Re: Solr 5.3 to 6.0
You cannot go from 5->8 true. However, you also cannot go from 5->6->7->8. As of Lucene 8, Lucene will refuse to open an index that has ever been touched by Lucene 6, no matter whether you’ve used IndexUpgraderTool, reindexed all your data etc. So you’ll have to plan on re-indexing from your system of record when you go to Solr 8 no matter what, so why not now? Best, Erick > On Jun 19, 2019, at 10:02 AM, ilango dhandapani > wrote: > > In solr reference guide, I read that need to go to next major version and > cannot jump ahead next major verison, as indexes will not work. I did not > attempt from 5.3 to 7.x or 8.x though. > > Thanks, > Ilango > > > > -- > Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html
Re: Solr 5.3 to 6.0
In solr reference guide, I read that need to go to next major version and cannot jump ahead next major verison, as indexes will not work. I did not attempt from 5.3 to 7.x or 8.x though. Thanks, Ilango -- Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html
Re: Solr 5.3 to 6.0
Got to the latest 6x release if you must stick with 6x. Why not leapfrog all the way to 8? Erick > On Jun 19, 2019, at 9:08 AM, ilango dhandapani > wrote: > > Shawn, > > Is it advisable to goto 6.6 or 6.0 from 5.3.0 ?' > > Thanks, > Ilango > > > > -- > Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html
Re: Solr 5.3 to 6.0
Shawn, Is it advisable to goto 6.6 or 6.0 from 5.3.0 ?' Thanks, Ilango -- Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html
Re: Solr 5.3 to 6.0
Thanks Shawn. It worked after i explicitly mentioned docValues=False for the fields am using in managed-schema. So in case if I need to re index from scratch in new version, is there any better way of doing that quickly ? Thanks, Ilango -- Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html
Re: Solr 5.3 to 6.0
On 6/18/2019 12:16 PM, ilango dhandapani wrote: Tried several attempts like delete collection/config, take index backup from 5.3, clear index and place them back after upgrade. All tried resulted in faceting not working with 5.3 and 6.0 data combined. Most likely what happened here is that the field classes you're using changed so they default to docValues="true" in version 6. When docValues is enabled on a field, Solr will use docValues for faceting and sorting ... and the existing data in the index from the old version may not actually have any docValues data. I can clean up index and upgrade to 6.0 and reindex all from my DB. Here faceting works fine. Problem is I have less data in non prod but I have ~280 million records in prod and is growing daily. So cleaning and reindexing all of them from DB is going to take weeks. You could *try* explicitly setting docValues="false" on the fields where you need to facet so that Solr will not try to use docValues for faceting ... but I can't guarantee that this is going to actually work. Really what you need to do is reindex from scratch on the new version. Thanks, Shawn
Solr 5.3 to 6.0
Am trying to upgrade from solr (cloud mode ) 5.3 to 6.0. My ZK version is 3.4.6 I updated the schema from 6.0 and started back solr as 6.0. All the old data is present. I have a UI, where all the files are displayed ( by search from solr). When I add new data , faceting is not working and having issues in displaying files in my UI. Tried several attempts like – take index 5.3 backup , clean index , upgrade, place index back. Still When I add new data , faceting is not working and having issues in displaying files in my UI. I reindexed all data from my DB, with an empty 6.0 and no issues here. Faceting works fine with all new data and old one reindexed from my DB freshly. But in my production, I have ~ 280 million records and will take several weeks to re index them from my DB. Please let me know if there is a better way to deal with this scenario. Thanks, Ilango -- Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html
Solr 5.3 to 6.0
Am trying to upgrade my solr (cloud mode ) from 5.3 to 6.0 version. My Zk verison is 3.4.6. After updating schema and starting solr as 6.0, all the nodes health look fine. When I add new files and they goto all the shards, faceting stops working. I have a UI where the files are displayed ( search from solr) and this functionality is impacted. But am able to search for any 5.3 indexed file but only faceting is not functioning as expected. Tried several attempts like delete collection/config, take index backup from 5.3, clear index and place them back after upgrade. All tried resulted in faceting not working with 5.3 and 6.0 data combined. I can clean up index and upgrade to 6.0 and reindex all from my DB. Here faceting works fine. Problem is I have less data in non prod but I have ~280 million records in prod and is growing daily. So cleaning and reindexing all of them from DB is going to take weeks. Is there a better way to handle this scenario ? Thanks, Ilango -- Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html
Re: How to use Solr 5.3 using Maven ?
Hi, here [1] you can find one way to do that. You can start such class as a JUnit test or a simple main, using Maven or not. Best, Andrea [1] http://stackoverflow.com/questions/31521345/solr-5-integration-tests-with-maven#33189271 On 28/09/16 15:13, todhanda wrote: I am using Solr 5.3, and would need to get it working with Apache Maven(3.1.1). Is there any way the Maven can be configured to start and/or stop the Solr 5.3 (may be by using any maven plugin) ? -- View this message in context: http://lucene.472066.n3.nabble.com/How-to-use-Solr-5-3-using-Maven-tp4298430.html Sent from the Solr - User mailing list archive at Nabble.com.
How to use Solr 5.3 using Maven ?
I am using Solr 5.3, and would need to get it working with Apache Maven(3.1.1). Is there any way the Maven can be configured to start and/or stop the Solr 5.3 (may be by using any maven plugin) ? -- View this message in context: http://lucene.472066.n3.nabble.com/How-to-use-Solr-5-3-using-Maven-tp4298430.html Sent from the Solr - User mailing list archive at Nabble.com.
Solr 5.3 with Maven
I am using Solr 5.3, and would need to get it working with Apache Maven(3.1.1). Is there any way the Maven can be configured to start and/or stop the Solr 5.3 (may be by using any maven plugin) ? - Puneet
Re: Group and sum in SOLR 5.3
Hi Pablo, will try this. Sorry for the late reply but I didn't get any notification of this answer! Thanks, Andrea -- View this message in context: http://lucene.472066.n3.nabble.com/Group-and-sum-in-SOLR-5-3-tp4289556p4290750.html Sent from the Solr - User mailing list archive at Nabble.com.
Re: Group and sum in SOLR 5.3
Using the json facet api is quite easy Check out: http://yonik.com/json-facet-api/#TermsFacet http://solr:8983/solr/your_collection/select?q=*:*&wt=json&indent=true&json.facet= { property_codes_group_by : { type : terms, field : property_code, facet : { sum_price : "sum(price)" } } } 2016-07-29 7:47 GMT-03:00 andreap21 : > Hi, > is there any way in SOLR 5.3 to achieve grouping and do mathematical > operations like sum, avg on a certain document property? > > Please find below example: > > > HIKS > Hotel Holiday Inn King's cross > 4 > 40.99 > > > > HIKS > Hotel Holiday Inn King's cross > 4 > 40.99 > > > > HIKS > Hotel Holiday Inn King's cross > 4 > 40.99 > > > We would need to group by the property_code (HIKS) and get the sum of all > the prices from the resulting group. > > > Thanks, > Andrea > > > > -- > View this message in context: > http://lucene.472066.n3.nabble.com/Group-and-sum-in-SOLR-5-3-tp4289556.html > Sent from the Solr - User mailing list archive at Nabble.com. >
Group and sum in SOLR 5.3
Hi, is there any way in SOLR 5.3 to achieve grouping and do mathematical operations like sum, avg on a certain document property? Please find below example: HIKS Hotel Holiday Inn King's cross 4 40.99 HIKS Hotel Holiday Inn King's cross 4 40.99 HIKS Hotel Holiday Inn King's cross 4 40.99 We would need to group by the property_code (HIKS) and get the sum of all the prices from the resulting group. Thanks, Andrea -- View this message in context: http://lucene.472066.n3.nabble.com/Group-and-sum-in-SOLR-5-3-tp4289556.html Sent from the Solr - User mailing list archive at Nabble.com.
