Hi Mark, As I know you can either limit server access by only allowing certain IPs which is a crude, or as you said using the servlet BASIC authentication. Solr is just a WAR file deployed in a Servlet container, so you can use all of the capabilities of Servlet containers to control access. In order to limit access to /solr/update* and /solr/ admin/* in Jetty by requiring BASIC authentication from your users, you merely edit the web.xml in your Solr WAR adding the following stanza at the bottom: <security-constraint> <web-resource-collection> <web-resource-name>Solr Admin</web-resource-name> <url-pattern>/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Solr Update</web-resource-name> <url-pattern>/update*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> <role-name>content_updater</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Test Realm</realm-name> </login-config>
This specifies that access to the /update* URLs is limited to anyone in the roles of admin or content_updater, although only admin users can access the /admin/* URLs. The realm-name is what ties the security constraints to the users configured in Jetty. You may need to refer to Jetty side to see how to configure user realm. Best Regards, Liang -----Original Message----- From: geeky2 [mailto:gee...@hotmail.com] Sent: 2012年3月29日 3:36 To: solr-user@lucene.apache.org Subject: Re: authentication for solr admin page? update - ok - i was reading about replication here: http://wiki.apache.org/solr/SolrReplication and noticed comments in the solrconfig.xml file related to HTTP Basic Authentication and the usage of the following tags: <str name="httpBasicAuthUser">username</str> <str name="httpBasicAuthPassword">password</str> *Can i place these tags in the request handler to achieve an authentication scheme for the /admin page?* // snipped from the solrconfig.xml file <requestHandler name="/admin/" class="org.apache.solr.handler.admin.AdminHandlers"/> thanks for any help mark -- View this message in context: http://lucene.472066.n3.nabble.com/authentication-for-solr-admin-page-tp3865665p3865747.html Sent from the Solr - User mailing list archive at Nabble.com.
