Some further information --
I tried indexing a batch of PDFs with the client and Solr CELL,
setting
the credentials in the httpclient. For some reason after successfully
indexing several hundred files I start getting a "SolrException:
Unauthorized" and an info message (for every subsequent file):
INFO basic authentication scheme selected
Org.apache.commons.httpclient.HttpMethodDirector process
WWWAuthChallenge
INFO Failure authenticating with BASIC '<realm>'@host:port
I increased session timeout in web.xml with no change. I'm looking
through the httpclient authentication now.
-Jon
-----Original Message-----
From: Sharp, Jonathan
Sent: Friday, July 16, 2010 8:59 AM
To: 'solr-user@lucene.apache.org'
Subject: RE: Securing Solr 1.4 in a glassfish container AS NEW THREAD
Hi Bilgin,
Thanks for the snippet -- that helps a lot.
-Jon
-----Original Message-----
From: Bilgin Ibryam [mailto:bibr...@gmail.com]
Sent: Friday, July 16, 2010 1:31 AM
To: solr-user@lucene.apache.org
Subject: Re: Securing Solr 1.4 in a glassfish container AS NEW THREAD
Hi Jon,
SolrJ (CommonsHttpSolrServer) internally uses apache http client to
connect
to solr. You can check there for some documentation.
I secured solr also with BASIC auth-method and use the following
snippet
to
access it from solrJ:
//set username and password
((CommonsHttpSolrServer)
server).getHttpClient().getParams().setAuthenticationPreemptive
(true);
Credentials defaultcreds = new
UsernamePasswordCredentials("username",
"secret");
((CommonsHttpSolrServer)
server).getHttpClient().getState().setCredentials(new
AuthScope("localhost",
80, AuthScope.ANY_REALM), defaultcreds);
HTH
Bilgin Ibryam
On Fri, Jul 16, 2010 at 2:35 AM, Sharp, Jonathan <jsh...@coh.org>
wrote:
Hi All,
I am considering securing Solr with basic auth in glassfish using
the
container, by adding to web.xml and adding sun-web.xml file to the
distributed WAR as below.
If using SolrJ to index files, how can I provide the credentials for
authentication to the http-client (or can someone point me in the
direction
of the right documentation to do that or that will help me make the
appropriate modifications) ?
Also any comment on the below is appreciated.
Add this to web.xml
-----------------------------------------------
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>SomeRealm</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Pages</web-resource-name>
<url-pattern>/admin</url-pattern>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method><http-method>POST</http-method><http-
metho
d>PUT</http-method><http-method>TRACE</http-method<http-
method>HEAD</htt
p-method><http-method>OPTIONS</http-method><http-method>DELETE</
http-met
hod>
</web-resource-collection>
<auth-constraint>
<role-name>SomeAdminRole</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Update Servlet</web-resource-name>
<url-pattern>/update/*</url-pattern>
<http-method>GET</http-method><http-method>POST</http-method><http-
metho
d>PUT</http-method><http-method>TRACE</http-method<http-
method>HEAD</htt
p-method><http-method>OPTIONS</http-method><http-method>DELETE</
http-met
hod>
</web-resource-collection>
<auth-constraint>
<role-name>SomeUpdateRole</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Select Servlet</web-resource-name>
<url-pattern>/select/*</url-pattern>
<http-method>GET</http-method><http-method>POST</http-method><http-
metho
d>PUT</http-method><http-method>TRACE</http-method<http-
method>HEAD</htt
p-method><http-method>OPTIONS</http-method><http-method>DELETE</
http-met
hod>
</web-resource-collection>
<auth-constraint>
<role-name>SomeSearchRole</role-name>
</auth-constraint>
</security-constraint>
-----------------------------------------------
Also add this as sun-web.xml
------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD
Application
Server 9.0 Servlet 2.5//EN" "
http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
<context-root>/Solr</context-root>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java
code.</description>
</property>
</jsp-config>
<security-role-mapping>
<role-name>SomeAdminRole</role-name>
<group-name>SomeAdminGroup</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>SomeUpdateRole</role-name>
<group-name>SomeUpdateGroup</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>SomeSearchRole</role-name>
<group-name>SomeSearchGroup</group-name>
</security-role-mapping>
</sun-web-app>
--------------------------------------------------
-Jon
---
------------------------------------------------------------------
SECURITY/CONFIDENTIALITY WARNING: This message and any attachments
are
intended solely for the individual or entity to which they are
addressed.
This communication may contain information that is privileged,
confidential,
or exempt from disclosure under applicable law (e.g., personal
health
information, research data, financial information). Because this
e-mail has
been sent without encryption, individuals other than the intended
recipient
may be able to view the information, forward it to others or tamper
with the
information without the knowledge or consent of the sender. If you
are
not
the intended recipient, or the employee or person responsible for
delivering
the message to the intended recipient, any dissemination,
distribution
or
copying of the communication is strictly prohibited. If you received
the
communication in error, please notify the sender immediately by
replying to
this message and deleting the message and any accompanying files
from
your
system. If, due to the security risks, you do not wis
h to
receive further communications via e-mail, please reply to this
message and
inform the sender that you do not wish to receive further e-mail
from
the
sender.
---
------------------------------------------------------------------