Re: integrate solr 5.3 with casebox
I'd suggest you talk to the casebox folks. BlockJoinFacetComponent is part of the core Solr jar, you'll find a jar named something like solr-core-X.X.X.jar in your distro (or the one provided by casebox). If that jar isn't accessible by Solr, nothing whatsoever would run. So my guess is that you have two or more versions of Solr on your system and are somehow loading a mixture of old and new jars (I have no clue when BlockJoinFacetComponent was introduced). Best, Erick On Wed, Apr 27, 2016 at 11:41 PM, tkg_cangkul wrote: > anybody can help me to solve this pls? > > > On 27/04/16 23:46, tkg_cangkul wrote: > > hi i'm a new user in solr. i'm just trying to integrating solr with > casebox. when i try to install casebox, there are step to create new core > in solr. but i have this error message. > > [image: error] > > is there any plugin or library that i've missed? pls help me. > > >
Solr 5.3: anything similar to ChildDocTransformerFactory that does not flatten the hierarchical structure?
Hi all, Following the example from https://dzone.com/articles/using-solr-49-new , let's say we are given multiple-level nested structure: 1 I am the parent PARENT 1.1 I am the 1st child CHILD 1.2 I am the 2nd child CHILD 1.2.1 I am a grandchildren GRANDCHILD Querying q={!parent which="cat:PARENT"}name:(I am +child)&fl=id,name,[child parentFilter=cat:PARENT] will return flattened structure, where cat:CHILD and cat:GRANDCHILD documents end up on the same level: 1 I am the parent PARENT 1.1 I am the 1st child CHILD 1.2 I am the 2nd child CHILD 1.2.1 I am a grandchildren GRANDCHILD Indeed, the JAVAdocs for ChildDocTransformerFactory say: "This transformer returns all descendants of each parent document in a flat list nested inside the parent document". Yet is there any way to preserve the hierarchy in the response? I really need to find the way to preserve the structure in the response. Thank you in advance! -- Alisa Zhila
Solr 5.3 SSL
Hi, Solr guru We have worked well with solr 5.3 non SSL. Now we are working on SSL by following https://cwiki.apache.org/confluence/display/solr/Enabling+SSL <https://cwiki.apache.org/confluence/display/solr/Enabling+SSL> Cluster is up and and can be accessible via https://:18983/solr/# When we create a collection, it redirect request to a non ssl port and error out . $ solr-5.3.1_8983/solr-5.3.1-SNAPSHOT/bin/solr create -c collection4 -n scconfig -shards 5 -replicationFactor 1 Connecting to ZooKeeper at ma1-solrt-lcb04:8925,ma1-solrt-lcb05:8925 ... Re-using existing configuration directory scconfig Creating new collection 'collection4' using command: https://:18985/solr/admin/collections?action=CREATE&name=collection4&numShards=5&replicationFactor=1&maxShardsPerNode=1&collection.configName=scconfig ERROR: Failed to create collection 'collection4' due to: org.apache.solr.client.solrj.SolrServerException:IOException occured when talking to server at: http://:18983/solr Could you please shed some light ? Thanks a lot -Jian
Re: indexing rich data with solr 5.3
thank you Erik for your precious advice. 2016-01-14 17:24 GMT+00:00 Erik Hatcher : > And also, bin/post can be your friend when it comes to troubleshooting or > introspecting Tika parsing via /update/extract. Like this: > > $ bin/post -c test -params "extractOnly=true&wt=ruby&indent=yes" -out yes > docs/SYSTEM_REQUIREMENTS.html > java -classpath /Users/erikhatcher/solr-5.3.0/dist/solr-core-5.3.0.jar > -Dauto=yes -Dparams=extractOnly=true&wt=ruby&indent=yes -Dout=yes -Dc=test > -Ddata=files org.apache.solr.util.SimplePostTool > /Users/erikhatcher/solr-5.3.0/docs/SYSTEM_REQUIREMENTS.html > SimplePostTool version 5.0.0 > Posting files to [base] url > http://localhost:8983/solr/test/update?extractOnly=true&wt=ruby&indent=yes. > .. > Entering auto mode. File endings considered are > xml,json,csv,pdf,doc,docx,ppt,pptx,xls,xlsx,odt,odp,ods,ott,otp,ots,rtf,htm,html,txt,log > POSTing file SYSTEM_REQUIREMENTS.html (text/html) to [base]/extract > { > 'responseHeader'=>{ > 'status'=>0, > 'QTime'=>3}, > ''=>' > http://www.w3.org/1999/xhtml";> > > >- from > https://lucidworks.com/blog/2015/08/04/solr-5-new-binpost-utility/ > > But I also recommend having the Tika desktop app handy, in which you can > drag and drop a file and see the gory details of how it parses the file. > > — > Erik Hatcher, Senior Solutions Architect > http://www.lucidworks.com > > > > > On Jan 14, 2016, at 10:55 AM, Erick Erickson > wrote: > > > > No good way except to try them. For getting details on Tika parsing > > failures, I much prefer the SolrJ process that the link I sent you > > outlines. > > > > Best, > > Erick > > > > On Thu, Jan 14, 2016 at 7:52 AM, kostali hassan > > wrote: > >> thank you Eric I have prb with this files; last question how to define > or > >> get the list of files cant be indexing or bad files. > >> > >> > >>> > >>> > >>> > >>> > >
Re: indexing rich data with solr 5.3
And also, bin/post can be your friend when it comes to troubleshooting or introspecting Tika parsing via /update/extract. Like this: $ bin/post -c test -params "extractOnly=true&wt=ruby&indent=yes" -out yes docs/SYSTEM_REQUIREMENTS.html java -classpath /Users/erikhatcher/solr-5.3.0/dist/solr-core-5.3.0.jar -Dauto=yes -Dparams=extractOnly=true&wt=ruby&indent=yes -Dout=yes -Dc=test -Ddata=files org.apache.solr.util.SimplePostTool /Users/erikhatcher/solr-5.3.0/docs/SYSTEM_REQUIREMENTS.html SimplePostTool version 5.0.0 Posting files to [base] url http://localhost:8983/solr/test/update?extractOnly=true&wt=ruby&indent=yes... Entering auto mode. File endings considered are xml,json,csv,pdf,doc,docx,ppt,pptx,xls,xlsx,odt,odp,ods,ott,otp,ots,rtf,htm,html,txt,log POSTing file SYSTEM_REQUIREMENTS.html (text/html) to [base]/extract { 'responseHeader'=>{ 'status'=>0, 'QTime'=>3}, ''=>' http://www.w3.org/1999/xhtml";> https://lucidworks.com/blog/2015/08/04/solr-5-new-binpost-utility/ But I also recommend having the Tika desktop app handy, in which you can drag and drop a file and see the gory details of how it parses the file. — Erik Hatcher, Senior Solutions Architect http://www.lucidworks.com > On Jan 14, 2016, at 10:55 AM, Erick Erickson wrote: > > No good way except to try them. For getting details on Tika parsing > failures, I much prefer the SolrJ process that the link I sent you > outlines. > > Best, > Erick > > On Thu, Jan 14, 2016 at 7:52 AM, kostali hassan > wrote: >> thank you Eric I have prb with this files; last question how to define or >> get the list of files cant be indexing or bad files. >> >> >>> >>> >>> >>>
Re: indexing rich data with solr 5.3
