lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From is...@apache.org
Subject lucene-solr:branch_6_6: SOLR-8440: Support for enabling basic authentication using bin/solr|bin/solr.cmd
Date Mon, 15 May 2017 17:10:17 GMT
Repository: lucene-solr
Updated Branches:
  refs/heads/branch_6_6 a5597a98b -> b30a042bc


SOLR-8440: Support for enabling basic authentication using bin/solr|bin/solr.cmd


Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/b30a042b
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/b30a042b
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/b30a042b

Branch: refs/heads/branch_6_6
Commit: b30a042bcfbc24db8eac31d65997098ac7c8c2d9
Parents: a5597a9
Author: Ishan Chattopadhyaya <ishan@apache.org>
Authored: Mon May 15 22:06:26 2017 +0530
Committer: Ishan Chattopadhyaya <ishan@apache.org>
Committed: Mon May 15 22:09:17 2017 +0530

----------------------------------------------------------------------
 solr/bin/solr                                   | 164 +++++++++-
 solr/bin/solr.cmd                               |  72 ++++-
 .../src/java/org/apache/solr/util/SolrCLI.java  | 323 ++++++++++---------
 3 files changed, 400 insertions(+), 159 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/b30a042b/solr/bin/solr
----------------------------------------------------------------------
diff --git a/solr/bin/solr b/solr/bin/solr
index f16bc3e..61c161e 100755
--- a/solr/bin/solr
+++ b/solr/bin/solr
@@ -290,7 +290,7 @@ function print_usage() {
   if [ -z "$CMD" ]; then
     echo ""
     echo "Usage: solr COMMAND OPTIONS"
-    echo "       where COMMAND is one of: start, stop, restart, status, healthcheck, create,
create_core, create_collection, delete, version, zk"
+    echo "       where COMMAND is one of: start, stop, restart, status, healthcheck, create,
create_core, create_collection, delete, version, zk, auth"
     echo ""
     echo "  Standalone server example (start Solr running in the background on port 8984):"
     echo ""
@@ -540,6 +540,35 @@ function print_usage() {
     echo "             <path>: The Zookeeper path to create. Leading slash is assumed
if not present."
     echo "                     Intermediate nodes are created as needed if not present."
     echo ""
+  elif [ "$CMD" == "auth" ]; then
+    echo ""
+    echo "Usage: solr auth enable [-type basicAuth] -credentials user:pass [-blockUnknown
<true|false>] [-updateIncludeFileOnly <true|false>]"
+    echo "       solr auth enable [-type basicAuth] -prompt <true|false> [-blockUnknown
<true|false>] [-updateIncludeFileOnly <true|false>]"
+    echo "       solr auth disable [-updateIncludeFileOnly <true|false>]"
+    echo ""
+    echo "  -type <type>                           The authentication mechanism to
enable. Defaults to 'basicAuth'."
+    echo ""
+    echo "  -credentials <user:pass>               The username and password of the
initial user"
+    echo "                                         Note: only one of -prompt or -credentials
must be provided"
+    echo ""
+    echo "  -prompt <true|false>                   Prompts the user to provide the
credentials"
+    echo "                                         Note: only one of -prompt or -credentials
must be provided"
+    echo ""
+    echo "  -blockUnknown <true|false>             When true, this blocks out access
to unauthenticated users. When not provided,"
+    echo "                                         this defaults to false (i.e. unauthenticated
users can access all endpoints, except the"
+    echo "                                         operations like collection-edit, security-edit,
core-admin-edit etc.). Check the reference"
+    echo "                                         guide for Basic Authentication for more
details."
+    echo ""
+    echo "  -updateIncludeFileOnly <true|false>    Only update the solr.in.sh or solr.in.cmd
file, and skip actual enabling/disabling"
+    echo "                                         authentication (i.e. don't update security.json)"
+    echo ""
+    echo "  -z zkHost                              Zookeeper connection string"
+    echo ""
+    echo "  -d <dir>                               Specify the Solr server directory"
+    echo ""
+    echo "  -s <dir>                               Specify the Solr home directory.
This is where any credentials or authentication"
+    echo "                                         configuration files (e.g. basicAuth.conf)
would be placed."
+    echo ""
   fi
 } # end print_usage
 
