You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by no...@apache.org on 2016/04/26 15:55:27 UTC
[1/2] lucene-solr:master: SOLR-9041: 'core-admin-read' and
'core-admin-edit' are well known permissions
Repository: lucene-solr
Updated Branches:
refs/heads/master 6fa5166e4 -> 506d61abe
SOLR-9041: 'core-admin-read' and 'core-admin-edit' are well known permissions
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/0233765c
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/0233765c
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/0233765c
Branch: refs/heads/master
Commit: 0233765c274ec9d308ca4eb621f26bd4ed9d0a39
Parents: 7b89d0f
Author: Noble Paul <no...@apache.org>
Authored: Tue Apr 26 19:24:23 2016 +0530
Committer: Noble Paul <no...@apache.org>
Committed: Tue Apr 26 19:24:23 2016 +0530
----------------------------------------------------------------------
solr/CHANGES.txt | 2 +
.../solr/handler/admin/CollectionsHandler.java | 2 +-
.../solr/handler/admin/CoreAdminHandler.java | 18 ++++++++-
.../solr/security/PermissionNameProvider.java | 2 +
.../TestRuleBasedAuthorizationPlugin.java | 40 ++++++++++++++++++++
.../solr/common/params/CoreAdminParams.java | 16 ++++++--
6 files changed, 75 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/0233765c/solr/CHANGES.txt
----------------------------------------------------------------------
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 6034851..905c38d 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -111,6 +111,8 @@ New Features
* SOLR-9020: Implement StatementImpl/ResultSetImpl get/set fetch* methods and proper errors for traversal methods (Kevin Risden)
+* SOLR-9041: 'core-admin-read' and 'core-admin-edit' are well known permissions (noble)
+
Bug Fixes
----------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/0233765c/solr/core/src/java/org/apache/solr/handler/admin/CollectionsHandler.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/handler/admin/CollectionsHandler.java b/solr/core/src/java/org/apache/solr/handler/admin/CollectionsHandler.java
index 64b10ab..29a978f 100644
--- a/solr/core/src/java/org/apache/solr/handler/admin/CollectionsHandler.java
+++ b/solr/core/src/java/org/apache/solr/handler/admin/CollectionsHandler.java
@@ -151,7 +151,7 @@ public class CollectionsHandler extends RequestHandlerBase implements Permission
@Override
public PermissionNameProvider.Name getPermissionName(AuthorizationContext ctx) {
String action = ctx.getParams().get("action");
- if (action == null) return null;
+ if (action == null) return PermissionNameProvider.Name.COLL_READ_PERM;
CollectionParams.CollectionAction collectionAction = CollectionParams.CollectionAction.get(action);
if (collectionAction == null) return null;
return collectionAction.isWrite ?
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/0233765c/solr/core/src/java/org/apache/solr/handler/admin/CoreAdminHandler.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/handler/admin/CoreAdminHandler.java b/solr/core/src/java/org/apache/solr/handler/admin/CoreAdminHandler.java
index 9eeef10..6e295f7 100644
--- a/solr/core/src/java/org/apache/solr/handler/admin/CoreAdminHandler.java
+++ b/solr/core/src/java/org/apache/solr/handler/admin/CoreAdminHandler.java
@@ -33,6 +33,7 @@ import org.apache.solr.cloud.ZkController;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.SolrException.ErrorCode;
import org.apache.solr.common.cloud.ZkStateReader;
+import org.apache.solr.common.params.CollectionParams;
import org.apache.solr.common.params.CommonAdminParams;
import org.apache.solr.common.params.CoreAdminParams;
import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction;
@@ -45,6 +46,8 @@ import org.apache.solr.core.CoreDescriptor;
import org.apache.solr.handler.RequestHandlerBase;
import org.apache.solr.request.SolrQueryRequest;
import org.apache.solr.response.SolrQueryResponse;
+import org.apache.solr.security.AuthorizationContext;
+import org.apache.solr.security.PermissionNameProvider;
import org.apache.solr.util.DefaultSolrThreadFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -52,12 +55,14 @@ import org.slf4j.MDC;
import static org.apache.solr.common.params.CoreAdminParams.ACTION;
import static org.apache.solr.common.params.CoreAdminParams.CoreAdminAction.STATUS;
+import static org.apache.solr.security.PermissionNameProvider.Name.CORE_EDIT_PERM;
+import static org.apache.solr.security.PermissionNameProvider.Name.CORE_READ_PERM;
/**
*
* @since solr 1.3
*/
-public class CoreAdminHandler extends RequestHandlerBase {
+public class CoreAdminHandler extends RequestHandlerBase implements PermissionNameProvider {
private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
protected final CoreContainer coreContainer;
protected final Map<String, Map<String, TaskObject>> requestStatusMap;
@@ -262,6 +267,17 @@ public class CoreAdminHandler extends RequestHandlerBase {
return "Manage Multiple Solr Cores";
}
+ @Override
+ public Name getPermissionName(AuthorizationContext ctx) {
+ String action = ctx.getParams().get(CoreAdminParams.ACTION);
+ if (action == null) return CORE_READ_PERM;
+ CoreAdminParams.CoreAdminAction coreAction = CoreAdminParams.CoreAdminAction.get(action);
+ if (coreAction == null) return CORE_READ_PERM;
+ return coreAction.isRead ?
