lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From is...@apache.org
Subject lucene-solr:master: SOLR-9984: Deprecate GenericHadoopAuthPlugin in favor of HadoopAuthPlugin
Date Thu, 19 Jan 2017 04:06:41 GMT
Repository: lucene-solr
Updated Branches:
  refs/heads/master 9f58b6cd1 -> 1a05d6f4f


SOLR-9984: Deprecate GenericHadoopAuthPlugin in favor of HadoopAuthPlugin


Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/1a05d6f4
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/1a05d6f4
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/1a05d6f4

Branch: refs/heads/master
Commit: 1a05d6f4f1a6e7c99662549c8f24a11727d86b2f
Parents: 9f58b6c
Author: Ishan Chattopadhyaya <ichattopadhyaya@gmail.com>
Authored: Thu Jan 19 09:35:59 2017 +0530
Committer: Ishan Chattopadhyaya <ichattopadhyaya@gmail.com>
Committed: Thu Jan 19 09:35:59 2017 +0530

----------------------------------------------------------------------
 solr/CHANGES.txt                                |   8 +
 .../solr/security/GenericHadoopAuthPlugin.java  | 245 +------------------
 .../apache/solr/security/HadoopAuthPlugin.java  |   2 +-
 3 files changed, 14 insertions(+), 241 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/1a05d6f4/solr/CHANGES.txt
----------------------------------------------------------------------
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index aab5116..62b8818 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -94,6 +94,12 @@ Jetty 9.3.14.v20161028
 Detailed Change List
 ----------------------
 
+Upgrade Notes
+----------------------
+
+* SOLR-9984: GenericHadoopAuthPlugin is deprecated in favor of HadoopAuthPlugin. Simply changing
the
+  name of the class in the security configurations should suffice while upgrading.
+
 New Features
 ----------------------
 
@@ -122,6 +128,8 @@ Other Changes
 ----------------------
 * SOLR-9980: Expose configVersion in core admin status (Jessica Cheng Mallet via Tomás Fernández
Löbbe)
 
+* SOLR-9984: Deprecate GenericHadoopAuthPlugin in favor of HadoopAuthPlugin (Ishan Chattopadhyaya)
+
 ==================  6.4.0 ==================
 
 Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/1a05d6f4/solr/core/src/java/org/apache/solr/security/GenericHadoopAuthPlugin.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/security/GenericHadoopAuthPlugin.java b/solr/core/src/java/org/apache/solr/security/GenericHadoopAuthPlugin.java
index e5fe349..3d63fd6 100644
--- a/solr/core/src/java/org/apache/solr/security/GenericHadoopAuthPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/GenericHadoopAuthPlugin.java
@@ -16,251 +16,16 @@
  */
 package org.apache.solr.security;
 
