org.apache.solr.security

Class HadoopAuthPlugin

  • All Implemented Interfaces:
    Closeable, AutoCloseable
    Direct Known Subclasses:
    ConfigurableInternodeAuthHadoopPlugin


    public class HadoopAuthPlugin
    extends AuthenticationPlugin
    This class implements a generic plugin which can use authentication schemes exposed by the Hadoop framework. This plugin supports following features - integration with authentication mehcanisms (e.g. kerberos) - Delegation token support - Proxy users (or secure impersonation) support This plugin enables defining configuration parameters required by the undelying Hadoop authentication mechanism. These configuration parameters can either be specified as a Java system property or the default value can be specified as part of the plugin configuration. The proxy users are configured by specifying relevant Hadoop configuration parameters. Please note that the delegation token support must be enabled for using the proxy users support. Note - this class does not support configuring authentication mechanism for Solr internal communication. For this purpose ConfigurableInternodeAuthHadoopPlugin should be used. If this plugin is used in the SolrCloud mode, it will use PKI based authentication mechanism for Solr internal communication.
    • Method Detail

      • doAuthenticate

        public boolean doAuthenticate(ServletRequest request,
                                      ServletResponse response,
                                      FilterChain filterChain)
                               throws Exception
        Description copied from class: AuthenticationPlugin
        This method attempts to authenticate the request. Upon a successful authentication, this must call the next filter in the filter chain and set the user principal of the request, or else, upon an error or an authentication failure, throw an exception.
        Specified by:
        doAuthenticate in class AuthenticationPlugin
        Parameters:
        request - the http request
        response - the http response
        filterChain - the servlet filter chain
        Returns:
        false if the request not be processed by Solr (not continue), i.e. the response and status code have already been sent.
        Throws:
        Exception - any exception thrown during the authentication, e.g. PrivilegedActionException