Hi Steve, We've not yet moved to Solr 5, but we do use Jetty 9. In any case, Basic Auth is a Jetty thing, not a Solr thing. We do use this mechanism to great effect to secure things like index writers and such, and it does work well once it's setup. Jetty, as with all containers, is a bit fussy about everything being in its place (sorry to state the obvious :-).
I see you've got a non-global url pattern - is this definitely definitely correct? In 100% of cases, Solr should be the only app running, so a global url is standard practice. Your Jetty's got Solr security-constraint set to /db/*, but your url is http://localhost:8983/solr/ - you'll need a corresponding <servlet-mapping> entry if you want to use /db/* (and the url will change accordingly to http://localhost:8983/db/solr/) To simplify things - even if just to get things working initially, can you set it to a /* url-pattern and use default-role? You can always tweak it later on. I take it from your url that you're not using any sharding/multi-core stuff. If you are using multi-core, include the core name in the url (e.g. localhost:8983/solr/mycore/select?q=*:*). You can also set the jetty-logging.properties file as described in: http://www.eclipse.org/jetty/documentation/9.2.7.v20150116/configuring-logging.html . A 404 would suggest that Solr hasn't loaded, possibly due to missing mappings in the xml. You can run netstat -a on your Windows box to see if Solr is listening on port 8983. Thanks, Peter On Thu, Jul 23, 2015 at 9:39 PM, Steven White <swhite4...@gmail.com> wrote: > Hi Petter, > > I'm on Solr 5.2.1 which comes with Jetty 9.2. I'm setting this up on > Windows 2012 but will need to do the same on Linux too. > > I followed the step per this link: > https://wiki.apache.org/solr/SolrSecurity#Jetty_realm_example very much to > the book. Here are the changes I made: > > File: C:\Solr\solr-5.2.1\server\etc\webdefault.xml > > <security-constraint> > <web-resource-collection> > <web-resource-name>Solr authenticated > application</web-resource-name> > <url-pattern>/db/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>db-role</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>Test Realm</realm-name> > </login-config> > > File: E:\Solr\solr-5.2.1\server\etc\jetty.xml > > <New class="org.eclipse.jetty.security.HashLoginService"> > <Set name="name">Test Realm</Set> > <Set name="config"><SystemProperty name="jetty.home" > default="."/>/etc/realm.properties</Set> > <Set name="refreshInterval">0</Set> > <Call name="start"></Call> > </New> > > File: E:\Solr\solr-5.2.1\server\etc\realm.properties > > admin: admin, db-role > > I then restarted Solr. After this, accessing http://localhost:8983/solr/ > gives me: > > HTTP ERROR: 404 > > Problem accessing /solr/. Reason: > > Not Found > Powered by Jetty:// > > In a previous post, I asked if anyone has setup Solr 5.2.1 or any 5.x with > Basic Auth and got it working, I have not heard back. Either this feature > is not tested or not in use. If it is not in use, how do folks secure > their Solr instance? > > Thanks > > Steve > > On Thu, Jul 23, 2015 at 2:52 PM, Peter Sturge <peter.stu...@gmail.com> > wrote: > > > Hi Steve, > > > > What version of Jetty are you using? > > > > Have you got a webdefault.xml in your etc folder? > > If so, does it have an entry like this: > > > > <login-config> > > <auth-method>BASIC</auth-method> > > <realm-name>Realm Name as specified in jetty.xml</realm-name> > > </login-config> > > > > It's been a few years since I set this up, but I believe you also need an > > auth-constraint in webdefault.xml - this tells jetty which apps are using > > which realms: > > > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>A web application name</web-resource-name> > > <url-pattern>/*</url-pattern> > > </web-resource-collection> > > <auth-constraint> > > <role-name>default-role</role-name> > > </auth-constraint> > > </security-constraint> > > > > Your realm.properties should then have user account entries for the role > > similar to: > > > > admin: some-cred, default-role > > > > > > Hope this helps, > > Peter > > > > > > On Thu, Jul 23, 2015 at 7:41 PM, Steven White <swhite4...@gmail.com> > > wrote: > > > > > (re-posting as new email thread to see if this will make it to the > list) > > > > > > > > > That didn't help. I still get the same result and virtually no log to > > help > > > me figure out where / what things are going wrong. > > > > > > Here is all that I see in C:\Solr\solr-5.2.1\server\logs\solr.log: > > > > > > INFO - 2015-07-23 05:29:12.065; [ ] > org.eclipse.jetty.util.log.Log; > > > Logging initialized @286ms > > > INFO - 2015-07-23 05:29:12.231; [ ] > org.eclipse.jetty.server.Server; > > > jetty-9.2.10.v20150310 > > > WARN - 2015-07-23 05:29:12.240; [ ] > > > org.eclipse.jetty.server.handler.RequestLogHandler; !RequestLog > > > INFO - 2015-07-23 05:29:12.255; [ ] > > > org.eclipse.jetty.server.AbstractConnector; Started > > > ServerConnector@5a5fae16 > > > {HTTP/1.1}{0.0.0.0:8983} > > > INFO - 2015-07-23 05:29:12.256; [ ] > org.eclipse.jetty.server.Server; > > > Started @478ms > > > > > > Does anyone know where / what logs I should turn on to debug this? > > Should > > > I be posting this issue on the Jetty mailing list? > > > > > > Steve > > > > > > > > > On Wed, Jul 22, 2015 at 10:34 AM, Peter Sturge <peter.stu...@gmail.com > > > > > wrote: > > > > > > > Try adding the "start" call in your jetty.xml: > > > > <Set name="name">Realm Name</Set> > > > > <Set name="config"><SystemProperty name="jetty.home" > > > > default="."/>/etc/realm.properties</Set> > > > > <Set name="refreshInterval">5</Set> > > > > <Call name="start"></Call> > > > > > >
