solr/core/src/test/org/apache/solr/security/BasicAuthOnSingleNodeTest.java - lucene-solr - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.solr.security;

 import java.lang.invoke.MethodHandles;

 import org.apache.solr.client.solrj.impl.Http2SolrClient;
 import org.apache.solr.client.solrj.request.CollectionAdminRequest;
 import org.apache.solr.client.solrj.request.QueryRequest;
 import org.apache.solr.cloud.SolrCloudAuthTestCase;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 public class BasicAuthOnSingleNodeTest extends SolrCloudAuthTestCase {

   private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
   private static final String COLLECTION = "authCollection";

   @Before
   public void setupCluster() throws Exception {
     configureCluster(1)
         .addConfig("conf", configset("cloud-minimal"))
         .withSecurityJson(STD_CONF)
         .configure();
     CollectionAdminRequest.createCollection(COLLECTION, "conf", 4, 1)
         .setMaxShardsPerNode(100)
         .setBasicAuthCredentials("solr", "solr")
         .process(cluster.getSolrClient());
     cluster.waitForActiveCollection(COLLECTION, 4, 4);
   }

   @Override
   @After
   public void tearDown() throws Exception {
     cluster.shutdown();
     super.tearDown();
   }

   @Test
   public void basicTest() throws Exception {
     try (Http2SolrClient client = new Http2SolrClient.Builder(cluster.getJettySolrRunner(0).getBaseUrl().toString())
         .build()){

       // SOLR-13510, this will be failed if the listener (handling inject credential in header) is called in another
       // thread since SolrRequestInfo will return null in that case.
       for (int i = 0; i < 30; i++) {
         assertNotNull(new QueryRequest(params("q", "*:*"))
                       .setBasicAuthCredentials("solr", "solr").process(client, COLLECTION));
       }
     }
   }

   @Test
   public void testDeleteSecurityJsonZnode() throws Exception {
     try (Http2SolrClient client = new Http2SolrClient.Builder(cluster.getJettySolrRunner(0).getBaseUrl().toString())
         .build()){
       try {
         new QueryRequest(params("q", "*:*")).process(client, COLLECTION);
         fail("Should throw exception due to authentication needed");
       } catch (Exception e) { /* Ignore */ }

       // Deleting security.json will disable security - before SOLR-9679 it would instead cause an exception
       cluster.getZkClient().delete("/security.json", -1, false);

       int count = 0;
       boolean done = false;
       // Assert that security is turned off. This is async, so we retry up to 5s before failing the test
       while (!done) {
         try {
           Thread.sleep(500);
           count += 1;
           new QueryRequest(params("q", "*:*")).process(client, COLLECTION);
           done = true;
         } catch (Exception e) {
           if (count >= 10) {
             fail("Failed 10 times to query without credentials after removing security.json");
           }
         }
       }
     }
   }

   protected static final String STD_CONF = "{\n" +
       "  \"authentication\":{\n" +
       "   \"blockUnknown\": true,\n" +
       "   \"class\":\"solr.BasicAuthPlugin\",\n" +
       "   \"credentials\":{\"solr\":\"EEKn7ywYk5jY8vG9TyqlG2jvYuvh1Q7kCCor6Hqm320= 6zkmjMjkMKyJX6/f0VarEWQujju5BzxZXub6WOrEKCw=\"}\n" +
       "  },\n" +
       "  \"authorization\":{\n" +
       "   \"class\":\"solr.RuleBasedAuthorizationPlugin\",\n" +
       "   \"permissions\":[\n" +
       " {\"name\":\"security-edit\", \"role\":\"admin\"},\n" +
       " {\"name\":\"collection-admin-edit\", \"role\":\"admin\"},\n" +
       " {\"name\":\"core-admin-edit\", \"role\":\"admin\"}\n" +
       "   ],\n" +
       "   \"user-role\":{\"solr\":\"admin\"}\n" +
       "  }\n" +
       "}";
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.solr.security;

