Reputation: 1531
How to setup authentication mechanism in solr 7?
I have installed solr 7.7 standalone in my production server. I am trying to setup authentication mechanism using jetty approach. This is what I tried:
1.modified “/opt/solr/server/etc/jetty.xml
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
created credentials file in /opt/solr/server/etc/realm.properties
admin: admin123,coremodified /opt/solr/server/etc/webdefault.xml
<security-constraint> <web-resource-collection> <web-resource-name>Solr authenticated application</web-resource-name> <url-pattern>/</url-pattern> </web-resource-collection> <auth-constraint> <role-name>core</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Test Realm</realm-name> </login-config>
After this If I restart solr service, solr is not getting started. In the logs I am getting error as:
Suppressed: java.lang.NoSuchFieldException: refreshInterval
Suppressed: java.lang.NoSuchFieldException: TYPE
Suppressed: java.lang.NoSuchMethodException: org.eclipse.jetty.security.HashLoginService.setRefreshInterval(java.lang.String)
Upvotes: 2
Views: 1057
Answers (2)
Reputation: 312
refreshInterval did not work as the method has been deprecated in favor of setHotReload (boolean) in recent versions of Jetty.
Solr 7.7 uses Jetty 9.4.14.v20181114
https://lucene.apache.org/solr/8_4_1/changes/Changes.html#v7.7.0.versions_of_major_components
You can use the following in jett.xml, if you still want to try this instead of BasicAuthPlugin -
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Login Required</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="HotReload">false</Set>
</New>
</Arg>
</Call>
By the way, this procedure has some issues since it uses the "BASIC" Authentication of HashLoginService as explained here.
Upvotes: 0
Reputation: 1531
Create Security file:sudo vim /var/solr/data/security.json
{
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"permissions":[{"name":"security-edit",
"role":"admin"}],
"user-role":{"solr":"admin"}
}}
This will create user called "solr" with password SolrRocks
Then Restart solr service:sudo service solr restart
Verification:http://<ip_address>:8983/solr/admin/authentication
Upvotes: 3
Related Questions
- solr - basic authentication
- adding basic authentication to Solr 8.6.1
- Authenticating SolrCore using Spring Data Solr
- Username and password authentication for Solr
- Basic Authentication is not working in Apache solr 8
- solr 7.4.0 security.json authentication
- basic authentication with REST in Solr 6.6.1
- Restricting Solr Queries to Web Application
- Authentication in Solr 5
- Solr Authentication