Skip to content

Commit

Permalink
enable unauthenticated requests
Browse files Browse the repository at this point in the history
  • Loading branch information
@tboeghk
tboeghk committed Dec 7, 2021
1 parent d4665b4 commit 870c387
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 5 deletions.
18 changes: 17 additions & 1 deletion examples/security.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,23 @@
"defaultRole": "admin",
"permissions": [
{
"name": "all",
"name": "security-edit",
"role": "admin"
},
{
"name": "schema-edit",
"role": "admin"
},
{
"name": "config-edit",
"role": "admin"
},
{
"name": "core-admin-edit",
"role": "admin"
},
{
"name": "collection-admin-edit",
"role": "admin"
}
]
Expand Down
29 changes: 25 additions & 4 deletions src/main/java/cool/solr/security/ForwardAuthPlugin.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,22 +16,38 @@
import org.apache.commons.lang.builder.ToStringBuilder;
import org.apache.http.annotation.Contract;
import org.apache.http.annotation.ThreadingBehavior;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.SolrException.ErrorCode;
import org.apache.solr.security.AuthenticationPlugin;
import org.apache.solr.security.BasicAuthPlugin;

public class ForwardAuthPlugin extends AuthenticationPlugin {

public static final String ARG_USER_HEADER = "httpUserHeader";
public static final String HTTP_HEADER_USER_DEFAULT = "X-Forwarded-User";
public static final String X_REQUESTED_WITH_HEADER = "X-Requested-With";

private String httpUserHeader;
private boolean blockUnknown = false;

@Override
public void init(Map<String, Object> args) {
this.httpUserHeader = (String) args.getOrDefault(ARG_USER_HEADER, HTTP_HEADER_USER_DEFAULT);

Object o = args.get(BasicAuthPlugin.PROPERTY_BLOCK_UNKNOWN);
if (o != null) {
try {
blockUnknown = Boolean.parseBoolean(o.toString());
} catch (Exception e) {
throw new SolrException(ErrorCode.BAD_REQUEST,
"Invalid value for parameter " + BasicAuthPlugin.PROPERTY_BLOCK_UNKNOWN);
}
}
}

@Override
public boolean doAuthenticate(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
public boolean doAuthenticate(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain)
throws Exception {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
Expand All @@ -47,9 +63,14 @@ public Principal getUserPrincipal() {
numAuthenticated.inc();
filterChain.doFilter(wrapper, response);
return true;
} else if (blockUnknown) {
numMissingCredentials.inc();
return false;
} else {
numPassThrough.inc();
filterChain.doFilter(request, response);
return true;
}

return false;
}

@Contract(threading = ThreadingBehavior.IMMUTABLE)
Expand All @@ -76,7 +97,7 @@ public boolean equals(Object o) {
return true;
if (o == null || getClass() != o.getClass())
return false;
ForwardAuthUserPrincipal that = (ForwardAuthUserPrincipal) o;
ForwardAuthUserPrincipal that = (ForwardAuthUserPrincipal) o;
return Objects.equals(username, that.username);
}

Expand Down

0 comments on commit 870c387

Please sign in to comment.