@@ -1183,19 +1212,130 @@ if [[ "$SCRIPT_CMD" == "zk" ]]; then
 fi
 
 if [[ "$SCRIPT_CMD" == "auth" ]]; then
-    if [ -z "$AUTH_PORT" ]; then
-      for ID in `ps auxww | grep java | grep start\.jar | awk '{print $2}' | sort -r`
-        do
-          port=`jetty_port "$ID"`
-          if [ "$port" != "" ]; then
-            AUTH_PORT=$port
+  declare -a AUTH_PARAMS
+  if [ $# -gt 0 ]; then
+    while true; do
+      case "$1" in
+        enable|disable)
+            AUTH_OP=$1
+            AUTH_PARAMS=("${AUTH_PARAMS[@]}" "$AUTH_OP")
+            shift
+        ;;
+        -z|-zkhost|zkHost)
+            ZK_HOST="$2"
+            AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-zkHost" "$ZK_HOST")
+            shift 2
+        ;;
+        -t|-type)
+            AUTH_TYPE="$2"
+            AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-type" "$AUTH_TYPE")
+            shift 2
+        ;;
+        -credentials)
+            AUTH_CREDENTIALS="$2"
+            AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-credentials" "$AUTH_CREDENTIALS")
+            shift 2
+        ;;
+        -solrIncludeFile)
+            SOLR_INCLUDE="$2"
+            shift 2
+        ;;
+        -prompt)
+            AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-prompt" "$2")
+            shift
+        ;;
+        -blockUnknown)
+            AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-blockUnknown" "$2")
+            shift
             break
-          fi
-        done
+        ;;
+        -updateIncludeFileOnly)
+            AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-updateIncludeFileOnly" "$2")
+            shift
+            break
+        ;;
+        -d|-dir)
+            if [[ -z "$2" || "${2:0:1}" == "-" ]]; then
+              print_usage "$SCRIPT_CMD" "Server directory is required when using the $1 option!"
+              exit 1
+            fi
+
+            if [[ "$2" == "." || "$2" == "./" || "$2" == ".." || "$2" == "../" ]]; then
+              SOLR_SERVER_DIR="$(pwd)/$2"
+            else
+              # see if the arg value is relative to the tip vs full path
+              if [[ "$2" != /* ]] && [[ -d "$SOLR_TIP/$2" ]]; then
+                SOLR_SERVER_DIR="$SOLR_TIP/$2"
+              else
+                SOLR_SERVER_DIR="$2"
+              fi
+            fi
+            # resolve it to an absolute path
+            SOLR_SERVER_DIR="$(cd "$SOLR_SERVER_DIR"; pwd)"
+            shift 2
+        ;;
+        -s|-solr.home)
+            if [[ -z "$2" || "${2:0:1}" == "-" ]]; then
+              print_usage "$SCRIPT_CMD" "Solr home directory is required when using the $1
option!"
+              exit 1
+            fi
+
+            SOLR_HOME="$2"
+            shift 2
+        ;;
+        -help|-usage|-h)
+            print_usage "$SCRIPT_CMD"
+            exit 0
+        ;;
+        --)
+            shift
+            break
+        ;;
+        *)
+            shift
+            break
+        ;;
+      esac
+    done
+  fi
+
+  if [ -z "$SOLR_SERVER_DIR" ]; then
+    SOLR_SERVER_DIR="$DEFAULT_SERVER_DIR"
+  fi
+  if [ ! -e "$SOLR_SERVER_DIR" ]; then
+    echo -e "\nSolr server directory $SOLR_SERVER_DIR not found!\n"
+    exit 1
+  fi
+  if [ -z "$SOLR_HOME" ]; then
+    SOLR_HOME="$SOLR_SERVER_DIR/solr"
+  else
+    if [[ $SOLR_HOME != /* ]] && [[ -d "$SOLR_SERVER_DIR/$SOLR_HOME" ]]; then
+      SOLR_HOME="$SOLR_SERVER_DIR/$SOLR_HOME"
+      SOLR_PID_DIR="$SOLR_HOME"
+    elif [[ $SOLR_HOME != /* ]] && [[ -d "`pwd`/$SOLR_HOME" ]]; then
+      SOLR_HOME="$(pwd)/$SOLR_HOME"
     fi
-    solr_include_file=$SOLR_INCLUDE
-    run_tool auth "$@" -solrUrl "$SOLR_URL_SCHEME://$SOLR_TOOL_HOST:$AUTH_PORT/solr" -solrIncludeFile
"$solr_include_file"
-    exit $?
+  fi
+
+  if [ -z "$AUTH_OP" ]; then
+    print_usage "$SCRIPT_CMD"
+    exit 0
+  fi
+
+  AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-solrIncludeFile" "$SOLR_INCLUDE")
+
+  if [ -z "$AUTH_PORT" ]; then
+    for ID in `ps auxww | grep java | grep start\.jar | awk '{print $2}' | sort -r`
+      do
+        port=`jetty_port "$ID"`
+        if [ "$port" != "" ]; then
+          AUTH_PORT=$port
+          break
+        fi
+      done
+  fi
+  run_tool auth ${AUTH_PARAMS[@]} -solrUrl "$SOLR_URL_SCHEME://$SOLR_TOOL_HOST:$AUTH_PORT/solr"
-authConfDir "$SOLR_HOME"
+  exit $?
 fi
 
