From commits-return-120663-archive-asf-public=cust-asf.ponee.io@lucene.apache.org  Fri Jan 22 12:19:59 2021
Return-Path: <commits-return-120663-archive-asf-public=cust-asf.ponee.io@lucene.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mxout1-he-de.apache.org (mxout1-he-de.apache.org [95.216.194.37])
	by mx-eu-01.ponee.io (Postfix) with ESMTPS id 76E52180638
	for <archive-asf-public@cust-asf.ponee.io>; Fri, 22 Jan 2021 13:19:59 +0100 (CET)
Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153])
	by mxout1-he-de.apache.org (ASF Mail Server at mxout1-he-de.apache.org) with SMTP id CF8C164AA2
	for <archive-asf-public@cust-asf.ponee.io>; Fri, 22 Jan 2021 12:19:58 +0000 (UTC)
Received: (qmail 17473 invoked by uid 500); 22 Jan 2021 12:19:58 -0000
Mailing-List: contact commits-help@lucene.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@lucene.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@lucene.apache.org>
List-Post: <mailto:commits@lucene.apache.org>
List-Id: <commits.lucene.apache.org>
Reply-To: dev@lucene.apache.org
Delivered-To: mailing list commits@lucene.apache.org
Received: (qmail 17464 invoked by uid 99); 22 Jan 2021 12:19:57 -0000
Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Jan 2021 12:19:57 +0000
Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33)
	id CA0CF81FE6; Fri, 22 Jan 2021 12:19:57 +0000 (UTC)
Date: Fri, 22 Jan 2021 12:19:56 +0000
To: "commits@lucene.apache.org" <commits@lucene.apache.org>
Subject: [lucene-solr] branch branch_8x updated: SOLR-15073: Fix
 ClassCastException in SystemInfoHandler.getSecurityInfo (#2210)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Message-ID: <161131799589.21962.4405335129505679972@gitbox.apache.org>
From: cpoerschke@apache.org
X-Git-Host: gitbox.apache.org
X-Git-Repo: lucene-solr
X-Git-Refname: refs/heads/branch_8x
X-Git-Reftype: branch
X-Git-Oldrev: 36758f4395e9613b8fc41d03f91e895d7c9f9f08
X-Git-Newrev: ec4917c45eaf7dccdcc98fba08484eb24e1ff5f2
X-Git-Rev: ec4917c45eaf7dccdcc98fba08484eb24e1ff5f2
X-Git-NotificationType: ref_changed_plus_diff
X-Git-Multimail-Version: 1.5.dev
Auto-Submitted: auto-generated

This is an automated email from the ASF dual-hosted git repository.

cpoerschke pushed a commit to branch branch_8x
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git


The following commit(s) were added to refs/heads/branch_8x by this push:
     new ec4917c  SOLR-15073: Fix ClassCastException in SystemInfoHandler.getSecurityInfo (#2210)
ec4917c is described below

commit ec4917c45eaf7dccdcc98fba08484eb24e1ff5f2
Author: Christine Poerschke <cpoerschke@apache.org>
AuthorDate: Fri Jan 22 12:10:10 2021 +0000

    SOLR-15073: Fix ClassCastException in SystemInfoHandler.getSecurityInfo (#2210)
---
 solr/CHANGES.txt                                   |  2 +
 .../solr/handler/admin/SystemInfoHandler.java      | 10 ++-
 .../solr/handler/admin/SystemInfoHandlerTest.java  | 83 ++++++++++++++++++++++
 3 files changed, 94 insertions(+), 1 deletion(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index ba91686..85612cc 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -170,6 +170,8 @@ Bug Fixes
 
 * SOLR-15070: Suggester requests made with SolrJ can now use XMLResponseParser (Jason Gerlowski)
 
+* SOLR-15073: Fix ClassCastException in SystemInfoHandler.getSecurityInfo. (Nikolay Ivanov, Christine Poerschke)
+
 Other Changes
 ---------------------
 
diff --git a/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java b/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java
index 9c4828c..1c6f236 100644
--- a/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java
+++ b/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java
@@ -321,6 +321,14 @@ public class SystemInfoHandler extends RequestHandlerBase
    */
   public SimpleOrderedMap<Object> getSecurityInfo(SolrQueryRequest req)
   {
+    return getSecurityInfo(cc, req);
+  }
+
+  /**
+   * Get Security Info
+   */
+  public static SimpleOrderedMap<Object> getSecurityInfo(CoreContainer cc, SolrQueryRequest req)
+  {
     SimpleOrderedMap<Object> info = new SimpleOrderedMap<>();
 
