You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by ja...@apache.org on 2023/09/23 19:21:37 UTC
[solr] branch branch_9x updated: Clean up some deprecations and warnings in jwt-auth module (#1952)
This is an automated email from the ASF dual-hosted git repository.
janhoy pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/branch_9x by this push:
new e71e513e02b Clean up some deprecations and warnings in jwt-auth module (#1952)
e71e513e02b is described below
commit e71e513e02b503c03f2be6504f007777f9fb4c37
Author: Jan Høydahl <ja...@apache.org>
AuthorDate: Sat Sep 23 21:18:18 2023 +0200
Clean up some deprecations and warnings in jwt-auth module (#1952)
(cherry picked from commit de61e1a6dd56590d5b90b2a498c32b0f4dadc29d)
---
solr/modules/jwt-auth/build.gradle | 1 +
.../org/apache/solr/security/jwt/JWTAuthPlugin.java | 10 +++++-----
.../solr/security/jwt/JWTVerificationkeyResolver.java | 9 +++------
.../solr/security/jwt/JWTAuthPluginIntegrationTest.java | 10 ++++++----
.../org/apache/solr/security/jwt/JWTAuthPluginTest.java | 17 ++++++-----------
.../apache/solr/security/jwt/JWTIssuerConfigTest.java | 3 ++-
.../security/jwt/JWTVerificationkeyResolverTest.java | 2 ++
7 files changed, 25 insertions(+), 27 deletions(-)
diff --git a/solr/modules/jwt-auth/build.gradle b/solr/modules/jwt-auth/build.gradle
index 3bed1606e4a..1b420899e33 100644
--- a/solr/modules/jwt-auth/build.gradle
+++ b/solr/modules/jwt-auth/build.gradle
@@ -39,6 +39,7 @@ dependencies {
implementation 'org.apache.httpcomponents:httpclient'
implementation 'org.apache.httpcomponents:httpcore'
implementation 'org.eclipse.jetty:jetty-client'
+ implementation 'org.eclipse.jetty:jetty-http'
implementation 'org.eclipse.jetty.toolchain:jetty-servlet-api'
implementation 'com.google.guava:guava'
implementation 'org.slf4j:slf4j-api'
diff --git a/solr/modules/jwt-auth/src/java/org/apache/solr/security/jwt/JWTAuthPlugin.java b/solr/modules/jwt-auth/src/java/org/apache/solr/security/jwt/JWTAuthPlugin.java
index 3e3f7578fc9..bb64f458f4e 100644
--- a/solr/modules/jwt-auth/src/java/org/apache/solr/security/jwt/JWTAuthPlugin.java
+++ b/solr/modules/jwt-auth/src/java/org/apache/solr/security/jwt/JWTAuthPlugin.java
@@ -257,9 +257,9 @@ public class JWTAuthPlugin extends AuthenticationPlugin
issuerConfigs.addAll(parseIssuers(pluginConfig));
verificationKeyResolver = new JWTVerificationkeyResolver(issuerConfigs, requireIssuer);
- if (issuerConfigs.size() > 0 && getPrimaryIssuer().getAuthorizationEndpoint() != null) {
+ if (!issuerConfigs.isEmpty() && getPrimaryIssuer().getAuthorizationEndpoint() != null) {
adminUiScope = (String) pluginConfig.get(PARAM_ADMINUI_SCOPE);
- if (adminUiScope == null && requiredScopes.size() > 0) {
+ if (adminUiScope == null && !requiredScopes.isEmpty()) {
adminUiScope = requiredScopes.get(0);
log.warn(
"No adminUiScope given, using first scope in 'scope' list as required scope for accessing Admin UI");
@@ -384,7 +384,7 @@ public class JWTAuthPlugin extends AuthenticationPlugin
* @return JWTIssuerConfig object for the primary issuer
*/
JWTIssuerConfig getPrimaryIssuer() {
- if (issuerConfigs.size() == 0) {
+ if (issuerConfigs.isEmpty()) {
throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "No issuers configured");
}
return issuerConfigs.get(0);
@@ -690,7 +690,7 @@ public class JWTAuthPlugin extends AuthenticationPlugin
}
}
}
- if (finalRoles.size() > 0) {
+ if (!finalRoles.isEmpty()) {
return new JWTAuthenticationResponse(
AuthCode.AUTHENTICATED,
new JWTPrincipalWithUserRoles(
@@ -972,7 +972,7 @@ public class JWTAuthPlugin extends AuthenticationPlugin
