This is an automated email from the ASF dual-hosted git repository.

dineshkumar-yadav pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 597f6506c RANGER-5648: Solr authorization fails with NPE (#1029)
597f6506c is described below

commit 597f6506c674144cc067def0de86aaf4405142cb
Author: Sanket-Shelar <[email protected]>
AuthorDate: Fri Jun 26 11:39:42 2026 +0530

    RANGER-5648: Solr authorization fails with NPE (#1029)
---
 .../solr/authorizer/RangerSolrAuthorizer.java      | 106 ++++++++++++---------
 .../solr/authorizer/TestRangerSolrAuthorizer.java  |  90 +++++++++++++++++
 2 files changed, 150 insertions(+), 46 deletions(-)

diff --git 
a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
 
b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
index 0c1e5fc71..5b00f3396 100644
--- 
a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
+++ 
b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
@@ -68,6 +68,8 @@
 public class RangerSolrAuthorizer extends SearchComponent implements 
AuthorizationPlugin {
     private static final Logger logger = 
LoggerFactory.getLogger(RangerSolrAuthorizer.class);
 
+    private static final String PLUGIN_NOT_INITIALIZED_MSG = "Access denied: 
authorizer is not initialized.";
+
     private static volatile RangerBasePlugin solrPlugin;
 
     private final List<FieldToAttributeMapping> fieldAttributeMappings = new 
LinkedList<>();
@@ -100,18 +102,26 @@ public RangerSolrAuthorizer() {
     public void close() {
         logger.info("close() called");
 
+        RangerBasePlugin plugin = solrPlugin;
+
+        if (plugin == null) {
+            return;
+        }
+
         try {
-            solrPlugin.cleanup();
+            plugin.cleanup();
 
             /* Solr shutdown is not graceful so that JVM shutdown hooks
              * are not always invoked and the audit store are not flushed. So
              * we are forcing a cleanup here.
              */
-            if (solrPlugin.getAuditProviderFactory() != null) {
-                solrPlugin.getAuditProviderFactory().shutdown();
+            if (plugin.getAuditProviderFactory() != null) {
+                plugin.getAuditProviderFactory().shutdown();
             }
         } catch (Throwable t) {
             logger.error("Error cleaning up Ranger plugin. Ignoring error", t);
+        } finally {
+            solrPlugin = null;
         }
     }
 
@@ -124,6 +134,15 @@ public void close() {
      */
     @Override
     public AuthorizationResponse authorize(AuthorizationContext context) {
+        RangerBasePlugin solrPlugin = getPlugin();
+
+        if (solrPlugin == null) {
+            MiscUtil.logErrorMessageByInterval(logger, 
PLUGIN_NOT_INITIALIZED_MSG);
+            AuthorizationResponse resp = new AuthorizationResponse(503);
+            resp.setMessage(PLUGIN_NOT_INITIALIZED_MSG);
+            return resp;
+        }
+
         boolean isDenied = false;
 
         try {
@@ -308,49 +327,7 @@ public AuthorizationResponse 
authorize(AuthorizationContext context) {
     @Override
     public void init(Map<String, Object> initInfo) {
         logger.info("init()");
-
-        try {
-            RangerBasePlugin me = solrPlugin;
-
-            if (me == null) {
-                synchronized (RangerSolrAuthorizer.class) {
-                    me = solrPlugin;
-
-                    logger.info("RangerSolrAuthorizer(): init called");
-
-                    if (me == null) {
-                        authToJAASFile();
-
-                        logger.info("Creating RangerSolrPlugin");
-
-                        me = new RangerBasePlugin("solr", "solr");
-
-                        logger.info("Calling solrPlugin.init()");
-
-                        me.init();
-                        me.setResultProcessor(new 
RangerSolrAuditHandler(me.getConfig()));
-
-                        solrPlugin = me;
-                    }
-                }
-            }
-
-            useProxyIP    = 
solrPlugin.getConfig().getBoolean(RangerSolrConstants.PROP_USE_PROXY_IP, 
useProxyIP);
-            proxyIPHeader = 
solrPlugin.getConfig().get(RangerSolrConstants.PROP_PROXY_IP_HEADER, 
proxyIPHeader);
-
-            // First get from the -D property
-            solrAppName = System.getProperty("solr.kerberos.jaas.appname", 
solrAppName);
-
-            // Override if required from Ranger properties
-            solrAppName = 
solrPlugin.getConfig().get(RangerSolrConstants.PROP_SOLR_APP_NAME, solrAppName);
-
-            logger.info("init(): useProxyIP={}", useProxyIP);
-            logger.info("init(): proxyIPHeader={}", proxyIPHeader);
-            logger.info("init(): solrAppName={}", solrAppName);
-            logger.info("init(): KerberosName.rules={}", 
MiscUtil.getKerberosNamesRules());
-        } catch (Throwable t) {
-            logger.error("Error creating and initializing RangerBasePlugin()", 
t);
-        }
+        getPlugin();
     }
 
