Re: Authentication for all but selects

2021-02-07 Thread Robert Douglas 
Thanks Craig!

I got the following to work.

{
  "authentication":{
"blockUnknown":false,
"class":"solr.BasicAuthPlugin",
"credentials":{"solr":"..."}},
  "authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"user-role":{"solr":"admin"},
"permissions":[
  {
"name":"all",
"role":"admin",
"index":1},
  {
"name":"open_select",
"collection":"*",
"path":"/select",
"role":null,
"index":2}],
"":{"v":0}}}

On 2/5/21, 3:35 PM, "Oakley, Craig (NIH/NLM/NCBI) [C]" 
 wrote:

What works for us is having something like this at the bottom of 
security.json:
  {
"name":"open_select",
"path":"/select/*",
"role":null,
"index":9},
  {
"name":"catch-all-nocollection",
"collection":null,
"path":"/*",
"role":"allgen",
"index":10},
  {
"name":"catch-all-collection",
"path":"/*",
"role":"allgen",
"index":11}],
"":{"v":9}}}

The clause with the name open_select specifically allows selects to run 
without any role ("role":null)

The last two clauses say that anything else (with any collection and 
without any collection) requires allgen role: and that is a role that I grant 
to all users generally

Other permissions can go higher up in security.json (disallowing normal 
users from running DELETEREPLICA, and things like that); but these are the 
three clauses which I think should allow select without any login (and without 
any password), while everything else does require a login and password.

-Original Message-
From: Robert Douglas  
Sent: Friday, February 05, 2021 1:19 PM
To: solr-user@lucene.apache.org
Subject: Authentication for all but selects

Hello all,

We are working on some migrations and we want to be incorporating 
authentication more uniformly across all our installations of Solr, but we are 
getting stuck on allowing Select statements through without authentication 
while having authentication on with RBAP for everything else. For some of our 
apps the authentication for Selects isn’t an issue but for others, where we 
can’t really touch the code, it is.

Is there a way of doing this?

Cheers,
R

Robert Douglas
DevOps Engineer
Cornell University Library

RE: Authentication for all but selects

2021-02-05 Thread Oakley, Craig (NIH/NLM/NCBI) [C] 
What works for us is having something like this at the bottom of security.json:
  {
"name":"open_select",
"path":"/select/*",
"role":null,
"index":9},
  {
"name":"catch-all-nocollection",
"collection":null,
"path":"/*",
"role":"allgen",
"index":10},
  {
"name":"catch-all-collection",
"path":"/*",
"role":"allgen",
"index":11}],
"":{"v":9}}}

The clause with the name open_select specifically allows selects to run without 
any role ("role":null)

The last two clauses say that anything else (with any collection and without 
any collection) requires allgen role: and that is a role that I grant to all 
users generally

Other permissions can go higher up in security.json (disallowing normal users 
from running DELETEREPLICA, and things like that); but these are the three 
clauses which I think should allow select without any login (and without any 
password), while everything else does require a login and password.

-Original Message-
From: Robert Douglas  
Sent: Friday, February 05, 2021 1:19 PM
To: solr-user@lucene.apache.org
Subject: Authentication for all but selects

Hello all,

We are working on some migrations and we want to be incorporating 
authentication more uniformly across all our installations of Solr, but we are 
getting stuck on allowing Select statements through without authentication 
while having authentication on with RBAP for everything else. For some of our 
apps the authentication for Selects isn’t an issue but for others, where we 
can’t really touch the code, it is.

Is there a way of doing this?

Cheers,
R

Robert Douglas
DevOps Engineer
Cornell University Library

Re: Authentication for each collection

2020-10-01 Thread Chris Hostetter 


https://lucene.apache.org/solr/guide/8_6/authentication-and-authorization-plugins.html

*Authentication* is global, but *Authorization* can be configured to use 
rules that restrict permissions on a per collection basis...

https://lucene.apache.org/solr/guide/8_6/rule-based-authorization-plugin.html#permissions-2

In concrete terms, the specific example you asked about is supported:

: Example ; user1:password1 for collection A
:  user2:password2 for collection B

what would *NOT* be supported is to have a distinct set of users for each 
collection, such that there could be two different "user1" instances, each 
with it's own password, where each "user1" had access to one collection.