-import static org.apache.solr.security.RequestContinuesRecorderAuthenticationHandler.REQUEST_CONTINUES_ATTR;
-import static org.apache.solr.security.HadoopAuthFilter.DELEGATION_TOKEN_ZK_CLIENT;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.lang.invoke.MethodHandles;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Optional;
-
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
-
-import org.apache.commons.collections.iterators.IteratorEnumeration;
-import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
-import org.apache.solr.client.solrj.impl.HttpClientBuilderFactory;
-import org.apache.solr.client.solrj.impl.Krb5HttpClientBuilder;
-import org.apache.solr.client.solrj.impl.SolrHttpClientBuilder;
-import org.apache.solr.cloud.ZkController;
-import org.apache.solr.common.SolrException;
-import org.apache.solr.common.SolrException.ErrorCode;
-import org.apache.solr.common.util.SuppressForbidden;
 import org.apache.solr.core.CoreContainer;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 /**
- * This class implements a generic plugin which can use authentication schemes exposed by
the
- * Hadoop framework. This plugin supports following features
- * - integration with authentication mehcanisms (e.g. kerberos)
- * - Delegation token support
- * - Proxy users (or secure impersonation) support
- *
- * This plugin enables defining configuration parameters required by the undelying Hadoop
authentication
- * mechanism. These configuration parameters can either be specified as a Java system property
or the default
- * value can be specified as part of the plugin configuration.
- *
- * The proxy users are configured by specifying relevant Hadoop configuration parameters.
Please note that
- * the delegation token support must be enabled for using the proxy users support.
- *
- * For Solr internal communication, this plugin enables configuring {@linkplain HttpClientBuilderFactory}
- * implementation (e.g. based on kerberos).
+ *  * @deprecated Use {@link HadoopAuthPlugin}. For backcompat against Solr 6.4.
  */
-public class GenericHadoopAuthPlugin extends AuthenticationPlugin implements HttpClientBuilderPlugin
{
-  private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
-  /**
-   * A property specifying the type of authentication scheme to be configured.
-   */
-  private static final String HADOOP_AUTH_TYPE = "type";
-
-  /**
-   * A property specifies the value of the prefix to be used to define Java system property
-   * for configuring the authentication mechanism. The name of the Java system property is
-   * defined by appending the configuration parmeter namne to this prefix value e.g. if prefix
-   * is 'solr' then the Java system property 'solr.kerberos.principal' defines the value
of
-   * configuration parameter 'kerberos.principal'.
-   */
-  private static final String SYSPROP_PREFIX_PROPERTY = "sysPropPrefix";
-
-  /**
-   * A property specifying the configuration parameters required by the authentication scheme
-   * defined by {@linkplain #HADOOP_AUTH_TYPE} property.
-   */
-  private static final String AUTH_CONFIG_NAMES_PROPERTY = "authConfigs";
-
-  /**
-   * A property specifying the {@linkplain HttpClientBuilderFactory} used for the Solr internal
-   * communication.
-   */
-  private static final String HTTPCLIENT_BUILDER_FACTORY = "clientBuilderFactory";
-
-  /**
-   * A property specifying the default values for the configuration parameters specified
by the
-   * {@linkplain #AUTH_CONFIG_NAMES_PROPERTY} property. The default values are specified
as a
-   * collection of key-value pairs (i.e. property-name : default_value).
-   */
-  private static final String DEFAULT_AUTH_CONFIGS_PROPERTY = "defaultConfigs";
-
-  /**
-   * A property which enable (or disable) the delegation tokens functionality.
-   */
-  private static final String DELEGATION_TOKEN_ENABLED_PROPERTY = "enableDelegationToken";
-
-  /**
-   * A property which enables initialization of kerberos before connecting to Zookeeper.
-   */
-  private static final String INIT_KERBEROS_ZK = "initKerberosZk";
-
-  /**
-   * A property which configures proxy users for the underlying Hadoop authentication mechanism.
-   * This configuration is expressed as a collection of key-value pairs  (i.e. property-name
: value).
-   */
-  public static final String PROXY_USER_CONFIGS = "proxyUserConfigs";
-
-  private AuthenticationFilter authFilter;
-  private HttpClientBuilderFactory factory = null;
-  private final CoreContainer coreContainer;
+@Deprecated
+public class GenericHadoopAuthPlugin extends HadoopAuthPlugin {
 
   public GenericHadoopAuthPlugin(CoreContainer coreContainer) {
-    this.coreContainer = coreContainer;
-  }
-
-  @SuppressWarnings("rawtypes")
-  @Override
-  public void init(Map<String,Object> pluginConfig) {
-    try {
-      String delegationTokenEnabled = (String)pluginConfig.getOrDefault(DELEGATION_TOKEN_ENABLED_PROPERTY,
"false");
-      authFilter = (Boolean.parseBoolean(delegationTokenEnabled)) ? new HadoopAuthFilter()
: new AuthenticationFilter();
-
-      // Initialize kerberos before initializing curator instance.
-      boolean initKerberosZk = Boolean.parseBoolean((String)pluginConfig.getOrDefault(INIT_KERBEROS_ZK,
"false"));
-      if (initKerberosZk) {
-        (new Krb5HttpClientBuilder()).getBuilder();
-      }
-
-      FilterConfig conf = getInitFilterConfig(pluginConfig);
-      authFilter.init(conf);
-
-      String httpClientBuilderFactory = (String)pluginConfig.get(HTTPCLIENT_BUILDER_FACTORY);
-      if (httpClientBuilderFactory != null) {
-        Class c = Class.forName(httpClientBuilderFactory);
-        factory = (HttpClientBuilderFactory)c.newInstance();
-      }
-
-    } catch (ServletException | ClassNotFoundException | InstantiationException | IllegalAccessException
e) {
-      throw new SolrException(ErrorCode.SERVER_ERROR, "Error initializing kerberos authentication
plugin: "+e);
-    }
+    super(coreContainer);
   }
 