+ CORE_READ_PERM :
+ CORE_EDIT_PERM;
+ }
+
/**
* Helper class to manage the tasks to be tracked.
* This contains the taskId, request and the response (if available).
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/0233765c/solr/core/src/java/org/apache/solr/security/PermissionNameProvider.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/security/PermissionNameProvider.java b/solr/core/src/java/org/apache/solr/security/PermissionNameProvider.java
index 2dec433..4b6af47 100644
--- a/solr/core/src/java/org/apache/solr/security/PermissionNameProvider.java
+++ b/solr/core/src/java/org/apache/solr/security/PermissionNameProvider.java
@@ -36,6 +36,8 @@ public interface PermissionNameProvider {
enum Name {
COLL_EDIT_PERM("collection-admin-edit", null),
COLL_READ_PERM("collection-admin-read", null),
+ CORE_READ_PERM("core-admin-read", null),
+ CORE_EDIT_PERM("core-admin-edit", null),
READ_PERM("read", "*"),
UPDATE_PERM("update", "*"),
CONFIG_EDIT_PERM("config-edit", "*"),
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/0233765c/solr/core/src/test/org/apache/solr/security/TestRuleBasedAuthorizationPlugin.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/security/TestRuleBasedAuthorizationPlugin.java b/solr/core/src/test/org/apache/solr/security/TestRuleBasedAuthorizationPlugin.java
index 7a92f8f..5abf21c 100644
--- a/solr/core/src/test/org/apache/solr/security/TestRuleBasedAuthorizationPlugin.java
+++ b/solr/core/src/test/org/apache/solr/security/TestRuleBasedAuthorizationPlugin.java
@@ -35,6 +35,7 @@ import org.apache.solr.handler.ReplicationHandler;
import org.apache.solr.handler.SchemaHandler;
import org.apache.solr.handler.UpdateRequestHandler;
import org.apache.solr.handler.admin.CollectionsHandler;
+import org.apache.solr.handler.admin.CoreAdminHandler;
import org.apache.solr.handler.component.SearchHandler;
import org.apache.solr.security.AuthorizationContext.CollectionRequest;
import org.apache.solr.security.AuthorizationContext.RequestType;
@@ -211,6 +212,45 @@ public class TestRuleBasedAuthorizationPlugin extends SolrTestCaseJ4 {
"params", new MapSolrParams(singletonMap("action", "CREATE")))
, STATUS_OK, rules);
+ rules = (Map) Utils.fromJSONString(permissions);
+ ((List)rules.get("permissions")).add( makeMap("name", "core-admin-edit", "role", "su"));
+ ((List)rules.get("permissions")).add( makeMap("name", "core-admin-read", "role", "user"));
+ ((Map)rules.get("user-role")).put("cio","su");
+ ((List)rules.get("permissions")).add( makeMap("name", "all", "role", "su"));
+ permissions = Utils.toJSONString(rules);
+
+ checkRules(makeMap("resource", "/admin/cores",
+ "userPrincipal", null,
+ "requestType", RequestType.ADMIN,
+ "collectionRequests", null,
+ "handler", new CoreAdminHandler(null),
+ "params", new MapSolrParams(singletonMap("action", "CREATE")))
+ , PROMPT_FOR_CREDENTIALS);
+
+ checkRules(makeMap("resource", "/admin/cores",
+ "userPrincipal", "joe",
+ "requestType", RequestType.ADMIN,
+ "collectionRequests", null,
+ "handler", new CoreAdminHandler(null),
+ "params", new MapSolrParams(singletonMap("action", "CREATE")))
+ , FORBIDDEN);
+
+ checkRules(makeMap("resource", "/admin/cores",
+ "userPrincipal", "joe",
+ "requestType", RequestType.ADMIN,
+ "collectionRequests", null,
+ "handler", new CoreAdminHandler(null),
+ "params", new MapSolrParams(singletonMap("action", "STATUS")))
