Some further information -- I tried indexing a batch of PDFs with the client and Solr CELL, setting the credentials in the httpclient. For some reason after successfully indexing several hundred files I start getting a "SolrException: Unauthorized" and an info message (for every subsequent file):
INFO basic authentication scheme selected Org.apache.commons.httpclient.HttpMethodDirector process WWWAuthChallenge INFO Failure authenticating with BASIC '<realm>'@host:port I increased session timeout in web.xml with no change. I'm looking through the httpclient authentication now. -Jon -----Original Message----- From: Sharp, Jonathan Sent: Friday, July 16, 2010 8:59 AM To: 'solr-user@lucene.apache.org' Subject: RE: Securing Solr 1.4 in a glassfish container AS NEW THREAD Hi Bilgin, Thanks for the snippet -- that helps a lot. -Jon -----Original Message----- From: Bilgin Ibryam [mailto:bibr...@gmail.com] Sent: Friday, July 16, 2010 1:31 AM To: solr-user@lucene.apache.org Subject: Re: Securing Solr 1.4 in a glassfish container AS NEW THREAD Hi Jon, SolrJ (CommonsHttpSolrServer) internally uses apache http client to connect to solr. You can check there for some documentation. I secured solr also with BASIC auth-method and use the following snippet to access it from solrJ: //set username and password ((CommonsHttpSolrServer) server).getHttpClient().getParams().setAuthenticationPreemptive(true); Credentials defaultcreds = new UsernamePasswordCredentials("username", "secret"); ((CommonsHttpSolrServer) server).getHttpClient().getState().setCredentials(new AuthScope("localhost", 80, AuthScope.ANY_REALM), defaultcreds); HTH Bilgin Ibryam On Fri, Jul 16, 2010 at 2:35 AM, Sharp, Jonathan <jsh...@coh.org> wrote: > Hi All, > > I am considering securing Solr with basic auth in glassfish using the > container, by adding to web.xml and adding sun-web.xml file to the > distributed WAR as below. > > If using SolrJ to index files, how can I provide the credentials for > authentication to the http-client (or can someone point me in the direction > of the right documentation to do that or that will help me make the > appropriate modifications) ? > > Also any comment on the below is appreciated. > > Add this to web.xml > ----------------------------------------------- > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>SomeRealm</realm-name> > </login-config> > <security-constraint> > <web-resource-collection> > <web-resource-name>Admin Pages</web-resource-name> > <url-pattern>/admin</url-pattern> > <url-pattern>/admin/*</url-pattern> > > <http-method>GET</http-method><http-method>POST</http-method><http-metho d>PUT</http-method><http-method>TRACE</http-method<http-method>HEAD</htt p-method><http-method>OPTIONS</http-method><http-method>DELETE</http-met hod> > </web-resource-collection> > <auth-constraint> > <role-name>SomeAdminRole</role-name> > </auth-constraint> > </security-constraint> > <security-constraint> > <web-resource-collection> > <web-resource-name>Update Servlet</web-resource-name> > <url-pattern>/update/*</url-pattern> > > <http-method>GET</http-method><http-method>POST</http-method><http-metho d>PUT</http-method><http-method>TRACE</http-method<http-method>HEAD</htt p-method><http-method>OPTIONS</http-method><http-method>DELETE</http-met hod> > </web-resource-collection> > <auth-constraint> > <role-name>SomeUpdateRole</role-name> > </auth-constraint> > </security-constraint> > <security-constraint> > <web-resource-collection> > <web-resource-name>Select Servlet</web-resource-name> > <url-pattern>/select/*</url-pattern> > > <http-method>GET</http-method><http-method>POST</http-method><http-metho d>PUT</http-method><http-method>TRACE</http-method<http-method>HEAD</htt p-method><http-method>OPTIONS</http-method><http-method>DELETE</http-met hod> > </web-resource-collection> > <auth-constraint> > <role-name>SomeSearchRole</role-name> > </auth-constraint> > </security-constraint> > ----------------------------------------------- > > Also add this as sun-web.xml > > ------------------------------------------------ > <?xml version="1.0" encoding="UTF-8"?> > <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application > Server 9.0 Servlet 2.5//EN" " > http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd";> > <sun-web-app error-url=""> > <context-root>/Solr</context-root> > <jsp-config> > <property name="keepgenerated" value="true"> > <description>Keep a copy of the generated servlet class' java > code.</description> > </property> > </jsp-config> > <security-role-mapping> > <role-name>SomeAdminRole</role-name> > <group-name>SomeAdminGroup</group-name> > </security-role-mapping> > <security-role-mapping> > <role-name>SomeUpdateRole</role-name> > <group-name>SomeUpdateGroup</group-name> > </security-role-mapping> > <security-role-mapping> > <role-name>SomeSearchRole</role-name> > <group-name>SomeSearchGroup</group-name> > </security-role-mapping> > </sun-web-app> > -------------------------------------------------- > > -Jon > > > --------------------------------------------------------------------- > SECURITY/CONFIDENTIALITY WARNING: This message and any attachments are > intended solely for the individual or entity to which they are addressed. > This communication may contain information that is privileged, confidential, > or exempt from disclosure under applicable law (e.g., personal health > information, research data, financial information). Because this e-mail has > been sent without encryption, individuals other than the intended recipient > may be able to view the information, forward it to others or tamper with the > information without the knowledge or consent of the sender. If you are not > the intended recipient, or the employee or person responsible for delivering > the message to the intended recipient, any dissemination, distribution or > copying of the communication is strictly prohibited. If you received the > communication in error, please notify the sender immediately by replying to > this message and deleting the message and any accompanying files from your > system. If, due to the security risks, you do not wis > h to > receive further communications via e-mail, please reply to this message and > inform the sender that you do not wish to receive further e-mail from the > sender. > --------------------------------------------------------------------- > >
