lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sharp, Jonathan" <JSh...@coh.org>
Subject RE: Securing Solr 1.4 in a glassfish container AS NEW THREAD
Date Fri, 16 Jul 2010 15:59:14 GMT
Hi Bilgin,

Thanks for the snippet -- that helps a lot.

-Jon

-----Original Message-----
From: Bilgin Ibryam [mailto:bibryam@gmail.com] 
Sent: Friday, July 16, 2010 1:31 AM
To: solr-user@lucene.apache.org
Subject: Re: Securing Solr 1.4 in a glassfish container AS NEW THREAD

Hi Jon,

SolrJ (CommonsHttpSolrServer) internally uses apache http client to
connect
to solr. You can check there for some documentation.
I secured solr also with BASIC auth-method and use the following snippet
to
access it from solrJ:

      //set username and password
      ((CommonsHttpSolrServer)
server).getHttpClient().getParams().setAuthenticationPreemptive(true);
      Credentials defaultcreds = new
UsernamePasswordCredentials("username",
"secret");
      ((CommonsHttpSolrServer)
server).getHttpClient().getState().setCredentials(new
AuthScope("localhost",
80, AuthScope.ANY_REALM), defaultcreds);

HTH
Bilgin Ibryam



On Fri, Jul 16, 2010 at 2:35 AM, Sharp, Jonathan <JSharp@coh.org> wrote:

> Hi All,
>
> I am considering securing Solr with basic auth in glassfish using the
> container, by adding to web.xml and adding sun-web.xml file to the
> distributed WAR as below.
>
> If using SolrJ to index files, how can I provide the credentials for
> authentication to the http-client (or can someone point me in the
direction
> of the right documentation to do that or that will help me make the
> appropriate modifications) ?
>
> Also any comment on the below is appreciated.
>
> Add this to web.xml
> -----------------------------------------------
>   <login-config>
>       <auth-method>BASIC</auth-method>
>       <realm-name>SomeRealm</realm-name>
>   </login-config>
>   <security-constraint>
>       <web-resource-collection>
>           <web-resource-name>Admin Pages</web-resource-name>
>           <url-pattern>/admin</url-pattern>
>           <url-pattern>/admin/*</url-pattern>
>
>
<http-method>GET</http-method><http-method>POST</http-method><http-metho
d>PUT</http-method><http-method>TRACE</http-method<http-method>HEAD</htt
p-method><http-method>OPTIONS</http-method><http-method>DELETE</http-met
hod>
>       </web-resource-collection>
>       <auth-constraint>
>           <role-name>SomeAdminRole</role-name>
>       </auth-constraint>
>   </security-constraint>
>   <security-constraint>
>       <web-resource-collection>
>           <web-resource-name>Update Servlet</web-resource-name>
>           <url-pattern>/update/*</url-pattern>
>
>
<http-method>GET</http-method><http-method>POST</http-method><http-metho
d>PUT</http-method><http-method>TRACE</http-method<http-method>HEAD</htt
p-method><http-method>OPTIONS</http-method><http-method>DELETE</http-met
hod>
>       </web-resource-collection>
>       <auth-constraint>
>           <role-name>SomeUpdateRole</role-name>
>       </auth-constraint>
>   </security-constraint>
>   <security-constraint>
>       <web-resource-collection>
>           <web-resource-name>Select Servlet</web-resource-name>
>           <url-pattern>/select/*</url-pattern>
>
>
<http-method>GET</http-method><http-method>POST</http-method><http-metho
d>PUT</http-method><http-method>TRACE</http-method<http-method>HEAD</htt
p-method><http-method>OPTIONS</http-method><http-method>DELETE</http-met
hod>
>       </web-resource-collection>
>       <auth-constraint>
>           <role-name>SomeSearchRole</role-name>
>       </auth-constraint>
>   </security-constraint>
> -----------------------------------------------
>
> Also add this as sun-web.xml
>
> ------------------------------------------------
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD
Application
> Server 9.0 Servlet 2.5//EN" "
> http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
> <sun-web-app error-url="">
>  <context-root>/Solr</context-root>
>  <jsp-config>
>   <property name="keepgenerated" value="true">
>     <description>Keep a copy of the generated servlet class' java
> code.</description>
>   </property>
>  </jsp-config>
>  <security-role-mapping>
>     <role-name>SomeAdminRole</role-name>
>     <group-name>SomeAdminGroup</group-name>
>  </security-role-mapping>
>  <security-role-mapping>
>     <role-name>SomeUpdateRole</role-name>
>     <group-name>SomeUpdateGroup</group-name>
>  </security-role-mapping>
>  <security-role-mapping>
>     <role-name>SomeSearchRole</role-name>
>     <group-name>SomeSearchGroup</group-name>
>  </security-role-mapping>
> </sun-web-app>
> --------------------------------------------------
>
> -Jon
>
>
> ---------------------------------------------------------------------
> SECURITY/CONFIDENTIALITY WARNING: This message and any attachments are
> intended solely for the individual or entity to which they are
addressed.
> This communication may contain information that is privileged,
confidential,
> or exempt from disclosure under applicable law (e.g., personal health
> information, research data, financial information). Because this
e-mail has
> been sent without encryption, individuals other than the intended
recipient
> may be able to view the information, forward it to others or tamper
with the
> information without the knowledge or consent of the sender. If you are
not
> the intended recipient, or the employee or person responsible for
delivering
> the message to the intended recipient, any dissemination, distribution
or
> copying of the communication is strictly prohibited. If you received
the
> communication in error, please notify the sender immediately by
replying to
> this message and deleting the message and any accompanying files from
your
> system. If, due to the security risks, you do not wis
> h to
> receive further communications via e-mail, please reply to this
message and
> inform the sender that you do not wish to receive further e-mail from
the
> sender.
> ---------------------------------------------------------------------
>
>

Mime
View raw message