 

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/b30a042b/solr/bin/solr.cmd
----------------------------------------------------------------------
diff --git a/solr/bin/solr.cmd b/solr/bin/solr.cmd
index 207f99f..727350b 100644
--- a/solr/bin/solr.cmd
+++ b/solr/bin/solr.cmd
@@ -272,7 +272,7 @@ goto done
 :script_usage
 @echo.
 @echo Usage: solr COMMAND OPTIONS
-@echo        where COMMAND is one of: start, stop, restart, healthcheck, create, create_core,
create_collection, delete, version, zk
+@echo        where COMMAND is one of: start, stop, restart, healthcheck, create, create_core,
create_collection, delete, version, zk, auth
 @echo.
 @echo   Standalone server example (start Solr running in the background on port 8984):
 @echo.
@@ -550,6 +550,35 @@ IF "%ZK_FULL%"=="true" (
 )
 goto done
 
+:auth_usage
+echo Usage: solr auth enable [-type basicAuth] -credentials user:pass [-blockUnknown ^<true|false^>]
[-updateIncludeFileOnly ^<true|false^>]
+echo        solr auth enable [-type basicAuth] -prompt ^<true|false^> [-blockUnknown
^<true|false^>] [-updateIncludeFileOnly ^<true|false^>]
+echo        solr auth disable [-updateIncludeFileOnly ^<true|false^>]
+echo
+echo   -type ^<type^>                 The authentication mechanism to enable. Defaults
to 'basicAuth'.
+echo
+echo   -credentials ^<user:pass^>     The username and password of the initial user
+echo                                Note: only one of -prompt or -credentials must be provided
+echo
+echo   -prompt ^<true|false^>         Prompts the user to provide the credentials
+echo                                Note: only one of -prompt or -credentials must be provided
+echo
+echo   -blockUnknown ^<true|false^>   When true, this blocks out access to unauthenticated
users. When not provided,
+echo                                this defaults to false (i.e. unauthenticated users can
access all endpoints, except the
+echo                                operations like collection-edit, security-edit, core-admin-edit
etc.). Check the reference
+echo                                guide for Basic Authentication for more details.
+echo
+echo   -updateIncludeFileOnly ^<true|false^>    Only update the solr.in.sh or solr.in.cmd
file, and skip actual enabling/disabling"
+echo                                          authentication (i.e. don't update security.json)"
+echo
+echo   -z zkHost                    Zookeeper connection string
+echo
+echo   -d <dir>                     Specify the Solr server directory"
+echo 
+echo   -s <dir>                     Specify the Solr home directory. This is where
any credentials or authentication"
+echo                                configuration files (e.g. basicAuth.conf) would be placed."
+echo
+goto done
 
 REM Really basic command-line arg parsing
 :parse_args
@@ -1644,6 +1673,44 @@ goto done
 
