This JIRA covers a lot of what you're asking:
https://issues.apache.org/jira/browse/SOLR-4470
I am also trying to get this sort of solution in place, but it seems to
be dying off a bit. Hopefully we can get some interest on this again,
this question comes up every few weeks, it seems.
I can confirm the latest patch from this JIRA works as expected,
although my primary concern is the credentials appear in the JVM
command, and I'd like to move that to a file.
Cheers,
Tim
On 11/04/13 10:41 AM, Michael Della Bitta wrote:
It's fairly easy to lock down Solr behind basic auth using just the
servlet container it's running in, but the problem becomes letting
services that *should* be able to access Solr in. I've rolled with
basic auth in some setups, but certain deployments such as Solr Cloud
or sharded setups don't play well with auth because there's no good
way to configure them to use it.
Michael Della Bitta
------------------------------------------------
Appinions
18 East 41st Street, 2nd Floor
New York, NY 10017-6271
www.appinions.com
Where Influence Isn’t a Game
On Thu, Apr 11, 2013 at 1:19 PM, Raymond Wiker<rwi...@gmail.com> wrote:
On Apr 11, 2013, at 17:12 , adfel70<adfe...@gmail.com> wrote:
Hi
I need to implement security in solr as follows:
1. prevent unauthorized users from accessing to solr admin pages.
2. prevent unauthorized users from performing solr operations - both /admin
and /update.
Is the conclusion of this thread is that this is not possible at the moment?
The "obvious" solution (to me, at least) would be to (1) restrict access to solr to
localhost, and (2) use a reverse proxy (e.g, apache) on the same node to provide
authenticated& restricted access to solr. I think I've seen recipes for (1), somewhere,
and I've used (2) fairly extensively for similar purposes.
