You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by RaghavPrabhu <ra...@gmail.com> on 2008/11/20 07:58:52 UTC
How can i protect the SOLR Cores?
Hi all,
Im using multiple cores and all i need to do is,to make the each core in
secure manner. If i am accessing the particular core via url,it should ask
and validate the credentials say Username & Password for each core.
Most preferable suggestions are welcome!!!
Thanks in advance
Prabhu.K
--
View this message in context: http://www.nabble.com/How-can-i-protect-the-SOLR-Cores--tp20596015p20596015.html
Sent from the Solr - User mailing list archive at Nabble.com.
Re: How can i protect the SOLR Cores?
Posted by Chris Hostetter <ho...@fucit.org>.
: 1) modify web.xml (part of the sources of solr.war, which you'll have to
: rebuild) to define the authentication constraints you want.
for many servlet containers, this isn't neccessary. Jetty cor example
also lets you define security realms in the jetty.xml (there's an example
of this commented out in the example jetty.xml)
-Hoss
Re: How can i protect the SOLR Cores?
Posted by Norberto Meijome <nu...@gmail.com>.
On Wed, 19 Nov 2008 22:58:52 -0800 (PST)
RaghavPrabhu <ra...@gmail.com> wrote:
> Im using multiple cores and all i need to do is,to make the each core in
> secure manner. If i am accessing the particular core via url,it should ask
> and validate the credentials say Username & Password for each core.
You should be able to handle this @ the servlet container level. What I did, using Jetty + starting from the example app, was :
1) modify web.xml (part of the sources of solr.war, which you'll have to rebuild) to define the authentication constraints you want.
[...]
<!-- block by default. -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Default</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint/> <!-- BLOCK! -->
</security-constraint>
<!-- this constraint has no auth constraint or data constraint => allows without auth. -->
<security-constraint>
<web-resource-collection>
<web-resource-name>AllowedQueries</web-resource-name>
<url-pattern>/core1/select/*</url-pattern>
<url-pattern>/core2/select/*</url-pattern>
<url-pattern>/core3/select/*</url-pattern>
</web-resource-collection>
</security-constraint>
<!-- this constraint allows access to admin pages, with basic auth -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin</web-resource-name>
<!-- the admin for cores management -->
<url-pattern>/admin/*</url-pattern>
<!-- the admin for each individual core -->
<url-pattern>/core1/admin/*</url-pattern>
<url-pattern>/core2/admin/*</url-pattern>
<url-pattern>/core3/admin/*</url-pattern>
<!-- The Test core, full access to it -->
<url-pattern>/_test_/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Roles of users are defined int the properties file -->
<!-- we allow users with admin-only access -->
<role-name>Admin-role</role-name>
<!-- we allow users with full access -->
<role-name>FullAccess-role</role-name>
</auth-constraint>
</security-constraint>
<!-- this constraint allows access to modify the data in the SOLR service, with basic auth -->
<security-constraint>
<web-resource-collection>
<web-resource-name>RW</web-resource-name>
<!-- the dataimport handler for each individual core -->
<url-pattern>/core1/dataimport</url-pattern>
<url-pattern>/core2/dataimport</url-pattern>
<url-pattern>/core3/dataimport</url-pattern>
<!-- the update handler (XML over HTTP) for each individual core -->
<url-pattern>/core1/update/*</url-pattern>
<url-pattern>/core2/update/*</url-pattern>
<url-pattern>/core3/update/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Roles of users are defined int the properties file -->
<!-- we allow users with rw-only access -->
<role-name>RW-role</role-name>
<!-- we allow users with full access -->
<role-name>FullAccess-role</role-name>
</auth-constraint>
</security-constraint>
<!-- the Realm for this app. Ideally we should have different realms for each security-constraint, but I can't get it to work properly -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>SearchSvc</realm-name>
</login-config>
<security-role>
<role-name>Admin-role</role-name>
</security-role>
<security-role>
<role-name>FullAccess-role</role-name>
</security-role>
<security-role>
<role-name>RW-role</role-name>
</security-role>
[...]
2) in Jetty's jetty.xml (or in a context...i just used jetty.xml), define where to get the AUTH details from :
[...]
<Set name="UserRealms">
<Array type="org.mortbay.jetty.security.UserRealm">
<Item>
<New class="org.mortbay.jetty.security.HashUserRealm">
<Set name="name">SearchSvc</Set>
<Set name="config">
<SystemProperty name="jetty.home" default="." />/etc/searchsvc_access.properties</Set>
<!-- <Set name="reloadInterval">10</Set>-->
<!-- <Call name="start"></Call>-->
</New>
</Item>
[...]
3) Read in jetty's documentation how to create the .properties file with the auth info...
I am not sure if this is the BEST way to do it ( i didn't have access to any stronger auth method than basic at the time), but it works exactly as intended.
b
_________________________
{Beto|Norberto|Numard} Meijome
"I was born not knowing and have had only a little time to change that here and there."
Richard Feynman
I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.
Re: How can i protect the SOLR Cores?
Posted by Noble Paul നോബിള് नोब्ळ् <no...@gmail.com>.
Setup an extra filter before SolrDispatchFilter to do authentication.
On Thu, Nov 20, 2008 at 12:28 PM, RaghavPrabhu <ra...@gmail.com> wrote:
>
> Hi all,
>
> Im using multiple cores and all i need to do is,to make the each core in
> secure manner. If i am accessing the particular core via url,it should ask
> and validate the credentials say Username & Password for each core.
>
> Most preferable suggestions are welcome!!!
>
> Thanks in advance
> Prabhu.K
> --
> View this message in context: http://www.nabble.com/How-can-i-protect-the-SOLR-Cores--tp20596015p20596015.html
> Sent from the Solr - User mailing list archive at Nabble.com.
>
>
--
--Noble Paul