No good way except to try them. For getting details on Tika parsing failures, I much prefer the SolrJ process that the link I sent you outlines. Best, Erick On Thu, Jan 14, 2016 at 7:52 AM, kostali hassan wrote: > thank you Eric I have prb with this files; last question how to define or > get the list of files cant be indexing or bad files. > > >> >> >> >>
Fwd: indexing rich data with solr 5.3
thank you Eric I have prb with this files; last question how to define or get the list of files cant be indexing or bad files. > > > >
Re: indexing rich data with solr 5.3
Then you probably have a corrupt file or have discovered a Tika bug. Next I'd try running the file through stand-alone Tika, perhaps trying different versions of Tika. If this latter is the case, you can always use a more recent version of Tika with Solr and/or process the file on a SolrJ client (which I recommend anyway for high-volume systems). See: https://lucidworks.com/blog/2012/02/14/indexing-with-solrj/ Best, Erick On Tue, Jan 12, 2016 at 2:03 AM, kostali hassan wrote: > yes i'am indexing succeflly with DIH other files ; now i try to index this > files with ExtractingRequestHandler i get this ERROR: > > null:org.apache.solr.common.SolrException: > org.apache.tika.exception.TikaException: Error creating OOXML > extractor > at > org.apache.solr.handler.extraction.ExtractingDocumentLoader.load(ExtractingDocumentLoader.java:227) > at > org.apache.solr.handler.ContentStreamHandlerBase.handleRequestBody(ContentStreamHandlerBase.java:74) > at > org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:143) > at org.apache.solr.core.SolrCore.execute(SolrCore.java:2068) > at org.apache.solr.servlet.HttpSolrCall.execute(HttpSolrCall.java:669) > at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:462) > at > org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:214) > at > org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:179) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) > at > org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) > at org.eclipse.jetty.server.Server.handle(Server.java:499) > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310) > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) > at > org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) > at java.lang.Thread.run(Thread.java:745) > Caused by: org.apache.tika.exception.TikaException: Error creating > OOXML extractor > at > org.apache.tika.parser.microsoft.ooxml.OOXMLExtractorFactory.parse(OOXMLExtractorFactory.java:122) > at > org.apache.tika.parser.microsoft.ooxml.OOXMLParser.parse(OOXMLParser.java:82) > at > org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:256) > at > org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:256) > at > org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:120) > at > org.apache.solr.handler.extraction.ExtractingDocumentLoader.load(ExtractingDocumentLoader.java:221) > ... 27 more > Caused by: org.apache.poi.openxml4j.exceptions.InvalidFormatException: > Package should contain a content type part [M1.13] > at > org.apache.poi.openxml4j.opc.ZipPackage.getPartsImpl(ZipPackage.java:203) > at > org.apache.poi.openxml4j.opc.OPCPackage.getParts(OPCPackage.java:673) > at org.apache.poi.openxml4j.opc.OPCPackage.open(OPCPackage.java:274) > at > org.apache.tika.parser.microsoft.ooxml.OOXMLExtractorFactory.parse(OOXMLExtractorFactory.java:73) > > > 2016-01-12 1:23 GMT+00:00 Erick Erickson : > >> Looks like a bad file. Do you have any success using DIH on any files? >> >> What happens if you just send that particular file throug the >> ExtractingRequestHandler? >> >> Best, >> Erick >> >> On Mon, Jan 11, 2016 at 3:51 PM, kostali hassan >> wrote: >> > such files msword and pdf donsnt indexing using *dataimoprt i have this >> > error:* >> > >> > Full Import failed:java.lang.RuntimeException: >> >
Re: indexing rich data with solr 5.3
yes i'am indexing succeflly with DIH other files ; now i try to index this files with ExtractingRequestHandler i get this ERROR: null:org.apache.solr.common.SolrException: org.apache.tika.exception.TikaException: Error creating OOXML extractor at org.apache.solr.handler.extraction.ExtractingDocumentLoader.load(ExtractingDocumentLoader.java:227) at org.apache.solr.handler.ContentStreamHandlerBase.handleRequestBody(ContentStreamHandlerBase.java:74) at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:143) at org.apache.solr.core.SolrCore.execute(SolrCore.java:2068) at org.apache.solr.servlet.HttpSolrCall.execute(HttpSolrCall.java:669) at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:462) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:214) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:179) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) at java.lang.Thread.run(Thread.java:745) Caused by: org.apache.tika.exception.TikaException: Error creating OOXML extractor at org.apache.tika.parser.microsoft.ooxml.OOXMLExtractorFactory.parse(OOXMLExtractorFactory.java:122) at org.apache.tika.parser.microsoft.ooxml.OOXMLParser.parse(OOXMLParser.java:82) at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:256) at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:256) at org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:120) at org.apache.solr.handler.extraction.ExtractingDocumentLoader.load(ExtractingDocumentLoader.java:221) ... 27 more Caused by: org.apache.poi.openxml4j.exceptions.InvalidFormatException: Package should contain a content type part [M1.13] at org.apache.poi.openxml4j.opc.ZipPackage.getPartsImpl(ZipPackage.java:203) at org.apache.poi.openxml4j.opc.OPCPackage.getParts(OPCPackage.java:673) at org.apache.poi.openxml4j.opc.OPCPackage.open(OPCPackage.java:274) at org.apache.tika.parser.microsoft.ooxml.OOXMLExtractorFactory.parse(OOXMLExtractorFactory.java:73) 2016-01-12 1:23 GMT+00:00 Erick Erickson : > Looks like a bad file. Do you have any success using DIH on any files? > > What happens if you just send that particular file throug the > ExtractingRequestHandler? > > Best, > Erick > > On Mon, Jan 11, 2016 at 3:51 PM, kostali hassan > wrote: > > such files msword and pdf donsnt indexing using *dataimoprt i have this > > error:* > > > > Full Import failed:java.lang.RuntimeException: > > java.lang.RuntimeException: > > org.apache.solr.handler.dataimport.DataImportHandlerException: Unable > > to read content Processing Document # 2 > > at > org.apache.solr.handler.dataimport.DocBuilder.execute(DocBuilder.java:270) > > at > org.apache.solr.handler.dataimport.DataImporter.doFullImport(DataImporter.java:416) > > at > org.apache.solr.handler.dataimport.DataImporter.runCmd(DataImporter.java:480) > > at > org.apache.solr.handler.dataimport.DataImporter$1.run(DataImporter.java:461) > > Caused by: java.lang.RuntimeException: > > org.apache.solr.handler.dataimport.DataImportHandlerException: Unable > > to read content
