Edit /opt/solr/etc/jetty.xml and add the following:
<Configure>
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
...
</Configure>
Edit /opt/solr/solr-webapp/webapp/WEB-INF/web.xml and add the following:
<web-app>
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr authenticated application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>core1-role</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
</web-app>
Create a file in /opt/solr/etc/realm.properties and put the following in it:
admin: yourPasswordHere,core1-role
You can change "admin" to whatever username you want.
For the password, you can either use the literal password, or use an OBF/MD5/CRYPT hash. To create a hash, you can do the following:
cd /opt/solr
java -cp /lib/jetty-util-8.1.10.v20130312.jar org.eclipse.jetty.util.security.Password admin yourPasswordHere
The above utility will print out the hash to the screen, and you can chose either the OBF, MD5, or CRYPT line. Make sure that you copy the entire line, including the "OBF:..." part. Copy this line to the /opt/solr/etc/realm.properties file; the result will look something like this:
admin: OBF:1x1v1xmk1w9b1pyh1oq31uum1xtv1zej1zer1xtn1uvk1or71pw51w8f1xmq1x0r
,core1-role
The above is all in one line. No line break. Make sure you put the comma before the "core1-role".
After you've changed everything, restart the solr server. If you're using Fedora, do this:
sudo /sbin/service jetty.sh restart
Then open up your web browser to http://localhost:8983/solr/#/collection1/query and the web browser should ask you for a password. Enter admin for the user name and yourPasswordHere for the password.
Hint: if you get an error on the Solr admin webpage, you can check the log for warning messages. The log file is here: /opt/solr/logs/solr.log
More info:
23 comments:
Hi Matthew,
works as described.
tested on SOLR 4.7.0
Thank you.
Great, glad it worked!
hi,
ist possible to not have to log in if the ip address is localhost or 127.0.0.1, etc ?
Hi Matthew,
Thanks a lot man. Worked perfectly.
Do you have anything for hardening of Solr server so that unnecessary services can be stopped or its performance can be imporved further?
If yes, please share.
Thanks
No sorry, I haven't done anything with that yet, but if I do, I'll post it on my blog.
My solr admin is not accepting password. I exactly follow what is said but when I open solr admin in browser, login popup appeared but it does not accept my user name and password
Hi, Hafiz Shafiq
I met the same problem when I put the realm file under /etc/realm.properties
Make sure you put realm.properties under /opt/solr/etc/realm.properties
.
I haven't tried this recently, so perhaps newer versions of Solr 4 are different. I have played with Solr 5, but I haven't tried these instructions with Solr 5 yet.
Hi Matthew
I see that you've been recently testing Solr 5.x and was wondering if you have figured out how to secure it yet.
I tried applying the instructions here on my 5.x install but can't get it working.
Any tips appreciated
thank you
Hi Colin,
Thanks for reading some of my Solr blog entries. Sorry for the delay in the reply. I haven't worked on getting password authentication working with Solr 5 yet, so I don't have any tips for that. What you could do, is put your Solr 5 server on its own private network (i.e. not on the Internet), and have your web server on the internet, and also have that web server on the same private network as the Solr 5 server. Then you can sleep at night knowing that your Solr 5 server isn't accessible to anything except the web sever.
Matthew
u r the man, the machine,
its work for me
yaaahuuuuu
Hi, Hafiz Shafiq
I had the same problem as you. You can try to check the file name "real.properties" because the name of my file was "real.properties.txt".
Anyone tried with Solr 5.2.1? Can´t get it working, everytime while tying i get 503 service unavailable :(
Not reuqired any more
Could you please explain that? I know that in 5.3 authentication will be implemented, but in 5.2.1?
Hi,
I am using solr 5.3.0.
Can anyone help me out to achieve authetication for this version.
Thanks in advance.
Nisha
Thanks a lot mathew...
It worked...:)
Great article.. worked beautifully
Tested on solr 5.3.1
That helped me in installing Solr for Django-oscar.
Hi,
I am doing the same but it's giving 404 error.
Use URl below for Sitecore Setting.
https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/search_and_indexing/protecting_solr_over_http
Post a Comment