lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ans...@apache.org
Subject svn commit: r1681926 - in /lucene/dev/branches/lucene_solr_5_2: ./ lucene/ lucene/tools/ lucene/tools/junit4/ solr/ solr/core/ solr/core/src/java/org/apache/solr/security/ solr/core/src/test/org/apache/solr/cloud/
Date Wed, 27 May 2015 07:54:25 GMT
Author: anshum
Date: Wed May 27 07:54:24 2015
New Revision: 1681926

URL: http://svn.apache.org/r1681926
Log:
SOLR-7468: Merging commits to fix test issue from trunk. Commits merged: r1681413 r1681597
r1681778 r1681792

Added:
    lucene/dev/branches/lucene_solr_5_2/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithKerberosAlt.java
      - copied unchanged from r1681826, lucene/dev/branches/branch_5x/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithKerberosAlt.java
Modified:
    lucene/dev/branches/lucene_solr_5_2/   (props changed)
    lucene/dev/branches/lucene_solr_5_2/lucene/   (props changed)
    lucene/dev/branches/lucene_solr_5_2/lucene/tools/   (props changed)
    lucene/dev/branches/lucene_solr_5_2/lucene/tools/junit4/solr-tests.policy
    lucene/dev/branches/lucene_solr_5_2/solr/   (props changed)
    lucene/dev/branches/lucene_solr_5_2/solr/core/   (props changed)
    lucene/dev/branches/lucene_solr_5_2/solr/core/src/java/org/apache/solr/security/KerberosPlugin.java
    lucene/dev/branches/lucene_solr_5_2/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithKerberos.java

Modified: lucene/dev/branches/lucene_solr_5_2/lucene/tools/junit4/solr-tests.policy
URL: http://svn.apache.org/viewvc/lucene/dev/branches/lucene_solr_5_2/lucene/tools/junit4/solr-tests.policy?rev=1681926&r1=1681925&r2=1681926&view=diff
==============================================================================
--- lucene/dev/branches/lucene_solr_5_2/lucene/tools/junit4/solr-tests.policy (original)
+++ lucene/dev/branches/lucene_solr_5_2/lucene/tools/junit4/solr-tests.policy Wed May 27 07:54:24
2015
@@ -86,5 +86,6 @@ grant {
   permission javax.security.auth.kerberos.ServicePermission "zookeeper/127.0.0.1@EXAMPLE.COM",
"accept";
   permission javax.security.auth.kerberos.ServicePermission "HTTP/127.0.0.1@EXAMPLE.COM",
"initiate";
   permission javax.security.auth.kerberos.ServicePermission "HTTP/127.0.0.1@EXAMPLE.COM",
"accept";
+  permission javax.security.auth.kerberos.DelegationPermission "\"HTTP/127.0.0.1@EXAMPLE.COM\"
\"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"";
 
 };

Modified: lucene/dev/branches/lucene_solr_5_2/solr/core/src/java/org/apache/solr/security/KerberosPlugin.java
URL: http://svn.apache.org/viewvc/lucene/dev/branches/lucene_solr_5_2/solr/core/src/java/org/apache/solr/security/KerberosPlugin.java?rev=1681926&r1=1681925&r2=1681926&view=diff
==============================================================================
--- lucene/dev/branches/lucene_solr_5_2/solr/core/src/java/org/apache/solr/security/KerberosPlugin.java
(original)
+++ lucene/dev/branches/lucene_solr_5_2/solr/core/src/java/org/apache/solr/security/KerberosPlugin.java
Wed May 27 07:54:24 2015
@@ -56,17 +56,24 @@ public class KerberosPlugin extends Auth
   HttpClientConfigurer kerberosConfigurer = new Krb5HttpClientConfigurer();
   Filter kerberosFilter = new KerberosFilter();
   
