List of usage examples for org.apache.solr.security AuthorizationContext getParams
public abstract SolrParams getParams();
From source file:org.apache.sentry.binding.solr.authz.SentrySolrPluginImpl.java
License:Apache License
private void audit(Name perm, AuthorizationContext ctx, AuthorizationResponse resp) { if (!auditLog.isPresent() || !auditLog.get().isLogEnabled()) { return;//from www. ja va2s. c o m } String userName = getShortUserName(ctx.getUserPrincipal()); String ipAddress = ctx.getRemoteAddr(); long eventTime = System.currentTimeMillis(); int allowed = (resp.statusCode == AuthorizationResponse.OK.statusCode) ? AuditLogger.ALLOWED : AuditLogger.UNAUTHORIZED; String operationParams = ctx.getParams().toString(); switch (perm) { case COLL_EDIT_PERM: case COLL_READ_PERM: { String collectionName = "admin"; String actionName = ctx.getParams().get(CoreAdminParams.ACTION); String operationName = (actionName != null) ? "CollectionAction." + ctx.getParams().get(CoreAdminParams.ACTION) : ctx.getHandler().getClass().getName(); auditLog.get().log(userName, null, ipAddress, operationName, operationParams, eventTime, allowed, collectionName); break; } case CORE_EDIT_PERM: case CORE_READ_PERM: { String collectionName = "admin"; String operationName = "CoreAdminAction.STATUS"; if (ctx.getParams().get(CoreAdminParams.ACTION) != null) { operationName = "CoreAdminAction." + ctx.getParams().get(CoreAdminParams.ACTION); } auditLog.get().log(userName, null, ipAddress, operationName, operationParams, eventTime, allowed, collectionName); break; } case READ_PERM: case UPDATE_PERM: { List<String> names = new ArrayList<>(); for (CollectionRequest r : ctx.getCollectionRequests()) { names.add(r.collectionName); } String collectionName = String.join(",", names); String operationName = (perm == Name.READ_PERM) ? SolrConstants.QUERY : SolrConstants.UPDATE; auditLog.get().log(userName, null, ipAddress, operationName, operationParams, eventTime, allowed, collectionName); break; } default: { // Do nothing. break; } } }
From source file:org.apache.sentry.binding.solr.authz.SolrAuthzUtil.java
License:Apache License
/** * This method returns a collection of {@linkplain Config} entities associated with the current * operation.//from w w w. j a v a2 s .c om */ static Collection<Config> getConfigAuthorizables(AuthorizationContext ctx) { List<Config> result = new ArrayList<>(1); if (ctx.getHandler() instanceof ConfigSetsHandler) { // For Solr configset APIs String name = ctx.getParams().get(CommonParams.NAME); if (name != null) { result.add(new Config(name)); } } else { // For Solr config APIs for (CollectionRequest r : ctx.getCollectionRequests()) { result.add(new Config(r.collectionName)); } } if (result.isEmpty()) { if (LOG.isDebugEnabled()) { LOG.debug("Missing collection name for the config operation with authorization context {}." + " Using * permissions for authorization check", toString(ctx)); } result.add(Config.ALL); } return result; }
From source file:org.apache.sentry.binding.solr.authz.SolrAuthzUtil.java
License:Apache License
/** * This method extracts the {@linkplain org.apache.sentry.core.model.solr.Collection} entities * associated with this admin request and return a mapping of entity_name -> expected_auth_action. * This is used by Solr/Sentry authorization plugin to further restrict Solr admin operations. *//*from w ww . j a v a 2 s . c o m*/ static Map<String, SolrModelAction> getCollectionsForAdminOp(AuthorizationContext ctx) { String actionName = ctx.getParams().get(CoreAdminParams.ACTION); CollectionAction action = CollectionAction.get(actionName); if (action != null) { switch (action) { case LISTSNAPSHOTS: case BACKUP: { String