SOLR-17845: Implement OAuth support in new UI (#3754)

This merge adds support for OAuth in the new UI by using a Ktor server for handling callbacks to the app on desktop, and new tab and event listeners on Web.

The solution also adds support for multiple authentication options (MultiAuthPlugin), but with solr-server side limitations.

(cherry picked from commit d065313)

Author: malliaridis

changelog/unreleased/SOLR-17845-oauth-in-new-ui.yml

@@ -0,0 +1,9 @@
+title: SOLR 17845 - Implement OAuth support in new UI
+type: added
+authors:
+  - name: Christos Malliaridis
+    nick: malliaridis
+    url: https://home.apache.org/phonebook.html?uid=malliaridis
+links:
+  - name: SOLR-17845
+    url: https://issues.apache.org/jira/browse/SOLR-17845

gradle/libs.versions.toml

@@ -197,6 +197,7 @@ spatial4j = "0.8"
 spotbugs = "4.9.6"
 squareup-okhttp3-mockwebserver = "4.12.0"
 squareup-okhttp3-okhttp = "4.12.0"
+squareup-okio = "3.16.0"
 stephenc-jcip = "1.0-1"
 swagger3 = "2.2.22"
 tdunning-tdigest = "3.3"
@@ -446,6 +447,9 @@ ktor-client-contentNegotiation = { module = "io.ktor:ktor-client-content-negotia
 ktor-client-core = { module = "io.ktor:ktor-client-core", version.ref = "ktor" }
 ktor-client-mock = { module = "io.ktor:ktor-client-mock", version.ref = "ktor" }
 ktor-client-serialization-json = { module = "io.ktor:ktor-serialization-kotlinx-json", version.ref = "ktor" }
+ktor-server-cio = { module = "io.ktor:ktor-server-cio", version.ref = "ktor" }
+ktor-server-core = { module = "io.ktor:ktor-server-core", version.ref = "ktor" }
+ktor-server-htmlBuilder = { module = "io.ktor:ktor-server-html-builder", version.ref = "ktor" }
 langchain4j-bom = { module = "dev.langchain4j:langchain4j-bom", version.ref = "langchain4j-bom" }
 langchain4j-cohere = { module = "dev.langchain4j:langchain4j-cohere" }
 langchain4j-core = { module = "dev.langchain4j:langchain4j-core" }
@@ -509,6 +513,7 @@ slf4j-jultoslf4j = { module = "org.slf4j:jul-to-slf4j", version.ref = "slf4j" }
 spotbugs-annotations = { module = "com.github.spotbugs:spotbugs-annotations", version.ref = "spotbugs" }
 squareup-okhttp3-mockwebserver = { module = "com.squareup.okhttp3:mockwebserver", version.ref = "squareup-okhttp3-mockwebserver" }
 squareup-okhttp3-okhttp = { module = "com.squareup.okhttp3:okhttp", version.ref = "squareup-okhttp3-okhttp" }
+squareup-okio = { module = "com.squareup.okio:okio", version.ref = "squareup-okio" }
 stephenc-jcip-annotations = { module = "com.github.stephenc.jcip:jcip-annotations", version.ref = "stephenc-jcip" }
 swagger3-annotations-jakarta = { module = "io.swagger.core.v3:swagger-annotations-jakarta", version.ref = "swagger3" }
 swagger3-jaxrs2-jakarta = { module = "io.swagger.core.v3:swagger-jaxrs2-jakarta", version.ref = "swagger3" }