+  final String NAME_RULES_PARAM = "solr.kerberos.name.rules";
+  final String COOKIE_DOMAIN_PARAM = "solr.kerberos.cookie.domain";
+  final String COOKIE_PATH_PARAM = "solr.kerberos.cookie.path";
+  final String PRINCIPAL_PARAM = "solr.kerberos.principal";
+  final String KEYTAB_PARAM = "solr.kerberos.keytab";
+  final String TOKEN_VALID_PARAM = "solr.kerberos.token.valid";
+
   @Override
   public void init(Map<String, Object> pluginConfig) {
     try {
       final Map<String, String> params = new HashMap();
       params.put("type", "kerberos");
-      params.put("kerberos.name.rules", System.getProperty("solr.kerberos.name.rules", "DEFAULT"));
-      params.put("token.valid", System.getProperty("solr.kerberos.token.valid", "30"));
-      params.put("cookie.domain", System.getProperty("solr.kerberos.cookie.domain"));
-      params.put("cookie.path", System.getProperty("solr.kerberos.cookie.path", "/"));
-      params.put("kerberos.principal", System.getProperty("solr.kerberos.principal"));
-      params.put("kerberos.keytab", System.getProperty("solr.kerberos.keytab"));
+      putParam(params, "kerberos.name.rules", NAME_RULES_PARAM, "DEFAULT");
+      putParam(params, "token.valid", TOKEN_VALID_PARAM, "30");
+      putParam(params, "cookie.domain", COOKIE_DOMAIN_PARAM, null);
+      putParam(params, "cookie.path", COOKIE_PATH_PARAM, "/");
+      putParam(params, "kerberos.principal", PRINCIPAL_PARAM, null);
+      putParam(params, "kerberos.keytab", KEYTAB_PARAM, null);
 
       log.info("Params: "+params);
 
@@ -98,6 +105,14 @@ public class KerberosPlugin extends Auth
     }
   }
 
+  private void putParam(Map<String, String> params, String internalParamName, String
externalParamName, String defaultValue) {
+    String value = System.getProperty(externalParamName, defaultValue);
+    if (value==null) {
+      throw new SolrException(ErrorCode.SERVER_ERROR, "Missing required parameter '"+externalParamName+"'.");
+    }
+    params.put(internalParamName, value);
+  }
+
   @Override
   public void doAuthenticate(ServletRequest req, ServletResponse rsp,
       FilterChain chain) throws Exception {

Modified: lucene/dev/branches/lucene_solr_5_2/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithKerberos.java
URL: http://svn.apache.org/viewvc/lucene/dev/branches/lucene_solr_5_2/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithKerberos.java?rev=1681926&r1=1681925&r2=1681926&view=diff
==============================================================================
--- lucene/dev/branches/lucene_solr_5_2/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithKerberos.java
(original)
+++ lucene/dev/branches/lucene_solr_5_2/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithKerberos.java
Wed May 27 07:54:24 2015
@@ -38,8 +38,10 @@ import org.apache.solr.client.solrj.resp
 import org.apache.solr.client.solrj.response.QueryResponse;
 import org.apache.solr.common.cloud.ZkStateReader;
 import org.apache.zookeeper.CreateMode;
+import org.junit.Ignore;
 import org.junit.Test;
 
+@Ignore
 @SolrTestCaseJ4.SuppressSSL
 @LuceneTestCase.Slow
 public class TestSolrCloudWithKerberos extends AbstractFullDistribZkTestBase {
@@ -61,9 +63,14 @@ public class TestSolrCloudWithKerberos e
     if (brokenLocales.contains(Locale.getDefault().toString())) {
       Locale.setDefault(Locale.US);
     }
+    // Use just one jetty
+    this.sliceCount = 0;
+    this.fixShardCount(1);
+
     setupMiniKdc();
-    super.distribSetUp();
     //useExternalKdc();
+    
+    super.distribSetUp();
     try (ZkStateReader zkStateReader = new ZkStateReader(zkServer.getZkAddress(), TIMEOUT,
TIMEOUT)) {
       zkStateReader.getZkClient().create(ZkStateReader.SOLR_SECURITY_CONF_PATH,
           "{\"authentication\":{\"class\":\"org.apache.solr.security.KerberosPlugin\"}}".getBytes(Charsets.UTF_8),
@@ -72,14 +79,14 @@ public class TestSolrCloudWithKerberos e
   }
 
