mirror of https://github.com/apache/lucene.git
SOLR-15073: Fix ClassCastException in SystemInfoHandler.getSecurityInfo (#2210)
This commit is contained in:
parent
0a1a3f4c40
commit
fb88b0268a
|
@ -364,6 +364,8 @@ Bug Fixes
|
||||||
|
|
||||||
* SOLR-15070: Suggester requests made with SolrJ can now use XMLResponseParser (Jason Gerlowski)
|
* SOLR-15070: Suggester requests made with SolrJ can now use XMLResponseParser (Jason Gerlowski)
|
||||||
|
|
||||||
|
* SOLR-15073: Fix ClassCastException in SystemInfoHandler.getSecurityInfo. (Nikolay Ivanov, Christine Poerschke)
|
||||||
|
|
||||||
Other Changes
|
Other Changes
|
||||||
---------------------
|
---------------------
|
||||||
|
|
||||||
|
|
|
@ -323,6 +323,14 @@ public class SystemInfoHandler extends RequestHandlerBase
|
||||||
* Get Security Info
|
* Get Security Info
|
||||||
*/
|
*/
|
||||||
public SimpleOrderedMap<Object> getSecurityInfo(SolrQueryRequest req)
|
public SimpleOrderedMap<Object> getSecurityInfo(SolrQueryRequest req)
|
||||||
|
{
|
||||||
|
return getSecurityInfo(cc, req);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get Security Info
|
||||||
|
*/
|
||||||
|
public static SimpleOrderedMap<Object> getSecurityInfo(CoreContainer cc, SolrQueryRequest req)
|
||||||
{
|
{
|
||||||
SimpleOrderedMap<Object> info = new SimpleOrderedMap<>();
|
SimpleOrderedMap<Object> info = new SimpleOrderedMap<>();
|
||||||
|
|
||||||
|
@ -344,7 +352,7 @@ public class SystemInfoHandler extends RequestHandlerBase
|
||||||
// Mapped roles for this principal
|
// Mapped roles for this principal
|
||||||
@SuppressWarnings("resource")
|
@SuppressWarnings("resource")
|
||||||
AuthorizationPlugin auth = cc==null? null: cc.getAuthorizationPlugin();
|
AuthorizationPlugin auth = cc==null? null: cc.getAuthorizationPlugin();
|
||||||
if (auth != null) {
|
if (auth instanceof RuleBasedAuthorizationPluginBase) {
|
||||||
RuleBasedAuthorizationPluginBase rbap = (RuleBasedAuthorizationPluginBase) auth;
|
RuleBasedAuthorizationPluginBase rbap = (RuleBasedAuthorizationPluginBase) auth;
|
||||||
Set<String> roles = rbap.getUserRoles(req.getUserPrincipal());
|
Set<String> roles = rbap.getUserRoles(req.getUserPrincipal());
|
||||||
info.add("roles", roles);
|
info.add("roles", roles);
|
||||||
|
|
|
@ -18,12 +18,27 @@ package org.apache.solr.handler.admin;
|
||||||
|
|
||||||
import java.lang.management.ManagementFactory;
|
import java.lang.management.ManagementFactory;
|
||||||
import java.lang.management.OperatingSystemMXBean;
|
import java.lang.management.OperatingSystemMXBean;
|
||||||
|
import java.security.Principal;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
import java.util.Collections;
|
||||||
|
|
||||||
import com.codahale.metrics.Gauge;
|
import com.codahale.metrics.Gauge;
|
||||||
import org.apache.solr.SolrTestCase;
|
import org.apache.solr.SolrTestCase;
|
||||||
|
import org.apache.solr.SolrTestCaseJ4;
|
||||||
import org.apache.solr.common.util.SimpleOrderedMap;
|
import org.apache.solr.common.util.SimpleOrderedMap;
|
||||||
|
import org.apache.solr.core.CoreContainer;
|
||||||
|
import org.apache.solr.request.SolrQueryRequest;
|
||||||
|
import org.apache.solr.request.SolrQueryRequestBase;
|
||||||
|
import org.apache.solr.security.AuthenticationPlugin;
|
||||||
|
import org.apache.solr.security.AuthorizationPlugin;
|
||||||
|
import org.apache.solr.security.JWTPrincipal;
|
||||||
|
import org.apache.solr.security.MockAuthenticationPlugin;
|
||||||
|
import org.apache.solr.security.MockAuthorizationPlugin;
|
||||||
|
import org.apache.solr.security.RuleBasedAuthorizationPlugin;
|
||||||
|
import org.apache.solr.security.RuleBasedAuthorizationPluginBase;
|
||||||
import org.apache.solr.util.stats.MetricUtils;
