You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Ishan Chattopadhyaya <ic...@gmail.com> on 2015/12/06 01:21:43 UTC
Re: How to config security.json?
FYI,
http://lucidworks.com/blog/2015/08/17/securing-solr-basic-auth-permission-rules/
On Thu, Nov 19, 2015 at 4:21 PM, Byzen Ma <ma...@126.com> wrote:
> Hi, I'm not quite familar with security.json. I want to achieve these
> implementations. (1)Anyone who wants to do read/select/query action should
> be required passwd and username, namely authentication, no matter from
> Admin
> UI and solrj, especially from Admin UI! For I need to restrict strangers to
> reach my solr. (2)Anyone who wants to update, includes delete, create and
> so
> on, also needs passwd and username same as (1). I config the security.json
> as follows:
>
>
>
> {
>
> "authentication":{
>
> "class":"solr.BasicAuthPlugin",
>
> "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}},
>
> "authorization":{
>
> "class":"solr.RuleBasedAuthorizationPlugin",
>
> "user-role":{"solr":"admin"},
>
> "permissions":[
>
> {
>
> "name":"security-edit",
>
> "role":"admin"},
>
> {
>
> "name":"read",
>
> "role":"admin"},
>
> {
>
> "name":"update",
>
> "role":"admin"}],
>
> "":{"v":3}}}
>
>
>
> However, it does't work! More than that, an error happened again and again
> when node2 recover from node1. I start my solrcloud by commandLine with
> "solr start -e cloud" and set all the configs as default. How can I set the
> security.json to achieve my goals? Here are the server logs:
>
>
>
> ERROR (RecoveryThread-gettingstarted_shard2_replica2) [c:gettingstarted
> s:shard2 r:core_node2 x:gettingstarted_shard2_replica2]
> o.a.s.c.RecoveryStrategy Error while trying to
>
> recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException
> : Error from server at
> http://(myhost):7574/solr/gettingstarted_shard2_replica1: Expected mime
> type
> application/octet-stream but got text/html. <html>
>
> <head>
>
> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
>
> <title>Error 401 Unauthorized request, Response code: 401</title>
>
> </head>
>
> <body><h2>HTTP ERROR 401</h2>
>
> <p>Problem accessing /solr/gettingstarted_shard2_replica1/update. Reason:
>
> <pre> Unauthorized request, Response code:
> 401</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
>
>
>
> </body>
>
> </html>
>
>
>
> at
>
> org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClien
> t.java:528)
>
> at
>
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java
> :234)
>
> at
>
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java
> :226)
>
> at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:135)
>
> at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:152)
>
> at
>
> org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java:
> 207)
>
> at
> org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:147)
>
> at
>
> org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:437)
>
> at
> org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:227)
>
> Error while trying to
>
> recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException
> : Error from server at
> http://(myhost):7574/solr/gettingstarted_shard2_replica1: Expected mime
> type
> application/octet-stream but got text/html. <html>
>
> <head>
>
> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
>
> <title>Error 401 Unauthorized request, Response code: 401</title>
>
> </head>
>
> <body><h2>HTTP ERROR 401</h2>
>
> <p>Problem accessing /solr/gettingstarted_shard2_replica1/update. Reason:
>
> <pre> Unauthorized request, Response code:
> 401</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
>
>
>
> </body>
>
> </html>
>
>
>
> at
>
> org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClien
> t.java:528)
>
> at
>
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java
> :234)
>
> at
>
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java
> :226)
>
> at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:135)
>
> at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:152)
>
> at
>
> org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java:
> 207)
>
> at
> org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:147)
>
> at
>
> org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:437)
>
> at
> org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:227)
>
> 1531614 ERROR (qtp5264648-21) [c:gettingstarted s:shard1 r:core_node1
> x:gettingstarted_shard1_replica2] o.a.s.h.a.ShowFileRequestHandler Can not
> find: /configs/gettingstarted/admin-extra.menu-top.html
>
> 1531614 ERROR (qtp5264648-16) [c:gettingstarted s:shard1 r:core_node1
> x:gettingstarted_shard1_replica2] o.a.s.h.a.ShowFileRequestHandler Can not
> find: /configs/gettingstarted/admin-extra.menu-bottom.html
>
> 1531661 ERROR (qtp5264648-14) [c:gettingstarted s:shard1 r:core_node1
> x:gettingstarted_shard1_replica2] o.a.s.h.a.ShowFileRequestHandler Can not
> find: /configs/gettingstarted/admin-extra.html
>
> ......
>
>
>
> Kind regards,
>
> Byzen Ma
>
>