janhoy commented on code in PR #1851:
URL: https://github.com/apache/solr/pull/1851#discussion_r1302206658
##########
solr/core/src/java/org/apache/solr/cli/AuthTool.java:
##########
@@ -347,37 +352,21 @@ private int handleBasicAuth(CommandLine cli) throws
Exception {
boolean blockUnknown =
Boolean.parseBoolean(cli.getOptionValue("blockUnknown", "true"));
- String securityJson =
- "{"
- + "\n \"authentication\":{"
- + "\n \"blockUnknown\": "
- + blockUnknown
- + ","
- + "\n \"class\":\"solr.BasicAuthPlugin\","
- + "\n \"credentials\":{\""
- + username
- + "\":\""
- + Sha256AuthenticationProvider.getSaltedHashedValue(password)
- + "\"}"
- + "\n },"
- + "\n \"authorization\":{"
- + "\n \"class\":\"solr.RuleBasedAuthorizationPlugin\","
- + "\n \"permissions\":["
- + "\n {\"name\":\"security-edit\", \"role\":\"admin\"},"
- + "\n {\"name\":\"security-read\", \"role\":\"admin\"},"
- + "\n {\"name\":\"config-edit\", \"role\":\"admin\"},"
- + "\n {\"name\":\"config-read\", \"role\":\"admin\"},"
- + "\n {\"name\":\"collection-admin-edit\",
\"role\":\"admin\"},"
- + "\n {\"name\":\"collection-admin-read\",
\"role\":\"admin\"},"
- + "\n {\"name\":\"core-admin-edit\", \"role\":\"admin\"},"
- + "\n {\"name\":\"core-admin-read\", \"role\":\"admin\"},"
- + "\n {\"name\":\"all\", \"role\":\"admin\"}"
- + "\n ],"
- + "\n \"user-role\":{\""
- + username
- + "\":\"admin\"}"
- + "\n }"
- + "\n}";
+ String resourceName = "security.json";
+ final URL resource =
SolrCore.class.getClassLoader().getResource(resourceName);
+ if (null == resource) {
+ throw new IllegalArgumentException("invalid resource name: " +
resourceName);
+ }
+
+ ObjectMapper mapper = new ObjectMapper();
+ JsonNode securityJson1 = mapper.readTree(resource.openStream());
+ ((ObjectNode) securityJson1).put("blockUnknown", blockUnknown);
+ JsonNode credentialsNode =
securityJson1.get("authentication").get("credentials");
+ ((ObjectNode) credentialsNode)
+ .put(username,
Sha256AuthenticationProvider.getSaltedHashedValue(password));
+ JsonNode userRoleNode =
securityJson1.get("authorization").get("user-role");
+ ((ObjectNode) userRoleNode).put(username, "admin");
Review Comment:
What if we could do stuff like:
```bash
bin/solr auth enable --credentials root:xxxx --type basic # superuser creds
bin/solr auth adduser --credentials jane:xxxx --role admin # admin human user
bin/solr auth adduser --credentials frontend:xxxx --role search # search
machine user
bin/solr auth adduser --credentials indexer:xxxx --role index # indexer
machine user
bin/solr auth deluser jane
```
Then the first "enable" command simply adds the `root` user. And the
`adduser` commands will add new users with predefined roles. And the script can
make sure that an `admin` user also has `index` and `search` roles etc.
It's not crucial to have since we have a nice AdminUI for adding users, but
sounds like a win for those who want to script a simple setup.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
