lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sharp, Jonathan" <JSh...@coh.org>
Subject Securing Solr 1.4 in a glassfish container
Date Fri, 16 Jul 2010 01:03:16 GMT
Hi All,

I am considering securing Solr with basic auth in glassfish using the container, by adding
to web.xml and adding sun-web.xml file to the distributed WAR as below.

If using SolrJ to index files, how can I provide the credentials for authentication to the
http-client (or can someone point me in the direction of the right documentation to do that
or that will help me make the appropriate modifications) ?

Also any comment on the below is appreciated.

Add this to web.xml
-----------------------------------------------
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>SomeRealm</realm-name>
    </login-config>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Admin Pages</web-resource-name>
            <url-pattern>/admin</url-pattern>
            <url-pattern>/admin/*</url-pattern>
            <http-method>GET</http-method><http-method>POST</http-method><http-method>PUT</http-method><http-method>TRACE</http-method<http-method>HEAD</http-method><http-method>OPTIONS</http-method><http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>SomeAdminRole</role-name>
        </auth-constraint>
    </security-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Update Servlet</web-resource-name>
            <url-pattern>/update/*</url-pattern>
            <http-method>GET</http-method><http-method>POST</http-method><http-method>PUT</http-method><http-method>TRACE</http-method<http-method>HEAD</http-method><http-method>OPTIONS</http-method><http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>SomeUpdateRole</role-name>
        </auth-constraint>
    </security-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Select Servlet</web-resource-name>
            <url-pattern>/select/*</url-pattern>
            <http-method>GET</http-method><http-method>POST</http-method><http-method>PUT</http-method><http-method>TRACE</http-method<http-method>HEAD</http-method><http-method>OPTIONS</http-method><http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>SomeSearchRole</role-name>
        </auth-constraint>
    </security-constraint>
-----------------------------------------------

Also add this as sun-web.xml

------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet
2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
  <context-root>/Solr</context-root>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
  <security-role-mapping>
      <role-name>SomeAdminRole</role-name>
      <group-name>SomeAdminGroup</group-name>
  </security-role-mapping>
  <security-role-mapping>
      <role-name>SomeUpdateRole</role-name>
      <group-name>SomeUpdateGroup</group-name>
  </security-role-mapping>
  <security-role-mapping>
      <role-name>SomeSearchRole</role-name>
      <group-name>SomeSearchGroup</group-name>
  </security-role-mapping>
</sun-web-app>
--------------------------------------------------

-Jon


---------------------------------------------------------------------
SECURITY/CONFIDENTIALITY WARNING:  
This message and any attachments are intended solely for the individual or entity to which
they are addressed. This communication may contain information that is privileged, confidential,
or exempt from disclosure under applicable law (e.g., personal health information, research
data, financial information). Because this e-mail has been sent without encryption, individuals
other than the intended recipient may be able to view the information, forward it to others
or tamper with the information without the knowledge or consent of the sender. If you are
not the intended recipient, or the employee or person responsible for delivering the message
to the intended recipient, any dissemination, distribution or copying of the communication
is strictly prohibited. If you received the communication in error, please notify the sender
immediately by replying to this message and deleting the message and any accompanying files
from your system. If, due to the security risks, you do not wish to receive further communications
via e-mail, please reply to this message and inform the sender that you do not wish to receive
further e-mail from the sender. 

---------------------------------------------------------------------


Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message