solr/licenses/okio-jvm-3.16.0.jar.sha1

@@ -0,0 +1 @@
+60375cdf2fd0ed2a1dcd6db787095f732a31ff10

solr/licenses/okio-jvm-3.6.0.jar.sha1

@@ -37,8 +37,8 @@ com.nimbusds:nimbus-jose-jwt:10.5=jarValidation,testCompileClasspath,testRuntime
 com.nimbusds:oauth2-oidc-sdk:10.10.1=jarValidation,testCompileClasspath,testRuntimeClasspath
 com.squareup.okhttp3:mockwebserver:4.12.0=jarValidation,testCompileClasspath,testRuntimeClasspath
 com.squareup.okhttp3:okhttp:4.12.0=jarValidation,testCompileClasspath,testRuntimeClasspath
-com.squareup.okio:okio-jvm:3.6.0=jarValidation,testCompileClasspath,testRuntimeClasspath
-com.squareup.okio:okio:3.6.0=jarValidation,testCompileClasspath,testRuntimeClasspath
+com.squareup.okio:okio-jvm:3.16.0=jarValidation,testCompileClasspath,testRuntimeClasspath
+com.squareup.okio:okio:3.16.0=jarValidation,testCompileClasspath,testRuntimeClasspath
 com.tdunning:t-digest:3.3=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath
 commons-cli:commons-cli:1.10.0=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath
 commons-codec:commons-codec:1.19.0=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testCompileClasspath,testRuntimeClasspath
@@ -176,7 +176,7 @@ org.glassfish.jersey.media:jersey-media-json-jackson:3.1.11=jarValidation,runtim
 org.hamcrest:hamcrest:3.0=jarValidation,testCompileClasspath,testRuntimeClasspath
 org.javassist:javassist:3.30.2-GA=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath
 org.jetbrains.kotlin:kotlin-reflect:2.0.21=jarValidation,testRuntimeClasspath
-org.jetbrains.kotlin:kotlin-stdlib-common:2.2.0=jarValidation,testCompileClasspath,testRuntimeClasspath
+org.jetbrains.kotlin:kotlin-stdlib-common:2.2.0=jarValidation,testRuntimeClasspath
 org.jetbrains.kotlin:kotlin-stdlib-jdk7:2.2.0=jarValidation,testCompileClasspath,testRuntimeClasspath
 org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.2.0=jarValidation,testCompileClasspath,testRuntimeClasspath
 org.jetbrains.kotlin:kotlin-stdlib:2.2.0=jarValidation,testCompileClasspath,testRuntimeClasspath

solr/modules/jwt-auth/gradle.lockfile

@@ -32,8 +32,8 @@ com.jayway.jsonpath:json-path:2.9.0=jarValidation,runtimeClasspath,runtimeLibs,s
 com.knuddels:jtokkit:1.1.0=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
 com.lmax:disruptor:3.4.4=solrPlatformLibs
 com.squareup.okhttp3:okhttp:4.12.0=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
-com.squareup.okio:okio-jvm:3.6.0=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
-com.squareup.okio:okio:3.6.0=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
+com.squareup.okio:okio-jvm:3.16.0=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
+com.squareup.okio:okio:3.16.0=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
 com.squareup.retrofit2:converter-jackson:2.9.0=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
 com.squareup.retrofit2:retrofit:2.9.0=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
 com.tdunning:t-digest:3.3=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath
@@ -164,7 +164,6 @@ org.glassfish.jersey.inject:jersey-hk2:3.1.11=jarValidation,runtimeClasspath,run
 org.glassfish.jersey.media:jersey-media-json-jackson:3.1.11=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath
 org.hamcrest:hamcrest:3.0=jarValidation,testCompileClasspath,testRuntimeClasspath
 org.javassist:javassist:3.30.2-GA=jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testRuntimeClasspath
-org.jetbrains.kotlin:kotlin-stdlib-common:2.2.0=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
 org.jetbrains.kotlin:kotlin-stdlib-jdk7:2.2.0=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
 org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.2.0=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
 org.jetbrains.kotlin:kotlin-stdlib:2.2.0=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath

solr/modules/language-models/gradle.lockfile

@@ -26,15 +26,24 @@
 <!-- =============================================================== -->
 
