You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-user@lucene.apache.org by geeky2 <ge...@hotmail.com> on 2012/03/28 21:10:38 UTC

authentication for solr admin page?

hello,

environment:

running solr 3.5 under jboss 5.1

i have been searching the user list along with the locations below - to find
out how you require a user to authenticate in to the solr /admin page.  i
thought this would be a common issue - but maybe not ;)

any help would be apprecaited

thank you,
mark



http://drupal.org/node/658466

http://wiki.apache.org/solr/SolrSecurity#Write_Your_Own_RequestHandler_or_SearchComponent





--
View this message in context: http://lucene.472066.n3.nabble.com/authentication-for-solr-admin-page-tp3865665p3865665.html
Sent from the Solr - User mailing list archive at Nabble.com.

Re: authentication for solr admin page?

Posted by findbestopensource <fi...@gmail.com>.

I have written an article on this. The various steps to restrict /
authenticate Solr admin interface.

http://www.findbestopensource.com/article-detail/restrict-solr-admin-access

Regards
Aditya
www.findbestopensource.com


On Thu, Mar 29, 2012 at 1:06 AM, geeky2 <ge...@hotmail.com> wrote:

> update -
>
> ok - i was reading about replication here:
>
> http://wiki.apache.org/solr/SolrReplication
>
> and noticed comments in the solrconfig.xml file related to HTTP Basic
> Authentication and the usage of the following tags:
>
> <str name="httpBasicAuthUser">username</str>
>        <str name="httpBasicAuthPassword">password</str>
>
> *Can i place these tags in the request handler to achieve an authentication
> scheme for the /admin page?*
>
> // snipped from the solrconfig.xml file
>
>  <requestHandler name="/admin/"
> class="org.apache.solr.handler.admin.AdminHandlers"/>
>
> thanks for any help
> mark
>
> --
> View this message in context:
> http://lucene.472066.n3.nabble.com/authentication-for-solr-admin-page-tp3865665p3865747.html
> Sent from the Solr - User mailing list archive at Nabble.com.
>

RE: authentication for solr admin page?

Posted by ZHANG Liang F <Li...@alcatel-sbell.com.cn>.

 Hi Mark, 
As I know you can either limit server access by only allowing certain IPs which is a crude, or as you said using the servlet BASIC authentication. 
Solr is just a WAR file deployed in a Servlet container, so you can use all of the capabilities of Servlet containers to control access. In order to limit access to /solr/update* and /solr/ admin/* in Jetty by requiring BASIC authentication from your users, you merely edit the web.xml in your Solr WAR adding the following stanza at the bottom:
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr Admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr Update</web-resource-name>
<url-pattern>/update*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>content_updater</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>

This specifies that access to the /update* URLs is limited to anyone in the roles of admin or content_updater, although only admin users can access the /admin/* URLs. The realm-name is what ties the security constraints to the users configured in Jetty.

You may need to refer to Jetty side to see how to configure user realm.

Best Regards,
Liang

-----Original Message-----
From: geeky2 [mailto:geeky2@hotmail.com] 
Sent: 2012年3月29日 3:36
To: solr-user@lucene.apache.org
Subject: Re: authentication for solr admin page?

update -

ok - i was reading about replication here:

http://wiki.apache.org/solr/SolrReplication

and noticed comments in the solrconfig.xml file related to HTTP Basic Authentication and the usage of the following tags:

<str name="httpBasicAuthUser">username</str>
        <str name="httpBasicAuthPassword">password</str>

*Can i place these tags in the request handler to achieve an authentication scheme for the /admin page?*

// snipped from the solrconfig.xml file

  <requestHandler name="/admin/"
class="org.apache.solr.handler.admin.AdminHandlers"/>

thanks for any help
mark

--
View this message in context: http://lucene.472066.n3.nabble.com/authentication-for-solr-admin-page-tp3865665p3865747.html
Sent from the Solr - User mailing list archive at Nabble.com.

Re: authentication for solr admin page?

Posted by geeky2 <ge...@hotmail.com>.

update -

ok - i was reading about replication here:

http://wiki.apache.org/solr/SolrReplication

and noticed comments in the solrconfig.xml file related to HTTP Basic
Authentication and the usage of the following tags:

<str name="httpBasicAuthUser">username</str>
        <str name="httpBasicAuthPassword">password</str>

*Can i place these tags in the request handler to achieve an authentication
scheme for the /admin page?*

// snipped from the solrconfig.xml file

  <requestHandler name="/admin/"
class="org.apache.solr.handler.admin.AdminHandlers"/>

thanks for any help
mark

--
View this message in context: http://lucene.472066.n3.nabble.com/authentication-for-solr-admin-page-tp3865665p3865747.html
Sent from the Solr - User mailing list archive at Nabble.com.