Question posted in
Some documentation to get you started can be found here.

How to setup authentication mechanism in solr 7? – Apache

I have installed solr 7.7 standalone in my production server. I am trying to setup authentication mechanism using jetty approach. This is what I tried:

1.modified “/opt/solr/server/etc/jetty.xml

<Call name="addBean">
 <Arg>
  <New class="org.eclipse.jetty.security.HashLoginService">
   <Set name="name">Test Realm</Set>
   <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
   <Set name="refreshInterval">0</Set>
  </New>
 </Arg> 
</Call>

  1. created credentials file in /opt/solr/server/etc/realm.properties

    admin: admin123,core

  2. modified /opt/solr/server/etc/webdefault.xml

    <security-constraint>
 <web-resource-collection>
 <web-resource-name>Solr authenticated application</web-resource-name>
 <url-pattern>/</url-pattern>
 </web-resource-collection>

 <auth-constraint>
 <role-name>core</role-name>
 </auth-constraint>
</security-constraint>

<login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>Test Realm</realm-name>
</login-config>

After this If I restart solr service, solr is not getting started. In the logs I am getting error as:

 Suppressed: java.lang.NoSuchFieldException: refreshInterval
 Suppressed: java.lang.NoSuchFieldException: TYPE
 Suppressed: java.lang.NoSuchMethodException: org.eclipse.jetty.security.HashLoginService.setRefreshInterval(java.lang.String)
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Create Security file:sudo vim /var/solr/data/security.json

    {
"authentication":{
   "blockUnknown": true,
   "class":"solr.BasicAuthPlugin",
   "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
},
"authorization":{
   "class":"solr.RuleBasedAuthorizationPlugin",
   "permissions":[{"name":"security-edit",
      "role":"admin"}],
   "user-role":{"solr":"admin"}
}}

    This will create user called "solr" with password SolrRocks

    Then Restart solr service:sudo service solr restart

    Verification:http://<ip_address>:8983/solr/admin/authentication


  2. 0

    refreshInterval did not work as the method has been deprecated in favor of setHotReload (boolean) in recent versions of Jetty.

    https://archive.eclipse.org/jetty/9.3.11.v20160721/apidocs/org/eclipse/jetty/security/HashLoginService.html#setRefreshInterval-int-

    Solr 7.7 uses Jetty 9.4.14.v20181114

    https://lucene.apache.org/solr/8_4_1/changes/Changes.html#v7.7.0.versions_of_major_components

    You can use the following in jett.xml, if you still want to try this instead of BasicAuthPlugin

        <Call name="addBean">
      <Arg>
        <New class="org.eclipse.jetty.security.HashLoginService">
          <Set name="name">Login Required</Set>
          <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
          <Set name="HotReload">false</Set>
        </New>
      </Arg>
</Call>

    By the way, this procedure has some issues since it uses the "BASIC" Authentication of HashLoginService as explained here.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search