: Date: Thu, 1 Oct 2020 13:45:14 -0700
: From: sambasivarao giddaluri 
: Reply-To: solr-user@lucene.apache.org
: To: solr-user@lucene.apache.org
: Subject: Authentication for each collection
: 
: Hi All,
: We have 2 collections and we are using  basic authentication against solr ,
: configured in security.json . Is it possible to configure in such a way
: that we have different credentials for each collection . Please advise if
: there is any other approach i can look into.
: 
: Example ; user1:password1 for collection A
:  user2:password2 for collection B
: 

-Hoss
http://www.lucidworks.com/

Re: Authentication between solr-exporter and solrcloud

2018-08-15 Thread Dwane Hall 
Hi Sushant,

I had the same issue and unfortunately the exporter does not appear to support 
a secure cluster.  I raised a JIRA feature request so please upvote it as this 
will increase the chances of it being included in a future release.

https://issues.apache.org/jira/browse/SOLR-12584

Thanks

From: Sushant Vengurlekar 
Sent: Wednesday, 15 August 2018 10:39 PM
To: solr-user@lucene.apache.org
Subject: Authentication between solr-exporter and solrcloud

I have followed this guide for monitoring the solrcloud
https://lucene.apache.org/solr/guide/7_3/monitoring-solr-with-prometheus-and-grafana.html

I have basic authentication enabled for the solrcloud. How do I configure
the solr-exporter to authenticate with the set username and password.

Thank you

Re: Authentication for Solr 6.4.2 , when deployed as WAR in tomcat

2018-01-22 Thread Shawn Heisey 
On 1/22/2018 6:27 AM, D Dasaradha Rami Reddy wrote:
> We have solr 6.4.2 currently deployed as war in tomcat. It doesn't have 
> authentication now. I want to setup the authentication for solr. When it 
> deployed as war in tomcat, The process specified in below page is not 
> working, Even after adding security.json in solr home directory, curl request 
> of authentication says it’s not configured.
>
> https://lucene.apache.org/solr/guide/6_6/authentication-and-authorization-plugins.html#AuthenticationandAuthorizationPlugins-EnablePluginswithsecurity.json
>
> Did anyone did this before? If so, please guide me.

This isn't working because a minimum version of 6.5.0 is required to
support security.json in standalone mode.  Prior to that version, it
only worked in SolrCloud mode -- security.json was read from ZooKeeper.

https://issues.apache.org/jira/browse/SOLR-9481

You should also know that by running in Tomcat, you're running an
unsupported configuration.  Solr hasn't shipped with a war file since
version 5.3.0, and the "war" build target didn't exist in 6.4.2, so I'm
curious how you could have a war file at all.

https://wiki.apache.org/solr/WhyNoWar

Thanks,
Shawn

Re: authentication

2017-11-18 Thread Jason Gerlowski 
Hey Arkadi,

Your "nagios" user is under "role_monitoring", which has "config-read"
permissions.  The default config-read gets you access to the Config
API and Request Parameters API, but not the /admin/mbeans API (afaik).

See 
https://lucene.apache.org/solr/guide/6_6/rule-based-authorization-plugin.html#Rule-BasedAuthorizationPlugin-PredefinedPermissions
for a bit more explanation.

I think you'll need to update the configured permissions to allow
access to /admin/mbeans.  (The linked page above is a good reference
for that as well).