Re: indexing rich data with solr 5.3
Looks like a bad file. Do you have any success using DIH on any files? What happens if you just send that particular file throug the ExtractingRequestHandler? Best, Erick On Mon, Jan 11, 2016 at 3:51 PM, kostali hassan wrote: > such files msword and pdf donsnt indexing using *dataimoprt i have this > error:* > > Full Import failed:java.lang.RuntimeException: > java.lang.RuntimeException: > org.apache.solr.handler.dataimport.DataImportHandlerException: Unable > to read content Processing Document # 2 > at > org.apache.solr.handler.dataimport.DocBuilder.execute(DocBuilder.java:270) > at > org.apache.solr.handler.dataimport.DataImporter.doFullImport(DataImporter.java:416) > at > org.apache.solr.handler.dataimport.DataImporter.runCmd(DataImporter.java:480) > at > org.apache.solr.handler.dataimport.DataImporter$1.run(DataImporter.java:461) > Caused by: java.lang.RuntimeException: > org.apache.solr.handler.dataimport.DataImportHandlerException: Unable > to read content Processing Document # 2 > at > org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:416) > at > org.apache.solr.handler.dataimport.DocBuilder.doFullDump(DocBuilder.java:329) > at > org.apache.solr.handler.dataimport.DocBuilder.execute(DocBuilder.java:232) > ... 3 more > Caused by: org.apache.solr.handler.dataimport.DataImportHandlerException: > Unable to read content Processing Document # 2 > at > org.apache.solr.handler.dataimport.DataImportHandlerException.wrapAndThrow(DataImportHandlerException.java:70) > at > org.apache.solr.handler.dataimport.TikaEntityProcessor.nextRow(TikaEntityProcessor.java:168) > at > org.apache.solr.handler.dataimport.EntityProcessorWrapper.nextRow(EntityProcessorWrapper.java:243) > at > org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:475) > at > org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:514) > at > org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:414) > ... 5 more > Caused by: org.apache.tika.exception.TikaException: Unexpected > RuntimeException from > org.apache.tika.parser.microsoft.ooxml.OOXMLParser@188120 > at > org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:258) > at > org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:256) > at > org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:120) > at > org.apache.solr.handler.dataimport.TikaEntityProcessor.nextRow(TikaEntityProcessor.java:162) > ... 9 more > Caused by: org.apache.poi.openxml4j.exceptions.InvalidOperationException: > Can't open the specified file: > 'D:\solr\solr-5.3.1\server\tmp\apache-tika-121920532070319073.tmp' > at org.apache.poi.openxml4j.opc.ZipPackage.(ZipPackage.java:112) > at org.apache.poi.openxml4j.opc.OPCPackage.open(OPCPackage.java:224) > at > org.apache.tika.parser.microsoft.ooxml.OOXMLExtractorFactory.parse(OOXMLExtractorFactory.java:69) > at > org.apache.tika.parser.microsoft.ooxml.OOXMLParser.parse(OOXMLParser.java:82) > at > org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:256) > ... 12 more > Caused by: java.util.zip.ZipException: invalid END header (bad central > directory offset) > at java.util.zip.ZipFile.open(Native Method) > at java.util.zip.ZipFile.(ZipFile.java:220) > at java.util.zip.ZipFile.(ZipFile.java:150) > at java.util.zip.ZipFile.(ZipFile.java:164) > at > org.apache.poi.openxml4j.opc.internal.ZipHelper.openZipFile(ZipHelper.java:174) > at org.apache.poi.openxml4j.opc.ZipPackage.(ZipPackage.java:110) > ... 16 more
indexing rich data with solr 5.3
such files msword and pdf donsnt indexing using *dataimoprt i have this error:* Full Import failed:java.lang.RuntimeException: java.lang.RuntimeException: org.apache.solr.handler.dataimport.DataImportHandlerException: Unable to read content Processing Document # 2 at org.apache.solr.handler.dataimport.DocBuilder.execute(DocBuilder.java:270) at org.apache.solr.handler.dataimport.DataImporter.doFullImport(DataImporter.java:416) at org.apache.solr.handler.dataimport.DataImporter.runCmd(DataImporter.java:480) at org.apache.solr.handler.dataimport.DataImporter$1.run(DataImporter.java:461) Caused by: java.lang.RuntimeException: org.apache.solr.handler.dataimport.DataImportHandlerException: Unable to read content Processing Document # 2 at org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:416) at org.apache.solr.handler.dataimport.DocBuilder.doFullDump(DocBuilder.java:329) at org.apache.solr.handler.dataimport.DocBuilder.execute(DocBuilder.java:232) ... 3 more Caused by: org.apache.solr.handler.dataimport.DataImportHandlerException: Unable to read content Processing Document # 2 at org.apache.solr.handler.dataimport.DataImportHandlerException.wrapAndThrow(DataImportHandlerException.java:70) at org.apache.solr.handler.dataimport.TikaEntityProcessor.nextRow(TikaEntityProcessor.java:168) at org.apache.solr.handler.dataimport.EntityProcessorWrapper.nextRow(EntityProcessorWrapper.java:243) at org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:475) at org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:514) at org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:414) ... 5 more Caused by: org.apache.tika.exception.TikaException: Unexpected RuntimeException from org.apache.tika.parser.microsoft.ooxml.OOXMLParser@188120 at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:258) at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:256) at org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:120) at org.apache.solr.handler.dataimport.TikaEntityProcessor.nextRow(TikaEntityProcessor.java:162) ... 9 more Caused by: org.apache.poi.openxml4j.exceptions.InvalidOperationException: Can't open the specified file: 'D:\solr\solr-5.3.1\server\tmp\apache-tika-121920532070319073.tmp' at org.apache.poi.openxml4j.opc.ZipPackage.(ZipPackage.java:112) at org.apache.poi.openxml4j.opc.OPCPackage.open(OPCPackage.java:224) at org.apache.tika.parser.microsoft.ooxml.OOXMLExtractorFactory.parse(OOXMLExtractorFactory.java:69) at org.apache.tika.parser.microsoft.ooxml.OOXMLParser.parse(OOXMLParser.java:82) at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:256) ... 12 more Caused by: java.util.zip.ZipException: invalid END header (bad central directory offset) at java.util.zip.ZipFile.open(Native Method) at java.util.zip.ZipFile.(ZipFile.java:220) at java.util.zip.ZipFile.(ZipFile.java:150) at java.util.zip.ZipFile.(ZipFile.java:164) at org.apache.poi.openxml4j.opc.internal.ZipHelper.openZipFile(ZipHelper.java:174) at org.apache.poi.openxml4j.opc.ZipPackage.(ZipPackage.java:110) ... 16 more
Re: Solr 5.3 spellcheck always return lower case?
