Change AbstractAdaptor's Authz to DENY
Previously, we defaulted to PERMIT, which was nice for debugging and
initial introduction to the Adaptor library, but is dangerous
security-wise. To prevent accidentally forgetting to override
isUserAuthorized, we are changing the default to DENY.
diff --git a/src/com/google/enterprise/adaptor/AbstractAdaptor.java b/src/com/google/enterprise/adaptor/AbstractAdaptor.java
index 672ced4..ea8c6ff 100644
--- a/src/com/google/enterprise/adaptor/AbstractAdaptor.java
+++ b/src/com/google/enterprise/adaptor/AbstractAdaptor.java
@@ -30,7 +30,7 @@
/**
* {@inheritDoc}
*
- * <p>This implementation provides {@link AuthzStatus#PERMIT} for all {@code
+ * <p>This implementation provides {@link AuthzStatus#DENY} for all {@code
* DocId}s in an unmodifiable map.
*/
@Override
@@ -39,7 +39,7 @@
Map<DocId, AuthzStatus> result
= new HashMap<DocId, AuthzStatus>(ids.size() * 2);
for (DocId id : ids) {
- result.put(id, AuthzStatus.PERMIT);
+ result.put(id, AuthzStatus.DENY);
}
return Collections.unmodifiableMap(result);
}
diff --git a/src/overview.html b/src/overview.html
index 368514d..2e9fe41 100644
--- a/src/overview.html
+++ b/src/overview.html
@@ -82,6 +82,15 @@
GSA.
</ol>
+ <h3>Testing Tip</h3>
+ <p>An adaptor, by default, will deny all document accesses, except from the
+ GSA. To allow debugging and testing an adaptor without a GSA, you can add a
+ hostname to the <code>server.fullAccessHosts</code> config key to allow that
+ computer full access to all adaptor content. In addition, this setting
+ allows that computer to see metadata and other GSA-specific information as
+ HTTP headers. This can be very useful when combined with Firebug or the Web
+ Inspector in your browser to observe an Adaptor's behavior.
+
<h3>Advanced</h3>
<p>You can set configuration variables on the command line instead of in
<code>adaptor-config.properties</code>. You are allowed multiple arguments
diff --git a/test/com/google/enterprise/adaptor/DaemonTest.java b/test/com/google/enterprise/adaptor/DaemonTest.java
index bed6475..cccddba 100644
--- a/test/com/google/enterprise/adaptor/DaemonTest.java
+++ b/test/com/google/enterprise/adaptor/DaemonTest.java
@@ -119,7 +119,7 @@
* Adaptor with a single document. Marked public so that it can be loaded by
* Daemon.
*/
- public static class SingleDocAdaptor extends AbstractAdaptor {
+ public static class SingleDocAdaptor extends MockAdaptor {
private volatile boolean inited;
@Override
@@ -133,11 +133,6 @@
}
@Override
- public void getDocIds(DocIdPusher pusher) {
- throw new UnsupportedOperationException();
- }
-
- @Override
public void getDocContent(Request req, Response resp) throws IOException {
if ("".equals(req.getDocId().getUniqueId())) {
resp.getOutputStream().write("success".getBytes("UTF-8"));
diff --git a/test/com/google/enterprise/adaptor/MockAdaptor.java b/test/com/google/enterprise/adaptor/MockAdaptor.java
index 88bea73..d9c9480 100644
--- a/test/com/google/enterprise/adaptor/MockAdaptor.java
+++ b/test/com/google/enterprise/adaptor/MockAdaptor.java
@@ -15,9 +15,10 @@
package com.google.enterprise.adaptor;
import java.io.IOException;
+import java.util.*;
/**
- * Mock of {@link Adaptor}.
+ * Mock of {@link Adaptor}. All documents authz as PERMIT.
*/
class MockAdaptor extends AbstractAdaptor {
public byte[] documentBytes = new byte[] {1, 2, 3};
@@ -33,4 +34,15 @@
throws IOException, InterruptedException {
response.getOutputStream().write(documentBytes);
}
+
+ @Override
+ public Map<DocId, AuthzStatus> isUserAuthorized(AuthnIdentity identity,
+ Collection<DocId> ids) {
+ Map<DocId, AuthzStatus> result
+ = new HashMap<DocId, AuthzStatus>(ids.size() * 2);
+ for (DocId id : ids) {
+ result.put(id, AuthzStatus.PERMIT);
+ }
+ return Collections.unmodifiableMap(result);
+ }
}
