restructured solr kerberos toggle to use admin endpoint instead of se…

…ttings
bionary · Mar 1, 2016 · 2df4269 · 2df4269
1 parent 41366b3
commit 2df4269
Show file tree

Hide file tree

Showing 9 changed files with 28 additions and 38 deletions.
diff --git a/scripts/vagrant/krb5KDC_solrCloud_dataverse_platform/Vagrantfile b/scripts/vagrant/krb5KDC_solrCloud_dataverse_platform/Vagrantfile
@@ -239,12 +239,9 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
       path: "./enable-kerberos-onDataverse.sh", args:  [ "-v",OUTPUT_VERBOSITY,"-x",STATIC_IP_DATAVERSE ]
 
 
-    dataverse.vm.provision "dvTestUsers", type: "shell", 
-      path: "../setup-dv-test_addUsers.sh", args: "#{STATIC_IP_DATAVERSE}"
-    dataverse.vm.provision "dvTestPublishRoot", type: "shell", 
-      path: "../setup-dv-test_publishRoot.sh", args: "#{STATIC_IP_DATAVERSE}"
-    dataverse.vm.provision "dvTestSetupUserDVs", type: "shell", 
-      path: "../setup-dv-test_setupUserDVs.sh", args: "#{STATIC_IP_DATAVERSE}"
+    dataverse.vm.provision "dvTestUsers", type: "shell", path: "../setup-dv-test_addUsers.sh"
+    dataverse.vm.provision "dvTestPublishRoot", type: "shell", path: "../setup-dv-test_publishRoot.sh"
+    dataverse.vm.provision "dvTestSetupUserDVs", type: "shell", path: "../setup-dv-test_setupUserDVs.sh"
   end
 
 end
diff --git a/scripts/vagrant/krb5KDC_solrCloud_dataverse_platform/enable-kerberos-onDataverse.sh b/scripts/vagrant/krb5KDC_solrCloud_dataverse_platform/enable-kerberos-onDataverse.sh
@@ -53,4 +53,4 @@ newline='
 '
 
 $_IF_TERSE echo "Enabling Kerberos authentication of dataverse to solr communication using verbosity level: ${OUTPUT_VERBOSITY}"
-$_IF_VERBOSE curl -L -X PUT -d 'yes' "http://${DATAVERSE_HOST}:8080/api/admin/settings/:SolrUsesJAAS"
+$_IF_VERBOSE curl -L -X GET "http://${DATAVERSE_HOST}:8080/api/admin/toggleSolrKerberos"
diff --git a/src/main/java/edu/harvard/iq/dataverse/AutoCompleteBean.java b/src/main/java/edu/harvard/iq/dataverse/AutoCompleteBean.java
@@ -11,9 +11,7 @@
 import org.apache.solr.client.solrj.SolrClient;
 import org.apache.solr.client.solrj.SolrServerException;
 import org.apache.solr.client.solrj.impl.CloudSolrClient;
-import org.apache.solr.client.solrj.impl.HttpClientUtil;
 import org.apache.solr.client.solrj.impl.HttpSolrClient;
-import org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer;
 import org.apache.solr.client.solrj.response.QueryResponse;
 import org.apache.solr.client.solrj.response.TermsResponse;
 import org.apache.solr.client.solrj.response.TermsResponse.Term;
@@ -32,9 +30,6 @@ public class AutoCompleteBean implements java.io.Serializable {
     private static SolrClient solrServer;
 
     public SolrClient getSolrServer(){
-        if(systemConfig.solrUsesJAAS()){
-          HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
-        }
         if(solrServer == null){
             if (systemConfig.isSolrCloudZookeeperEnabled()) {
                 solrServer = new CloudSolrClient(systemConfig.getSolrZookeeperEnsemble());

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -264,7 +264,16 @@ public Response listBuiltinRoles() {
             return errorResponse(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage());
         }
     }
-
+
+    @Path("toggleSolrKerberos")
+    @GET
+    public Response toggleSolrKerberos() {
+        if(engineSvc.getContext().solrIndex().toggleSolrKerberos()){
+          return okResponse("Kerberos/SPNego authentication enabled for Solr(Core/Cloud) connection");
+        }else{
+          return okResponse("Kerberos/SPNego authentication DISABLED for Solr(Core/Cloud) connection");          
+        }
+    }    
 
     @Path("superuser/{identifier}")
     @POST

diff --git a/src/main/java/edu/harvard/iq/dataverse/search/IndexServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/search/IndexServiceBean.java
@@ -52,9 +52,7 @@
 import org.apache.solr.client.solrj.SolrClient;
 import org.apache.solr.client.solrj.SolrServerException;
 import org.apache.solr.client.solrj.impl.CloudSolrClient;
-import org.apache.solr.client.solrj.impl.HttpClientUtil;
 import org.apache.solr.client.solrj.impl.HttpSolrClient;
-import org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer;
 import org.apache.solr.client.solrj.response.QueryResponse;
 import org.apache.solr.client.solrj.response.UpdateResponse;
 import org.apache.solr.common.SolrDocument;
@@ -110,9 +108,6 @@ public class IndexServiceBean {
 