Hi QuestionNews, can you send us the schema.xml and the field involved in the problem ? I agree with Erick, are you sure your field type doesn't do any lowercasing ? Cheers On 13 November 2015 at 13:39, QuestionNews . wrote: > The data displayed when doing a query is correct case. The fieldType > doesn't do any case manipulation and the requestHandler/searchComponent > don't have any settings declared that I can see. > > Why is my spellcheck returning results that are all lower case? > > Is there a way for me to stop this from happening or have spellcheck return > an additional field. > > Thanks for your help and pardon me if I am not using this mailing list > properly. It is my first time utilizing it. > -- -- Benedetti Alessandro Visiting card : http://about.me/alessandro_benedetti "Tyger, tyger burning bright In the forests of the night, What immortal hand or eye Could frame thy fearful symmetry?" William Blake - Songs of Experience -1794 England
Re: Solr 5.3 spellcheck always return lower case?
Let's see 1> the fieldType. Possibly you're missing something there 2> The fact that you see the doc return without lowercasing means nothing, it's returning the _stored_ field which is a verbatim copy. The spellcheck is returning an _indexed_ value. Best, Erick On Fri, Nov 13, 2015 at 5:39 AM, QuestionNews . wrote: > The data displayed when doing a query is correct case. The fieldType > doesn't do any case manipulation and the requestHandler/searchComponent > don't have any settings declared that I can see. > > Why is my spellcheck returning results that are all lower case? > > Is there a way for me to stop this from happening or have spellcheck return > an additional field. > > Thanks for your help and pardon me if I am not using this mailing list > properly. It is my first time utilizing it.
Solr 5.3 spellcheck always return lower case?
The data displayed when doing a query is correct case. The fieldType doesn't do any case manipulation and the requestHandler/searchComponent don't have any settings declared that I can see. Why is my spellcheck returning results that are all lower case? Is there a way for me to stop this from happening or have spellcheck return an additional field. Thanks for your help and pardon me if I am not using this mailing list properly. It is my first time utilizing it.
[ANN]: Blog article: every Solr home and example in Solr 5.3
If you've recently downloaded Solr 5.x and trying to figure out what example creates a home where and why the example creation command uses configset directory but not configset URL parameter, you may find this useful: http://blog.outerthoughts.com/2015/11/oh-solr-home-where-art-thou/ Regards, Alex. P.s. I don't normally mention my blog articles or SolrStart updates on this list, but I've been having so many issues wrapping my head around the new directory layouts and consequences of start scripts auto-magic, that I figured I'll make an exception. Hopefully, that's not too intrusive. Solr Analyzers, Tokenizers, Filters, URPs and even a newsletter: http://www.solr-start.com/
Re: How to secure Admin UI with Basic Auth in Solr 5.3.x
Hi Merlin, Solr 5.2.x only supported Kerberos out of the box and introduced a framework to write your own authentication/authorization plugin. If you don't use Kerberos, the only sensible way forward for you would be to wait for the 5.3.1 release to come out and then move to it. Until then, or without the upgrade, your best bet would be to try what Davis suggested. On Fri, Sep 11, 2015 at 7:30 AM, Merlin Morgenstern < merlin.morgenst...@gmail.com> wrote: > Thank you for the info. > > I have already downgraded to 5.2.x as this is a production setup. > Unfortunatelly I have the same trouble there ... Any suggestions how to fix > this? What is the recommended procedure in securing the admin gui on prod > setups? > > 2015-09-11 14:26 GMT+02:00 Noble Paul : > > > There were some bugs with the 5.3.0 release and 5.3.1 is in the > > process of getting released. > > > > try out the option #2 with the RC here > > > > > > > https://dist.apache.org/repos/dist/dev/lucene/lucene-solr-5.3.1-RC1-rev1702389/solr/ > > > > > > > > On Fri, Sep 11, 2015 at 5:16 PM, Merlin Morgenstern > > wrote: > > > OK, I downgraded to solr 5.2.x > > > > > > Unfortunatelly still no luck. I followed 2 aproaches: > > > > > > 1. Secure it the old fashioned way like described here: > > > > > > http://stackoverflow.com/questions/28043957/how-to-set-apache-solr-admin-password > > > > > > 2. Using the Basic Authentication Plugin like described here: > > > http://lucidworks.com/blog/securing-solr-basic-auth-permission-rules/ > > > > > > Both aproaches created unsolved problems. > > > > > > While following option 1, I was able to secure the Admin UI with basic > > > authentication, but no longer able to access my application despite the > > > fact that it was working on solr 3.x with the same type of > authentication > > > procedure and credentials. > > > > > > While following option 2, I was stuck right after uploading the > > > security.json file to the zookeeper ensemble. The described behaviour > to > > curl > > > http://localhost:8983/solr/admin/authentication responded with a 404 > not > > > found and then solr could not connect to zookeeper. I had to remove > that > > > file from zookeeper and restart all solr nodes. > > > > > > Please could someone lead me the way on how to secure the Admin UI and > > > password protect solr cloud? I have a perfectly running system with > solr > > > 3.x and one core and now taking it to solr cloud 5.2.x into production > > > seems to be stoped by simple authorization problems. > > > > > > Thank you in advane for any help. > > > > > > > > > > > > 2015-09-10 20:42 GMT+02:00 Noble Paul : > > > > > >> Check this > > https://cwiki.apache.org/confluence/display/solr/Securing+Solr > > >> > > >> There a couple of bugs in 5.3.o and a bug fix release is coming up > > >> over the next few days. > > >> > > >> We don't provide any specific means to restrict access to admin UI > > >> itself. However we let users specify fine grained ACLs on various > > >> operations such collection-admin-edit, read etc > > >> > > >> On Wed, Sep 9, 2015 at 2:35 PM, Merlin Morgenstern > > >> wrote: > > >> > I just installed solr cloud 5.3.x and found that the way to secure > the > > >> amin > > >> > ui has changed. Aparently there is a new plugin which does role > based > > >> > authentification and all info on how to secure the admin UI found on > > the > > >> > net is outdated. > > >> > > > >> > I do not need role based authentification but just simply want to > put > > >> basic > > >> > authentification to the Admin UI. > > >> > > > >> > How do I configure solr cloud 5.3.x in order to restrict access to > the > > >> > Admin UI via Basic Authentification? > > >> > > > >> > Thank you for any help > > >> > > >> > > >> > > >> -- > > >> - > > >> Noble Paul > > >> > > > > > > > > -- > > - > > Noble Paul > > > -- Anshum Gupta