Best,

Jason

On Thu, Nov 16, 2017 at 8:06 AM, Arkadi Colson  wrote:
> Hi
>
> I'm having trouble with setting up authentication. My security.json looks
> like this:
>
> {
> "authentication":{
> "class":"solr.BasicAuthPlugin",
> "blockUnknown": false,
> "credentials":{
> "admin":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c=",
> "nagios":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c=",
> "smsc":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
> }
> },
> "authorization":{
> "class":"solr.RuleBasedAuthorizationPlugin",
> "user-role":{
> "admin":"role_admin",
> "nagios":"role_monitoring",
> "smsc":"role_smsc"
> },
> "permissions":[
> {
> "name":"all",
> "role":"role_admin"
> },
> {
> "name":"config-read",
> "role":"role_monitoring"
> },
> {
> "name":"read",
> "role":"role_smsc"
> },
> {
> "name":"update",
> "role":"role_smsc"
> }
> ]
> }
> }
>
> When trying to login with for example check_solr_metrics.pl and the nagios
> user the output is "CRITICAL: 403 Unauthorized request, Response code: 403".
> Solr logging is showing these lines:
>
> DEBUG - 2017-11-16 13:42:51.785; [c:smsc_lvs s:shard2 r:core_node1
> x:smsc_lvs_shard2_replica1] org.apache.solr.servlet.SolrDispatchFilter;
> Request to authenticate: Request(GET
> //solr01:8983/solr/mydoc/admin/mbeans?stats=true=UPDATE=%2Fupdate=off=json=0=3)@2722dc57,
> domain: 10.1.1.42, port: 8983
> DEBUG - 2017-11-16 13:42:51.786; [c:smsc_lvs s:shard2 r:core_node1
> x:smsc_lvs_shard2_replica1] org.apache.solr.servlet.SolrDispatchFilter; User
> principal: [principal: nagios]
> DEBUG - 2017-11-16 13:42:51.786; [c:smsc_mydoc s:shard1 r:core_node2
> x:smsc_mydoc_shard1_replica1] org.apache.solr.servlet.HttpSolrCall;
> PkiAuthenticationPlugin says authorization required : true
> DEBUG - 2017-11-16 13:42:51.786; [c:smsc_mydoc s:shard1 r:core_node2
> x:smsc_mydoc_shard1_replica1] org.apache.solr.servlet.HttpSolrCall;
> AuthorizationContext : userPrincipal: [[principal: nagios]] type: [UNKNOWN],
> collections: [smsc_mydoc, smsc_mydoc,], Path: [/admin/mbeans] path :
> /admin/mbeans params
> :stats=true=off=UPDATE=0=3=json=/update=smsc_mydoc
> INFO  - 2017-11-16 13:42:51.786; [c:smsc_mydoc s:shard1 r:core_node2
> x:smsc_mydoc_shard1_replica1]
> org.apache.solr.security.RuleBasedAuthorizationPlugin; This resource is
> configured to have a permission {
>   "name":"all",
>   "role":"role_admin"}, The principal [principal: nagios] does not have the
> right role
> INFO  - 2017-11-16 13:42:51.787; [c:smsc_mydoc s:shard1 r:core_node2
> x:smsc_mydoc_shard1_replica1] org.apache.solr.servlet.HttpSolrCall;
> USER_REQUIRED auth header Basic bmFnaW9zOlNvbHJSb2Nrcw== context :
> userPrincipal: [[principal: nagios]] type: [UNKNOWN], collections:
> [smsc_mydoc, smsc_mydoc,], Path: [/admin/mbeans] path : /admin/mbeans params
> :stats=true=off=UPDATE=0=3=json=/update=smsc_mydoc
> DEBUG - 2017-11-16 13:42:51.787; [c:smsc_mydoc s:shard1 r:core_node2
> x:smsc_mydoc_shard1_replica1] org.apache.solr.servlet.HttpSolrCall; Closing
> out SolrRequest:
> {stats=true=off=UPDATE=0=3=json=/update=smsc_mydoc}
>
> Anybody an idea what I'm doing wrong here?
>
> Thx!
> Arkadi

Re: authentication for solr admin page?