  
 :run_auth
+IF "%1"=="-help" goto usage
+IF "%1"=="-usage" goto usage
+
+REM Options parsing.
+REM Note: With the following technique of parsing, it is not possible
+REM       to have an option without a value.
+set "AUTH_PARAMS=%1"
+set "option="
+for %%a in (%*) do (
+   if not defined option (
+      set arg=%%a
+      if "!arg:~0,1!" equ "-" set "option=!arg!"
+   ) else (
+      set "option!option!=%%a"
+      if "!option!" equ "-d" set "SOLR_SERVER_DIR=%%a"
+      if "!option!" equ "-s" set "SOLR_HOME=%%a"
+      if not "!option!" equ "-s" if not "!option!" equ "-d" (
+        set "AUTH_PARAMS=!AUTH_PARAMS! !option! %%a"
+      )
+      set "option="
+   )
+)
+IF "%SOLR_SERVER_DIR%"=="" set "SOLR_SERVER_DIR=%DEFAULT_SERVER_DIR%"
+IF NOT EXIST "%SOLR_SERVER_DIR%" (
+  set "SCRIPT_ERROR=Solr server directory %SOLR_SERVER_DIR% not found!"
+  goto err
+)
+IF "%SOLR_HOME%"=="" set "SOLR_HOME=%SOLR_SERVER_DIR%\solr"
+IF EXIST "%cd%\%SOLR_HOME%" set "SOLR_HOME=%cd%\%SOLR_HOME%"
+IF NOT EXIST "%SOLR_HOME%\" (
+  IF EXIST "%SOLR_SERVER_DIR%\%SOLR_HOME%" (
+    set "SOLR_HOME=%SOLR_SERVER_DIR%\%SOLR_HOME%"
+  ) ELSE (
+    set "SCRIPT_ERROR=Solr home directory %SOLR_HOME% not found!"
+    goto err
+  )
+)
+
 if "!AUTH_PORT!"=="" (
   for /f "usebackq" %%i in (`dir /b "%SOLR_TIP%\bin" ^| findstr /i "^solr-.*\.port$"`) do
(
     set SOME_SOLR_PORT=
@@ -1655,11 +1722,10 @@ if "!AUTH_PORT!"=="" (
     )
   )
 )
-for /f "tokens=1,* delims= " %%a in ("%*") do set auth_params=%%b
 "%JAVA%" %SOLR_SSL_OPTS% %AUTHC_OPTS% %SOLR_ZK_CREDS_AND_ACLS% -Dsolr.install.dir="%SOLR_TIP%"
^
     -Dlog4j.configuration="file:%DEFAULT_SERVER_DIR%\scripts\cloud-scripts\log4j.properties"
^
     -classpath "%DEFAULT_SERVER_DIR%\solr-webapp\webapp\WEB-INF\lib\*;%DEFAULT_SERVER_DIR%\lib\ext\*"
^
-    org.apache.solr.util.SolrCLI auth %auth_params% -solrIncludeFile "%SOLR_INCLUDE%" ^
+    org.apache.solr.util.SolrCLI auth %AUTH_PARAMS% -solrIncludeFile "%SOLR_INCLUDE%" -authConfDir
"%SOLR_HOME%" ^
     -solrUrl !SOLR_URL_SCHEME!://%SOLR_TOOL_HOST%:!AUTH_PORT!/solr
 goto done
 

