epugh commented on code in PR #1851:
URL: https://github.com/apache/solr/pull/1851#discussion_r1308500729
##########
solr/core/src/java/org/apache/solr/cli/AuthTool.java:
##########
@@ -347,37 +352,21 @@ private int handleBasicAuth(CommandLine cli) throws
Exception {
boolean blockUnknown =
Boolean.parseBoolean(cli.getOptionValue("blockUnknown", "true"));
- String securityJson =
- "{"
- + "\n \"authentication\":{"
- + "\n \"blockUnknown\": "
- + blockUnknown
- + ","
- + "\n \"class\":\"solr.BasicAuthPlugin\","
- + "\n \"credentials\":{\""
- + username
- + "\":\""
- + Sha256AuthenticationProvider.getSaltedHashedValue(password)
- + "\"}"
- + "\n },"
- + "\n \"authorization\":{"
- + "\n \"class\":\"solr.RuleBasedAuthorizationPlugin\","
- + "\n \"permissions\":["
- + "\n {\"name\":\"security-edit\", \"role\":\"admin\"},"
- + "\n {\"name\":\"security-read\", \"role\":\"admin\"},"
- + "\n {\"name\":\"config-edit\", \"role\":\"admin\"},"
- + "\n {\"name\":\"config-read\", \"role\":\"admin\"},"
- + "\n {\"name\":\"collection-admin-edit\",
\"role\":\"admin\"},"
- + "\n {\"name\":\"collection-admin-read\",
\"role\":\"admin\"},"
- + "\n {\"name\":\"core-admin-edit\", \"role\":\"admin\"},"
- + "\n {\"name\":\"core-admin-read\", \"role\":\"admin\"},"
- + "\n {\"name\":\"all\", \"role\":\"admin\"}"
- + "\n ],"
- + "\n \"user-role\":{\""
- + username
- + "\":\"admin\"}"
- + "\n }"
- + "\n}";
+ String resourceName = "security.json";
+ final URL resource =
SolrCore.class.getClassLoader().getResource(resourceName);
+ if (null == resource) {
+ throw new IllegalArgumentException("invalid resource name: " +
resourceName);
+ }
+
+ ObjectMapper mapper = new ObjectMapper();
+ JsonNode securityJson1 = mapper.readTree(resource.openStream());
+ ((ObjectNode) securityJson1).put("blockUnknown", blockUnknown);
+ JsonNode credentialsNode =
securityJson1.get("authentication").get("credentials");
+ ((ObjectNode) credentialsNode)
+ .put(username,
Sha256AuthenticationProvider.getSaltedHashedValue(password));
+ JsonNode userRoleNode =
securityJson1.get("authorization").get("user-role");
+ ((ObjectNode) userRoleNode).put(username, "admin");
Review Comment:
I like this idea.... So, at some point I am hoping that as the v2 API's
come online, we move the CLI to using them. And that at that point adding a
command like "adduser" or "deleteuser" becomes super easy because we have nice
clean SolrJ client objects (methods?) that map to the v2 apis with all the
docs, and that we don't add more custom logic on the auth tool....
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
