METRON-1424 Kerberos: Solr (merrimanr) closes apache/metron#960
Project: http://git-wip-us.apache.org/repos/asf/metron/repo Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/f715d6db Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/f715d6db Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/f715d6db Branch: refs/heads/master Commit: f715d6dbaf7ab4272c2e51430f4da13c8f688916 Parents: cdbe7ac Author: merrimanr <[email protected]> Authored: Wed Mar 21 09:13:16 2018 -0500 Committer: merrimanr <[email protected]> Committed: Wed Mar 21 09:13:16 2018 -0500 ---------------------------------------------------------------------- .../org/apache/metron/rest/config/IndexConfig.java | 1 + .../org/apache/metron/indexing/dao/AccessConfig.java | 12 ++++++++++++ .../java/org/apache/metron/solr/dao/SolrDao.java | 5 +++++ .../org/apache/metron/solr/writer/SolrWriter.java | 15 +++++++++++++++ 4 files changed, 33 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/metron/blob/f715d6db/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/config/IndexConfig.java ---------------------------------------------------------------------- diff --git a/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/config/IndexConfig.java b/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/config/IndexConfig.java index 25bb809..635d1de 100644 --- a/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/config/IndexConfig.java +++ b/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/config/IndexConfig.java @@ -73,6 +73,7 @@ public class IndexConfig { } }); config.setTableProvider(TableProvider.create(hbaseProviderImpl, () -> new HTableProvider())); + config.setKerberosEnabled(environment.getProperty(MetronRestConstants.KERBEROS_ENABLED_SPRING_PROPERTY, Boolean.class, false)); if (indexDaoImpl == null) { throw new IllegalStateException("You must provide an index DAO implementation via the " + INDEX_DAO_IMPL + " config"); } http://git-wip-us.apache.org/repos/asf/metron/blob/f715d6db/metron-platform/metron-indexing/src/main/java/org/apache/metron/indexing/dao/AccessConfig.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-indexing/src/main/java/org/apache/metron/indexing/dao/AccessConfig.java b/metron-platform/metron-indexing/src/main/java/org/apache/metron/indexing/dao/AccessConfig.java index c16401e..c301050 100644 --- a/metron-platform/metron-indexing/src/main/java/org/apache/metron/indexing/dao/AccessConfig.java +++ b/metron-platform/metron-indexing/src/main/java/org/apache/metron/indexing/dao/AccessConfig.java @@ -29,6 +29,7 @@ public class AccessConfig { private Supplier<Map<String, Object>> globalConfigSupplier; private Map<String, String> optionalSettings = new HashMap<>(); private TableProvider tableProvider = null; + private Boolean isKerberosEnabled = false; /** * @return A supplier which will return the current global config. @@ -84,4 +85,15 @@ public class AccessConfig { public void setTableProvider(TableProvider tableProvider) { this.tableProvider = tableProvider; } + + /** + * @return True if clients should be configured for Kerberos + */ + public Boolean getKerberosEnabled() { + return isKerberosEnabled; + } + + public void setKerberosEnabled(Boolean kerberosEnabled) { + isKerberosEnabled = kerberosEnabled; + } } http://git-wip-us.apache.org/repos/asf/metron/blob/f715d6db/metron-platform/metron-solr/src/main/java/org/apache/metron/solr/dao/SolrDao.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-solr/src/main/java/org/apache/metron/solr/dao/SolrDao.java b/metron-platform/metron-solr/src/main/java/org/apache/metron/solr/dao/SolrDao.java index 024755a..46c483f 100644 --- a/metron-platform/metron-solr/src/main/java/org/apache/metron/solr/dao/SolrDao.java +++ b/metron-platform/metron-solr/src/main/java/org/apache/metron/solr/dao/SolrDao.java @@ -35,6 +35,8 @@ import org.apache.metron.indexing.dao.search.SearchResponse; import org.apache.metron.indexing.dao.update.Document; import org.apache.solr.client.solrj.SolrClient; import org.apache.solr.client.solrj.impl.CloudSolrClient; +import org.apache.solr.client.solrj.impl.HttpClientUtil; +import org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -69,6 +71,9 @@ public class SolrDao implements IndexDao { @Override public void init(AccessConfig config) { + if (config.getKerberosEnabled()) { + HttpClientUtil.addConfigurer(new Krb5HttpClientConfigurer()); + } if (this.client == null) { Map<String, Object> globalConfig = config.getGlobalConfigSupplier().get(); String zkHost = (String) globalConfig.get("solr.zookeeper"); http://git-wip-us.apache.org/repos/asf/metron/blob/f715d6db/metron-platform/metron-solr/src/main/java/org/apache/metron/solr/writer/SolrWriter.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-solr/src/main/java/org/apache/metron/solr/writer/SolrWriter.java b/metron-platform/metron-solr/src/main/java/org/apache/metron/solr/writer/SolrWriter.java index e2659e9..6147966 100644 --- a/metron-platform/metron-solr/src/main/java/org/apache/metron/solr/writer/SolrWriter.java +++ b/metron-platform/metron-solr/src/main/java/org/apache/metron/solr/writer/SolrWriter.java @@ -21,7 +21,9 @@ import com.google.common.base.Joiner; import org.apache.commons.lang3.StringUtils; import org.apache.metron.common.Constants; import org.apache.metron.stellar.common.utils.ConversionUtils; +import org.apache.solr.client.solrj.impl.HttpClientUtil; import org.apache.solr.client.solrj.impl.HttpSolrClient; +import org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer; import org.apache.solr.common.SolrException; import org.apache.storm.task.TopologyContext; import org.apache.storm.tuple.Tuple; @@ -44,11 +46,13 @@ import java.util.Collection; import java.util.Optional; import java.util.List; import java.util.ArrayList; +import java.util.Set; import java.util.UUID; import java.util.function.Supplier; public class SolrWriter implements BulkMessageWriter<JSONObject>, Serializable { + public static final String JAVA_SECURITY_CONFIG_PROPERTY = "java.security.auth.login.config"; public enum SolrProperties { ZOOKEEPER_QUORUM("solr.zookeeper"), @@ -154,6 +158,9 @@ public class SolrWriter implements BulkMessageWriter<JSONObject>, Serializable { LOG.info("Commit Wait Flush: {}", waitFlush); LOG.info("Default Collection: {}", "" + defaultCollection ); if(solr == null) { + if (isKerberosEnabled(stormConf)) { + HttpClientUtil.addConfigurer(new Krb5HttpClientConfigurer()); + } solr = new MetronSolrClient(zookeeperUrl, solrHttpConfig); } solr.setDefaultCollection(defaultCollection); @@ -239,4 +246,12 @@ public class SolrWriter implements BulkMessageWriter<JSONObject>, Serializable { solr.close(); } } + + private boolean isKerberosEnabled(Map stormConfig) { + if (stormConfig == null) { + return false; + } + String value = (String) stormConfig.get(JAVA_SECURITY_CONFIG_PROPERTY); + return value != null && !value.isEmpty(); + } }