	import java.lang.invoke.MethodHandles;

	import org.apache.solr.client.solrj.impl.Http2SolrClient;
	import org.apache.solr.client.solrj.request.CollectionAdminRequest;
	import org.apache.solr.client.solrj.request.QueryRequest;
	import org.apache.solr.cloud.SolrCloudAuthTestCase;
	import org.junit.After;
	import org.junit.Before;
	import org.junit.Test;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	public class BasicAuthOnSingleNodeTest extends SolrCloudAuthTestCase {

	private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
	private static final String COLLECTION = "authCollection";

	@Before
	public void setupCluster() throws Exception {
	configureCluster(1)
	.addConfig("conf", configset("cloud-minimal"))
	.withSecurityJson(STD_CONF)
	.configure();
	CollectionAdminRequest.createCollection(COLLECTION, "conf", 4, 1)
	.setMaxShardsPerNode(100)
	.setBasicAuthCredentials("solr", "solr")
	.process(cluster.getSolrClient());
	cluster.waitForActiveCollection(COLLECTION, 4, 4);
	}

	@Override
	@After
	public void tearDown() throws Exception {
	cluster.shutdown();
	super.tearDown();
	}

	@Test
	public void basicTest() throws Exception {
	try (Http2SolrClient client = new Http2SolrClient.Builder(cluster.getJettySolrRunner(0).getBaseUrl().toString())
	.build()){

	// SOLR-13510, this will be failed if the listener (handling inject credential in header) is called in another
	// thread since SolrRequestInfo will return null in that case.
	for (int i = 0; i < 30; i++) {
	assertNotNull(new QueryRequest(params("q", ":"))
	.setBasicAuthCredentials("solr", "solr").process(client, COLLECTION));
	}
	}
	}

	@Test
	public void testDeleteSecurityJsonZnode() throws Exception {
	try (Http2SolrClient client = new Http2SolrClient.Builder(cluster.getJettySolrRunner(0).getBaseUrl().toString())
	.build()){
	try {
	new QueryRequest(params("q", ":")).process(client, COLLECTION);
	fail("Should throw exception due to authentication needed");
	} catch (Exception e) { /* Ignore */ }

	// Deleting security.json will disable security - before SOLR-9679 it would instead cause an exception
	cluster.getZkClient().delete("/security.json", -1, false);

	int count = 0;
	boolean done = false;
	// Assert that security is turned off. This is async, so we retry up to 5s before failing the test
	while (!done) {
	try {
	Thread.sleep(500);
	count += 1;
	new QueryRequest(params("q", ":")).process(client, COLLECTION);
	done = true;
	} catch (Exception e) {
	if (count >= 10) {
	fail("Failed 10 times to query without credentials after removing security.json");
	}
	}
	}
	}
	}

	protected static final String STD_CONF = "{\n" +
	" \"authentication\":{\n" +
	" \"blockUnknown\": true,\n" +
	" \"class\":\"solr.BasicAuthPlugin\",\n" +
	" \"credentials\":{\"solr\":\"EEKn7ywYk5jY8vG9TyqlG2jvYuvh1Q7kCCor6Hqm320= 6zkmjMjkMKyJX6/f0VarEWQujju5BzxZXub6WOrEKCw=\"}\n" +
	" },\n" +
	" \"authorization\":{\n" +
	" \"class\":\"solr.RuleBasedAuthorizationPlugin\",\n" +
	" \"permissions\":[\n" +
	" {\"name\":\"security-edit\", \"role\":\"admin\"},\n" +
	" {\"name\":\"collection-admin-edit\", \"role\":\"admin\"},\n" +
	" {\"name\":\"core-admin-edit\", \"role\":\"admin\"}\n" +
	" ],\n" +
	" \"user-role\":{\"solr\":\"admin\"}\n" +
	" }\n" +
	"}";
	}