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/b30a042b/solr/core/src/java/org/apache/solr/util/SolrCLI.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/util/SolrCLI.java b/solr/core/src/java/org/apache/solr/util/SolrCLI.java
index 5eefd04..aa7c8b5 100644
--- a/solr/core/src/java/org/apache/solr/util/SolrCLI.java
+++ b/solr/core/src/java/org/apache/solr/util/SolrCLI.java
@@ -3526,49 +3526,59 @@ public class SolrCLI {
     public Option[] getOptions() {
       return new Option[]{
           OptionBuilder
-              .withArgName("enable")
-              .withDescription("Enable authentication.")
-              .create("enable"),
-          OptionBuilder
-              .withArgName("disable")
-              .withDescription("Disable existing authentication.")
-              .create("disable"),
-          OptionBuilder
-              .withArgName("type")
-              .hasArg()
-              .withDescription("basicAuth")
-              .create("type"),
-          OptionBuilder
-              .withArgName("credentials")
-              .hasArg()
-              .withDescription("Credentials in the format username:password. Example: -credentials
solr:SolrRocks")
-              .create("credentials"),
-          OptionBuilder
-              .withArgName("prompt")
-              .withDescription("Prompt for credentials. Use either -credentials or -prompt,
not both")
-              .create("prompt"),              
-          OptionBuilder
-              .withArgName("blockUnknown")
-              .withDescription("Blocks all access for unknown users (requires authentication
for all endpoints)")
-              .hasOptionalArg()
-              .create("blockUnknown"),
-          OptionBuilder
-              .withArgName("solrIncludeFile")
-              .hasArg()
-              .withDescription("The Solr include file which contains overridable environment
variables for configuring Solr configurations")
-              .create("solrIncludeFile"),
-          OptionBuilder
-              .withArgName("solrUrl")
-              .hasArg()
-              .withDescription("Solr URL")
-              .create("solrUrl"),
+          .withArgName("type")
+          .hasArg()
+          .withDescription("The authentication mechanism to enable. Defaults to 'basicAuth'.")
+          .create("type"),
+          OptionBuilder
+          .withArgName("credentials")
+          .hasArg()
+          .withDescription("Credentials in the format username:password. Example: -credentials
solr:SolrRocks")
+          .create("credentials"),
+          OptionBuilder
+          .withArgName("prompt")
+          .hasArg()
+          .withDescription("Prompts the user to provide the credentials. Use either -credentials
or -prompt, not both")
+          .create("prompt"),
+          OptionBuilder
+          .withArgName("blockUnknown")
+          .withDescription("Blocks all access for unknown users (requires authentication
for all endpoints)")
+          .hasArg()
+          .create("blockUnknown"),
+          OptionBuilder
+          .withArgName("solrIncludeFile")
+          .hasArg()
+          .withDescription("The Solr include file which contains overridable environment
variables for configuring Solr configurations")
+          .create("solrIncludeFile"),
+          OptionBuilder
+          .withArgName("updateIncludeFileOnly")
+          .withDescription("Only update the solr.in.sh or solr.in.cmd file, and skip actual
enabling/disabling"
+              + " authentication (i.e. don't update security.json)")
+          .hasArg()
+          .create("updateIncludeFileOnly"),
+          OptionBuilder
+          .withArgName("authConfDir")
+          .hasArg()
+          .isRequired()
+          .withDescription("This is where any authentication related configuration files,
if any, would be placed.")
+          .create("authConfDir"),
+          OptionBuilder
+          .withArgName("solrUrl")
+          .hasArg()
+          .withDescription("Solr URL")
+          .create("solrUrl"),
+          OptionBuilder
+          .withArgName("zkHost")
+          .hasArg()
+          .withDescription("ZooKeeper host")
+          .create("zkHost"),
       };
     }
 
     @Override
     public int runTool(CommandLine cli) throws Exception {
-      if (cli.getOptions().length == 0 || cli.getArgs().length > 0 || cli.hasOption("h"))
{
-        new HelpFormatter().printHelp("bin/solr auth [OPTIONS]", getToolOptions(this));
+      if (cli.getOptions().length == 0 || cli.getArgs().length == 0 || cli.getArgs().length
> 1 || cli.hasOption("h")) {
+        new HelpFormatter().printHelp("bin/solr auth <enable|disable> [OPTIONS]", getToolOptions(this));
         return 1;
       }
 
@@ -3578,128 +3588,153 @@ public class SolrCLI {
         exit(1);
       }
 
-      if (cli.hasOption("enable") && cli.hasOption("disable")) {
-        System.out.println("You have specified both -enable and -disable. Only one should
be provided.");
-        return 1;
-      }
-      if  (cli.hasOption("enable")) {
-        String zkHost = getZkHost(cli);
-        if (zkHost == null) {
-          System.out.println("ZK Host not found. Solr should be running in cloud mode");
-          exit(1);
-        }
+      String cmd = cli.getArgs()[0];
+      boolean prompt = Boolean.parseBoolean(cli.getOptionValue("prompt", "false"));
+      boolean updateIncludeFileOnly = Boolean.parseBoolean(cli.getOptionValue("updateIncludeFileOnly",
"false"));
+      switch (cmd) {
+        case "enable":
+          if (!prompt && !cli.hasOption("credentials")) {
+            System.out.println("Option -credentials or -prompt is required with enable.");
+            new HelpFormatter().printHelp("bin/solr auth <enable|disable> [OPTIONS]",
getToolOptions(this));
+            exit(1);
+          } else if (!prompt && (cli.getOptionValue("credentials") == null || !cli.getOptionValue("credentials").contains(":")))
{
+            System.out.println("Option -credentials is not in correct format.");
+            new HelpFormatter().printHelp("bin/solr auth <enable|disable> [OPTIONS]",
getToolOptions(this));
+            exit(1);
+          }
 
-        
-        if (cli.hasOption("credentials") == false && cli.hasOption("prompt") == false)
{
-          System.out.println("Option -credentials or -prompt is required with -enable.");
-          new HelpFormatter().printHelp("bin/solr auth [OPTIONS]", getToolOptions(this));
-          exit(1);
-        } else if (cli.hasOption("prompt") == false &&
-            (cli.getOptionValue("credentials") == null || !cli.getOptionValue("credentials").contains(":")))
{
-          System.out.println("Option -credentials is not in correct format.");
-          new HelpFormatter().printHelp("bin/solr auth [OPTIONS]", getToolOptions(this));
-          exit(1);
-        }
+          String zkHost = null;
 
