_PATH,
AUTHC_PATH,
- AUTHZ_PATH));
+ AUTHZ_PATH,
+ "/v2/cluster/security/authentication",
+ "/v2/cluster/security/authorization"
+ ));
/**
* As this class doesn't watch external collections on the client side,