2012-05-15 Thread findbestopensource 
I have written an article on this. The various steps to restrict /
authenticate Solr admin interface.

http://www.findbestopensource.com/article-detail/restrict-solr-admin-access

Regards
Aditya
www.findbestopensource.com


On Thu, Mar 29, 2012 at 1:06 AM, geeky2 gee...@hotmail.com wrote:

 update -

 ok - i was reading about replication here:

 http://wiki.apache.org/solr/SolrReplication

 and noticed comments in the solrconfig.xml file related to HTTP Basic
 Authentication and the usage of the following tags:

 str name=httpBasicAuthUserusername/str
str name=httpBasicAuthPasswordpassword/str

 *Can i place these tags in the request handler to achieve an authentication
 scheme for the /admin page?*

 // snipped from the solrconfig.xml file

  requestHandler name=/admin/
 class=org.apache.solr.handler.admin.AdminHandlers/

 thanks for any help
 mark

 --
 View this message in context:
 http://lucene.472066.n3.nabble.com/authentication-for-solr-admin-page-tp3865665p3865747.html
 Sent from the Solr - User mailing list archive at Nabble.com.

Re: authentication for solr admin page?

2012-03-28 Thread geeky2 
update -

ok - i was reading about replication here:

http://wiki.apache.org/solr/SolrReplication

and noticed comments in the solrconfig.xml file related to HTTP Basic
Authentication and the usage of the following tags:

str name=httpBasicAuthUserusername/str
str name=httpBasicAuthPasswordpassword/str

*Can i place these tags in the request handler to achieve an authentication
scheme for the /admin page?*

// snipped from the solrconfig.xml file

  requestHandler name=/admin/
class=org.apache.solr.handler.admin.AdminHandlers/

thanks for any help
mark

--
View this message in context: 
http://lucene.472066.n3.nabble.com/authentication-for-solr-admin-page-tp3865665p3865747.html
Sent from the Solr - User mailing list archive at Nabble.com.

RE: authentication for solr admin page?

2012-03-28 Thread ZHANG Liang F 
 Hi Mark, 
As I know you can either limit server access by only allowing certain IPs which 
is a crude, or as you said using the servlet BASIC authentication. 
Solr is just a WAR file deployed in a Servlet container, so you can use all of 
the capabilities of Servlet containers to control access. In order to limit 
access to /solr/update* and /solr/ admin/* in Jetty by requiring BASIC 
authentication from your users, you merely edit the web.xml in your Solr WAR 
adding the following stanza at the bottom:
security-constraint
web-resource-collection
web-resource-nameSolr Admin/web-resource-name
url-pattern/admin/*/url-pattern
/web-resource-collection
auth-constraint
role-nameadmin/role-name
/auth-constraint
/security-constraint
security-constraint
web-resource-collection
web-resource-nameSolr Update/web-resource-name
url-pattern/update*/url-pattern
/web-resource-collection
auth-constraint
role-nameadmin/role-name
role-namecontent_updater/role-name
/auth-constraint
/security-constraint
login-config
auth-methodBASIC/auth-method
realm-nameTest Realm/realm-name
/login-config

This specifies that access to the /update* URLs is limited to anyone in the 
roles of admin or content_updater, although only admin users can access the 
/admin/* URLs. The realm-name is what ties the security constraints to the 
users configured in Jetty.

You may need to refer to Jetty side to see how to configure user realm.

Best Regards,
Liang

-Original Message-
From: geeky2 [mailto:gee...@hotmail.com] 
Sent: 2012年3月29日 3:36
To: solr-user@lucene.apache.org
Subject: Re: authentication for solr admin page?

update -

ok - i was reading about replication here:

http://wiki.apache.org/solr/SolrReplication

and noticed comments in the solrconfig.xml file related to HTTP Basic 
Authentication and the usage of the following tags:

str name=httpBasicAuthUserusername/str
str name=httpBasicAuthPasswordpassword/str

*Can i place these tags in the request handler to achieve an authentication 
scheme for the /admin page?*

// snipped from the solrconfig.xml file

  requestHandler name=/admin/
class=org.apache.solr.handler.admin.AdminHandlers/

thanks for any help
mark

--
View this message in context: 
http://lucene.472066.n3.nabble.com/authentication-for-solr-admin-page-tp3865665p3865747.html
Sent from the Solr - User mailing list archive at Nabble.com.