+ , STATUS_OK);
+
+ checkRules(makeMap("resource", "/admin/cores",
+ "userPrincipal", "cio",
+ "requestType", RequestType.ADMIN,
+ "collectionRequests", null,
+ "handler", new CoreAdminHandler(null),
+ "params", new MapSolrParams(singletonMap("action", "CREATE")))
+ ,STATUS_OK );
+
}
public void testEditRules() throws IOException {
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/0233765c/solr/solrj/src/java/org/apache/solr/common/params/CoreAdminParams.java
----------------------------------------------------------------------
diff --git a/solr/solrj/src/java/org/apache/solr/common/params/CoreAdminParams.java b/solr/solrj/src/java/org/apache/solr/common/params/CoreAdminParams.java
index 0a9e749..f1728db 100644
--- a/solr/solrj/src/java/org/apache/solr/common/params/CoreAdminParams.java
+++ b/solr/solrj/src/java/org/apache/solr/common/params/CoreAdminParams.java
@@ -109,7 +109,7 @@ public abstract class CoreAdminParams
public static final String NODE = "node";
public enum CoreAdminAction {
- STATUS,
+ STATUS(true),
UNLOAD,
RELOAD,
CREATE,
@@ -118,18 +118,28 @@ public abstract class CoreAdminParams
MERGEINDEXES,
SPLIT,
PREPRECOVERY,
- REQUESTRECOVERY,
+ REQUESTRECOVERY,
REQUESTSYNCSHARD,
DELETEALIAS,
REQUESTBUFFERUPDATES,
REQUESTAPPLYUPDATES,
OVERSEEROP,
- REQUESTSTATUS,
+ REQUESTSTATUS(true),
REJOINLEADERELECTION,
//internal API used by force shard leader election
FORCEPREPAREFORLEADERSHIP,
INVOKE;
+ public final boolean isRead;
+
+ CoreAdminAction(boolean isRead) {
+ this.isRead = isRead;
+ }
+
+ CoreAdminAction() {
+ this.isRead = false;
+ }
+
public static CoreAdminAction get( String p ) {
if (p != null) {
try {
[2/2] lucene-solr:master: Merge branch 'master' of
https://git-wip-us.apache.org/repos/asf/lucene-solr
Posted by no...@apache.org.
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/lucene-solr
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/506d61ab
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/506d61ab
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/506d61ab
Branch: refs/heads/master
Commit: 506d61abe773ccf0b9aabf6eb88c83380c1eda95
Parents: 0233765 6fa5166
Author: Noble Paul <no...@apache.org>
Authored: Tue Apr 26 19:24:52 2016 +0530
Committer: Noble Paul <no...@apache.org>
Committed: Tue Apr 26 19:24:52 2016 +0530
----------------------------------------------------------------------
lucene/CHANGES.txt | 13 +-
.../org/apache/lucene/document/StringField.java | 4 +-
.../src/java/org/apache/lucene/geo/Polygon.java | 221 ---------
.../java/org/apache/lucene/geo/Polygon2D.java | 473 +++++++++++++++++++
.../org/apache/lucene/search/LRUQueryCache.java | 238 ++++++----
.../lucene/search/QueryCachingPolicy.java | 18 +-
.../search/UsageTrackingQueryCachingPolicy.java | 7 +-
.../test/org/apache/lucene/geo/TestPolygon.java | 330 -------------
.../org/apache/lucene/geo/TestPolygon2D.java | 289 +++++++++++
.../apache/lucene/search/TestIndexSearcher.java | 2 +-
.../apache/lucene/search/TestLRUQueryCache.java | 8 +-
.../apache/lucene/search/TestPointQueries.java | 2 +-
.../TestUsageTrackingFilterCachingPolicy.java | 17 +-
.../apache/lucene/queries/TermsQueryTest.java | 16 +-
.../lucene/queryparser/xml/TestCoreParser.java | 9 +-
.../lucene/document/LatLonDocValuesField.java | 135 ++++++
.../org/apache/lucene/document/LatLonGrid.java | 168 -------
