Skip to content

Commit 870c387

Browse files
tboeghktboeghk
committed
enable unauthenticated requests
1 parent d4665b4 commit 870c387

File tree

2 files changed

+42
-5
lines changed

2 files changed

+42
-5
lines changed

examples/security.json

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,23 @@
77
"defaultRole": "admin",
88
"permissions": [
99
{
10-
"name": "all",
10+
"name": "security-edit",
11+
"role": "admin"
12+
},
13+
{
14+
"name": "schema-edit",
15+
"role": "admin"
16+
},
17+
{
18+
"name": "config-edit",
19+
"role": "admin"
20+
},
21+
{
22+
"name": "core-admin-edit",
23+
"role": "admin"
24+
},
25+
{
26+
"name": "collection-admin-edit",
1127
"role": "admin"
1228
}
1329
]

src/main/java/cool/solr/security/ForwardAuthPlugin.java

Lines changed: 25 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,22 +16,38 @@
1616
import org.apache.commons.lang.builder.ToStringBuilder;
1717
import org.apache.http.annotation.Contract;
1818
import org.apache.http.annotation.ThreadingBehavior;
19+
import org.apache.solr.common.SolrException;
20+
import org.apache.solr.common.SolrException.ErrorCode;
1921
import org.apache.solr.security.AuthenticationPlugin;
22+
import org.apache.solr.security.BasicAuthPlugin;
2023

2124
public class ForwardAuthPlugin extends AuthenticationPlugin {
2225

2326
public static final String ARG_USER_HEADER = "httpUserHeader";
2427
public static final String HTTP_HEADER_USER_DEFAULT = "X-Forwarded-User";
28+
public static final String X_REQUESTED_WITH_HEADER = "X-Requested-With";
2529

2630
private String httpUserHeader;
31+
private boolean blockUnknown = false;
2732

2833
@Override
2934
public void init(Map<String, Object> args) {
3035
this.httpUserHeader = (String) args.getOrDefault(ARG_USER_HEADER, HTTP_HEADER_USER_DEFAULT);
36+
37+
Object o = args.get(BasicAuthPlugin.PROPERTY_BLOCK_UNKNOWN);
38+
if (o != null) {
39+
try {
40+
blockUnknown = Boolean.parseBoolean(o.toString());
41+
} catch (Exception e) {
42+
throw new SolrException(ErrorCode.BAD_REQUEST,
43+
"Invalid value for parameter " + BasicAuthPlugin.PROPERTY_BLOCK_UNKNOWN);
44+
}
45+
}
3146
}
3247

3348
@Override
34-
public boolean doAuthenticate(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
49+
public boolean doAuthenticate(ServletRequest servletRequest, ServletResponse servletResponse,
50+
FilterChain filterChain)
3551
throws Exception {
3652
HttpServletRequest request = (HttpServletRequest) servletRequest;
3753
HttpServletResponse response = (HttpServletResponse) servletResponse;
@@ -47,9 +63,14 @@ public Principal getUserPrincipal() {
4763
numAuthenticated.inc();
4864
filterChain.doFilter(wrapper, response);
4965
return true;
66+
} else if (blockUnknown) {
67+
numMissingCredentials.inc();
68+
return false;
69+
} else {
70+
numPassThrough.inc();
71+
filterChain.doFilter(request, response);
72+
return true;
5073
}
51-
52-
return false;
5374
}
5475

5576
@Contract(threading = ThreadingBehavior.IMMUTABLE)
@@ -76,7 +97,7 @@ public boolean equals(Object o) {
7697
return true;
7798
if (o == null || getClass() != o.getClass())
7899
return false;
79-
ForwardAuthUserPrincipal that = (ForwardAuthUserPrincipal) o;
100+
ForwardAuthUserPrincipal that = (ForwardAuthUserPrincipal) o;
80101
return Objects.equals(username, that.username);
81102
}
82103

0 commit comments

Comments
 (0)