I'm actually trying to do something similar with 5.3
We're in the process of upgrading from 4.10 and were previously using jaas to
secure dih pages and a few others and had a config similar to what you
described.
The Error I get is the following (Might only visible when you change the log4j
startup log level, I didn't check what the default log level is):
2015-09-17 11:19:10,121 [main] WARN xml.XmlConfiguration Config error at <Call
name="addBean"><Arg>
<New class="org.eclipse.jetty.plus.jaas.JAASLoginService"><Set
name="Name">SolrRealm</Set><Set
name="LoginModuleName">multiloginmodule</Set></New>
</Arg></Call>
From what I gather now with jetty 9 the modules have to be enabled individually:
http://www.eclipse.org/jetty/documentation/current/startup-modules.html
However: when I run
java -jar start.jar --list-modules
I only get a few modules as possibilities (server,http,https,ssl). I tried
adding the jetty-jaas jar for the version of jetty with 5.3 to /lib but I still
am not able to figure out how to turn it on as it doesn't show up in the list.
I'm much less familiar with jetty than I am with others so I'm still fumbling a
bit here. But it seems we need to:
1. Add the jetty-jaas.jar that's missing via an outside script (Also note that
if you want ldap you'll have to use an additional jar)
2. Execute the following (java -jar start.jar --add-to-startd=jaas)
3. Start the server (either with your own script or the new ./solr scripts)
I've got the jar added, but either it's not in the right place (I've got it in
/lib maybe it needs to be in /lib/ext?) or jetty needs to be configured to
recognize it.
Not sure what the thinking was behind the decision that only people running
solr cloud would want authentication, or even how solr made it to 5.2 before
adding anything in at all!
We had all this working great in jetty8 solr versions but with the new jetty9
modules/classloaders it's proving a challenge.
Marshall Sanders
Technical Lead – Software Engineer
Autotrader.com
404-568-7130
-----Original Message-----
From: Aziz Gaou [mailto:gaoua...@gmail.com]
Sent: Thursday, September 17, 2015 5:55 AM
To: solr-user@lucene.apache.org
Subject: Re: Securing solr 5.2 basic auth permission rules
thank you so much for your reply,
Now, i try to protect Apache Solr 5 admin with jetty, when I change
1) sudo nano /opt/solr/server/etc/webdefault.xml
<?xml version="1.0" encoding="ISO-8859-1"?> <web-app ......>
<!-- only the relevant addition is listed here -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>search-role</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Solr Realm</realm-name>
</login-config>
</web-app>
2) i changed too "*jetty.xml *
<https://gist.github.com/jstrassburg/9777027#file-jetty-xml> " and "
*realm.properties*
<https://gist.github.com/jstrassburg/9777027#file-realm-properties>"
3) the following message will appear on browser:
- http://localhost:8983/solr/
HTTP ERROR: 503
Problem accessing /solr/. Reason:
Service Unavailable
------------------------------
*Powered by Jetty://*
Thanks for your help
2015-09-16 18:58 GMT+00:00 Anshum Gupta <ans...@anshumgupta.net>:
> Basic authentication (and the API support, that you're trying to use)
> was only released with 5.3.0 so it wouldn't work with 5.2.
> 5.2 only had the authentication and authorization frameworks, and
> shipped with Kerberos authentication plugin out of the box.
>
> There are a few known issues with that though, and a 5.3.1 release is
> just around the corner.
>
> On Wed, Sep 16, 2015 at 10:11 AM, Aziz Gaou <gaoua...@gmail.com> wrote:
>
> > Hi,
> >
> > I try to follow:
> >
> >
> https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+
> Plugin
> > ,
> > to protect Solr 5.2 Admin with password, but I have not been able to
> > secure.
> >
> > 1) When I run the following command:
> >
> > curl --user solr:SolrRocks
> http://localhost:8983/solr/admin/authentication
> > -H 'Content-type:application/json'-d '{
> > "set-user": {"tom" : "TomIsCool" }}'
> >
> > no update on the file security.json
> >
> > 2) I launched the following 2 commands:
> >
> > curl --user solr:SolrRocks
> http://localhost:8983/solr/admin/authorization
> > -H 'Content-type:application/json'-d '{"set-permission": {
> > "name":"updates", "collection":"MyCollection", "role": "dev"}}'
> >
> > curl --user solr:SolrRocks
> http://localhost:8983/solr/admin/authorization
> > -H 'Content-type:application/json' -d '{ "set-user-role":
> {"tom":["dev"}}'
> >
> > always MyCollection is not protected.
> >
> >
> > thank you for your help.
> >
>
>
>
> --
> Anshum Gupta
>