     @PostConstruct
     public void init(){
-        if(systemConfig.solrUsesJAAS()){
-          HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
-        }
         if (systemConfig.isSolrCloudZookeeperEnabled()) {
             solrServer = new CloudSolrClient(systemConfig.getSolrZookeeperEnsemble());
             ((CloudSolrClient)solrServer).setDefaultCollection(systemConfig.getSolrCollectionName());

diff --git a/src/main/java/edu/harvard/iq/dataverse/search/SearchServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/search/SearchServiceBean.java
@@ -46,10 +46,8 @@
 import org.apache.solr.client.solrj.SolrClient;
 import org.apache.solr.client.solrj.SolrServerException;
 import org.apache.solr.client.solrj.impl.CloudSolrClient;
-import org.apache.solr.client.solrj.impl.HttpClientUtil;
 import org.apache.solr.client.solrj.impl.HttpSolrClient;
 import org.apache.solr.client.solrj.impl.HttpSolrClient.RemoteSolrException;
-import org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer;
 import org.apache.solr.client.solrj.response.FacetField;
 import org.apache.solr.client.solrj.response.QueryResponse;
 import org.apache.solr.client.solrj.response.RangeFacet;
@@ -92,9 +90,6 @@ public class SearchServiceBean {
 
     @PostConstruct
     public void init(){
-        if(systemConfig.solrUsesJAAS()){
-          HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
-        }
         if (systemConfig.isSolrCloudZookeeperEnabled()) {
             solrServer = new CloudSolrClient(systemConfig.getSolrZookeeperEnsemble());
             ((CloudSolrClient)solrServer).setDefaultCollection(systemConfig.getSolrCollectionName());

diff --git a/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java
@@ -31,6 +31,7 @@
 import org.apache.solr.client.solrj.SolrClient;
 import org.apache.solr.client.solrj.SolrServerException;
 import org.apache.solr.client.solrj.impl.CloudSolrClient;
+import org.apache.solr.client.solrj.impl.HttpClientConfigurer;
 import org.apache.solr.client.solrj.impl.HttpClientUtil;
 import org.apache.solr.client.solrj.impl.HttpSolrClient;
 import org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer;
@@ -64,9 +65,6 @@ public class SolrIndexServiceBean {
 
     @PostConstruct
     public void init(){
-        if(systemConfig.solrUsesJAAS()){
-          HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
-        }
         if (systemConfig.isSolrCloudZookeeperEnabled()) {
             solrServer = new CloudSolrClient(systemConfig.getSolrZookeeperEnsemble());
             ((CloudSolrClient)solrServer).setDefaultCollection(systemConfig.getSolrCollectionName());
@@ -132,6 +130,19 @@ public List<DvObjectSolrDoc> determineSolrDocs(DvObject dvObject) {
         return solrDocs;
     }
 
+    private boolean solrUsesKerberos = false;
+
+    public boolean toggleSolrKerberos() {
+      if (solrUsesKerberos != true) {
+        solrUsesKerberos = true;
+        HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
+      }else{
+        solrUsesKerberos = false;
+        HttpClientUtil.setConfigurer(new HttpClientConfigurer());
+      }
+      return solrUsesKerberos;
+    }
+
     private List<DvObjectSolrDoc> determineSolrDocsForFilesFromDataset(Map.Entry<Long, List<Long>> datasetHash) {
         List<DvObjectSolrDoc> emptyList = new ArrayList<>();
         List<DvObjectSolrDoc> solrDocs = emptyList;

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -123,8 +123,6 @@ public enum Key {
         useSolrCloudViaZookeeper,
         /** Key for selecting to use TLS/SSL to communicate with the solr server */
         useSolrViaHTTPS,
-        /** Key for selecting to use JAAS (kerberos) to authenticate with the solr server */
-        SolrUsesJAAS,
         /** Solr hostname and port, such as "localhost:2181/solr". */
         SolrZookeeperEnsemble,
         /** Solr hostname and port, such as "localhost:8983". */

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
@@ -225,16 +225,6 @@ public boolean solrUsesHttps() {
       return solrTLS_Enabled;
     }
 
-    private Boolean solrKRB_Enabled = null;
-    public boolean solrUsesJAAS() {
-      if (solrKRB_Enabled != null) {
-        return solrKRB_Enabled;
-      }
-      boolean safeDefaultIfKeyNotFound = false;
-      solrKRB_Enabled = settingsService.isTrueForKey(SettingsServiceBean.Key.SolrUsesJAAS, safeDefaultIfKeyNotFound);
-      return solrKRB_Enabled;
-    }
-
     public String getSolrUrlSchema() {
         return (solrUsesHttps()) ? "https://" : "http://";
     }