RE: How to secure Admin UI with Basic Auth in Solr 5.3.x
The authorization plugin is new in Solr 5.3.It is hard to describe a secure Solr 5.2.1 environment simply - the basics are to protect /solr by placing it behind Apache httpd or nginx, and also a port-based firewall. I am most familiar with Apache httpd and Linux/RedHat family. Within the Apache httpd configuration, I have a single virtual host, but multiple locations defined, each with different security. So, now we're past simple and on to specific and complicated. Here's a sample fictionalized fragment of an Apache httpd.conf, perhaps something you would put in /etc/httpd/conf.d/solr.conf on CentOS or /etc/apache/conf.enabled.d/solr.conf on Ubuntu: # Solr is admin and requires specific users to login with particular AuthType - basic is pretty basic AuthName "NLM Login" AuthType Basic Require user merlin ProxyPass http://127.0.0.1:8983/solr retry=0 ProxyPassReverse http://127.0.0.1:8983/solr # Allow select on on lrprod collection from 10.1.0.0/24 subnet ProxyPass http://127.0.0.1:8983/solr/lrprod/select ProxyPassReverse http://127.0.0.1:8983/solr/lrprod/select Options -MultiViews Order allow,deny Allow from 10.1.0.0/24 127.0.0.1 # Allow update on lrprod collection from specific IPs in that subnet ProxyPass http://127.0.0.1:8983/solr/lrprod/update ProxyPassReverse http://127.0.0.1:8983/solr/lrprod/update Options -MultiViews Order allow,deny Allow from 10.1.0.17 10.1.0.18 127.0.0.1 In addition, I open the following ports on my hosts to the other hosts using Linux iptables for the cluster # allow other nodes to reach other ACCEPT tcp -- 10.1.1.0/240.0.0.0/0 state NEW tcp dpt:8983 # zookeeper is running locally in my setup, so: ACCEPT tcp -- 10.1.1.0/240.0.0.0/0 state NEW tcp dpt:2181 ACCEPT tcp -- 10.1.1.0/240.0.0.0/0 state NEW tcp dpt:2888 ACCEPT tcp -- 10.1.1.0/240.0.0.0/0 state NEW tcp dpt:3888 I hope this too long post is not didn't read. -Original Message- From: Merlin Morgenstern [mailto:merlin.morgenst...@gmail.com] Sent: Friday, September 11, 2015 10:30 AM To: solr-user@lucene.apache.org; noble.p...@gmail.com Subject: Re: How to secure Admin UI with Basic Auth in Solr 5.3.x Thank you for the info. I have already downgraded to 5.2.x as this is a production setup. Unfortunatelly I have the same trouble there ... Any suggestions how to fix this? What is the recommended procedure in securing the admin gui on prod setups? 2015-09-11 14:26 GMT+02:00 Noble Paul : > There were some bugs with the 5.3.0 release and 5.3.1 is in the > process of getting released. > > try out the option #2 with the RC here > > > https://dist.apache.org/repos/dist/dev/lucene/lucene-solr-5.3.1-RC1-re > v1702389/solr/ > > > > On Fri, Sep 11, 2015 at 5:16 PM, Merlin Morgenstern > wrote: > > OK, I downgraded to solr 5.2.x > > > > Unfortunatelly still no luck. I followed 2 aproaches: > > > > 1. Secure it the old fashioned way like described here: > > > http://stackoverflow.com/questions/28043957/how-to-set-apache-solr-adm > in-password > > > > 2. Using the Basic Authentication Plugin like described here: > > http://lucidworks.com/blog/securing-solr-basic-auth-permission-rules > > / > > > > Both aproaches created unsolved problems. > > > > While following option 1, I was able to secure the Admin UI with > > basic authentication, but no longer able to access my application > > despite the fact that it was working on solr 3.x with the same type > > of authentication procedure and credentials. > > > > While following option 2, I was stuck right after uploading the > > security.json file to the zookeeper ensemble. The described > > behaviour to > curl > > http://localhost:8983/solr/admin/authentication responded with a 404 > > not found and then solr could not connect to zookeeper. I had to > > remove that file from zookeeper and restart all solr nodes. > > > > Please could someone lead me the way on how to secure the Admin UI > > and password protect solr cloud? I have a perfectly running system > > with solr 3.x and one core and now taking it to solr cloud 5.2.x > > into production seems to be stoped by simple authorization problems. > > > > Thank you in advane for any help. > > > > > > > > 2015-09-10 20:42 GMT+02:00 Noble Paul : > > > >> Check this > https://cwiki.apache.org/confluence/display/solr/Securing+Solr > >> > >> There a couple of bugs in 5.3.o and a bug fix release is coming up > >> over the next few days. > >> > >> We don't provide any specific means to restrict access to ad
Re: How to secure Admin UI with Basic Auth in Solr 5.3.x
Thank you for the info. I have already downgraded to 5.2.x as this is a production setup. Unfortunatelly I have the same trouble there ... Any suggestions how to fix this? What is the recommended procedure in securing the admin gui on prod setups? 2015-09-11 14:26 GMT+02:00 Noble Paul : > There were some bugs with the 5.3.0 release and 5.3.1 is in the > process of getting released. > > try out the option #2 with the RC here > > > https://dist.apache.org/repos/dist/dev/lucene/lucene-solr-5.3.1-RC1-rev1702389/solr/ > > > > On Fri, Sep 11, 2015 at 5:16 PM, Merlin Morgenstern > wrote: > > OK, I downgraded to solr 5.2.x > > > > Unfortunatelly still no luck. I followed 2 aproaches: > > > > 1. Secure it the old fashioned way like described here: > > > http://stackoverflow.com/questions/28043957/how-to-set-apache-solr-admin-password > > > > 2. Using the Basic Authentication Plugin like described here: > > http://lucidworks.com/blog/securing-solr-basic-auth-permission-rules/ > > > > Both aproaches created unsolved problems. > > > > While following option 1, I was able to secure the Admin UI with basic > > authentication, but no longer able to access my application despite the > > fact that it was working on solr 3.x with the same type of authentication > > procedure and credentials. > > > > While following option 2, I was stuck right after uploading the > > security.json file to the zookeeper ensemble. The described behaviour to > curl > > http://localhost:8983/solr/admin/authentication responded with a 404 not > > found and then solr could not connect to zookeeper. I had to remove that > > file from zookeeper and restart all solr nodes. > > > > Please could someone lead me the way on how to secure the Admin UI and > > password protect solr cloud? I have a perfectly running system with solr > > 3.x and one core and now taking it to solr cloud 5.2.x into production > > seems