Object userToken = request.getAttributes().get(Http2SolrClient.REQ_PRINCIPAL_KEY);
if (userToken instanceof JWTPrincipal) {
JWTPrincipal jwtPrincipal = (JWTPrincipal) userToken;
- request.header(HttpHeaders.AUTHORIZATION, "Bearer " + jwtPrincipal.getToken());
+ request.headers(h -> h.put(HttpHeaders.AUTHORIZATION, "Bearer " + jwtPrincipal.getToken()));
return true;
}
return false;
diff --git a/solr/modules/jwt-auth/src/java/org/apache/solr/security/jwt/JWTVerificationkeyResolver.java b/solr/modules/jwt-auth/src/java/org/apache/solr/security/jwt/JWTVerificationkeyResolver.java
index a9254c7d5d7..2fe75a1baf5 100644
--- a/solr/modules/jwt-auth/src/java/org/apache/solr/security/jwt/JWTVerificationkeyResolver.java
+++ b/solr/modules/jwt-auth/src/java/org/apache/solr/security/jwt/JWTVerificationkeyResolver.java
@@ -59,9 +59,9 @@ import org.slf4j.LoggerFactory;
public class JWTVerificationkeyResolver implements VerificationKeyResolver {
private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
- private VerificationJwkSelector verificationJwkSelector = new VerificationJwkSelector();
+ private final VerificationJwkSelector verificationJwkSelector = new VerificationJwkSelector();
- private Map<String, JWTIssuerConfig> issuerConfigs = new HashMap<>();
+ private final Map<String, JWTIssuerConfig> issuerConfigs = new HashMap<>();
private final boolean requireIssuer;
/**
@@ -73,10 +73,7 @@ public class JWTVerificationkeyResolver implements VerificationKeyResolver {
public JWTVerificationkeyResolver(
Collection<JWTIssuerConfig> issuerConfigs, boolean requireIssuer) {
this.requireIssuer = requireIssuer;
- issuerConfigs.forEach(
- ic -> {
- this.issuerConfigs.put(ic.getIss(), ic);
- });
+ issuerConfigs.forEach(ic -> this.issuerConfigs.put(ic.getIss(), ic));
}
@Override
diff --git a/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTAuthPluginIntegrationTest.java b/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTAuthPluginIntegrationTest.java
index 34b009000af..7a0700946c8 100644
--- a/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTAuthPluginIntegrationTest.java
+++ b/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTAuthPluginIntegrationTest.java
@@ -86,7 +86,6 @@ import org.junit.Test;
*/
@SolrTestCaseJ4.SuppressSSL
public class JWTAuthPluginIntegrationTest extends SolrCloudAuthTestCase {
- private final String COLLECTION = "jwtColl";
private static String mockOAuthToken;
private static Path pemFilePath;
@@ -143,7 +142,7 @@ public class JWTAuthPluginIntegrationTest extends SolrCloudAuthTestCase {
}
@Test
- public void mockOAuth2ServerWrongPEMInTruststore() throws Exception {
+ public void mockOAuth2ServerWrongPEMInTruststore() {
// JWTAuthPlugin throws SSLHandshakeException when fetching JWK, so this trips cluster init
assertThrows(Exception.class, () -> configureClusterMockOauth(2, wrongPemFilePath, 2000));
}
@@ -209,6 +208,7 @@ public class JWTAuthPluginIntegrationTest extends SolrCloudAuthTestCase {
String baseUrl = cluster.getRandomJetty(random()).getBaseUrl().toString();
CloseableHttpClient cl = HttpClientUtil.createClient(null);
+ String COLLECTION = "jwtColl";
createCollection(cluster, COLLECTION);
// Missing token
@@ -520,8 +520,10 @@ public class JWTAuthPluginIntegrationTest extends SolrCloudAuthTestCase {
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore);
- MockWebServerWrapper mockWebServerWrapper = new MockWebServerWrapper();
- MockWebServer mockWebServer = mockWebServerWrapper.getMockWebServer();
+ MockWebServer mockWebServer;
+ try (MockWebServerWrapper mockWebServerWrapper = new MockWebServerWrapper()) {
+ mockWebServer = mockWebServerWrapper.getMockWebServer();