.../org/apache/lucene/document/LatLonPoint.java | 68 +--
.../lucene/document/LatLonPointBoxQuery.java | 287 +++++++++++
.../document/LatLonPointDistanceComparator.java | 2 +-
.../document/LatLonPointDistanceQuery.java | 17 +-
.../document/LatLonPointInPolygonQuery.java | 34 +-
.../org/apache/lucene/document/LatLonTree.java | 401 ----------------
.../apache/lucene/document/MatchingPoints.java | 90 ++++
.../document/TestLatLonDocValuesField.java | 30 ++
.../apache/lucene/document/TestLatLonGrid.java | 106 -----
.../apache/lucene/document/TestLatLonPoint.java | 3 -
.../document/TestLatLonPointDistanceSort.java | 20 +-
.../apache/lucene/document/TestLatLonTree.java | 53 ---
.../org/apache/lucene/document/TestNearest.java | 3 +-
.../search/GeoPointInPolygonQueryImpl.java | 16 +-
.../org/apache/lucene/spatial3d/Geo3DPoint.java | 17 +-
.../spatial3d/PointInShapeIntersectVisitor.java | 5 +
.../spatial3d/geom/GeoConcavePolygon.java | 66 ++-
.../lucene/spatial3d/geom/GeoConvexPolygon.java | 66 ++-
.../spatial3d/geom/GeoPolygonFactory.java | 6 +-
.../lucene/spatial3d/geom/GeoStandardPath.java | 4 +-
.../apache/lucene/geo/BaseGeoPointTestCase.java | 2 +-
.../java/org/apache/lucene/geo/GeoTestUtil.java | 54 +++
.../org/apache/lucene/index/RandomCodec.java | 2 +-
.../org/apache/lucene/util/LuceneTestCase.java | 2 +-
solr/CHANGES.txt | 5 +
.../src/java/org/apache/solr/cloud/Assign.java | 8 +-
.../OverseerAutoReplicaFailoverThread.java | 1 +
.../cloud/OverseerCollectionMessageHandler.java | 40 +-
.../cloud/OverseerConfigSetMessageHandler.java | 1 +
.../cloud/overseer/ClusterStateMutator.java | 16 +-
.../solr/cloud/overseer/CollectionMutator.java | 6 +-
.../apache/solr/cloud/overseer/NodeMutator.java | 9 +-
.../solr/cloud/overseer/ReplicaMutator.java | 36 +-
.../solr/cloud/overseer/SliceMutator.java | 39 +-
.../solr/cloud/overseer/ZkStateWriter.java | 3 +-
.../src/java/org/apache/solr/core/SolrCore.java | 5 +-
.../solr/handler/CdcrUpdateLogSynchronizer.java | 4 +-
.../org/apache/solr/handler/SQLHandler.java | 1 +
.../solr/handler/admin/CollectionsHandler.java | 27 +-
.../solr/handler/admin/CoreAdminOperation.java | 11 +-
.../org/apache/solr/servlet/HttpSolrCall.java | 11 +-
.../processor/DistributedUpdateProcessor.java | 9 +-
.../src/java/org/apache/solr/util/SolrCLI.java | 1 +
.../org/apache/solr/util/SolrLogLayout.java | 10 +-
.../test/org/apache/solr/cloud/AssignTest.java | 2 +-
.../cloud/CollectionsAPIDistributedZkTest.java | 8 +-
.../solr/cloud/CollectionsAPISolrJTest.java | 2 +-
.../org/apache/solr/cloud/OverseerTest.java | 3 +-
.../test/org/apache/solr/core/SolrCoreTest.java | 40 ++
.../org/apache/solr/handler/TestSQLHandler.java | 1 +
.../client/solrj/io/stream/TopicStream.java | 1 +
.../apache/solr/common/cloud/ClusterState.java | 48 +-
.../solr/common/cloud/ClusterStateUtil.java | 1 +
.../apache/solr/common/cloud/DocCollection.java | 6 +
.../apache/solr/common/cloud/ZkStateReader.java | 12 +-
.../solr/client/solrj/io/sql/JdbcTest.java | 1 +
73 files changed, 1941 insertions(+), 1731 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/506d61ab/solr/CHANGES.txt
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/506d61ab/solr/core/src/java/org/apache/solr/handler/admin/CollectionsHandler.java
----------------------------------------------------------------------