Custom auth plugin for SolrCloud

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Custom auth plugin for SolrCloud

Zubovich Yauheni
Hi,

I have very very simple task - we need to protect access to Solr if request
doesn't have specific header. Solr 7.3 is running in cloud mode. Was
implemented custom auth plugin:

package com.custom.solr.core;

import org.apache.solr.security.AuthenticationPlugin;

public class RestrictDirectAccessPlugin extends AuthenticationPlugin {

    private static final Logger LOGGER =
LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());

    private static final String X_HEADER = "X-HEADER";

    @Override
    public void init(Map<String, Object> pluginConfig) {

    }

    @Override
    public boolean doAuthenticate(ServletRequest request,
ServletResponse response, FilterChain filterChain) throws Exception {
        HttpServletRequest wrappedRequest = (HttpServletRequest) request;
        if ("true".equalsIgnoreCase(wrappedRequest.getHeader(X_HEADER)) {
            return true;
        }
        return false;
    }

    @Override
    public void close() throws IOException {

    }

This class is wrapped into jar. Jar added to server lib directory and
defined at solrconfig.xml:

<lib dir="/webapps/solr-plugins/" regex="custom.jar" />

But, when I am trying to start Solr, I have following error:

2019-09-19 08:51:31.667 INFO  (main) [   ] o.a.s.c.CoreContainer
Initializing authentication plugin:
com.custom.solr.core.RestrictDirectAccessPlugin
2019-09-19 08:51:31.676 ERROR (main) [   ] o.a.s.s.SolrDispatchFilter Could
not start Solr. Check solr/home property and the logs
2019-09-19 08:51:31.695 ERROR (main) [   ] o.a.s.c.SolrCore
null:org.apache.solr.common.SolrException: Error loading class
'com.custom.solr.core.RestrictDirectAccessPlugin'
at
org.apache.solr.core.SolrResourceLoader.findClass(SolrResourceLoader.java:557)
at
org.apache.solr.core.SolrResourceLoader.newInstance(SolrResourceLoader.java:626)
at
org.apache.solr.core.CoreContainer.initializeAuthenticationPlugin(CoreContainer.java:355)
at
org.apache.solr.core.CoreContainer.reloadSecurityProperties(CoreContainer.java:708)
at org.apache.solr.core.CoreContainer.load(CoreContainer.java:525)
at
org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:263)
at
org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:183)
at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:139)
at
org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:741)
at
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:348)
at
org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1515)
at
org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1477)
at
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:785)
at
org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:261)
at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:545)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:41)
at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:188)
at
org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:502)
at
org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:150)
at
org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:180)
at
org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(WebAppProvider.java:453)
at
org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:64)
at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:610)
at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:529)
at org.eclipse.jetty.util.Scanner.scan(Scanner.java:392)
at org.eclipse.jetty.util.Scanner.doStart(Scanner.java:313)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.deploy.providers.ScanningAppProvider.doStart(ScanningAppProvider.java:150)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.deploy.DeploymentManager.startAppProvider(DeploymentManager.java:564)
at
org.eclipse.jetty.deploy.DeploymentManager.doStart(DeploymentManager.java:239)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:133)
at org.eclipse.jetty.server.Server.start(Server.java:418)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:115)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
at org.eclipse.jetty.server.Server.doStart(Server.java:385)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1584)
at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1508)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1507)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:221)
at org.eclipse.jetty.start.Main.start(Main.java:504)
at org.eclipse.jetty.start.Main.main(Main.java:78)
Caused by: java.lang.ClassNotFoundException:
com.custom.solr.core.RestrictDirectAccessPlugin
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.net.FactoryURLClassLoader.loadClass(URLClassLoader.java:814)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at
org.apache.solr.core.SolrResourceLoader.findClass(SolrResourceLoader.java:541)
... 49 more


Why Solr doesn't see such class and how can I resolve it?


--
Best regards,
Yauheni
Reply | Threaded
Open this post in threaded view
|

Re: Custom auth plugin for SolrCloud

Shawn Heisey-2
On 9/19/2019 6:18 AM, Zubovich Yauheni wrote:
> This class is wrapped into jar. Jar added to server lib directory and
> defined at solrconfig.xml:
>
> <lib dir="/webapps/solr-plugins/" regex="custom.jar" />

Where exactly is this "server lib" directory that you describe?  If it's
one of the locations that gets loaded automatically, you should NOT be
loading anything in that location with the <lib> directive in
solrconfig.xml.  That will result in the jar being loaded more than once.

> null:org.apache.solr.common.SolrException: Error loading class
> 'com.custom.solr.core.RestrictDirectAccessPlugin'

This problem with a Java program can be caused by having the same jar
loaded more than once.  The reason it happens is complex and has to do
with interactions between multiple Java classloaders.

The solution to these problems is to make sure that every required jar
is loaded, and that each of them is only loaded once.

Thanks,
Shawn
Reply | Threaded
Open this post in threaded view
|

Re: Custom auth plugin for SolrCloud

Jan Høydahl / Cominvent
Note that authentication plugins is not per-core/collection, they are system wide.
Try to create a lib/ folder inside your SOLR_HOME and put the jar there.

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

> 19. sep. 2019 kl. 16:19 skrev Shawn Heisey <[hidden email]>:
>
> On 9/19/2019 6:18 AM, Zubovich Yauheni wrote:
>> This class is wrapped into jar. Jar added to server lib directory and
>> defined at solrconfig.xml:
>> <lib dir="/webapps/solr-plugins/" regex="custom.jar" />
>
> Where exactly is this "server lib" directory that you describe?  If it's one of the locations that gets loaded automatically, you should NOT be loading anything in that location with the <lib> directive in solrconfig.xml.  That will result in the jar being loaded more than once.
>
>> null:org.apache.solr.common.SolrException: Error loading class
>> 'com.custom.solr.core.RestrictDirectAccessPlugin'
>
> This problem with a Java program can be caused by having the same jar loaded more than once.  The reason it happens is complex and has to do with interactions between multiple Java classloaders.
>
> The solution to these problems is to make sure that every required jar is loaded, and that each of them is only loaded once.
>
> Thanks,
> Shawn