Which Solr releases contain SOLR-4470 (Security for inter-solr-node requests)

2014-11-03 Thread Yuan Jerry 
I am currently working on SolrCloud and its related security configurations for 
securing Solr web applications using HTTP Basic Authentication mechanism. Among 
the Solr nodes inside the SolrCloud clustered env, there seem to be existing 
some inter-solr-node communication issues due to the security configurations, 
which are the HTTP Authentication errors. Based on my research, the patch 
SOLR-4470 (Security for inter-solr-node requests) would be ideal for resolving 
these issues (please refer to the address: 
https://wiki.apache.org/solr/SolrSecurity#Security_for_inter-solr-node_requests).
 However, it seems to me that these security patches are out-of-box additions 
to the current Solr source codebase, which don't seem to be available in the 
recent Solr releases.

If someone could point out which Solr releases or the jars from some online 
repositories that contain this patch, it would be appreciated very much.

Jerry


This e-mail is confidential.  If you are not the intended recipient, you must 
not disclose or use the information contained in it. If you have received this 
e-mail in error, please tell us immediately by return e-mail and delete the 
document. No recipient may use the information in this e-mail in violation of 
any civil or criminal statute. Sentry disclaims all liability for any 
unauthorized uses of this e-mail or its contents. Sentry accepts no liability 
or responsibility for any damage caused by any virus transmitted with this 
e-mail.

Questions about Solrj indexing/updateRequest API with regard to enabling HTTP Basic Auth inside Tomcat (HTTP POST method)

2014-10-29 Thread Yuan Jerry 
Hi Solr User List,

I have started using Solrj (Solr and Solrj 4.1.0, and also 4.10.1) for sending 
indexing/update requests to Solr server that is being hosted inside Tomcat, and 
the security authentication HTTP BASIC auth is enabled in this Solr server 
web.xml.

(1) The client code looks like below:

String solrServerUrl = http://localhost:8983/solr/core;;
String userName = solr_admin;
String password = solr_pwd;

DefaultHttpClient client = new DefaultHttpClient();
HttpClientUtil.setBasicAuth(client, userName, password);

HttpSolrServer solrServer = new HttpSolrServer(solrServerUrl, client);

SolrInputDocument doc = new SolrInputDocument();
doc.addField(id, id_ + System.currentTimeMillis());
doc.addField(name, Name_ + System.currentTimeMillis());
doc.addField(title, Title_ + System.currentTimeMillis());

try {
   UpdateResponse updateResponse = solrServer.add(doc, 1);
   ..
} catch (Exception ex) {
}

(2) The Solr server web.xml is configured with the following HTTP BASIC Auth 
configurations:

web.xml:

   login-config
  auth-methodBASIC/auth-method
  realm-nameSolr/realm-name
   /login-config

   security-constraint
  web-resource-collection
 web-resource-nameSecured Solr Access/web-resource-name
 url-pattern/*/url-pattern
  /web-resource-collection
  auth-constraint
 role-namesolr_secure/role-name
  /auth-constraint
   /security-constraint

(3) The Tomcat container has the following role defined for being used in the 
above security constraints:

tomcat-users.xml:

   tomcat-users
 role rolename=solr_secure/
 role rolename=manager-gui/
 user username=solr_admin password=solr_pwd 
roles=solr_secure,manager-gui/
   /tomcat-users

When I ran the above client code trying to add a single SolrDocument, and it 
always failed with the following exception:

org.apache.solr.client.solrj.SolrServerException: IOException occured when 
talking to server at: http://localhost:8983/solr/core

Are there any users out there that have used solrj APIs to conduct indexing / 
storing process for solr documents into Solr server that is configured with 
HTTP Basic Auth like above? If so, please let me know if you have encountered 
similar exceptions or there could be some issues with my configurations that 
are shown above. Your information would be highly appreciated in advance.

Jerry Yuan


This e-mail is confidential.  If you are not the intended recipient, you must 
not disclose or use the information contained in it. If you have received this 
e-mail in error, please tell us immediately by return e-mail and delete the 
document. No recipient may use the information in this e-mail in violation of 
any civil or criminal statute. Sentry disclaims all liability for any 
unauthorized uses of this e-mail or its contents. Sentry accepts no liability 
or responsibility for any damage caused by any virus transmitted with this 
e-mail.