to be stoped by simple authorization problems. > > > > Thank you in advane for any help. > > > > > > > > 2015-09-10 20:42 GMT+02:00 Noble Paul : > > > >> Check this > https://cwiki.apache.org/confluence/display/solr/Securing+Solr > >> > >> There a couple of bugs in 5.3.o and a bug fix release is coming up > >> over the next few days. > >> > >> We don't provide any specific means to restrict access to admin UI > >> itself. However we let users specify fine grained ACLs on various > >> operations such collection-admin-edit, read etc > >> > >> On Wed, Sep 9, 2015 at 2:35 PM, Merlin Morgenstern > >> wrote: > >> > I just installed solr cloud 5.3.x and found that the way to secure the > >> amin > >> > ui has changed. Aparently there is a new plugin which does role based > >> > authentification and all info on how to secure the admin UI found on > the > >> > net is outdated. > >> > > >> > I do not need role based authentification but just simply want to put > >> basic > >> > authentification to the Admin UI. > >> > > >> > How do I configure solr cloud 5.3.x in order to restrict access to the > >> > Admin UI via Basic Authentification? > >> > > >> > Thank you for any help > >> > >> > >> > >> -- > >> - > >> Noble Paul > >> > > > > -- > - > Noble Paul >
Re: How to secure Admin UI with Basic Auth in Solr 5.3.x
There were some bugs with the 5.3.0 release and 5.3.1 is in the process of getting released. try out the option #2 with the RC here https://dist.apache.org/repos/dist/dev/lucene/lucene-solr-5.3.1-RC1-rev1702389/solr/ On Fri, Sep 11, 2015 at 5:16 PM, Merlin Morgenstern wrote: > OK, I downgraded to solr 5.2.x > > Unfortunatelly still no luck. I followed 2 aproaches: > > 1. Secure it the old fashioned way like described here: > http://stackoverflow.com/questions/28043957/how-to-set-apache-solr-admin-password > > 2. Using the Basic Authentication Plugin like described here: > http://lucidworks.com/blog/securing-solr-basic-auth-permission-rules/ > > Both aproaches created unsolved problems. > > While following option 1, I was able to secure the Admin UI with basic > authentication, but no longer able to access my application despite the > fact that it was working on solr 3.x with the same type of authentication > procedure and credentials. > > While following option 2, I was stuck right after uploading the > security.json file to the zookeeper ensemble. The described behaviour to curl > http://localhost:8983/solr/admin/authentication responded with a 404 not > found and then solr could not connect to zookeeper. I had to remove that > file from zookeeper and restart all solr nodes. > > Please could someone lead me the way on how to secure the Admin UI and > password protect solr cloud? I have a perfectly running system with solr > 3.x and one core and now taking it to solr cloud 5.2.x into production > seems to be stoped by simple authorization problems. > > Thank you in advane for any help. > > > > 2015-09-10 20:42 GMT+02:00 Noble Paul : > >> Check this https://cwiki.apache.org/confluence/display/solr/Securing+Solr >> >> There a couple of bugs in 5.3.o and a bug fix release is coming up >> over the next few days. >> >> We don't provide any specific means to restrict access to admin UI >> itself. However we let users specify fine grained ACLs on various >> operations such collection-admin-edit, read etc >> >> On Wed, Sep 9, 2015 at 2:35 PM, Merlin Morgenstern >> wrote: >> > I just installed solr cloud 5.3.x and found that the way to secure the >> amin >> > ui has changed. Aparently there is a new plugin which does role based >> > authentification and all info on how to secure the admin UI found on the >> > net is outdated. >> > >> > I do not need role based authentification but just simply want to put >> basic >> > authentification to the Admin UI. >> > >> > How do I configure solr cloud 5.3.x in order to restrict access to the >> > Admin UI via Basic Authentification? >> > >> > Thank you for any help >> >> >> >> -- >> - >> Noble Paul >> -- - Noble Paul
Re: How to secure Admin UI with Basic Auth in Solr 5.3.x
OK, I downgraded to solr 5.2.x Unfortunatelly still no luck. I followed 2 aproaches: 1. Secure it the old fashioned way like described here: http://stackoverflow.com/questions/28043957/how-to-set-apache-solr-admin-password 2. Using the Basic Authentication Plugin like described here: http://lucidworks.com/blog/securing-solr-basic-auth-permission-rules/ Both aproaches created unsolved problems. While following option 1, I was able to secure the Admin UI with basic authentication, but no longer able to access my application despite the fact that it was working on solr 3.x with the same type of authentication procedure and credentials. While following option 2, I was stuck right after uploading the security.json file to the zookeeper ensemble. The described behaviour to curl http://localhost:8983/solr/admin/authentication responded with a 404 not found and then solr could not connect to zookeeper. I had to remove that file from zookeeper and restart all solr nodes. Please could someone lead me the way on how to secure the Admin UI and password protect solr cloud? I have a perfectly running system with solr 3.x and one core and now taking it to solr cloud 5.2.x into production seems to be stoped by simple authorization problems. Thank you in advane for any help. 2015-09-10 20:42 GMT+02:00 Noble Paul : > Check this https://cwiki.apache.org/confluence/display/solr/Securing+Solr > > There a couple of bugs in 5.3.o and a bug fix release is coming up > over the next few days. > > We don't provide any specific means to restrict access to admin UI > itself. However we let users specify fine grained ACLs on various > operations such collection-admin-edit, read etc > > On Wed, Sep 9, 2015 at 2:35 PM, Merlin Morgenstern > wrote: > > I just installed solr cloud 5.3.x and found that the way to secure the > amin > > ui has changed. Aparently there is a new plugin which does role based > > authentification and all info on how to secure the admin UI found on the > > net is outdated. > > > > I do not need role based authentification but just simply want to put > basic > > authentification to the Admin UI. > > > > How do I configure solr cloud 5.3.x in order to restrict access to the > > Admin UI via Basic Authentification? > > > > Thank you for any help > > > > -- > - > Noble Paul >
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