|
import org.apache.solr.util.stats.MetricUtils;
|
||||||
|
import org.mockito.ArgumentMatchers;
|
||||||
|
import org.mockito.Mockito;
|
||||||
|
|
||||||
|
|
||||||
public class SystemInfoHandlerTest extends SolrTestCase {
|
public class SystemInfoHandlerTest extends SolrTestCase {
|
||||||
|
@ -50,4 +65,72 @@ public class SystemInfoHandlerTest extends SolrTestCase {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static final String userName = "foobar";
|
||||||
|
|
||||||
|
public void testGetSecurityInfoAuthorizationPlugin() throws Exception {
|
||||||
|
final AuthorizationPlugin authorizationPlugin = new MockAuthorizationPlugin();
|
||||||
|
doTestGetSecurityInfo(authorizationPlugin);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testGetSecurityInfoRuleBasedAuthorizationPlugin() throws Exception {
|
||||||
|
SolrTestCaseJ4.assumeWorkingMockito();
|
||||||
|
final RuleBasedAuthorizationPluginBase ruleBasedAuthorizationPlugin = Mockito.mock(RuleBasedAuthorizationPlugin.class);
|
||||||
|
Mockito.doReturn(Collections.EMPTY_SET).when(ruleBasedAuthorizationPlugin).getUserRoles(ArgumentMatchers.any(Principal.class));
|
||||||
|
doTestGetSecurityInfo(ruleBasedAuthorizationPlugin);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void doTestGetSecurityInfo(AuthorizationPlugin authorizationPlugin) throws Exception {
|
||||||
|
final AuthenticationPlugin authenticationPlugin = new MockAuthenticationPlugin() {
|
||||||
|
@Override
|
||||||
|
public String getName() {
|
||||||
|
return "mock authentication plugin name";
|
||||||
|
}
|
||||||
|
};
|
||||||
|
doTestGetSecurityInfo(null, null);
|
||||||
|
doTestGetSecurityInfo(authenticationPlugin, null);
|
||||||
|
doTestGetSecurityInfo(null, authorizationPlugin);
|
||||||
|
doTestGetSecurityInfo(authenticationPlugin, authorizationPlugin);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void doTestGetSecurityInfo(AuthenticationPlugin authenticationPlugin, AuthorizationPlugin authorizationPlugin) throws Exception {
|
||||||
|
|
||||||
|
SolrTestCaseJ4.assumeWorkingMockito();
|
||||||
|
|
||||||
|
final CoreContainer cc = Mockito.mock(CoreContainer.class);
|
||||||
|
{
|
||||||
|
Mockito.doReturn(authenticationPlugin).when(cc).getAuthenticationPlugin();
|
||||||
|
Mockito.doReturn(authorizationPlugin).when(cc).getAuthorizationPlugin();
|
||||||
|
}
|
||||||
|
|
||||||
|
final SolrQueryRequest req = Mockito.mock(SolrQueryRequestBase.class);
|
||||||
|
{
|
||||||
|
final Principal principal = Mockito.mock(JWTPrincipal.class);
|
||||||
|
Mockito.doReturn(userName).when(principal).getName();
|
||||||
|
Mockito.doReturn(principal).when(req).getUserPrincipal();
|
||||||
|
}
|
||||||
|
|
||||||
|
final SimpleOrderedMap<Object> si = SystemInfoHandler.getSecurityInfo(cc, req);
|
||||||
|
|
||||||
|
if (authenticationPlugin != null) {
|
||||||
|
assertEquals(authenticationPlugin.getName(), si.remove("authenticationPlugin"));
|
||||||
|
} else {
|
||||||
|
assertNull(si.remove("authenticationPlugin"));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (authorizationPlugin != null) {
|
||||||
|
assertEquals(authorizationPlugin.getClass().getName(), si.remove("authorizationPlugin"));
|
||||||
|
if (authorizationPlugin instanceof RuleBasedAuthorizationPluginBase) {
|
||||||
|
assertNotNull(si.remove("roles"));
|
||||||
|
} else {
|
||||||
|
assertNull(si.remove("roles"));
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
assertNull(si.remove("authorizationPlugin"));
|
||||||
|
}
|
||||||
|
|
||||||
|
assertEquals(userName, si.remove("username"));
|
||||||
|
|
||||||
|
assertEquals("Unexpected additional info: " + si, 0, si.size());
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue