Apache Solr does not have any security feature by its own, either at the document level or the communication level.
The simplest solution is the use of a firewall but this is not possible if you are using Solr as a Tomcat application. In this case you could want to require authentication only when accessing the entire Solr application or only some part of it, such as admin or update.
Let's see how to implement a basic authentication mechanism. We have to modify only two files: conf/tomcat-users.xml, inside the main folder of your Tomcat server, and WEB-INF/web.xml in your solr war file.
In tomcat-users.xml add:
<role rolename="yourRole"/>
<user username="yourUser" password="yourPassword" roles="yourRole"/>
In web.xml you have to specify the security restriction for your application:
<security-constraint>
<web-resource-collection>
<web-resource-name>
Solr authenticated application
</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>yourRole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Basic Authentication</realm-name>
</login-config>
<security-role>
<description>My role</description>
<role-name>yourRole</role-name>
</security-role>
In this example we protect the entire Solr application, but you can change the url-pattern node to protect only a part of Solr.
You could need to modify your client or your crawler to send the authentication header.
For example if you use PHP you have to send authentication parameters:
file_get_contents('http://yourUser:yourPassword@www.yourdomain.com:8080/solr/select/?q='.$query);
Comments (4)
Hi,
I am using solrj and I am have followed the process described above. My code snippet are as below
HttpClient client = new HttpClient();
client.getState().setCredentials(
new AuthScope("localhost", 8080, AuthScope.ANY_SCHEME),
new UsernamePasswordCredentials("admin", "admin")
);
_server =new CommonsHttpSolrServer("http://localhost:8080/solr",client);
I am getting below error
org.apache.solr.client.solrj.SolrServerException: org.apache.commons.httpclient.ProtocolException: Unbuffered entity enclosing request can not be repeated.
at org.apache.solr.client.solrj.impl.CommonsHttpSolrServer.request(CommonsHttpSolrServer.java:470)
at org.apache.solr.client.solrj.impl.CommonsHttpSolrServer.request(CommonsHttpSolrServer.java:242)
at org.apache.solr.client.solrj.request.UpdateRequest.process(UpdateRequest.java:259)
at org.apache.solr.client.solrj.SolrServer.add(SolrServer.java:48)
at com.infy.icode.SolrAuthenticationTest.index(SolrAuthenticationTest.java:84)
at com.
Can you let me know what exactly I am doing wrong.
Regards,
Allahbaksh
Posted by Allahbaksh Asadullah | May 5, 2009 10:50 AM
Posted on May 5, 2009 10:50
I never used Solrj, try using AuthScope.ANY_REALM instead of AuthScope.ANY_SCHEME.
You can try too:
_server =new CommonsHttpSolrServer("http://localhost:8080/solr");
_server.getState().setCredentials(.....);
Posted by Francesco Rapanà | May 5, 2009 2:34 PM
Posted on May 5, 2009 14:34
I am following your example verbatim in Tomcat 6 on a Windows XP machine but for some reason I can still access solr without any kind of user name or password. I am also using SSL but I cannot imagine that is the problem... any thoughts?
I found this example when I first started with the problem and then the Developer's community for Solr redirected me here as well so apparently others can get it to work.
Posted by Matt | May 10, 2010 11:21 PM
Posted on May 10, 2010 23:21
Try to disable SSL or to test it in a fresh Tomcat installation.
I wrote this post using Tomcat 5.5 and Solr 1.3.0 so I don't know if it works in 1.4.0 too (but I don't know why it shouldn't). I tested it in Tomcat 6.0.18 and it works aswell.
Posted by Francesco Rapanà | May 11, 2010 11:18 AM
Posted on May 11, 2010 11:18