deployment questions

[Joel Nylund <jn...@yahoo.com>]

Hi,

I have a java app that is deployed in jboss/tomcat container. I would  
like to add my solr index to it. I have read about this and it seems  
fairly straight forward, but im curious the best way to secure it.

I require my users to login to my app to use it, so I want the search  
functions to behave the same way. Ideally I would like to do the solr  
queries from the client using ajax/json calls.

So given this my thinking was I should wrapper the solr servlet and do  
a local proxy type interface to ensure security. Is there any easier  
way to do this, or an example of a good way to do this? Or does the  
solr servlet support a "interceptor" type pattern where I can have it  
call a piece of code before I execute the call (this application is  
old and not using std j2ee security so I dont think I can use that.)


Another option is to do solrj on the server, and not do the client  
side calls, in this case I think I could lock down the solr servlet  
interface to only allow local calls.

thanks
Joel

Re: deployment questions

[Chris Hostetter <ho...@fucit.org>]

: Use SolrJ and embed solr in my webapp, but I want to disable the http access
: to solr, meaning force all calls through my solrj interface I am building (no
: admin access etc).

if you're app is running in a servlet container anyway, you might find it 
just as easy to install solr into the same servlet container (seperate 
webapp) but use ACL features of the container (or some other external 
firewall) to prevent access to Solr from your end users - so only your app 
and "you" (ie: localhost, localnet, etc...) can directly access solr.

alternately: you can put servlit filter / firewall between your users and 
solr, so that they communicate with solr through a proxy that validates 
their credentials, and blocks them from accessing things you don't wnat 
them to access (ie: doing updates, accessing the admin pages, etc...)



-Hoss

Re: deployment questions

[Walter Underwood <wu...@wunderwood.org>]

Either way works, but running Solr as a server means that you have an  
admin interface. That can be very useful. You will want it as soon as  
someone asks why some document is not the first hit for their favorite  
query.

wunder

On Nov 11, 2009, at 7:26 AM, Joel Nylund wrote:

> Anyone?
>
> I have done more reading and testing and it seems like I want to:
>
> Use SolrJ and embed solr in my webapp, but I want to disable the  
> http access to solr, meaning force all calls through my solrj  
> interface I am building (no admin access etc).
>
> Is there a simple way to do this?
>
> Am I better off running solr as a server on its own and using  
> network security?
>
> thanks
> Joel
>
> On Nov 9, 2009, at 5:04 PM, Joel Nylund wrote:
>
>> Hi,
>>
>> I have a java app that is deployed in jboss/tomcat container. I  
>> would like to add my solr index to it. I have read about this and  
>> it seems fairly straight forward, but im curious the best way to  
>> secure it.
>>
>> I require my users to login to my app to use it, so I want the  
>> search functions to behave the same way. Ideally I would like to do  
>> the solr queries from the client using ajax/json calls.
>>
>> So given this my thinking was I should wrapper the solr servlet and  
>> do a local proxy type interface to ensure security. Is there any  
>> easier way to do this, or an example of a good way to do this? Or  
>> does the solr servlet support a "interceptor" type pattern where I  
>> can have it call a piece of code before I execute the call (this  
>> application is old and not using std j2ee security so I dont think  
>> I can use that.)
>>
>>
>> Another option is to do solrj on the server, and not do the client  
>> side calls, in this case I think I could lock down the solr servlet  
>> interface to only allow local calls.
>>
>> thanks
>> Joel
>>
>

Re: deployment questions

[Joel Nylund <jn...@yahoo.com>]

Anyone?

I have done more reading and testing and it seems like I want to:

Use SolrJ and embed solr in my webapp, but I want to disable the http  
access to solr, meaning force all calls through my solrj interface I  
am building (no admin access etc).

Is there a simple way to do this?

Am I better off running solr as a server on its own and using network  
security?

thanks
Joel

On Nov 9, 2009, at 5:04 PM, Joel Nylund wrote:

> Hi,
>
> I have a java app that is deployed in jboss/tomcat container. I  
> would like to add my solr index to it. I have read about this and it  
> seems fairly straight forward, but im curious the best way to secure  
> it.
>
> I require my users to login to my app to use it, so I want the  
> search functions to behave the same way. Ideally I would like to do  
> the solr queries from the client using ajax/json calls.
>
> So given this my thinking was I should wrapper the solr servlet and  
> do a local proxy type interface to ensure security. Is there any  
> easier way to do this, or an example of a good way to do this? Or  
> does the solr servlet support a "interceptor" type pattern where I  
> can have it call a piece of code before I execute the call (this  
> application is old and not using std j2ee security so I dont think I  
> can use that.)
>
>
> Another option is to do solrj on the server, and not do the client  
> side calls, in this case I think I could lock down the solr servlet  
> interface to only allow local calls.
>
> thanks
> Joel
>