-        String username, password;
-        if (cli.hasOption("credentials")) {
-          String credentials = cli.getOptionValue("credentials");
-          username = credentials.split(":")[0];
-          password = credentials.split(":")[1];
-        } else {
-          Console console = System.console();
-          username = console.readLine("Enter username: ");
-          password = new String(console.readPassword("Enter password: "));
-        }
-        // check if security is already enabled or not
-        try (SolrZkClient zkClient = new SolrZkClient(zkHost, 10000)) {
-          if (zkClient.exists("/security.json", true)) {
-            byte oldSecurityBytes[] = zkClient.getData("/security.json", null, null, true);
-            if (!"{}".equals(new String(oldSecurityBytes, StandardCharsets.UTF_8).trim()))
{
-              System.out.println("Security is already enabled. You can disable it with 'bin/solr
auth -disable'. Existing security.json: \n"
-                  + new String(oldSecurityBytes, StandardCharsets.UTF_8));
+          if (!updateIncludeFileOnly) {
+            try {
+              zkHost = getZkHost(cli);
+            } catch (Exception ex) {
+              if (cli.hasOption("zkHost")) {
+                System.out.println("Couldn't get ZooKeeper host. Please make sure that ZooKeeper
is running and the correct zkHost has been passed in.");
+              } else {
+                System.out.println("Couldn't get ZooKeeper host. Please make sure Solr is
running in cloud mode, or a zkHost has been passed in.");
+              }
+              exit(1);
+            }
+            if (zkHost == null) {
+              if (cli.hasOption("zkHost")) {
+                System.out.println("Couldn't get ZooKeeper host. Please make sure that ZooKeeper
is running and the correct zkHost has been passed in.");
+              } else {
+                System.out.println("Couldn't get ZooKeeper host. Please make sure Solr is
running in cloud mode, or a zkHost has been passed in.");
+              }
               exit(1);
             }
+
+            // check if security is already enabled or not
+            try (SolrZkClient zkClient = new SolrZkClient(zkHost, 10000)) {
+              if (zkClient.exists("/security.json", true)) {
+                byte oldSecurityBytes[] = zkClient.getData("/security.json", null, null,
true);
+                if (!"{}".equals(new String(oldSecurityBytes, StandardCharsets.UTF_8).trim()))
{
+                  System.out.println("Security is already enabled. You can disable it with
'bin/solr auth disable'. Existing security.json: \n"
+                      + new String(oldSecurityBytes, StandardCharsets.UTF_8));
+                  exit(1);
+                }
+              }
+            }
           }
-        }
 
-        boolean blockUnknown = cli.getOptionValue("blockUnknown") == null ?
-            cli.hasOption("blockUnknown"): Boolean.valueOf(cli.getOptionValue("blockUnknown"));
-
-            String securityJson = "{" +
-                "\n  \"authentication\":{" +
-                "\n   \"blockUnknown\": " + blockUnknown + "," +
-                "\n   \"class\":\"solr.BasicAuthPlugin\"," +
-                "\n   \"credentials\":{\""+username+"\":\"" + Sha256AuthenticationProvider.getSaltedHashedValue(password)
+ "\"}" +
-                "\n  }," +
-                "\n  \"authorization\":{" +
-                "\n   \"class\":\"solr.RuleBasedAuthorizationPlugin\"," +
-                "\n   \"permissions\":[" +
-                "\n {\"name\":\"security-edit\", \"role\":\"admin\"}," +
-                "\n {\"name\":\"collection-admin-edit\", \"role\":\"admin\"}," +
-                "\n {\"name\":\"core-admin-edit\", \"role\":\"admin\"}" +
-                "\n   ]," +
-                "\n   \"user-role\":{\""+username+"\":\"admin\"}" +
-                "\n  }" +
-                "\n}";
-            System.out.println("Uploading following security.json: " + securityJson);
+          String username, password;
+          if (cli.hasOption("credentials")) {
+            String credentials = cli.getOptionValue("credentials");
+            username = credentials.split(":")[0];
+            password = credentials.split(":")[1];
+          } else {
+            Console console = System.console();
+            username = console.readLine("Enter username: ");
+            password = new String(console.readPassword("Enter password: "));
+          }
 