Re: Authentication/Authorization with Master-Slave over HTTP

2009-10-06 Thread Chris Hostetter 

: I want to be able to have SOLR Slave instance on publicly available host
: (accessible via HTTP), and synchronize with Master securely (via HTTP)

HTTP based replication only works with the the new ReplicationHandler ... 
if you setup a proxy in front of your Master (either as a seperate daemon, 
or using a custom ServletFilter, or by runing on special settings in your 
ServletCOntainer) that can require HTTP Basic Authentication you cna 
then configure the slave to use an arbitrary usernam/password of your 
choice (look for the httpBasicAuthUser/httpBasicAuthPassword in the 
example slave configs)


-Hoss

Re: Authentication Error

2009-04-17 Thread Noble Paul നോബിള്‍ नोब्ळ् 
It is fixed in the trunk

On Thu, Apr 16, 2009 at 10:47 PM, Allahbaksh Asadullah
allahbaks...@gmail.com wrote:
 Thanks Noble.Regards,
 Allahbaksh

 2009/4/16 Noble Paul നോബിള്‍ नोब्ळ् noble.p...@gmail.com

 On Thu, Apr 16, 2009 at 10:34 PM, Allahbaksh Asadullah
 allahbaks...@gmail.com wrote:
  Hi,I have followed the procedure given on this blog to setup the solr
 
  Below is my code. I am trying to index the data but I am not able to
 connect
  to server and getting authentication error.
 
 
  HttpClient client=new HttpClient();
  client.getState().setCredentials(new AuthScope(localhost, 80,
  AuthScope.ANY_SCHEME),
                 new UsernamePasswordCredentials(admin, admin));
 
  Can you please let me know what may be the problem.
 
  The other problem which I am facing is using Load Banlancing
  SolrServer lbHttpSolrServer = new LBHttpSolrServer(
  http://localhost:8080/solr,http://localhost:8983/solr;);
 
  Now the problem is the first server is down then I will get an error. If
 I
  swap the server in constructor by giving port 8983 server as first and
 8080
  as second it works fine. The thing
 
  Problem is If only the last server which is set is active and the rest of
  other are down then Solr throws and exception and search is not
 performed.
 
 I shall write a testcase and let you know
  Regards,
  Allahbaksh
 



 --
 --Noble Paul




 --
 Allahbaksh Mohammedali Asadullah,
 Software Engineering  Technology Labs,
 Infosys Technolgies Limited, Electronic City,
 Hosur Road, Bangalore 560 100, India.
 (Board: 91-80-28520261 | Extn: 73927 | Direct: 41173927.
 Fax: 91-80-28520362 | Mobile: 91-9845505322.




-- 
--Noble Paul

Re: Authentication Error

2009-04-17 Thread Allahbaksh Asadullah 
Hi Noble.
Thank you very much. I will download the latest solr nightly build.
Please note this is the another problem which I think is bug.


I am trying out load balancing feature in Solr 1.4 using LBHTTPSolrServer.

Below is setup
I have three solr server. A, B and C.

Now the problem is if I make first two solr server (Note I have specified A,
B, C in order) i.e A and B down then it throws and exception. It does not
check it with server C. Though the server C is still active.

In short the if only last server specified in the constructor is active then
I get a Exception and query doesnot get fired.

Is it a bug or what may be the exact problem.

