You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Joel Nylund <jn...@yahoo.com> on 2009/11/09 23:04:23 UTC
deployment questions
Hi,
I have a java app that is deployed in jboss/tomcat container. I would
like to add my solr index to it. I have read about this and it seems
fairly straight forward, but im curious the best way to secure it.
I require my users to login to my app to use it, so I want the search
functions to behave the same way. Ideally I would like to do the solr
queries from the client using ajax/json calls.
So given this my thinking was I should wrapper the solr servlet and do
a local proxy type interface to ensure security. Is there any easier
way to do this, or an example of a good way to do this? Or does the
solr servlet support a "interceptor" type pattern where I can have it
call a piece of code before I execute the call (this application is
old and not using std j2ee security so I dont think I can use that.)
Another option is to do solrj on the server, and not do the client
side calls, in this case I think I could lock down the solr servlet
interface to only allow local calls.
thanks
Joel
Re: deployment questions
Posted by Chris Hostetter <ho...@fucit.org>.
: Use SolrJ and embed solr in my webapp, but I want to disable the http access
: to solr, meaning force all calls through my solrj interface I am building (no
: admin access etc).
if you're app is running in a servlet container anyway, you might find it
just as easy to install solr into the same servlet container (seperate
webapp) but use ACL features of the container (or some other external
firewall) to prevent access to Solr from your end users - so only your app
and "you" (ie: localhost, localnet, etc...) can directly access solr.
alternately: you can put servlit filter / firewall between your users and
solr, so that they communicate with solr through a proxy that validates
their credentials, and blocks them from accessing things you don't wnat
them to access (ie: doing updates, accessing the admin pages, etc...)
-Hoss
Re: deployment questions
Posted by Walter Underwood <wu...@wunderwood.org>.
Either way works, but running Solr as a server means that you have an
admin interface. That can be very useful. You will want it as soon as
someone asks why some document is not the first hit for their favorite
query.
wunder
On Nov 11, 2009, at 7:26 AM, Joel Nylund wrote:
> Anyone?
>
> I have done more reading and testing and it seems like I want to:
>
> Use SolrJ and embed solr in my webapp, but I want to disable the
> http access to solr, meaning force all calls through my solrj
> interface I am building (no admin access etc).
>
> Is there a simple way to do this?
>
> Am I better off running solr as a server on its own and using
> network security?
>
> thanks
> Joel
>
> On Nov 9, 2009, at 5:04 PM, Joel Nylund wrote:
>
>> Hi,
>>
>> I have a java app that is deployed in jboss/tomcat container. I
>> would like to add my solr index to it. I have read about this and
>> it seems fairly straight forward, but im curious the best way to
>> secure it.
>>
>> I require my users to login to my app to use it, so I want the
>> search functions to behave the same way. Ideally I would like to do
>> the solr queries from the client using ajax/json calls.
>>
>> So given this my thinking was I should wrapper the solr servlet and
>> do a local proxy type interface to ensure security. Is there any
>> easier way to do this, or an example of a good way to do this? Or
>> does the solr servlet support a "interceptor" type pattern where I
>> can have it call a piece of code before I execute the call (this
>> application is old and not using std j2ee security so I dont think
>> I can use that.)
>>
>>
>> Another option is to do solrj on the server, and not do the client
>> side calls, in this case I think I could lock down the solr servlet
>> interface to only allow local calls.
>>
>> thanks
>> Joel
>>
>
Re: deployment questions
Posted by Joel Nylund <jn...@yahoo.com>.
Anyone?
I have done more reading and testing and it seems like I want to:
Use SolrJ and embed solr in my webapp, but I want to disable the http
access to solr, meaning force all calls through my solrj interface I
am building (no admin access etc).
Is there a simple way to do this?
Am I better off running solr as a server on its own and using network
security?
thanks
Joel
On Nov 9, 2009, at 5:04 PM, Joel Nylund wrote:
> Hi,
>
> I have a java app that is deployed in jboss/tomcat container. I
> would like to add my solr index to it. I have read about this and it
> seems fairly straight forward, but im curious the best way to secure
> it.
>
> I require my users to login to my app to use it, so I want the
> search functions to behave the same way. Ideally I would like to do
> the solr queries from the client using ajax/json calls.
>
> So given this my thinking was I should wrapper the solr servlet and
> do a local proxy type interface to ensure security. Is there any
> easier way to do this, or an example of a good way to do this? Or
> does the solr servlet support a "interceptor" type pattern where I
> can have it call a piece of code before I execute the call (this
> application is old and not using std j2ee security so I dont think I
> can use that.)
>
>
> Another option is to do solrj on the server, and not do the client
> side calls, in this case I think I could lock down the solr servlet
> interface to only allow local calls.
>
> thanks
> Joel
>