On Wed, 19 Nov 2008 22:58:52 -0800 (PST)
RaghavPrabhu [EMAIL PROTECTED] wrote:
Im using multiple cores and all i need to do is,to make the each core in
secure manner. If i am accessing the particular core via url,it should ask
and validate the credentials say Username Password for each core.
You should be able to handle this @ the servlet container level. What I did,
using Jetty + starting from the example app, was :
1) modify web.xml (part of the sources of solr.war, which you'll have to
rebuild) to define the authentication constraints you want.
[...]
!-- block by default. --
security-constraint
web-resource-collection
web-resource-nameDefault/web-resource-name
url-pattern//url-pattern
/web-resource-collection
auth-constraint/ !-- BLOCK! --
/security-constraint
!-- this constraint has no auth constraint or data constraint =
allows without auth. --
security-constraint
web-resource-collection
web-resource-nameAllowedQueries/web-resource-name
url-pattern/core1/select/*/url-pattern
url-pattern/core2/select/*/url-pattern
url-pattern/core3/select/*/url-pattern
/web-resource-collection
/security-constraint
!-- this constraint allows access to admin pages, with basic auth --
security-constraint
web-resource-collection
web-resource-nameAdmin/web-resource-name
!-- the admin for cores management --
url-pattern/admin/*/url-pattern
!-- the admin for each individual core --
url-pattern/core1/admin/*/url-pattern
url-pattern/core2/admin/*/url-pattern
url-pattern/core3/admin/*/url-pattern
!-- The Test core, full access to it --
url-pattern/_test_/*/url-pattern
/web-resource-collection
auth-constraint
!-- Roles of users are defined int the properties file
--
!-- we allow users with admin-only access --
role-nameAdmin-role/role-name
!-- we allow users with full access --
role-nameFullAccess-role/role-name
/auth-constraint
/security-constraint
!-- this constraint allows access to modify the data in the SOLR
service, with basic auth --
security-constraint
web-resource-collection
web-resource-nameRW/web-resource-name
!-- the dataimport handler for each individual core
--
url-pattern/core1/dataimport/url-pattern
url-pattern/core2/dataimport/url-pattern
url-pattern/core3/dataimport/url-pattern
!-- the update handler (XML over HTTP) for each
individual core --
url-pattern/core1/update/*/url-pattern
url-pattern/core2/update/*/url-pattern
url-pattern/core3/update/*/url-pattern
/web-resource-collection
auth-constraint
!-- Roles of users are defined int the properties file
--
!-- we allow users with rw-only access --
role-nameRW-role/role-name
!-- we allow users with full access --
role-nameFullAccess-role/role-name
/auth-constraint
/security-constraint
!-- the Realm for this app. Ideally we should have different realms
for each security-constraint, but I can't get it to work properly --
login-config
auth-methodBASIC/auth-method
realm-nameSearchSvc/realm-name
/login-config
security-role
role-nameAdmin-role/role-name
/security-role
security-role
role-nameFullAccess-role/role-name
/security-role
security-role
role-nameRW-role/role-name
/security-role
[...]
2) in Jetty's jetty.xml (or in a context...i just used jetty.xml), define where
to get the AUTH details from :
[...]
Set name=UserRealms
Array type=org.mortbay.jetty.security.UserRealm
Item
New class=org.mortbay.jetty.security.HashUserRealm
Set name=nameSearchSvc/Set
Set name=config
SystemProperty name=jetty.home default=.
//etc/searchsvc_access.properties/Set
!--Set name=reloadInterval10/Set--
!--Call name=start/Call--
/New
/Item
[...]
3) Read in jetty's documentation how to create the .properties file with the
auth info...
I am not sure if this is the BEST way