Regards,
Allahbaksh



2009/4/17 Noble Paul നോബിള്‍ नोब्ळ् noble.p...@gmail.com

 It is fixed in the trunk

 On Thu, Apr 16, 2009 at 10:47 PM, Allahbaksh Asadullah
 allahbaks...@gmail.com wrote:
  Thanks Noble.Regards,
  Allahbaksh
 
  2009/4/16 Noble Paul നോബിള്‍ नोब्ळ् noble.p...@gmail.com
 
  On Thu, Apr 16, 2009 at 10:34 PM, Allahbaksh Asadullah
  allahbaks...@gmail.com wrote:
   Hi,I have followed the procedure given on this blog to setup the solr
  
   Below is my code. I am trying to index the data but I am not able to
  connect
   to server and getting authentication error.
  
  
   HttpClient client=new HttpClient();
   client.getState().setCredentials(new AuthScope(localhost, 80,
   AuthScope.ANY_SCHEME),
  new UsernamePasswordCredentials(admin, admin));
  
   Can you please let me know what may be the problem.
  
   The other problem which I am facing is using Load Banlancing
   SolrServer lbHttpSolrServer = new LBHttpSolrServer(
   http://localhost:8080/solr,http://localhost:8983/solr;);
  
   Now the problem is the first server is down then I will get an error.
 If
  I
   swap the server in constructor by giving port 8983 server as first and
  8080
   as second it works fine. The thing
  
   Problem is If only the last server which is set is active and the rest
 of
   other are down then Solr throws and exception and search is not
  performed.
  
  I shall write a testcase and let you know
   Regards,
   Allahbaksh
  
 
 
 
  --
  --Noble Paul
 
 
 
 
  --
  Allahbaksh Mohammedali Asadullah,
  Software Engineering  Technology Labs,
  Infosys Technolgies Limited, Electronic City,
  Hosur Road, Bangalore 560 100, India.
  (Board: 91-80-28520261 | Extn: 73927 | Direct: 41173927.
  Fax: 91-80-28520362 | Mobile: 91-9845505322.
 



 --
 --Noble Paul




-- 
Allahbaksh Mohammedali Asadullah,
Software Engineering  Technology Labs,
Infosys Technolgies Limited, Electronic City,
Hosur Road, Bangalore 560 100, India.
(Board: 91-80-28520261 | Extn: 73927 | Direct: 41173927.
Fax: 91-80-28520362 | Mobile: 91-9845505322.

Re: Authentication Error

2009-04-16 Thread Noble Paul നോബിള്‍ नोब्ळ् 
On Thu, Apr 16, 2009 at 10:34 PM, Allahbaksh Asadullah
allahbaks...@gmail.com wrote:
 Hi,I have followed the procedure given on this blog to setup the solr

 Below is my code. I am trying to index the data but I am not able to connect
 to server and getting authentication error.


 HttpClient client=new HttpClient();
 client.getState().setCredentials(new AuthScope(localhost, 80,
 AuthScope.ANY_SCHEME),
                new UsernamePasswordCredentials(admin, admin));

 Can you please let me know what may be the problem.

 The other problem which I am facing is using Load Banlancing
 SolrServer lbHttpSolrServer = new LBHttpSolrServer(
 http://localhost:8080/solr,http://localhost:8983/solr;);

 Now the problem is the first server is down then I will get an error. If I
 swap the server in constructor by giving port 8983 server as first and 8080
 as second it works fine. The thing

 Problem is If only the last server which is set is active and the rest of
 other are down then Solr throws and exception and search is not performed.

I shall write a testcase and let you know
 Regards,
 Allahbaksh




-- 
--Noble Paul

RE: Authentication for REST-RPC Webservices

2007-09-18 Thread Dilip.TS 
Hi,
 To add to my earlier query which would be better 
a) using REST-RPC or 
b) using RESTFul Webservices using JAX-WS  ?

Regards
Dilip

-Original Message-
From: Dilip.TS [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 18, 2007 11:41 AM
To: solr-user@lucene.apache.org
Subject: Authentication for REST-RPC Webservices



Hi,
  
  Has anybody successfully called a REST-RPC Webservice for basic 
authentication. 
I would like to which is better one REST-RPC or REST with SOAP/WSDL and why?

