lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From no...@apache.org
Subject svn commit: r1700784 - in /lucene/dev/trunk/solr: ./ core/src/java/org/apache/solr/security/ core/src/test/org/apache/solr/security/
Date Wed, 02 Sep 2015 12:21:11 GMT
Author: noble
Date: Wed Sep  2 12:21:11 2015
New Revision: 1700784

URL: http://svn.apache.org/r1700784
Log:
SOLR-8004: RuleBasedAuthorization plugin does not work for the collection-admin-edit permission

Modified:
    lucene/dev/trunk/solr/CHANGES.txt
    lucene/dev/trunk/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
    lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
    lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/TestRuleBasedAuthorizationPlugin.java

Modified: lucene/dev/trunk/solr/CHANGES.txt
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/CHANGES.txt?rev=1700784&r1=1700783&r2=1700784&view=diff
==============================================================================
--- lucene/dev/trunk/solr/CHANGES.txt (original)
+++ lucene/dev/trunk/solr/CHANGES.txt Wed Sep  2 12:21:11 2015
@@ -188,6 +188,8 @@ Bug Fixes
 
 * SOLR-8000: security.json is not loaded on server start (noble)
 
+* SOLR-8004: RuleBasedAuthorization plugin does not work for the collection-admin-edit permission
(noble)
+
 
 Optimizations
 ----------------------

Modified: lucene/dev/trunk/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java?rev=1700784&r1=1700783&r2=1700784&view=diff
==============================================================================
--- lucene/dev/trunk/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
(original)
+++ lucene/dev/trunk/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
Wed Sep  2 12:21:11 2015
@@ -88,7 +88,7 @@ public class RuleBasedAuthorizationPlugi
   @Override
   public AuthorizationResponse authorize(AuthorizationContext context) {
     List<AuthorizationContext.CollectionRequest> collectionRequests = context.getCollectionRequests();
-    if (collectionRequests.isEmpty()) {
+    if (context.getRequestType() == AuthorizationContext.RequestType.ADMIN) {
       MatchStatus flag = checkCollPerm(mapping.get(""), context);
       return flag.rsp;
     }

Modified: lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java?rev=1700784&r1=1700783&r2=1700784&view=diff
==============================================================================
--- lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
(original)
+++ lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
Wed Sep  2 12:21:11 2015
@@ -38,6 +38,7 @@ import org.apache.solr.client.solrj.Solr
 import org.apache.solr.client.solrj.embedded.JettySolrRunner;
 import org.apache.solr.client.solrj.impl.CloudSolrClient;
 import org.apache.solr.client.solrj.impl.HttpSolrClient;
+import org.apache.solr.client.solrj.request.CollectionAdminRequest;
 import org.apache.solr.client.solrj.request.GenericSolrRequest;
 import org.apache.solr.cloud.MiniSolrCloudCluster;
 import org.apache.solr.cloud.TestMiniSolrCloudCluster;
@@ -144,6 +145,30 @@ public class BasicAuthIntegrationTest ex
 
     verifySecurityStatus(cl, baseUrl+"/admin/authorization", "authorization/permissions[1]/collection",
"x", 20);
 
+    httpPost = new HttpPost(baseUrl + "/admin/authorization");
+    setBasicAuthHeader(httpPost, "harry", "HarryIsUberCool");
+    httpPost.setEntity(new ByteArrayEntity(Utils.toJSON(singletonMap("set-permission", Utils.makeMap
+        ("name","collection-admin-edit", "role", "admin" )))));
+    r = cl.execute(httpPost);
+
+    verifySecurityStatus(cl, baseUrl+"/admin/authorization", "authorization/permissions[2]/name",
"collection-admin-edit", 20);
+
+    CollectionAdminRequest.Reload reload = new CollectionAdminRequest.Reload();
+    reload.setCollectionName(cloudSolrClient.getDefaultCollection());
+
+    HttpSolrClient solrClient = new HttpSolrClient(baseUrl);
+    try {
+      rsp = solrClient.request(reload);
+      fail("must have failed");
+    } catch (HttpSolrClient.RemoteSolrException e) {
+
+    }
+
+    httpPost = new HttpPost(baseUrl + "/admin/authorization");
+    setBasicAuthHeader(httpPost, "harry", "HarryIsUberCool");
+    httpPost.setEntity(new ByteArrayEntity(Utils.toJSON(singletonMap("delete-permission",
"collection-admin-edit"))));
+    r = cl.execute(httpPost);//cleanup so that the super class does not need to pass on credentials
+
   }
 
   public static void verifySecurityStatus(HttpClient cl, String url, String objPath, Object
expected, int count) throws Exception {
@@ -208,6 +233,11 @@ public class BasicAuthIntegrationTest ex
   public void testErrorsInShutdown() throws Exception {
   }
 
+
+  @Override
+  public void testCollectionCreateWithoutCoresThenDelete() throws Exception {
+  }
+
   //the password is 'SolrRocks'
   //this could be generated everytime. But , then we will not know if there is any regression
   private static final String STD_CONF = "{\n" +

Modified: lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/TestRuleBasedAuthorizationPlugin.java
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/TestRuleBasedAuthorizationPlugin.java?rev=1700784&r1=1700783&r2=1700784&view=diff
==============================================================================
--- lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/TestRuleBasedAuthorizationPlugin.java
(original)
+++ lucene/dev/trunk/solr/core/src/test/org/apache/solr/security/TestRuleBasedAuthorizationPlugin.java
Wed Sep  2 12:21:11 2015
@@ -95,7 +95,7 @@ public class TestRuleBasedAuthorizationP
     assertEquals(FORBIDDEN,authResp.statusCode);
 
     values.put("resource","/admin/collections");
-    values.put("collectionRequests",new ArrayList<>());
+    values.put("requestType", AuthorizationContext.RequestType.ADMIN);
     values.put("params", new MapSolrParams(Collections.singletonMap("action", "LIST")));
     values.put("httpMethod","GET");
     authResp = plugin.authorize(context);
@@ -109,6 +109,10 @@ public class TestRuleBasedAuthorizationP
     authResp = plugin.authorize(context);
     assertEquals(PROMPT_FOR_CREDENTIALS, authResp.statusCode);
 
+    values.put("params", new MapSolrParams(Collections.singletonMap("action", "RELOAD")));
+    authResp = plugin.authorize(context);
+    assertEquals(PROMPT_FOR_CREDENTIALS, authResp.statusCode);
+
     values.put("userPrincipal", new BasicUserPrincipal("somebody"));
     authResp = plugin.authorize(context);
     assertEquals(FORBIDDEN,authResp.statusCode);



Mime
View raw message