[
https://issues.apache.org/jira/browse/SOLR-1861?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12854775#action_12854775
]
Lance Norskog commented on SOLR-1861:
-------------------------------------
If this was implemented inside SolrJ, then all SolrJ apps would be able to use
authentication. It would be just as much code as putting the auth code in
SearchHandler.
> HTTP Authentication for sharded queries
> ---------------------------------------
>
> Key: SOLR-1861
> URL: https://issues.apache.org/jira/browse/SOLR-1861
> Project: Solr
> Issue Type: Improvement
> Components: search
> Affects Versions: 1.4
> Environment: Solr 1.4
> Reporter: Peter Sturge
> Priority: Minor
> Attachments: SearchHandler.java, SearchHandler.java
>
>
> This issue came out of a requirement to have HTTP authentication for queries.
> Currently, HTTP authentication works for querying single servers, but it's
> not possible for distributed searches across multiple shards to receive
> authenticated http requests.
> This patch adds the option for Solr clients to pass shard-specific http
> credentials to SearchHandler, which can then use these credentials when
> making http requests to shards.
> Here's how the patch works:
> A final constant String called {{shardcredentials}} acts as the name of the
> SolrParams parameter key name.
> The format for the value associated with this key is a comma-delimited list
> of colon-separated tokens:
> {{
> shard0:port0:username0:password0,shard1:port1:username1:password1,shardN:portN:usernameN:passwordN
> }}
> A client adds these parameters to their sharded request.
> In the absence of {{shardcredentials}} and/or matching credentials, the patch
> reverts to the existing behaviour of using a default http client (i.e. no
> credentials). This ensures b/w compatibility.
> When SearchHandler receives the request, it passes the 'shardcredentials'
> parameter to the HttpCommComponent via the submit() method.
> The HttpCommComponent parses the parameter string, and when it finds matching
> credentials for a given shard, it creates an HttpClient object with those
> credentials, and then sends the request using this.
> Note: Because the match comparison is a string compare (a.o.t. dns compare),
> the host/ip names used in the shardcredentials parameters must match those
> used in the shards parameter.
> Impl Notes:
> This patch is used and tested on the 1.4 release codebase. There weren't any
> significant diffs between the 1.4 release and the latest trunk for
> SearchHandler, so should be fine on other trunks, but I've only tested with
> the 1.4 release code base.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