name = ctx.getParams().get(CollectionAdminParams.COLLECTION); return (name != null) ? Collections.singletonMap(name, SolrModelAction.QUERY) : Collections.emptyMap(); } case MIGRATE: { Map<String, SolrModelAction> result = new HashMap<>(); String source = ctx.getParams().get(CollectionAdminParams.COLLECTION); String target = ctx.getParams().get("target." + CollectionAdminParams.COLLECTION); if (source != null) { result.put(source, SolrModelAction.QUERY); } if (target != null) { result.put(source, SolrModelAction.UPDATE); } return result; } case DELETE: case DELETEALIAS: case CREATESHARD: case DELETESHARD: case SPLITSHARD: case RELOAD: case CREATE: { String name = ctx.getParams().get(CommonParams.NAME); return (name != null) ? Collections.singletonMap(name, SolrModelAction.UPDATE) : Collections.emptyMap(); } case DELETESNAPSHOT: case CREATESNAPSHOT: case SYNCSHARD: case MOVEREPLICA: case RESTORE: case MIGRATESTATEFORMAT: case FORCELEADER: case REBALANCELEADERS: case BALANCESHARDUNIQUE: case ADDREPLICAPROP: case DELETEREPLICAPROP: case ADDREPLICA: case DELETEREPLICA: case MODIFYCOLLECTION: { String name = ctx.getParams().get(CollectionAdminParams.COLLECTION); return (name != null) ? Collections.singletonMap(name, SolrModelAction.UPDATE) : Collections.emptyMap(); } case MOCK_COLL_TASK: case MOCK_REPLICA_TASK: case MOCK_SHARD_TASK: case REPLACENODE: case DELETENODE: case ADDROLE: case REMOVEROLE: case CREATEALIAS: case REQUESTSTATUS: case DELETESTATUS: case LIST: case LISTALIASES: case CLUSTERPROP: case OVERSEERSTATUS: case CLUSTERSTATUS: { return Collections.emptyMap(); } } } return Collections.emptyMap(); }
From source file:org.apache.sentry.binding.solr.authz.SolrAuthzUtil.java
License:Apache License
/** * This method extracts the {@linkplain org.apache.sentry.core.model.solr.Collection} entities * associated with this admin request and return a mapping of entity_name -> expected_auth_action. * This is used by Solr/Sentry authorization plugin to further restrict Solr admin operations. *//*from w ww . j a v a 2 s . com*/ static Map<String, SolrModelAction> getCoresForAdminOp(AuthorizationContext ctx) { String actionName = ctx.getParams().get(CoreAdminParams.ACTION); CoreAdminAction action = CoreAdminAction.get(actionName); if (action != null) { switch (action) { case REQUESTBUFFERUPDATES: case REQUESTAPPLYUPDATES: case CREATE: { String coreName = ctx.getParams().get(CoreAdminParams.NAME); return (coreName != null) ? Collections.singletonMap(coreName, SolrModelAction.UPDATE) : Collections.emptyMap(); } case REQUESTSTATUS: case OVERSEEROP: case INVOKE: // TODO - is this correct ? case DELETEALIAS: { return Collections.emptyMap(); } case REQUESTSYNCSHARD: case REJOINLEADERELECTION: case PREPRECOVERY: case FORCEPREPAREFORLEADERSHIP: case CREATESNAPSHOT: case DELETESNAPSHOT: case RESTORECORE: case REQUESTRECOVERY: case SPLIT: case MERGEINDEXES: case UNLOAD: case RENAME: case RELOAD: { String coreName = ctx.getParams().get(CoreAdminParams.CORE); return (coreName != null) ? Collections.singletonMap(coreName, SolrModelAction.UPDATE) : Collections.emptyMap(); } case LISTSNAPSHOTS: case BACKUPCORE: case STATUS: { String coreName = ctx.getParams().get(CoreAdminParams.CORE); return (coreName != null) ? Collections.singletonMap(coreName, SolrModelAction.QUERY) : Collections.emptyMap(); } case SWAP: { Map<String, SolrModelAction> result = new HashMap<>(); String core1 = ctx.getParams().get(CoreAdminParams.CORE); String core2 = ctx.getParams().get("other"); if (core1 != null) { result.put(core1, SolrModelAction.UPDATE); } if (core2 != null) { result.put(core2, SolrModelAction.UPDATE); } return result; } } } return Collections.emptyMap(); }