 <Configure id="Server" class="org.eclipse.jetty.server.Server">
-     <Ref refid="RewriteHandler">
-      <Call name="addRule">
-        <Arg>
-          <New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
-            <Set name="pattern">/solr/ui/*</Set>
-            <Set name="headerName">Content-Security-Policy</Set>
-            <Set name="headerValue">default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; worker-src 'self';</Set>
-          </New>
-        </Arg>
-      </Call>
-     </Ref>
+  <Ref refid="RewriteHandler">
+    <!-- SPA fallback: redirect all /solr/ui/* routes to index.html -->
+    <Call name="addRule">
+      <Arg>
+        <New class="org.eclipse.jetty.rewrite.handler.RewriteRegexRule">
+          <Set name="regex">^(/solr/ui/[^.?]*)(\?.*)?$</Set>
+          <Set name="replacement">/solr/ui/index.html</Set>
+        </New>
+      </Arg>
+    </Call>
+    <Call name="addRule">
+      <Arg>
+        <New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
+          <Set name="pattern">/solr/ui/*</Set>
+          <Set name="headerName">Content-Security-Policy</Set>
+          <Set name="headerValue">default-src 'none'; base-uri 'none'; connect-src *; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; worker-src 'self';</Set>
+        </New>
+      </Arg>
+    </Call>
+  </Ref>
 </Configure>

solr/server/etc/jetty-new-ui-dev.xml

@@ -13,15 +13,24 @@
 <!-- =============================================================== -->
 
 <Configure id="Server" class="org.eclipse.jetty.server.Server">
-     <Ref refid="RewriteHandler">
-      <Call name="addRule">
-        <Arg>
-          <New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
-            <Set name="pattern">/solr/ui/*</Set>
-            <Set name="headerName">Content-Security-Policy</Set>
-            <Set name="headerValue">default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'wasm-unsafe-eval'; worker-src 'self';</Set>
-          </New>
-        </Arg>
-      </Call>
-     </Ref>
+  <Ref refid="RewriteHandler">
+    <!-- SPA fallback: redirect all /solr/ui/* routes to index.html -->
+    <Call name="addRule">
+      <Arg>
+        <New class="org.eclipse.jetty.rewrite.handler.RewriteRegexRule">
+          <Set name="regex">^(/solr/ui/[^.?]*)(\?.*)?$</Set>
+          <Set name="replacement">/solr/ui/index.html</Set>
+        </New>
+      </Arg>
+    </Call>
+    <Call name="addRule">
+      <Arg>
+        <New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
+          <Set name="pattern">/solr/ui/*</Set>
+          <Set name="headerName">Content-Security-Policy</Set>
+          <Set name="headerValue">default-src 'none'; base-uri 'none'; connect-src *; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'wasm-unsafe-eval'; worker-src 'self';</Set>
+        </New>
+      </Arg>
+    </Call>
+  </Ref>
 </Configure>

solr/server/etc/jetty-new-ui-prod.xml

@@ -96,6 +96,7 @@ kotlin {
                 implementation(libs.ktor.client.cio)
                 implementation(libs.ktor.client.contentNegotiation)
                 implementation(libs.ktor.client.serialization.json)
+                implementation(libs.squareup.okio)
 
                 implementation(libs.oshai.logging)
                 implementation(libs.slf4j.api)
@@ -114,6 +115,9 @@ kotlin {
 
         val desktopMain by getting {
             dependencies {
+                implementation(libs.ktor.server.core)
+                implementation(libs.ktor.server.cio)
+                implementation(libs.ktor.server.htmlBuilder)
                 implementation(compose.desktop.currentOs)
                 implementation(libs.kotlinx.coroutines.swing)
             }
@@ -132,6 +136,11 @@ compose.desktop {
     application {
         mainClass = "org.apache.solr.ui.MainKt"
 
+        buildTypes.release.proguard {
+            version.set("7.6.0")
+            configurationFiles.from("proguard.pro")
+        }
+
         nativeDistributions {
             targetFormats(TargetFormat.Dmg, TargetFormat.Msi, TargetFormat.Deb)