You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@solr.apache.org by Paul Ryder <pa...@greenwaymediatech.com> on 2023/02/16 12:05:35 UTC
Solr Admin Panel Security
Hi All
Is there any way to make access to the Solr admin screen read only?
We have a bunch of users who'd like to monitor errors and do the occasional ad-hoc query but I'm worried that they could drop cores or cause other mayhem
I know we can implement the Solr security but that would mean all apps would need to be updated to use a user/pw (which they don't currently)
I'm looking for something which protects the admin panel only...
Any ideas?
Thanks, Paul
Re: Solr Admin Panel Security
Posted by Jan Høydahl <ja...@cominvent.com>.
No, solr security is (unfortunately) open-by-default. So if you only want to require auth for the collection API, then your security.json would have blockUnknown=false, and only tie the users to an "admin" role, which you then link to the well-defined permission "collection-admin-edit". If you have just this one permission, then all other requests will "fall through" and end up un-protected. But once you attempt a collection edit operation you'll need a user and pass.
Jan
> 16. feb. 2023 kl. 14:48 skrev Paul Ryder <pa...@greenwaymediatech.com>:
>
> Hi,
>
> Wouldn’t that require all applications to access Solr with a user/pw?
>
> ta! Paul
>
> Get Outlook for iOS<https://aka.ms/o0ukef>
> ________________________________
> From: Eric Pugh <ep...@opensourceconnections.com>
> Sent: Thursday, February 16, 2023 12:43:11 PM
> To: users@solr.apache.org <us...@solr.apache.org>
> Subject: Re: Solr Admin Panel Security
>
> Humm.. Have you tried a combination of blockUnknown=false, but also setting up user/pw for the write side? Also, one thing I’ve done is to set up a Basic Auth account, and provide the username/passwrod in the Realm message ;-)
>
> https://github.com/querqy/chorus/blob/main/solr/security.json#L23 <https://github.com/querqy/chorus/blob/main/solr/security.json#L23> shows an example, obviously you wouldn’t want to communicate the Admin permissions!
>
>
>> On Feb 16, 2023, at 7:05 AM, Paul Ryder <pa...@greenwaymediatech.com> wrote:
>>
>> Hi All
>>
>> Is there any way to make access to the Solr admin screen read only?
>>
>> We have a bunch of users who'd like to monitor errors and do the occasional ad-hoc query but I'm worried that they could drop cores or cause other mayhem
>>
>> I know we can implement the Solr security but that would mean all apps would need to be updated to use a user/pw (which they don't currently)
>>
>> I'm looking for something which protects the admin panel only...
>>
>> Any ideas?
>>
>> Thanks, Paul
>
> _______________________
> Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 | http://www.opensourceconnections.com <http://www.opensourceconnections.com/> | My Free/Busy <http://tinyurl.com/eric-cal>
> Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw>
> This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.
>
Re: Solr Admin Panel Security
Posted by Paul Ryder <pa...@greenwaymediatech.com>.
Hi,
Wouldn’t that require all applications to access Solr with a user/pw?
ta! Paul
Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: Eric Pugh <ep...@opensourceconnections.com>
Sent: Thursday, February 16, 2023 12:43:11 PM
To: users@solr.apache.org <us...@solr.apache.org>
Subject: Re: Solr Admin Panel Security
Humm.. Have you tried a combination of blockUnknown=false, but also setting up user/pw for the write side? Also, one thing I’ve done is to set up a Basic Auth account, and provide the username/passwrod in the Realm message ;-)
https://github.com/querqy/chorus/blob/main/solr/security.json#L23 <https://github.com/querqy/chorus/blob/main/solr/security.json#L23> shows an example, obviously you wouldn’t want to communicate the Admin permissions!
> On Feb 16, 2023, at 7:05 AM, Paul Ryder <pa...@greenwaymediatech.com> wrote:
>
> Hi All
>
> Is there any way to make access to the Solr admin screen read only?
>
> We have a bunch of users who'd like to monitor errors and do the occasional ad-hoc query but I'm worried that they could drop cores or cause other mayhem
>
> I know we can implement the Solr security but that would mean all apps would need to be updated to use a user/pw (which they don't currently)
>
> I'm looking for something which protects the admin panel only...
>
> Any ideas?
>
> Thanks, Paul
_______________________
Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 | http://www.opensourceconnections.com <http://www.opensourceconnections.com/> | My Free/Busy <http://tinyurl.com/eric-cal>
Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw>
This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.
Re: Solr Admin Panel Security
Posted by Eric Pugh <ep...@opensourceconnections.com>.
Humm.. Have you tried a combination of blockUnknown=false, but also setting up user/pw for the write side? Also, one thing I’ve done is to set up a Basic Auth account, and provide the username/passwrod in the Realm message ;-)
https://github.com/querqy/chorus/blob/main/solr/security.json#L23 <https://github.com/querqy/chorus/blob/main/solr/security.json#L23> shows an example, obviously you wouldn’t want to communicate the Admin permissions!
> On Feb 16, 2023, at 7:05 AM, Paul Ryder <pa...@greenwaymediatech.com> wrote:
>
> Hi All
>
> Is there any way to make access to the Solr admin screen read only?
>
> We have a bunch of users who'd like to monitor errors and do the occasional ad-hoc query but I'm worried that they could drop cores or cause other mayhem
>
> I know we can implement the Solr security but that would mean all apps would need to be updated to use a user/pw (which they don't currently)
>
> I'm looking for something which protects the admin panel only...
>
> Any ideas?
>
> Thanks, Paul
_______________________
Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 | http://www.opensourceconnections.com <http://www.opensourceconnections.com/> | My Free/Busy <http://tinyurl.com/eric-cal>
Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw>
This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.