You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-commits@lucene.apache.org by Apache Wiki <wi...@apache.org> on 2010/07/03 03:20:43 UTC
[Solr Wiki] Update of "SolrSecurity" by HossMan
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Solr Wiki" for change notification.
The "SolrSecurity" page has been changed by HossMan.
The comment on this change is: reorder some stuff to try and make a little more sense.
http://wiki.apache.org/solr/SolrSecurity?action=diff&rev1=12&rev2=13
--------------------------------------------------
== Path Based Authentication ==
+
+ Path based authentication configured at the servlet container level can be used to restrict access to urls such as /admin and /update to only clients specifying the correct credentials.
+
+ Using path based authentication to limit certain clients to path based request handlers with "appends" and "invariants" is also a nice way to expose a subset of the documents and constraining or defaulting any request parameters.
+
+ Consider:
+
+ {{{
+ <requestHandler name="/instock" class="solr.DisMaxRequestHandler" >
+ <lst name="appends">
+ <str name="fq">inStock:true</str>
+ </lst>
+ <lst name="invariants">
+ <str name="facet.field">cat</str>
+ </lst>
+ </requestHandler>
+ }}}
+
+ Any queries into /instock, such as /instock?q=ipod, will always be limited to documents with an indexed inStock field containing a value of "true", and all responses will include facet counts for the "cat" field.
+
+ /!\ NOTE: Solr provides access to request handlers through a general purpose /select?qt=request_handler_name URL. Prior to [[Solr1.4]] (via SOLR-1233), request handlers named with a leading forward-slash like /select?qt=/request_handler_name could not be used, but had to be requested using /request_handler_name. [[Solr1.4]] removed the forward-slash restriction and allows /select to work with any request handler name. Externally blocking access to /select is recommended in environments where only path-based access to request handlers is warranted.
+
+
+ === Jetty example ===
+
For the most basic authentication, edit jetty.xml, webdefault.xml and add to realm.properties
Uncomment this section in /example/etc/jetty.xml
@@ -66, +91 @@
guest: guest, core1-role
}}}
+ === Resin example ===
- Using path based request handlers with "appends" and "invariants" is a nice way to expose a subset of the documents and constraining or defaulting any request parameters. Consider:
-
- {{{
- <requestHandler name="/instock" class="solr.DisMaxRequestHandler" >
- <lst name="appends">
- <str name="fq">inStock:true</str>
- </lst>
- <lst name="invariants">
- <str name="facet.field">cat</str>
- </lst>
- </requestHandler>
- }}}
-
-
- Any queries into /instock, such as /instock?q=ipod, will always be limited to documents with an indexed inStock field containing a value of "true", and all responses will include facet counts for the "cat" field.
-
-
- === Resin example authentication ===
See [[http://caucho.com/resin/doc/resin-security.xtp|resin-security]] and [[http://caucho.com/resin/doc/webapp-tags.xtp#auth-constraint|auth-constraint]]
@@ -108, +116 @@
</web-app>
}}}
-
== Document Level Security ==
@@ -168, +175 @@
<requestParsers enableRemoteStreaming="false" ... />
}}}
- == Request Handler Paths ==
-
- Solr provides access to request handlers through a general purpose /select?qt=request_handler_name URL. Prior to [[Solr1.4]] (via SOLR-1233), request handlers named with a leading forward-slash like /select?qt=/request_handler_name could not be used, but had to be requested using /request_handler_name. [[Solr1.4]] removes the forward-slash restriction and allows /select to work with any request handler name. Externally blocking access to /select is recommended in environments where only path-based access to request handlers is warranted.
-