     @Override
@@ -530,6 +507,43 @@ public String getDescription() {
         return "Handle Query Document Authorization";
     }
 
+    private RangerBasePlugin getPlugin() {
+        RangerBasePlugin ret = solrPlugin;
+
+        if (ret == null) {
+            synchronized (RangerSolrAuthorizer.class) {
+                ret = solrPlugin;
+
+                if (ret == null) {
+                    try {
+                        initializeSolrPlugin();
+
+                        ret = solrPlugin;
+                    } catch (Throwable t) {
+                        logger.error("Error creating and initializing 
RangerBasePlugin()", t);
+                    }
+                }
+            }
+        }
+
+        return ret;
+    }
+
+    private void initializeSolrPlugin() {
+        authToJAASFile();
+
+        RangerBasePlugin plugin = new RangerBasePlugin("solr", "solr");
+
+        plugin.init();
+        plugin.setResultProcessor(new 
RangerSolrAuditHandler(plugin.getConfig()));
+
+        useProxyIP    = 
plugin.getConfig().getBoolean(RangerSolrConstants.PROP_USE_PROXY_IP, 
useProxyIP);
+        proxyIPHeader = 
plugin.getConfig().get(RangerSolrConstants.PROP_PROXY_IP_HEADER, proxyIPHeader);
+        solrAppName   = 
plugin.getConfig().get(RangerSolrConstants.PROP_SOLR_APP_NAME, 
System.getProperty("solr.kerberos.jaas.appname", solrAppName));
+
+        solrPlugin = plugin;
+    }
+
     private void authToJAASFile() {
         try {
             MiscUtil.setUGIFromJAASConfig(solrAppName);
diff --git 
a/plugin-solr/src/test/java/org/apache/ranger/authorization/solr/authorizer/TestRangerSolrAuthorizer.java
 
b/plugin-solr/src/test/java/org/apache/ranger/authorization/solr/authorizer/TestRangerSolrAuthorizer.java
new file mode 100644
index 000000000..67e1a856a
--- /dev/null
+++ 
b/plugin-solr/src/test/java/org/apache/ranger/authorization/solr/authorizer/TestRangerSolrAuthorizer.java
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.authorization.solr.authorizer;
+
+import org.apache.solr.security.AuthorizationContext;
+import org.apache.solr.security.AuthorizationResponse;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.lang.reflect.Field;
+import java.util.Collections;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.Mockito.mock;
+
+/**
+ * @generated by Cursor
+ * @description : Unit Test cases for RangerSqoopAuthorizer
+ */
+
+@ExtendWith(MockitoExtension.class)
+@TestMethodOrder(MethodOrderer.MethodName.class)
+public class TestRangerSolrAuthorizer {
+    @Test
+    public void 
test01_authorize_whenPluginNotInitialized_returns503WithoutNpe() throws 
Exception {
+        resetPluginState();
+
+        RangerSolrAuthorizer authorizer = new RangerSolrAuthorizer();
+        AuthorizationContext context    = mock(AuthorizationContext.class);
+
+        AuthorizationResponse response = assertDoesNotThrow(() -> 
authorizer.authorize(context));
+
+        assertEquals(503, response.statusCode);
+    }
+
+    @Test
+    public void test02_close_whenPluginNull_doesNotThrow() throws Exception {
+        resetPluginState();
+
+        RangerSolrAuthorizer authorizer = new RangerSolrAuthorizer();
+
+        assertDoesNotThrow(authorizer::close);
+    }
+
+    @Test
+    public void test03_init_whenPluginCreationFails_leavesPluginNull() throws 
Exception {
+        resetPluginState();
+
+        RangerSolrAuthorizer authorizer = new RangerSolrAuthorizer();
+
+        authorizer.init(Collections.emptyMap());
+
+        assertEquals(null, getStaticField("solrPlugin"));
+    }
+
+    private static void resetPluginState() throws Exception {
+        setStaticField("solrPlugin", null);
+    }
+
+    private static void setStaticField(String fieldName, Object value) throws 
Exception {
+        Field field = RangerSolrAuthorizer.class.getDeclaredField(fieldName);
+        field.setAccessible(true);
+        field.set(null, value);
+    }
+
+    private static Object getStaticField(String fieldName) throws Exception {
+        Field field = RangerSolrAuthorizer.class.getDeclaredField(fieldName);
+        field.setAccessible(true);
+        return field.get(null);
+    }
+}

Reply via email to