You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by is...@apache.org on 2020/04/29 17:05:32 UTC
[lucene-solr] branch branch_8x updated: SOLR-14237: A new panel
with security info in admin UI's dashboard
This is an automated email from the ASF dual-hosted git repository.
ishan pushed a commit to branch branch_8x
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/branch_8x by this push:
new 66a9bb0 SOLR-14237: A new panel with security info in admin UI's dashboard
66a9bb0 is described below
commit 66a9bb09ca1d2611ce2047671d797ee681de8932
Author: Ishan Chattopadhyaya <is...@apache.org>
AuthorDate: Wed Apr 29 22:34:13 2020 +0530
SOLR-14237: A new panel with security info in admin UI's dashboard
---
solr/CHANGES.txt | 1 +
.../solr/handler/admin/SystemInfoHandler.java | 35 +++++++++++++++++++++-
.../security/RuleBasedAuthorizationPlugin.java | 5 ++++
solr/webapp/web/css/angular/index.css | 3 ++
solr/webapp/web/js/angular/controllers/index.js | 6 ++++
solr/webapp/web/partials/index.html | 34 +++++++++++++++++++++
6 files changed, 83 insertions(+), 1 deletion(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 6951f2e..b09c868 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -15,6 +15,7 @@ New Features
* SOLR-13942: A read API at /api/cluster/zk/* to fetch raw ZK data and view contents of a ZK direcory (noble)
+* SOLR-14237: A new panel with security info in admin UI's dashboard (Ishan Chattopadhyaya, Moshe Bla)
Improvements
---------------------
diff --git a/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java b/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java
index f31ae65..81edb4f 100644
--- a/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java
+++ b/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java
@@ -29,6 +29,7 @@ import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
+import java.util.Set;
import com.codahale.metrics.Gauge;
import org.apache.lucene.LucenePackage;
@@ -39,6 +40,8 @@ import org.apache.solr.handler.RequestHandlerBase;
import org.apache.solr.request.SolrQueryRequest;
import org.apache.solr.response.SolrQueryResponse;
import org.apache.solr.schema.IndexSchema;
+import org.apache.solr.security.AuthorizationPlugin;
+import org.apache.solr.security.RuleBasedAuthorizationPlugin;
import org.apache.solr.util.RTimer;
import org.apache.solr.util.RedactionUtils;
import org.apache.solr.util.stats.MetricUtils;
@@ -140,6 +143,7 @@ public class SystemInfoHandler extends RequestHandlerBase
rsp.add( "solr_home", cc.getSolrHome());
rsp.add( "lucene", getLuceneInfo() );
rsp.add( "jvm", getJvmInfo() );
+ rsp.add( "user", getSecurityInfo(req) );
rsp.add( "system", getSystemInfo() );
if (solrCloudMode) {
rsp.add("node", getCoreContainer(req, core).getZkController().getNodeName());
@@ -311,7 +315,36 @@ public class SystemInfoHandler extends RequestHandlerBase
jvm.add( "jmx", jmx );
return jvm;
}
-
+
+ /**
+ * Get Security Info
+ */
+ public SimpleOrderedMap<Object> getSecurityInfo(SolrQueryRequest req)
+ {
+ SimpleOrderedMap<Object> info = new SimpleOrderedMap<>();
+
+ if (cc.getAuthenticationPlugin() != null) info.add("authenticationPlugin", cc.getAuthenticationPlugin().getName());
+ if (cc.getAuthorizationPlugin() != null) info.add("authorizationPlugin", cc.getAuthorizationPlugin().getClass().getName());
+
+ // User principal
+ String username = null;
+ if (req.getUserPrincipal() != null) {
+ username = req.getUserPrincipal().getName();
+ info.add("username", username);
+
+ // Mapped roles for this principal
+ AuthorizationPlugin auth = cc.getAuthorizationPlugin();
+ if (auth != null) {
+ RuleBasedAuthorizationPlugin rbap = (RuleBasedAuthorizationPlugin) auth;
+ Set<String> roles = rbap.getRoles(username);
+ info.add("roles", roles);
+ }
+ }
+
+ return info;
+ }
+
+
private static SimpleOrderedMap<Object> getLuceneInfo() {
SimpleOrderedMap<Object> info = new SimpleOrderedMap<>();
diff --git a/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java b/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
index d2ce0e9..eceb0a1 100644
--- a/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
@@ -240,6 +240,11 @@ public class RuleBasedAuthorizationPlugin implements AuthorizationPlugin, Config
return MatchStatus.FORBIDDEN;
}
+ public Set<String> getRoles(String user) {
+ Set<String> roles = usersVsRoles.get(user);
+ return roles;
+ }
+
public boolean doesUserHavePermission(String user, PermissionNameProvider.Name permission) {
Set<String> roles = usersVsRoles.get(user);
if (roles != null) {
diff --git a/solr/webapp/web/css/angular/index.css b/solr/webapp/web/css/angular/index.css
index c53e323..62386c6 100644
--- a/solr/webapp/web/css/angular/index.css
+++ b/solr/webapp/web/css/angular/index.css
@@ -214,3 +214,6 @@ limitations under the License.
{
margin-top: 20px;
}
+
+#content #index #security h2 { background-image: url( ../../img/ico/prohibition.png ); }
+#content #index #security div { text-align: right; }
\ No newline at end of file
diff --git a/solr/webapp/web/js/angular/controllers/index.js b/solr/webapp/web/js/angular/controllers/index.js
index d8052d4..f8b0747 100644
--- a/solr/webapp/web/js/angular/controllers/index.js
+++ b/solr/webapp/web/js/angular/controllers/index.js
@@ -21,6 +21,12 @@ solrAdminApp.controller('IndexController', function($scope, System, Cores, Const
System.get(function(data) {
$scope.system = data;
+ if (username in data.security) {
+ // Needed for Kerberos, since this is the only place from where
+ // Kerberos username can be obtained.
+ sessionStorage.setItem("auth.username", data.security.username);
+ }
+
// load average, unless its negative (means n/a on windows, etc)
if (data.system.systemLoadAverage >= 0) {
$scope.load_average = data.system.systemLoadAverage.toFixed(2);
diff --git a/solr/webapp/web/partials/index.html b/solr/webapp/web/partials/index.html
index 8fe0b66..5f77bff 100644
--- a/solr/webapp/web/partials/index.html
+++ b/solr/webapp/web/partials/index.html
@@ -253,6 +253,40 @@ limitations under the License.
</div>
</div>
+ <div class="block" id="security">
+
+ <h2>Security</h2>
+
+ <div class="content">
+
+ <ul class="data">
+
+ <li class="authentication_plugin"><dl class="clearfix">
+ <dt><span>Authentication Plugin</span></dt>
+ <dd>{{system.security["authenticationPlugin"]}}</dd>
+ </dl></li>
+
+ <li class="authorization_plugin"><dl class="clearfix">
+ <dt><span>Authorization Plugin</span></dt>
+ <dd>{{system.security["authorizationPlugin"]}}</dd>
+ </dl></li>
+
+ <li class="username"><dl class="clearfix">
+ <dt><span>Current Username</span></dt>
+ <dd>{{system.security["username"]}}</dd>
+ </dl></li>
+
+ <li class="user_roles"><dl class="clearfix">
+ <dt><span>User Roles</span></dt>
+ <dd>{{system.security["roles"]}}</dd>
+ </dl></li>
+
+ </ul>
+
+
+ </div>
+
+ </div>
</div>