Regards
Dilip

Re: Authentication

2007-09-14 Thread Bill Au 
Add/Update, Commit/Optimize, Delete, and Delete by query, in Solr are done
using the url /update.  So should be able to protect that url at the
container level outside of Solr.  If you want you can protect the query url
/select or the admin pages too.  Container level authentication is
transparent to Solr so you should be able to protect any url you want.

Bill**

On 9/14/07, jenix [EMAIL PROTECTED] wrote:


 Hi,

 What methods are available for user authentication? I'm using Jetty and
 php/curl and Basic HTTP Auth does not seem to work. I just need something
 simple so that only the Admin can add, update or delete documents.

 Regards,
 Jennifer Seaman
 --
 View this message in context:
 http://www.nabble.com/Authentication-tf4442825.html#a12676218
 Sent from the Solr - User mailing list archive at Nabble.com.

Re: Authentication

2007-09-14 Thread jenix 

When you say outside of Solr do you mean outside of solr.war? We finally
got php/curl working with jetty's Basic Authentication. We had to unpack and
repack solr.war to edit web.xml and it would have been nice to use some
other method.
-- 
View this message in context: 
http://www.nabble.com/Authentication-tf4442825.html#a12677713
Sent from the Solr - User mailing list archive at Nabble.com.

Re: Authentication

2007-09-14 Thread Bill Au 
I meant outside of the Solr code.  You are right that it is still in the
Solr war file since you will need to put the authentication configuration
into web.xml.

Bill

On 9/14/07, jenix [EMAIL PROTECTED] wrote:


 When you say outside of Solr do you mean outside of solr.war? We finally
 got php/curl working with jetty's Basic Authentication. We had to unpack
 and
 repack solr.war to edit web.xml and it would have been nice to use some
 other method.
 --
 View this message in context:
 http://www.nabble.com/Authentication-tf4442825.html#a12677713
 Sent from the Solr - User mailing list archive at Nabble.com.

RE: Authentication

2007-09-14 Thread Lance Norskog 
You can try the public/private key certficate system. You deploy it to
jetty/tomcat somehow, and curl has options to send it.
We haven't tried this. The authentication happens at the http container
level, not in the solr config.

-Original Message-
From: Bill Au [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 14, 2007 1:49 PM
To: solr-user@lucene.apache.org
Subject: Re: Authentication

I meant outside of the Solr code.  You are right that it is still in the
Solr war file since you will need to put the authentication configuration
into web.xml.

Bill

On 9/14/07, jenix [EMAIL PROTECTED] wrote:


 When you say outside of Solr do you mean outside of solr.war? We 
 finally got php/curl working with jetty's Basic Authentication. We had 
 to unpack and repack solr.war to edit web.xml and it would have been 
 nice to use some other method.
 --
 View this message in context:
 http://www.nabble.com/Authentication-tf4442825.html#a12677713
 Sent from the Solr - User mailing list archive at Nabble.com.

Re: Authentication

2007-09-14 Thread Chris Hostetter 
: When you say outside of Solr do you mean outside of solr.war? We finally
: got php/curl working with jetty's Basic Authentication. We had to unpack and
: repack solr.war to edit web.xml and it would have been nice to use some
: other method.

it should not be neccessary to unpack the war ... you should be able to 
configure the authentication based on paths independed of the webapp that 
serves that path.

i haven't tried this with jetty, but this Jetty FAQ... 
http://jetty.mortbay.org/jetty5/faq/faq_s_400-Security_t_sso.html 
... and the demo file it refers to... 
http://ftp.mortbay.org/pub/jetty-5/jetty-5.1.10/etc/demoSSO.xml 
...make it fairly clear that this is possible.  In this case no path is 
being used, so the entire port requires authentication ... you'd have to 
check with someone who knows more about jetty to find out how to map a 
Realm to specific paths.


-Hoss