Hi, Thank you Sanders for your quick reply,
I ty now to follow the steps 2015-09-17 19:37 GMT+00:00 Sanders, Marshall (AT - Atlanta) < marshall.sand...@autotrader.com>: > So the issue is that when it's stated that solr runs on jetty 9 what it > really means is that it runs on 5% of jetty9 and the other 95% has been > stripped out. (WHYYYY! It's only ~13 MB) > > You'll need to download the appropriate version of jetty and before > starting up do the following > > 1. Copy modules/jaas.mod to the unpacked solr directory server/modules > 2. Copy etc/jetty-jaas.xml to server/etc > 3. Copy the jetty-jaas-<version>.jar to server/lib > 4. Call the following before starting solr: java -jar start.jar > --add-to-startd=jaas > > Now when you start solr JAAS will be available and you should be able to > configure it with all of the defaults that you would expect. > http://www.eclipse.org/jetty/documentation/current/jaas-support.html > > > I'll reiterate that I think it's a pretty bad decision to have stripped > out the modules from the version of jetty shipped. Especially since they > won't be loaded into the classloader with the new jetty modules setup. > > > Marshall Sanders > Technical Lead – Software Engineer > Autotrader.com > 404-568-7130 > > -----Original Message----- > From: Sanders, Marshall (AT - Atlanta) [mailto: > marshall.sand...@autotrader.com] > Sent: Thursday, September 17, 2015 2:28 PM > To: solr-user@lucene.apache.org > Subject: RE: Securing solr 5.2 basic auth permission rules > > I'm actually trying to do something similar with 5.3 > > We're in the process of upgrading from 4.10 and were previously using jaas > to secure dih pages and a few others and had a config similar to what you > described. > > The Error I get is the following (Might only visible when you change the > log4j startup log level, I didn't check what the default log level is): > > 2015-09-17 11:19:10,121 [main] WARN xml.XmlConfiguration Config error at > <Call name="addBean"><Arg> > <New class="org.eclipse.jetty.plus.jaas.JAASLoginService"><Set > name="Name">SolrRealm</Set><Set > name="LoginModuleName">multiloginmodule</Set></New> > </Arg></Call> > > From what I gather now with jetty 9 the modules have to be enabled > individually: > http://www.eclipse.org/jetty/documentation/current/startup-modules.html > > However: when I run > java -jar start.jar --list-modules > > I only get a few modules as possibilities (server,http,https,ssl). I > tried adding the jetty-jaas jar for the version of jetty with 5.3 to /lib > but I still am not able to figure out how to turn it on as it doesn't show > up in the list. > > I'm much less familiar with jetty than I am with others so I'm still > fumbling a bit here. But it seems we need to: > > 1. Add the jetty-jaas.jar that's missing via an outside script (Also note > that if you want ldap you'll have to use an additional jar) 2. Execute the > following (java -jar start.jar --add-to-startd=jaas) 3. Start the server > (either with your own script or the new ./solr scripts) > > I've got the jar added, but either it's not in the right place (I've got > it in /lib maybe it needs to be in /lib/ext?) or jetty needs to be > configured to recognize it. > > Not sure what the thinking was behind the decision that only people > running solr cloud would want authentication, or even how solr made it to > 5.2 before adding anything in at all! > > We had all this working great in jetty8 solr versions but with the new > jetty9 modules/classloaders it's proving a challenge. > > Marshall Sanders > Technical Lead – Software Engineer > Autotrader.com > 404-568-7130 > > -----Original Message----- > From: Aziz Gaou [mailto:gaoua...@gmail.com] > Sent: Thursday, September 17, 2015 5:55 AM > To: solr-user@lucene.apache.org > Subject: Re: Securing solr 5.2 basic auth permission rules > > thank you so much for your reply, > > Now, i try to protect Apache Solr 5 admin with jetty, when I change > > 1) sudo nano /opt/solr/server/etc/webdefault.xml > > > <?xml version="1.0" encoding="ISO-8859-1"?> <web-app ......> > > <!-- only the relevant addition is listed here --> > > <security-constraint> > <web-resource-collection> > <web-resource-name>Solr</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>search-role</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>Solr Realm</realm-name> > </login-config> > > </web-app> > > 2) i changed too "*jetty.xml * > <https://gist.github.com/jstrassburg/9777027#file-jetty-xml> " and " > *realm.properties* > <https://gist.github.com/jstrassburg/9777027#file-realm-properties>" > > 3) the following message will appear on browser: > > - http://localhost:8983/solr/ > > > HTTP ERROR: 503 > > Problem accessing /solr/. Reason: > > Service Unavailable > > ------------------------------ > *Powered by Jetty://* > > > Thanks for your help > > 2015-09-16 18:58 GMT+00:00 Anshum Gupta <ans...@anshumgupta.net>: > > > Basic authentication (and the API support, that you're trying to use) > > was only released with 5.3.0 so it wouldn't work with 5.2. > > 5.2 only had the authentication and authorization frameworks, and > > shipped with Kerberos authentication plugin out of the box. > > > > There are a few known issues with that though, and a 5.3.1 release is > > just around the corner. > > > > On Wed, Sep 16, 2015 at 10:11 AM, Aziz Gaou <gaoua...@gmail.com> wrote: > > > > > Hi, > > > > > > I try to follow: > > > > > > > > https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+ > > Plugin > > > , > > > to protect Solr 5.2 Admin with password, but I have not been able to > > > secure. > > > > > > 1) When I run the following command: > > > > > > curl --user solr:SolrRocks > > http://localhost:8983/solr/admin/authentication > > > -H 'Content-type:application/json'-d '{ > > > "set-user": {"tom" : "TomIsCool" }}' > > > > > > no update on the file security.json > > > > > > 2) I launched the following 2 commands: > > > > > > curl --user solr:SolrRocks > > http://localhost:8983/solr/admin/authorization > > > -H 'Content-type:application/json'-d '{"set-permission": { > > > "name":"updates", "collection":"MyCollection", "role": "dev"}}' > > > > > > curl --user solr:SolrRocks > > http://localhost:8983/solr/admin/authorization > > > -H 'Content-type:application/json' -d '{ "set-user-role": > > {"tom":["dev"}}' > > > > > > always MyCollection is not protected. > > > > > > > > > thank you for your help. > > > > > > > > > > > -- > > Anshum Gupta > > >