-  @SuppressWarnings("unchecked")
-  protected FilterConfig getInitFilterConfig(Map<String, Object> pluginConfig) {
-    Map<String, String> params = new HashMap<>();
-
-    String type = (String) Objects.requireNonNull(pluginConfig.get(HADOOP_AUTH_TYPE));
-    params.put(HADOOP_AUTH_TYPE, type);
-
-    String sysPropPrefix = (String) pluginConfig.getOrDefault(SYSPROP_PREFIX_PROPERTY, "solr.");
-    Collection<String> authConfigNames = (Collection<String>) pluginConfig.
-        getOrDefault(AUTH_CONFIG_NAMES_PROPERTY, Collections.emptyList());
-    Map<String,String> authConfigDefaults = (Map<String,String>) pluginConfig
-        .getOrDefault(DEFAULT_AUTH_CONFIGS_PROPERTY, Collections.emptyMap());
-    Map<String,String> proxyUserConfigs = (Map<String,String>) pluginConfig
-        .getOrDefault(PROXY_USER_CONFIGS, Collections.emptyMap());
-
-    for ( String configName : authConfigNames) {
-      String systemProperty = sysPropPrefix + configName;
-      String defaultConfigVal = authConfigDefaults.get(configName);
-      String configVal = System.getProperty(systemProperty, defaultConfigVal);
-      if (configVal != null) {
-        params.put(configName, configVal);
-      }
-    }
-
-    // Configure proxy user settings.
-    params.putAll(proxyUserConfigs);
-
-    final ServletContext servletContext = new AttributeOnlyServletContext();
-    log.info("Params: "+params);
-
-    ZkController controller = coreContainer.getZkController();
-    if (controller != null) {
-      servletContext.setAttribute(DELEGATION_TOKEN_ZK_CLIENT, controller.getZkClient());
-    }
-
-    FilterConfig conf = new FilterConfig() {
-      @Override
-      public ServletContext getServletContext() {
-        return servletContext;
-      }
-
-      @Override
-      public Enumeration<String> getInitParameterNames() {
-        return new IteratorEnumeration(params.keySet().iterator());
-      }
-
-      @Override
-      public String getInitParameter(String param) {
-        return params.get(param);
-      }
-
-      @Override
-      public String getFilterName() {
-        return "HadoopAuthFilter";
-      }
-    };
-
-    return conf;
-  }
-
-  @Override
-  public boolean doAuthenticate(ServletRequest request, ServletResponse response, FilterChain
filterChain)
-      throws Exception {
-    final HttpServletResponse frsp = (HttpServletResponse)response;
-
-    // Workaround until HADOOP-13346 is fixed.
-    HttpServletResponse rspCloseShield = new HttpServletResponseWrapper(frsp) {
-      @SuppressForbidden(reason = "Hadoop DelegationTokenAuthenticationFilter uses response
writer, this" +
-          "is providing a CloseShield on top of that")
-      @Override
-      public PrintWriter getWriter() throws IOException {
-        final PrintWriter pw = new PrintWriterWrapper(frsp.getWriter()) {
-          @Override
-          public void close() {};
-        };
-        return pw;
-      }
-    };
-    authFilter.doFilter(request, rspCloseShield, filterChain);
-
-    if (authFilter instanceof HadoopAuthFilter) { // delegation token mgmt.
-      String requestContinuesAttr = (String)request.getAttribute(REQUEST_CONTINUES_ATTR);
-      if (requestContinuesAttr == null) {
-        log.warn("Could not find " + REQUEST_CONTINUES_ATTR);
-        return false;
-      } else {
-        return Boolean.parseBoolean(requestContinuesAttr);
-      }
-    }
-
-    return true;
-  }
-
-  @Override
-  public SolrHttpClientBuilder getHttpClientBuilder(SolrHttpClientBuilder builder) {
-    return (factory != null) ? factory.getHttpClientBuilder(Optional.ofNullable(builder))
: builder;
-  }
-
-  @Override
-  public void close() throws IOException {
-    if (authFilter != null) {
-      authFilter.destroy();
-    }
-    if (factory != null) {
-      factory.close();
-    }
-  }
-}
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/1a05d6f4/solr/core/src/java/org/apache/solr/security/HadoopAuthPlugin.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/security/HadoopAuthPlugin.java b/solr/core/src/java/org/apache/solr/security/HadoopAuthPlugin.java
index db0f639..1f0d5ad 100644
--- a/solr/core/src/java/org/apache/solr/security/HadoopAuthPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/HadoopAuthPlugin.java
@@ -135,7 +135,7 @@ public class HadoopAuthPlugin extends AuthenticationPlugin {
       authFilter.init(conf);
 
     } catch (ServletException e) {
-      throw new SolrException(ErrorCode.SERVER_ERROR, "Error initializing GenericHadoopAuthPlugin:
"+e);
+      throw new SolrException(ErrorCode.SERVER_ERROR, "Error initializing " + getClass().getName()
+ ": "+e);
     }
   }
 


Mime
View raw message