+ }
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(
keyManagerFactory.getKeyManagers(), /*trustManagerFactory.getTrustManagers()*/
diff --git a/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTAuthPluginTest.java b/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTAuthPluginTest.java
index 9e04865c6c3..211b75c1b5f 100644
--- a/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTAuthPluginTest.java
+++ b/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTAuthPluginTest.java
@@ -636,11 +636,7 @@ public class JWTAuthPluginTest extends SolrTestCaseJ4 {
authConf.put("trustedCerts", trustedPemCert);
authConf.put("trustedCertsFile", "/path/to/cert.pem");
plugin = new JWTAuthPlugin();
- expectThrows(
- SolrException.class,
- () -> {
- plugin.init(authConf);
- });
+ expectThrows(SolrException.class, () -> plugin.init(authConf));
}
@Test
@@ -656,12 +652,11 @@ public class JWTAuthPluginTest extends SolrTestCaseJ4 {
expectThrows(
SolrException.class,
CertificateException.class,
- () -> {
- CryptoKeys.parseX509Certs(
- new ByteArrayInputStream(
- ("-----BEGIN CERTIFICATE-----\n" + "foo\n" + "-----END CERTIFICATE-----\n")
- .getBytes(StandardCharsets.UTF_8)));
- });
+ () ->
+ CryptoKeys.parseX509Certs(
+ new ByteArrayInputStream(
+ ("-----BEGIN CERTIFICATE-----\n" + "foo\n" + "-----END CERTIFICATE-----\n")
+ .getBytes(StandardCharsets.UTF_8))));
}
@Test
diff --git a/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTIssuerConfigTest.java b/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTIssuerConfigTest.java
index 57c0261b897..6416b60c61c 100644
--- a/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTIssuerConfigTest.java
+++ b/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTIssuerConfigTest.java
@@ -37,6 +37,7 @@ import org.junit.Before;
import org.junit.Test;
import org.noggit.JSONUtil;
+@SuppressWarnings("HttpUrlsUsage")
public class JWTIssuerConfigTest extends SolrTestCase {
private JWTIssuerConfig testIssuer;
private Map<String, Object> testIssuerConfigMap;
@@ -153,7 +154,7 @@ public class JWTIssuerConfigTest extends SolrTestCase {
JWTIssuerConfig issuerConfig = new JWTIssuerConfig(issuerConfigMap);
- SolrException e = expectThrows(SolrException.class, () -> issuerConfig.getHttpsJwks());
+ SolrException e = expectThrows(SolrException.class, issuerConfig::getHttpsJwks);
assertEquals(400, e.code());
assertEquals(
"jwksUrl is using http protocol. HTTPS required for IDP communication. Please use SSL or start your nodes with -Dsolr.auth.jwt.allowOutboundHttp=true to allow HTTP for test purposes.",
diff --git a/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTVerificationkeyResolverTest.java b/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTVerificationkeyResolverTest.java
index 216154efbb6..3406e439dbb 100644
--- a/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTVerificationkeyResolverTest.java
+++ b/solr/modules/jwt-auth/src/test/org/apache/solr/security/jwt/JWTVerificationkeyResolverTest.java
@@ -43,6 +43,7 @@ import org.mockito.junit.MockitoJUnit;
import org.mockito.junit.MockitoRule;
/** Tests the multi jwks resolver that can fetch keys from multiple JWKs */
+@SuppressWarnings("ArraysAsListWithZeroOrOneArgument")
public class JWTVerificationkeyResolverTest extends SolrTestCaseJ4 {
private JWTVerificationkeyResolver resolver;
@@ -117,6 +118,7 @@ public class JWTVerificationkeyResolverTest extends SolrTestCaseJ4 {
resolver.resolveKey(k5.getJws(), null);
}
+ @SuppressWarnings("NewClassNamingConvention")
public static class KeyHolder {
private final RsaJsonWebKey key;
private final String kid;