   private void setupMiniKdc() throws Exception {
+    System.setProperty("solr.jaas.debug", "true");
     String kdcDir = createTempDir()+File.separator+"minikdc";
     kdc = KerberosTestUtil.getKdc(new File(kdcDir));
     File keytabFile = new File(kdcDir, "keytabs");
     String solrServerPrincipal = "HTTP/127.0.0.1";
-    String zkServerPrincipal = "zookeeper/127.0.0.1";
-
+    String solrClientPrincipal = "solr";
     kdc.start();
-    kdc.createPrincipal(keytabFile, solrServerPrincipal, zkServerPrincipal);
+    kdc.createPrincipal(keytabFile, solrServerPrincipal, solrClientPrincipal);
 
     String jaas = "SolrClient {\n"
         + " com.sun.security.auth.module.Krb5LoginModule required\n"
@@ -89,10 +96,10 @@ public class TestSolrCloudWithKerberos e
         + " useTicketCache=false\n"
         + " doNotPrompt=true\n"
         + " debug=true\n"
-        + " principal=\"" + solrServerPrincipal + "\";\n"
+        + " principal=\"" + solrClientPrincipal + "\";\n"
         + "};";
 
-    Configuration conf = new KerberosTestUtil.JaasConfiguration(solrServerPrincipal, keytabFile,
"SolrClient");
+    Configuration conf = new KerberosTestUtil.JaasConfiguration(solrClientPrincipal, keytabFile,
"SolrClient");
     Configuration.setConfiguration(conf);
 
     String jaasFilePath = kdcDir+File.separator+"jaas-client.conf";
@@ -102,7 +109,12 @@ public class TestSolrCloudWithKerberos e
     System.setProperty("solr.kerberos.cookie.domain", "127.0.0.1");
     System.setProperty("solr.kerberos.principal", solrServerPrincipal);
     System.setProperty("solr.kerberos.keytab", keytabFile.getAbsolutePath());
-    
+    // Extracts 127.0.0.1 from HTTP/127.0.0.1@EXAMPLE.COM
+    System.setProperty("solr.kerberos.name.rules", "RULE:[1:$1@$0](.*EXAMPLE.COM)s/@.*//"
+        + "\nRULE:[2:$2@$0](.*EXAMPLE.COM)s/@.*//"
+        + "\nDEFAULT"
+        );
+
     // more debugging, if needed
     /*System.setProperty("sun.security.jgss.debug", "true");
     System.setProperty("sun.security.krb5.debug", "true");
@@ -111,65 +123,65 @@ public class TestSolrCloudWithKerberos e
   }
   
   //This method can be used for debugging i.e. to use an external KDC for the test.
-  private void useExternalKdc() throws Exception {
+  public static void useExternalKdc() throws Exception {
 
-    String jaas = "Client {\n"
+    String jaas = "SolrClient {\n"
         +"  com.sun.security.auth.module.Krb5LoginModule required\n"
         +"  useKeyTab=true\n"
-        +"  keyTab=\"/tmp/127.keytab\"\n"
+        +"  keyTab=\"/opt/keytabs/solr.keytab\"\n"
         +"  storeKey=true\n"
+        + " doNotPrompt=true\n"
         +"  useTicketCache=false\n"
         +"  debug=true\n"
         +"  principal=\"HTTP/127.0.0.1\";\n"
-        +"};\n"
-        + "\n"
-        + "Server {\n"
-        +"  com.sun.security.auth.module.Krb5LoginModule optional\n"
-        +"  useKeyTab=true\n"
-        +"  keyTab=\"/tmp/127.keytab\"\n"
-        +"  storeKey=true\n"
-        +"  useTicketCache=false\n"
-        +"  debug=true\n"
-        +"  principal=\"zookeeper/127.0.0.1\";\n"
-        +"};";
+        +"};\n";
 
