lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jan...@apache.org
Subject lucene-solr:master: SOLR-7896: Avoid browser basicAuth dialogue when blockUnknown=false. Always show Dashboard menu. Clarify refGuide
Date Mon, 07 Jan 2019 12:13:51 GMT
Repository: lucene-solr
Updated Branches:
  refs/heads/master 2bd6f246b -> 0b6ea3f10


SOLR-7896: Avoid browser basicAuth dialogue when blockUnknown=false. Always show Dashboard
menu. Clarify refGuide


Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/0b6ea3f1
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/0b6ea3f1
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/0b6ea3f1

Branch: refs/heads/master
Commit: 0b6ea3f1087c2d981052880dbdd54a0eec08bff5
Parents: 2bd6f24
Author: Jan Høydahl <janhoy@apache.org>
Authored: Mon Jan 7 13:02:44 2019 +0100
Committer: Jan Høydahl <janhoy@apache.org>
Committed: Mon Jan 7 13:09:26 2019 +0100

----------------------------------------------------------------------
 .../apache/solr/security/BasicAuthPlugin.java   | 33 ++++++++++++--------
 ...uthentication-and-authorization-plugins.adoc |  2 +-
 solr/webapp/web/index.html                      |  4 +--
 3 files changed, 23 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/0b6ea3f1/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java b/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
index 72afb95..f8ee989 100644
--- a/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
@@ -29,6 +29,7 @@ import java.io.UnsupportedEncodingException;
 import java.lang.invoke.MethodHandles;
 import java.nio.charset.StandardCharsets;
 import java.security.Principal;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
@@ -118,18 +119,7 @@ public class BasicAuthPlugin extends AuthenticationPlugin implements
ConfigEdita
   }
 
   private void authenticationFailure(HttpServletResponse response, boolean isAjaxRequest,
String message) throws IOException {
-    for (Map.Entry<String, String> entry : authenticationProvider.getPromptHeaders().entrySet())
{
-      String value = entry.getValue();
-      // Prevent browser from intercepting basic authentication header when reqeust from
Admin UI
-      if (isAjaxRequest && HttpHeaders.WWW_AUTHENTICATE.equalsIgnoreCase(entry.getKey())
&& value != null) {
-        if (value.startsWith("Basic ")) {
-          value = "x" + value;
-          log.debug("Prefixing {} header for Basic Auth with 'x' to prevent browser basic
auth popup", 
-              HttpHeaders.WWW_AUTHENTICATE);
-        }
-      }
-      response.setHeader(entry.getKey(), value);
-    }
+    getPromptHeaders(isAjaxRequest).forEach(response::setHeader);
     response.sendError(401, message);
   }
 
@@ -195,12 +185,29 @@ public class BasicAuthPlugin extends AuthenticationPlugin implements
ConfigEdita
       return false;
     } else {
       numPassThrough.inc();
-      request.setAttribute(AuthenticationPlugin.class.getName(), authenticationProvider.getPromptHeaders());
+      request.setAttribute(AuthenticationPlugin.class.getName(), getPromptHeaders(isAjaxRequest));
       filterChain.doFilter(request, response);
       return true;
     }
   }
 
+  /**
+   * Get the prompt headers, and replace Basic with xBasic if ajax request to avoid
+   * browser intercepting the authentication
+   * @param isAjaxRequest set to true if the request is an ajax request
+   * @return map of headers
+   */
+  private Map<String, String> getPromptHeaders(boolean isAjaxRequest) {
+    Map<String,String> headers = new HashMap(authenticationProvider.getPromptHeaders());
+    if (isAjaxRequest && headers.containsKey(HttpHeaders.WWW_AUTHENTICATE) 
+        && headers.get(HttpHeaders.WWW_AUTHENTICATE).startsWith("Basic ")) {
+      headers.put(HttpHeaders.WWW_AUTHENTICATE, "x" + headers.get(HttpHeaders.WWW_AUTHENTICATE));
+      log.debug("Prefixing {} header for Basic Auth with 'x' to prevent browser basic auth
popup",
+          HttpHeaders.WWW_AUTHENTICATE);
+    }
+    return headers;
+  }
+
   @Override
   public void close() throws IOException {
 

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/0b6ea3f1/solr/solr-ref-guide/src/authentication-and-authorization-plugins.adoc
----------------------------------------------------------------------
diff --git a/solr/solr-ref-guide/src/authentication-and-authorization-plugins.adoc b/solr/solr-ref-guide/src/authentication-and-authorization-plugins.adoc
index 89b027f..3ed3951 100644
--- a/solr/solr-ref-guide/src/authentication-and-authorization-plugins.adoc
+++ b/solr/solr-ref-guide/src/authentication-and-authorization-plugins.adoc
@@ -165,7 +165,7 @@ When authentication is required the Admin UI will presented you with a
login dia
 
 * `BasicAuthPlugin`
  
-If your plugin of choice is not supported, you will have to interact with Solr sending HTTP
requests instead of through the graphical user interface of the Admin UI. All operations supported
by Admin UI can be performed through Solr's RESTful APIs.
+If your plugin of choice is not supported, the Admin UI will still let you perform unrestricted
operations, while for restricted operations you will need to interact with Solr by sending
HTTP requests instead of through the graphical user interface of the Admin UI. All operations
supported by Admin UI can be performed through Solr's RESTful APIs.
 
 == Securing Inter-Node Requests
 

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/0b6ea3f1/solr/webapp/web/index.html
----------------------------------------------------------------------
diff --git a/solr/webapp/web/index.html b/solr/webapp/web/index.html
index 23b9dbd..6987af7 100644
--- a/solr/webapp/web/index.html
+++ b/solr/webapp/web/index.html
@@ -144,9 +144,9 @@ limitations under the License.
           <ul id="menu">
             <li id="login" class="global" ng-class="{active:page=='login'}" ng-show="http401
|| currentUser"><p><a href="#/login">{{http401 ? "Login" : "Logout " + currentUser}}</a></p></li>
             
-            <div ng-show="!http401">
-              <li id="index" class="global" ng-class="{active:page=='index'}"><p><a
href="#/">Dashboard</a></p></li>
+            <li id="index" class="global" ng-class="{active:page=='index'}"><p><a
href="#/">Dashboard</a></p></li>
   
+            <div ng-show="!http401">
               <li id="logging" class="global" ng-class="{active:page=='logging'}"><p><a
href="#/~logging">Logging</a></p>
                 <ul ng-show="showingLogging">
                   <li class="level" ng-class="{active:page=='logging-levels'}"><a
href="#/~logging/level">Level</a></li>


Mime
View raw message