lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joel Nylund <>
Subject Re: deployment questions
Date Wed, 11 Nov 2009 15:26:17 GMT

I have done more reading and testing and it seems like I want to:

Use SolrJ and embed solr in my webapp, but I want to disable the http  
access to solr, meaning force all calls through my solrj interface I  
am building (no admin access etc).

Is there a simple way to do this?

Am I better off running solr as a server on its own and using network  


On Nov 9, 2009, at 5:04 PM, Joel Nylund wrote:

> Hi,
> I have a java app that is deployed in jboss/tomcat container. I  
> would like to add my solr index to it. I have read about this and it  
> seems fairly straight forward, but im curious the best way to secure  
> it.
> I require my users to login to my app to use it, so I want the  
> search functions to behave the same way. Ideally I would like to do  
> the solr queries from the client using ajax/json calls.
> So given this my thinking was I should wrapper the solr servlet and  
> do a local proxy type interface to ensure security. Is there any  
> easier way to do this, or an example of a good way to do this? Or  
> does the solr servlet support a "interceptor" type pattern where I  
> can have it call a piece of code before I execute the call (this  
> application is old and not using std j2ee security so I dont think I  
> can use that.)
> Another option is to do solrj on the server, and not do the client  
> side calls, in this case I think I could lock down the solr servlet  
> interface to only allow local calls.
> thanks
> Joel

View raw message