     String tmpDir = createTempDir().toString();
     FileUtils.write(new File(tmpDir + File.separator + "jaas.conf"), jaas);
+    
+    Configuration conf = new KerberosTestUtil.JaasConfiguration("solr", new File("/opt/keytabs/solr.keytab"),
"SolrClient");
+    Configuration.setConfiguration(conf);
 
     System.setProperty("java.security.auth.login.config", tmpDir + File.separator + "jaas.conf");
-    System.setProperty("solr.kerberos.jaas.appname", "Client");
+    System.setProperty("solr.kerberos.jaas.appname", "SolrClient");
     System.setProperty("solr.kerberos.cookie.domain", "127.0.0.1");
     System.setProperty("solr.kerberos.principal", "HTTP/127.0.0.1@EXAMPLE.COM");
-    System.setProperty("solr.kerberos.keytab", "/tmp/127.keytab");
+    System.setProperty("solr.kerberos.keytab", "/opt/keytabs/solr.keytab");
     System.setProperty("authenticationPlugin", "org.apache.solr.security.KerberosPlugin");
+    // Extracts 127.0.0.1 from HTTP/127.0.0.1@EXAMPLE.COM
+    //System.setProperty("solr.kerberos.name.rules", "RULE:[2:$2@$0](.*EXAMPLE.COM)s/@.*//");
   }
   
   @Test
   public void testKerberizedSolr() throws Exception {
-    HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
-    CloudSolrClient testClient = createCloudClient("testcollection");
-    
-    CollectionAdminRequest.Create create = new CollectionAdminRequest.Create();
-    create.setCollectionName("testcollection");
-    create.setConfigName("conf1");
-    create.setNumShards(1);
-    create.setReplicationFactor(1);
-    create.process(testClient);
-    
-    waitForCollection(testClient.getZkStateReader(), "testcollection", 1);
-    CollectionAdminRequest.List list = new CollectionAdminRequest.List();
-    
-    CollectionAdminResponse response = list.process(testClient);
-    assertTrue("Expected to see testcollection but it doesn't exist",
-        ((ArrayList) response.getResponse().get("collections")).contains("testcollection"));
-    
-    testClient.setDefaultCollection("testcollection");
-    indexDoc(testClient, params("commit", "true"), getDoc("id", 1));
-    //cloudClient.commit();
-
-    QueryResponse queryResponse = testClient.query(new SolrQuery("*:*"));
-    assertEquals("Expected #docs and actual isn't the same", 1, queryResponse.getResults().size());
-    testClient.close();
+    CloudSolrClient testClient = null;
+    try {
+      HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
+      testClient = createCloudClient("testcollection");
+
+      CollectionAdminRequest.Create create = new CollectionAdminRequest.Create();
+      create.setCollectionName("testcollection");
+      create.setConfigName("conf1");
+      create.setNumShards(1);
+      create.setReplicationFactor(1);
+      create.process(testClient);
+
+      waitForCollection(testClient.getZkStateReader(), "testcollection", 1);
+      CollectionAdminRequest.List list = new CollectionAdminRequest.List();
+
+      CollectionAdminResponse response = list.process(testClient);
+      assertTrue("Expected to see testcollection but it doesn't exist",
+          ((ArrayList) response.getResponse().get("collections")).contains("testcollection"));
+
+      testClient.setDefaultCollection("testcollection");
+      indexDoc(testClient, params("commit", "true"), getDoc("id", 1));
+
+      QueryResponse queryResponse = testClient.query(new SolrQuery("*:*"));
+      assertEquals("Expected #docs and actual isn't the same", 1, queryResponse.getResults().size());
+    } finally {
+      if(testClient != null)
+        testClient.close();
+    }
   }
   
   @Override
@@ -179,6 +191,8 @@ public class TestSolrCloudWithKerberos e
     System.clearProperty("solr.cookie.domain");
     System.clearProperty("solr.kerberos.principal");
     System.clearProperty("solr.kerberos.keytab");
+    System.clearProperty("solr.jaas.debug");
+    System.clearProperty("solr.kerberos.name.rules");
     Configuration.setConfiguration(originalConfig);
     if (kdc != null) {
       kdc.stop();



Mime
View raw message