     if (cc != null) {
@@ -341,7 +349,7 @@ public class SystemInfoHandler extends RequestHandlerBase
       // Mapped roles for this principal
       @SuppressWarnings("resource")
       AuthorizationPlugin auth = cc==null? null: cc.getAuthorizationPlugin();
-      if (auth != null) {
+      if (auth instanceof RuleBasedAuthorizationPluginBase) {
         RuleBasedAuthorizationPluginBase rbap = (RuleBasedAuthorizationPluginBase) auth;
         Set<String> roles = rbap.getUserRoles(req.getUserPrincipal());
         info.add("roles", roles);
diff --git a/solr/core/src/test/org/apache/solr/handler/admin/SystemInfoHandlerTest.java b/solr/core/src/test/org/apache/solr/handler/admin/SystemInfoHandlerTest.java
index f012699..035e1c2 100644
--- a/solr/core/src/test/org/apache/solr/handler/admin/SystemInfoHandlerTest.java
+++ b/solr/core/src/test/org/apache/solr/handler/admin/SystemInfoHandlerTest.java
@@ -18,12 +18,27 @@ package org.apache.solr.handler.admin;
 
 import java.lang.management.ManagementFactory;
 import java.lang.management.OperatingSystemMXBean;
+import java.security.Principal;
 import java.util.Arrays;
+import java.util.Collections;
 
 import com.codahale.metrics.Gauge;
 import org.apache.solr.SolrTestCase;
+import org.apache.solr.SolrTestCaseJ4;
 import org.apache.solr.common.util.SimpleOrderedMap;
+import org.apache.solr.core.CoreContainer;
+import org.apache.solr.request.SolrQueryRequest;
+import org.apache.solr.request.SolrQueryRequestBase;
+import org.apache.solr.security.AuthenticationPlugin;
+import org.apache.solr.security.AuthorizationPlugin;
+import org.apache.solr.security.JWTPrincipal;
+import org.apache.solr.security.MockAuthenticationPlugin;
+import org.apache.solr.security.MockAuthorizationPlugin;
+import org.apache.solr.security.RuleBasedAuthorizationPlugin;
+import org.apache.solr.security.RuleBasedAuthorizationPluginBase;
 import org.apache.solr.util.stats.MetricUtils;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
 
 
 public class SystemInfoHandlerTest extends SolrTestCase {
@@ -50,4 +65,72 @@ public class SystemInfoHandlerTest extends SolrTestCase {
     }
   }
 
+  private static final String userName = "foobar";
+
+  public void testGetSecurityInfoAuthorizationPlugin() throws Exception {
+    final AuthorizationPlugin authorizationPlugin = new MockAuthorizationPlugin();
+    doTestGetSecurityInfo(authorizationPlugin);
+  }
+
+  public void testGetSecurityInfoRuleBasedAuthorizationPlugin() throws Exception {
+    SolrTestCaseJ4.assumeWorkingMockito();
+    final RuleBasedAuthorizationPluginBase ruleBasedAuthorizationPlugin = Mockito.mock(RuleBasedAuthorizationPlugin.class);
+    Mockito.doReturn(Collections.EMPTY_SET).when(ruleBasedAuthorizationPlugin).getUserRoles(ArgumentMatchers.any(Principal.class));
+    doTestGetSecurityInfo(ruleBasedAuthorizationPlugin);
+  }
+
+  private static void doTestGetSecurityInfo(AuthorizationPlugin authorizationPlugin) throws Exception {
+    final AuthenticationPlugin authenticationPlugin = new MockAuthenticationPlugin() {
+      @Override
+      public String getName() {
+        return "mock authentication plugin name";
+      }
+    };
+    doTestGetSecurityInfo(null, null);
+    doTestGetSecurityInfo(authenticationPlugin, null);
+    doTestGetSecurityInfo(null, authorizationPlugin);
+    doTestGetSecurityInfo(authenticationPlugin, authorizationPlugin);
+  }
+
+  private static void doTestGetSecurityInfo(AuthenticationPlugin authenticationPlugin, AuthorizationPlugin authorizationPlugin) throws Exception {
+
+    SolrTestCaseJ4.assumeWorkingMockito();
+
+    final CoreContainer cc = Mockito.mock(CoreContainer.class);
+    {
+      Mockito.doReturn(authenticationPlugin).when(cc).getAuthenticationPlugin();
+      Mockito.doReturn(authorizationPlugin).when(cc).getAuthorizationPlugin();
+    }
+
+    final SolrQueryRequest req = Mockito.mock(SolrQueryRequestBase.class);
+    {
+      final Principal principal = Mockito.mock(JWTPrincipal.class);
+      Mockito.doReturn(userName).when(principal).getName();
+      Mockito.doReturn(principal).when(req).getUserPrincipal();
+    }
+
+    final SimpleOrderedMap<Object> si = SystemInfoHandler.getSecurityInfo(cc, req);
+
+    if (authenticationPlugin != null) {
+      assertEquals(authenticationPlugin.getName(), si.remove("authenticationPlugin"));
+    } else {
+      assertNull(si.remove("authenticationPlugin"));
+    }
+
+    if (authorizationPlugin != null) {
+      assertEquals(authorizationPlugin.getClass().getName(), si.remove("authorizationPlugin"));
+      if (authorizationPlugin instanceof RuleBasedAuthorizationPluginBase) {
+        assertNotNull(si.remove("roles"));
+      } else {
+        assertNull(si.remove("roles"));
+      }
+    } else {
+      assertNull(si.remove("authorizationPlugin"));
+    }
+
+    assertEquals(userName, si.remove("username"));
+
+    assertEquals("Unexpected additional info: " + si, 0, si.size());
+  }
+
 }