+          boolean blockUnknown = Boolean.valueOf(cli.getOptionValue("blockUnknown", "false"));
+
+          String securityJson = "{" +
+              "\n  \"authentication\":{" +
+              "\n   \"blockUnknown\": " + blockUnknown + "," +
+              "\n   \"class\":\"solr.BasicAuthPlugin\"," +
+              "\n   \"credentials\":{\"" + username + "\":\"" + Sha256AuthenticationProvider.getSaltedHashedValue(password)
+ "\"}" +
+              "\n  }," +
+              "\n  \"authorization\":{" +
+              "\n   \"class\":\"solr.RuleBasedAuthorizationPlugin\"," +
+              "\n   \"permissions\":[" +
+              "\n {\"name\":\"security-edit\", \"role\":\"admin\"}," +
+              "\n {\"name\":\"collection-admin-edit\", \"role\":\"admin\"}," +
+              "\n {\"name\":\"core-admin-edit\", \"role\":\"admin\"}" +
+              "\n   ]," +
+              "\n   \"user-role\":{\"" + username + "\":\"admin\"}" +
+              "\n  }" +
+              "\n}";
+
+          if (!updateIncludeFileOnly) {
+            System.out.println("Uploading following security.json: " + securityJson);
             try (SolrZkClient zkClient = new SolrZkClient(zkHost, 10000)) {
               zkClient.setData("/security.json", securityJson.getBytes(StandardCharsets.UTF_8),
true);
             }
+          }
 
-            String solrIncludeFilename = cli.getOptionValue("solrIncludeFile");
-            File includeFile = new File(solrIncludeFilename);
-            if (includeFile.exists() == false || includeFile.canWrite() == false) {
-              System.out.println("Solr include file " + solrIncludeFilename + " doesn't exist
or is not writeable.");
-              printAuthEnablingInstructions(username, password);
-              System.exit(0);
-            }
-            File basicAuthConfFile = new File(includeFile.getParent() + File.separator +
"basicAuth.conf");
-            
-            if (basicAuthConfFile.getParentFile().canWrite() == false) {
-              System.out.println("Cannot write to file: " + basicAuthConfFile.getAbsolutePath());
-              printAuthEnablingInstructions(username, password);
-              System.exit(0);
+          String solrIncludeFilename = cli.getOptionValue("solrIncludeFile");
+          File includeFile = new File(solrIncludeFilename);
+          if (includeFile.exists() == false || includeFile.canWrite() == false) {
+            System.out.println("Solr include file " + solrIncludeFilename + " doesn't exist
or is not writeable.");
+            printAuthEnablingInstructions(username, password);
+            System.exit(0);
+          }
+          String authConfDir = cli.getOptionValue("authConfDir");
+          File basicAuthConfFile = new File(authConfDir + File.separator + "basicAuth.conf");
+
+          if (basicAuthConfFile.getParentFile().canWrite() == false) {
+            System.out.println("Cannot write to file: " + basicAuthConfFile.getAbsolutePath());
+            printAuthEnablingInstructions(username, password);
+            System.exit(0);
+          }
+
+          FileUtils.writeStringToFile(basicAuthConfFile,
+              "httpBasicAuthUser=" + username + "\nhttpBasicAuthPassword=" + password, StandardCharsets.UTF_8);
+
+          // update the solr.in.sh file to contain the necessary authentication lines
+          updateIncludeFileEnableAuth(includeFile, basicAuthConfFile.getAbsolutePath());
+          return 0;
+
+        case "disable":
+          if (!updateIncludeFileOnly) {
+            zkHost = getZkHost(cli);
+            if (zkHost == null) {
+              stdout.print("ZK Host not found. Solr should be running in cloud mode");
+              exit(1);
             }
-            
-            FileUtils.writeStringToFile(basicAuthConfFile, 
-                "httpBasicAuthUser=" + username + "\nhttpBasicAuthPassword=" + password,
StandardCharsets.UTF_8);
-
-            // update the solr.in.sh file to contain the necessary authentication lines
-            updateIncludeFileEnableAuth(includeFile, basicAuthConfFile.getAbsolutePath(),
username, password);
-            return 0;
-      } else if (cli.hasOption("disable")) {
-        String zkHost = getZkHost(cli);
-        if (zkHost == null) {
-          stdout.print("ZK Host not found. Solr should be running in cloud mode");
-          exit(1);
-        }
 
