Re: Securing Solr 1.4 in a glassfish container AS NEW THREAD

Fri, 23 Jul 2010 12:29:26 -0700 

Are you using the same instance of CommonsHttpSolrServer for all the
requests?


I was.


I also tried creating a new instance every x requests, also resetting  
the credentials on the new instances, to see if it would make a  
difference.



Doing that, I get an exception after several instances of the  
httpserver (again several hundred PDFs) to the effect that the socket  
is still in use... Perhaps I am not releasing the resources properly...?


-Jon

On Jul 22, 2010, at 3:02 AM, "Bilgin Ibryam" <bibr...@gmail.com> wrote:


Are you using the same instance of CommonsHttpSolrServer for all the
requests?


On Wed, Jul 21, 2010 at 4:50 PM, Sharp, Jonathan <jsh...@coh.org>  
wrote:




Some further information --


I tried indexing a batch of PDFs with the client and Solr CELL,  
setting

the credentials in the httpclient. For some reason after successfully
indexing several hundred files I start getting a "SolrException:
Unauthorized" and an info message (for every subsequent file):

INFO basic authentication scheme selected
Org.apache.commons.httpclient.HttpMethodDirector process
WWWAuthChallenge
INFO Failure authenticating with BASIC '<realm>'@host:port

I increased session timeout in web.xml with no change. I'm looking
through the httpclient authentication now.

-Jon

-----Original Message-----
From: Sharp, Jonathan
Sent: Friday, July 16, 2010 8:59 AM
To: 'solr-user@lucene.apache.org'
Subject: RE: Securing Solr 1.4 in a glassfish container AS NEW THREAD

Hi Bilgin,

Thanks for the snippet -- that helps a lot.

-Jon

-----Original Message-----
From: Bilgin Ibryam [mailto:bibr...@gmail.com]
Sent: Friday, July 16, 2010 1:31 AM
To: solr-user@lucene.apache.org
Subject: Re: Securing Solr 1.4 in a glassfish container AS NEW THREAD

Hi Jon,

SolrJ (CommonsHttpSolrServer) internally uses apache http client to
connect
to solr. You can check there for some documentation.

I secured solr also with BASIC auth-method and use the following  
snippet

to
access it from solrJ:

    //set username and password
    ((CommonsHttpSolrServer)

server).getHttpClient().getParams().setAuthenticationPreemptive 
(true);

    Credentials defaultcreds = new
UsernamePasswordCredentials("username",
"secret");
    ((CommonsHttpSolrServer)
server).getHttpClient().getState().setCredentials(new
AuthScope("localhost",
80, AuthScope.ANY_REALM), defaultcreds);

HTH
Bilgin Ibryam




On Fri, Jul 16, 2010 at 2:35 AM, Sharp, Jonathan <jsh...@coh.org>  
wrote:



Hi All,


I am considering securing Solr with basic auth in glassfish using  
the

container, by adding to web.xml and adding sun-web.xml file to the
distributed WAR as below.

If using SolrJ to index files, how can I provide the credentials for
authentication to the http-client (or can someone point me in the

direction

of the right documentation to do that or that will help me make the
appropriate modifications) ?

Also any comment on the below is appreciated.

Add this to web.xml
-----------------------------------------------
 <login-config>
     <auth-method>BASIC</auth-method>
     <realm-name>SomeRealm</realm-name>
 </login-config>
 <security-constraint>
     <web-resource-collection>
         <web-resource-name>Admin Pages</web-resource-name>
         <url-pattern>/admin</url-pattern>
         <url-pattern>/admin/*</url-pattern>



<http-method>GET</http-method><http-method>POST</http-method><http- 
metho
d>PUT</http-method><http-method>TRACE</http-method<http- 
method>HEAD</htt
p-method><http-method>OPTIONS</http-method><http-method>DELETE</ 
http-met

hod>

     </web-resource-collection>
     <auth-constraint>
         <role-name>SomeAdminRole</role-name>
     </auth-constraint>
 </security-constraint>
 <security-constraint>
     <web-resource-collection>
         <web-resource-name>Update Servlet</web-resource-name>
         <url-pattern>/update/*</url-pattern>



<http-method>GET</http-method><http-method>POST</http-method><http- 
metho
d>PUT</http-method><http-method>TRACE</http-method<http- 
method>HEAD</htt
p-method><http-method>OPTIONS</http-method><http-method>DELETE</ 
http-met

hod>

     </web-resource-collection>
     <auth-constraint>
         <role-name>SomeUpdateRole</role-name>
     </auth-constraint>
 </security-constraint>
 <security-constraint>
     <web-resource-collection>
         <web-resource-name>Select Servlet</web-resource-name>
         <url-pattern>/select/*</url-pattern>



<http-method>GET</http-method><http-method>POST</http-method><http- 
metho
d>PUT</http-method><http-method>TRACE</http-method<http- 
method>HEAD</htt
p-method><http-method>OPTIONS</http-method><http-method>DELETE</ 
http-met

hod>

     </web-resource-collection>
     <auth-constraint>
         <role-name>SomeSearchRole</role-name>
     </auth-constraint>
 </security-constraint>
-----------------------------------------------

Also add this as sun-web.xml

------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD

Application

Server 9.0 Servlet 2.5//EN" "
http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd";>
<sun-web-app error-url="">
<context-root>/Solr</context-root>
<jsp-config>
 <property name="keepgenerated" value="true">
   <description>Keep a copy of the generated servlet class' java
code.</description>
 </property>
</jsp-config>
<security-role-mapping>
   <role-name>SomeAdminRole</role-name>
   <group-name>SomeAdminGroup</group-name>
</security-role-mapping>
<security-role-mapping>
   <role-name>SomeUpdateRole</role-name>
   <group-name>SomeUpdateGroup</group-name>
</security-role-mapping>
<security-role-mapping>
   <role-name>SomeSearchRole</role-name>
   <group-name>SomeSearchGroup</group-name>
</security-role-mapping>
</sun-web-app>
--------------------------------------------------

-Jon



--- 
------------------------------------------------------------------
SECURITY/CONFIDENTIALITY WARNING: This message and any attachments  
are

intended solely for the individual or entity to which they are

addressed.

This communication may contain information that is privileged,

confidential,

or exempt from disclosure under applicable law (e.g., personal  
health

information, research data, financial information). Because this

e-mail has

been sent without encryption, individuals other than the intended

recipient

may be able to view the information, forward it to others or tamper

with the

information without the knowledge or consent of the sender. If you  
are

not

the intended recipient, or the employee or person responsible for

delivering

the message to the intended recipient, any dissemination,  
distribution

or

copying of the communication is strictly prohibited. If you received

the

communication in error, please notify the sender immediately by

replying to

this message and deleting the message and any accompanying files  
from

your

system. If, due to the security risks, you do not wis
h to
receive further communications via e-mail, please reply to this

message and

inform the sender that you do not wish to receive further e-mail  
from

the

sender.

--- 
------------------------------------------------------------------



























					Reply via email to