[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Github user janhoy closed the pull request at: https://github.com/apache/lucene-solr/pull/465 --- - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Github user janhoy commented on a diff in the pull request: https://github.com/apache/lucene-solr/pull/465#discussion_r223859201 --- Diff: solr/webapp/web/WEB-INF/web.xml --- @@ -33,7 +33,7 @@ --> excludePatterns - /partials/.+,/libs/.+,/css/.+,/js/.+,/img/.+,/tpl/.+ + /partials/.+,/libs/.+,/css/.+,/js/.+,/img/.+,/templates/.+ --- End diff -- `/tpl/` was remnants from old UI. Don't remember why I added `/templates/`, as we don't seem to use that either? --- - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Github user janhoy commented on a diff in the pull request: https://github.com/apache/lucene-solr/pull/465#discussion_r223857445 --- Diff: solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java --- @@ -342,18 +342,6 @@ public void doFilter(ServletRequest _request, ServletResponse _response, FilterC } } - AtomicReference wrappedRequest = new AtomicReference<>(); - if (!authenticateRequest(request, response, wrappedRequest)) { // the response and status code have already been sent --- End diff -- In order to load static Admin UI without auth prompt, we need to move auth below check for `excludePatterns`. --- - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Github user janhoy commented on a diff in the pull request: https://github.com/apache/lucene-solr/pull/465#discussion_r223863279 --- Diff: solr/webapp/web/js/angular/app.js --- @@ -365,12 +370,62 @@ solrAdminApp.config([ $rootScope.exceptions[rejection.config.url] = rejection.data.error; } return $q.reject(rejection); - } + }; + + return {request: started, response: ended, responseError: failed}; +}) +// Intercept authentication request from Solr and forward to /solr/#/login +.factory('authInterceptor', function($q, $rootScope, $location, $timeout, $injector) { + var started = function(config) { +if (sessionStorage.getItem("auth.header")) { + config.headers['Authorization'] = sessionStorage.getItem("auth.header"); +} +return config || $q.when(config); + }; + + var ended = function(response) { +if ($location.path() !== '/login') { + sessionStorage.removeItem("http401"); + sessionStorage.removeItem("auth.statusText"); +} +return response || $q.when(response); + }; + + var failed = function(rejection) { +if (rejection.status === 401) { + var headers = rejection.headers(); + var wwwAuthHeader = headers['www-authenticate']; + sessionStorage.setItem("auth.wwwAuthHeader", wwwAuthHeader); + sessionStorage.setItem("auth.statusText", rejection.statusText); + var authDataHeader = headers['X-Solr-AuthData']; + if (authDataHeader !== null) { +sessionStorage.setItem("auth.config", authDataHeader); + } + if ($location.path() === '/login') { +sessionStorage.setItem("auth.location", "/"); --- End diff -- Normally users will be redirected to Login page from whatever page that tried to do a restricted API call to Solr, and will be redirected back to that page after login. However, if user explicitly navigates to Login tab, this makes sure he'll be redirected to Dashboard instead of remaining on the Login page. --- - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Github user janhoy commented on a diff in the pull request: https://github.com/apache/lucene-solr/pull/465#discussion_r223860727 --- Diff: solr/webapp/web/index.html --- @@ -61,9 +62,11 @@ + --- End diff -- Used for base64 encoding of Basic header. Could not find any base64 code in our Admin UI or libs already, else I'd use that. --- - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Github user janhoy commented on a diff in the pull request: https://github.com/apache/lucene-solr/pull/465#discussion_r223860298 --- Diff: solr/webapp/web/css/angular/login.css --- @@ -0,0 +1,103 @@ +/* + +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +*/ + +#content #login +{ + background-position: 0 50%; + padding-left: 21px; + vertical-align: center; + horiz-align: center; +} + +#content #login h1, +#content #login .h1 { + font-size: 2.5rem; +} + +#content #login h2, +#content #login .h2 { + font-size: 2rem; +} + +#content #login p +{ + margin-top: 0; + margin-bottom: 1rem; +} + +#content #login .login-error +{ + font-size: 1rem; + color: red; + margin-top: 10px; + margin-bottom: 10px; +} + +#content #login button { + border-radius: 0; +} + +#content #login button:focus { + outline: 1px dotted; + outline: 5px auto -webkit-focus-ring-color; +} + +#content #login .btn { --- End diff -- Borrowed some styles from bootstrap css (MIT). It is just some selective cut+paste so I did not add anything to `NOTICE.txt`. Should I? Anyway, we should probably style the login page differently, perhaps as a modal prompt. --- - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Github user janhoy commented on a diff in the pull request: https://github.com/apache/lucene-solr/pull/465#discussion_r223855611 --- Diff: solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java --- @@ -180,8 +193,16 @@ public boolean getBlockUnknown(){ return blockUnknown; } - public static final String BLOCK_UNKNOWN = "blockUnknown"; - private static final Set PROPS = ImmutableSet.of(BLOCK_UNKNOWN); - - + public static final String PROPERTY_BLOCK_UNKNOWN = "blockUnknown"; + public static final String PROPERTY_REALM = "realm"; + private static final Set PROPS = ImmutableSet.of(PROPERTY_BLOCK_UNKNOWN, PROPERTY_REALM); --- End diff -- BasicAuth reads the "realm" property and defaults to "solr", but there was no means of setting the property. Also there was no documentation of "realm", so added that to RefGuide. --- - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
Github user janhoy commented on a diff in the pull request: https://github.com/apache/lucene-solr/pull/465#discussion_r223866955 --- Diff: solr/webapp/web/partials/login.html --- @@ -0,0 +1,80 @@ + + + + +Basic Authentication + + {{statusText}}{{authParamsError}} + + + +Solr requires authentication for resource {{authLocation === '/' ? 'Dashboard' : authLocation}}. +Please log in with your username and password for realm {{authRealm}}. + + + {{error}} + + + Username + + Username is required + + + Password + + Password is required + + + + Login + + + + + + +Logged in as user {{authLoggedinUser}}. Realm={{authRealm}}. + + + + + Logout + + + + + + --- End diff -- The idea is that future authentication schemes can add their UI here and code hooks to `login.js` and thus have a very simple extension mechanism. While the ideal would be a true pluggable experience for 3rd party auth to also work, I have not attempted that in this iteration. Ideas of how to achieve that are welcome! --- - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[GitHub] lucene-solr pull request #465: SOLR-7896: Add a login page to Admin UI, with...
GitHub user janhoy opened a pull request: https://github.com/apache/lucene-solr/pull/465 SOLR-7896: Add a login page to Admin UI, with initial support for Basic Auth First cut for basic auth You can merge this pull request into a Git repository by running: $ git pull https://github.com/cominvent/lucene-solr solr7896-admin-login Alternatively you can review and apply these changes as the patch at: https://github.com/apache/lucene-solr/pull/465.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #465 commit 217e0a546a6c64dca32c4c1828435eec1972bfb1 Author: Jan Høydahl Date: 2018-10-09T11:49:25Z SOLR-7896: Add a login page to Admin UI, with initial support for Basic Auth commit 818f71010a7e970fee346ffeeb2e827c846883f7 Author: Jan Høydahl Date: 2018-10-09T13:33:31Z More docs Handle more errors Use external base64 library Fix precommit commit 0d8155b55a28dd1d40786c1b4e6edb2a4f55a8b6 Author: Jan Høydahl Date: 2018-10-09T13:36:06Z Merge branch 'master' into solr7896-admin-login # Conflicts: # solr/solrj/src/java/org/apache/solr/client/solrj/request/MultiContentWriterRequest.java --- - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org