-        System.out.println("Uploading following security.json: {}");
+            System.out.println("Uploading following security.json: {}");
 
-        try (SolrZkClient zkClient = new SolrZkClient(zkHost, 10000)) {
-          zkClient.setData("/security.json", "{}".getBytes(StandardCharsets.UTF_8), true);
-        }
+            try (SolrZkClient zkClient = new SolrZkClient(zkHost, 10000)) {
+              zkClient.setData("/security.json", "{}".getBytes(StandardCharsets.UTF_8), true);
+            }
+          }
 
-        String solrIncludeFilename = cli.getOptionValue("solrIncludeFile");
-        File includeFile = new File(solrIncludeFilename);
-        if (includeFile.exists() == false || includeFile.canWrite() == false) {
-          System.out.println("Solr include file " + solrIncludeFilename + " doesn't exist
or is not writeable.");
-          System.out.println("Security has been disabled. Please remove any SOLR_AUTH_TYPE
or SOLR_AUTHENTICATION_OPTS configuration from solr.in.sh/solr.in.cmd.\n");
-          System.exit(0);
-        }
+          solrIncludeFilename = cli.getOptionValue("solrIncludeFile");
+          includeFile = new File(solrIncludeFilename);
+          if (!includeFile.exists() || !includeFile.canWrite()) {
+            System.out.println("Solr include file " + solrIncludeFilename + " doesn't exist
or is not writeable.");
+            System.out.println("Security has been disabled. Please remove any SOLR_AUTH_TYPE
or SOLR_AUTHENTICATION_OPTS configuration from solr.in.sh/solr.in.cmd.\n");
+            System.exit(0);
+          }
 
-        // update the solr.in.sh file to comment out the necessary authentication lines
-        updateIncludeFileDisableAuth(includeFile);
-        return 0;
+          // update the solr.in.sh file to comment out the necessary authentication lines
+          updateIncludeFileDisableAuth(includeFile);
+          return 0;
+
+        default:
+          System.out.println("Valid auth commands are: enable, disable");
+          exit(1);
       }
 
-      System.out.println("Options not understood (should be -enable or -disable).");
-      new HelpFormatter().printHelp("bin/solr auth [OPTIONS]", getToolOptions(this));
+      System.out.println("Options not understood.");
+      new HelpFormatter().printHelp("bin/solr auth <enable|disable> [OPTIONS]", getToolOptions(this));
       return 1;
     }
-    
+
     private void printAuthEnablingInstructions(String username, String password) {
       if (SystemUtils.IS_OS_WINDOWS) {
         System.out.println("\nAdd the following lines to the solr.in.cmd file so that the
solr.cmd script can use subsequently.\n");
@@ -3708,11 +3743,11 @@ public class SolrCLI {
       } else {
         System.out.println("\nAdd the following lines to the solr.in.sh file so that the
./solr script can use subsequently.\n");
         System.out.println("SOLR_AUTH_TYPE=\"basic\"\n"
-            + "SOLR_AUTHENTICATION_OPTS=\"-DbasicAuth=" + username + ":" + password + "\"\n");
+            + "SOLR_AUTHENTICATION_OPTS=\"-Dbasicauth=" + username + ":" + password + "\"\n");
       }
     }
 
-    private void updateIncludeFileEnableAuth(File includeFile, String basicAuthConfFile,
String username, String password) throws IOException {
+    private void updateIncludeFileEnableAuth(File includeFile, String basicAuthConfFile)
throws IOException {
       List<String> includeFileLines = FileUtils.readLines(includeFile, StandardCharsets.UTF_8);
       for (int i=0; i<includeFileLines.size(); i++) {
         String line = includeFileLines.get(i);
@@ -3738,7 +3773,7 @@ public class SolrCLI {
 
       System.out.println("Written out credentials file: " + basicAuthConfFile + ", updated
Solr include file: " + includeFile.getAbsolutePath() + ".");
     }
-    
+
     private void updateIncludeFileDisableAuth(File includeFile) throws IOException {
       List<String> includeFileLines = FileUtils.readLines(includeFile, StandardCharsets.UTF_8);
       boolean hasChanged = false;
@@ -3762,7 +3797,7 @@ public class SolrCLI {
     @Override
     protected void runImpl(CommandLine cli) throws Exception {}
   }
-  
+
   public static class UtilsTool extends ToolBase {
     private Path serverPath;
     private Path logsPath;


Mime
View raw message