Securing your Solr server on Tomcat (Comtaste Consulting | Enterprise RIA consulting and development)

Securing your Solr server on Tomcat

Apache Solr does not have any security feature by its own, either at the document level or the communication level.
The simplest solution is the use of a firewall but this is not possible if you are using Solr as a Tomcat application. In this case you could want to require authentication only when accessing the entire Solr application or only some part of it, such as admin or update.

Let's see how to implement a basic authentication mechanism. We have to modify only two files: conf/tomcat-users.xml, inside the main folder of your Tomcat server, and WEB-INF/web.xml in your solr war file.

In tomcat-users.xml add:
<role rolename="yourRole"/> <user username="yourUser" password="yourPassword" roles="yourRole"/>

In web.xml you have to specify the security restriction for your application:
<security-constraint> <web-resource-collection> <web-resource-name> Solr authenticated application </web-resource-name>

<url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>yourRole</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Basic Authentication</realm-name> </login-config> <security-role> <description>My role</description> <role-name>yourRole</role-name> </security-role>
In this example we protect the entire Solr application, but you can change the url-pattern node to protect only a part of Solr.

You could need to modify your client or your crawler to send the authentication header.
For example if you use PHP you have to send authentication parameters:
file_get_contents('http://yourUser:yourPassword@www.yourdomain.com:8080/solr/select/?q='.$query);

Tags:

Posted by Francesco Rapanà on February 9, 2009 12:13 PM | Permalink

TrackBack

TrackBack URL for this entry:
http://blog.comtaste.com/mt-tb.cgi/80

Comments (2)

Allahbaksh Asadullah:

Hi,
I am using solrj and I am have followed the process described above. My code snippet are as below

HttpClient client = new HttpClient();
client.getState().setCredentials(

new AuthScope("localhost", 8080, AuthScope.ANY_SCHEME),

new UsernamePasswordCredentials("admin", "admin")

);

_server =new CommonsHttpSolrServer("http://localhost:8080/solr",client);

I am getting below error

org.apache.solr.client.solrj.SolrServerException: org.apache.commons.httpclient.ProtocolException: Unbuffered entity enclosing request can not be repeated.
at org.apache.solr.client.solrj.impl.CommonsHttpSolrServer.request(CommonsHttpSolrServer.java:470)
at org.apache.solr.client.solrj.impl.CommonsHttpSolrServer.request(CommonsHttpSolrServer.java:242)
at org.apache.solr.client.solrj.request.UpdateRequest.process(UpdateRequest.java:259)
at org.apache.solr.client.solrj.SolrServer.add(SolrServer.java:48)
at com.infy.icode.SolrAuthenticationTest.index(SolrAuthenticationTest.java:84)
at com.

Can you let me know what exactly I am doing wrong.
Regards,
Allahbaksh

Posted by Allahbaksh Asadullah | May 5, 2009 10:50 AM

Posted on May 5, 2009 10:50

Francesco Rapanà:

I never used Solrj, try using AuthScope.ANY_REALM instead of AuthScope.ANY_SCHEME.

You can try too:

_server =new CommonsHttpSolrServer("http://localhost:8080/solr");
_server.getState().setCredentials(.....);

Posted by Francesco Rapanà | May 5, 2009 2:34 PM

Posted on May 5, 2009 14:34

Enterprise RIA development and consulting with Adobe Flex 3, LiveCycle Data Services, Flex Data Services, Actionscript 3, Java and J2EE

Need Consulting? Need Training?