lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Jelsma <markus.jel...@openindex.io>
Subject RE: Forwarding authentication credentials in internal node-to-node requests
Date Fri, 11 Jan 2013 13:11:11 GMT
Hi,

If your credentials are fixed i would configure username:password in your request handler's
shardHandlerFactory configuration section and then modify HttpShardHandlerFactory.init() to
create a HttpClient with an AuthScope configured with those settings.

I don't think you can obtain the original credentials very easy when inside HttpShardHandlerFactory.

Cheers 
 
-----Original message-----
> From:Per Steffensen <steff@designware.dk>
> Sent: Fri 11-Jan-2013 13:07
> To: solr-user@lucene.apache.org
> Subject: Forwarding authentication credentials in internal node-to-node requests
> 
> Hi
> 
> I read http://wiki.apache.org/solr/SolrSecurity and know a lot about 
> webcontainer authentication and authorization. Im sure I will be able to 
> set it up so that each solr-node is will require HTTP authentication for 
> (selected) incoming requests.
> 
> But solr-nodes also make requests among each other and Im in doubt if 
> credentials are forwarded from the "original request" to the internal 
> sub-requests?
> E.g. lets say that each solr-node is set up to require authentication 
> for search request. An "outside" user makes a distributed request 
> including correct username/password. Since it is a distributed search, 
> the node which handles the original request from the user will have to 
> make sub-requests to other solr-nodes but they also require correct 
> credentials in order to accept this sub-request. Are the credentials 
> from the original request duplicated to the sub-requests or what options 
> do I have?
> Same thing goes for e.g. update requests if they are sent to a node 
> which does not run (all) the replica of the shard in which the documents 
> to be added/updated/deleted belong. The node needs to make sub-request 
> to other nodes, and it will require forwarding the credentials.
> 
> Does this just work out of the box, or ... ?
> 
> Regards, Per Steffensen
> 

Mime
View raw message