> "authentication":{ >> >>>>>>>>>>"class":"solr.BasicAuthPlugin", >> >>>>>>>>>>"credentials": { >> >>>>>>>>>> "admin”:” ", >> >>>>>>>>>> "user": ” " >> >>>>>>>>>> } >> >>>>>>>>>> }, >> >>>>>>>>>> "authorization":{ >> >>>>>>>>>>"class":"solr.RuleBasedAuthorizationPlugin", >> >>>>>>>>>>"permissions": [ >> >>>>>>>>>> { >> >>>>>>>>>> "name":"security-edit", >> >>>>>>>>>> "role":"adminRole" >> >>>>>>>>>> }, >> >>>>>>>>>> { >> >>>>>>>>>> "name":"collection-admin-edit”, >> >>>>>>>>>> "role":"adminRole" >> >>>>>>>>>> }, >> >>>>>>>>>> { >> >>>>>>>>>> "name":"browse", >> >>>>>>>>>> "collection": "inventory", >> >>>>>>>>>> "path": "/browse", >> >>>>>>>>>> "role":"browseRole" >> >>>>>>>>>> } >> >>>>>>>>>> ], >> >>>>>>>>>>"user-role": { >> >>>>>>>>>> "admin": [ >> >>>>>>>>>> "adminRole", >> >>>>>>>>>> "browseRole" >> >>>>>>>>>> ], >> >>>>>>>>>> "user": [ >> >>>>>>>>>> "browseRole" >> >>>>>>>>>> ] >> >>>>>>>>>> } >> >>>>>>>>>> } >> >>>>>>>>>> } >> >>>>>>>>>> >> >>>>>>>>>> Also tried adding the permission using the Authorization API, >> but >> >> no >> >>>>> effect, still isn’t protecting the Collections API from being >> invoked >> >>>>> without a username password. I do see in the Solr logs that it sees >> >> the >> >>>>> updates because it outputs the messages “Updating /security.json …”, >> >>>>> “Security node changed”, “Initializing authorization plugin: >> >>>>> solr.RuleBasedAuthorizationPlugin” and “Authentication plugin class >> >>>>> obtained from ZK: solr.BasicAuthPlugin”. >> >>>>>>>>>> >> >>>>>>>>>> Thanks, >> >>>>>>>>>> Kevin >> >>>>>>>>>> >> >>>>>>>>>>> On Sep 1, 2015, at 12:31 AM, Noble Paul > > >> >>>>> wrote: >> >>>>>>>>>>> >> >>>>>>>>>>> I'm investigating why restarts or first time start does not >> read >> >> the >> >>>>>>>>>>> security.json >> >>>>>>>>>>> >> >>>>>>>>>>> On Tue, Sep 1, 2015 at 1:00 PM, Noble Paul < >> noble.p...@gmail.com >> >>> >> >>>>> wrote: >> >>>>>>>>>>>> I removed that statement >> >>>>>>>>>>>> >> >>>>>&
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
{ > >>>>>>>>>> "name":"collection-admin-edit”, > >>>>>>>>>> "role":"adminRole" > >>>>>>>>>> }, > >>>>>>>>>> { > >>>>>>>>>> "name":"browse", > >>>>>>>>>> "collection": "inventory", > >>>>>>>>>> "path": "/browse", > >>>>>>>>>> "role":"browseRole" > >>>>>>>>>> } > >>>>>>>>>> ], > >>>>>>>>>>"user-role": { > >>>>>>>>>> "admin": [ > >>>>>>>>>> "adminRole", > >>>>>>>>>> "browseRole" > >>>>>>>>>> ], > >>>>>>>>>> "user": [ > >>>>>>>>>> "browseRole" > >>>>>>>>>> ] > >>>>>>>>>> } > >>>>>>>>>> } > >>>>>>>>>> } > >>>>>>>>>> > >>>>>>>>>> Also tried adding the permission using the Authorization API, > but > >> no > >>>>> effect, still isn’t protecting the Collections API from being invoked > >>>>> without a username password. I do see in the Solr logs that it sees > >> the > >>>>> updates because it outputs the messages “Updating /security.json …”, > >>>>> “Security node changed”, “Initializing authorization plugin: > >>>>> solr.RuleBasedAuthorizationPlugin” and “Authentication plugin class > >>>>> obtained from ZK: solr.BasicAuthPlugin”. > >>>>>>>>>> > >>>>>>>>>> Thanks, > >>>>>>>>>> Kevin > >>>>>>>>>> > >>>>>>>>>>> On Sep 1, 2015, at 12:31 AM, Noble Paul > >>>>> wrote: > >>>>>>>>>>> > >>>>>>>>>>> I'm investigating why restarts or first time start does not > read > >> the > >>>>>>>>>>> security.json > >>>>>>>>>>> > >>>>>>>>>>> On Tue, Sep 1, 2015 at 1:00 PM, Noble Paul < > noble.p...@gmail.com > >>> > >>>>> wrote: > >>>>>>>>>>>> I removed that statement > >>>>>>>>>>>> > >>>>>>>>>>>> "If activating the authorization plugin doesn't protect the > >> admin > >>>>> ui, > >>>>>>>>>>>> how does one protect access to it?" > >>>>>>>>>>>> > >>>>>>>>>>>> One does not need to protect the admin UI. You only need to > >> protect > >>>>>>>>>>>> the relevant API calls . I mean it's OK to not protect the CSS > >> and > >>>>>>>>>>>> HTML stuff. But if you perform an action to create a core or > >> do a > >>>>>>>>>>>> query through admin UI , it automatically will prompt you for > >>>>>>>>>>>> credentials (if those APIs are protected) > >>>>>>>>>>>> > >>>>>>>>>>>> On Tue, Sep 1, 2015 at 12:41 PM, Kevin Lee > >>>>> wrote: > >>>>>>>>>>>>> Thanks for the clarification! > >>>>>>>>>>>>> > >>>>>>>>>>>>> So is the wiki page incorrect at > >>>>>>>>>>>>> > >>>>> > >> > https://cwiki.apache.org/confluence/display/solr/Ba
Re: How to secure Admin UI with Basic Auth in Solr 5.3.x
Check this https://cwiki.apache.org/confluence/display/solr/Securing+Solr There a couple of bugs in 5.3.o and a bug fix release is coming up over the next few days. We don't provide any specific means to restrict access to admin UI itself. However we let users specify fine grained ACLs on various operations such collection-admin-edit, read etc On Wed, Sep 9, 2015 at 2:35 PM, Merlin Morgenstern wrote: > I just installed solr cloud 5.3.x and found that the way to secure the amin > ui has changed. Aparently there is a new plugin which does role based > authentification and all info on how to secure the admin UI found on the > net is outdated. > > I do not need role based authentification but just simply want to put basic > authentification to the Admin UI. > > How do I configure solr cloud 5.3.x in order to restrict access to the > Admin UI via Basic Authentification? > > Thank you for any help -- - Noble Paul
Re: How to secure Admin UI with Basic Auth in Solr 5.3.x
If you are using Linux server you can always iptables to restrict access to solr admin panel. On Sep 9, 2015 3:05 PM, "Merlin Morgenstern" wrote: > I just installed solr cloud 5.3.x and found that the way to secure the amin > ui has changed. Aparently there is a new plugin which does role based > authentification and all info on how to secure the admin UI found on the > net is outdated. > > I do not need role based authentification but just simply want to put basic > authentification to the Admin UI. > > How do I configure solr cloud 5.3.x in order to restrict access to the > Admin UI via Basic Authentification? > > Thank you for any help >
How to secure Admin UI with Basic Auth in Solr 5.3.x
I just installed solr cloud 5.3.x and found that the way to secure the amin ui has changed. Aparently there is a new plugin which does role based authentification and all info on how to secure the admin UI found on the net is outdated. I do not need role based authentification but just simply want to put basic authentification to the Admin UI. How do I configure solr cloud 5.3.x in order to restrict access to the Admin UI via Basic Authentification? Thank you for any help
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
ission using the Authorization API, but >> no >>>>> effect, still isn’t protecting the Collections API from being invoked >>>>> without a username password. I do see in the Solr logs that it sees >> the >>>>> updates because it outputs the messages “Updating /security.json …”, >>>>> “Security node changed”, “Initializing authorization plugin: >>>>> solr.RuleBasedAuthorizationPlugin” and “Authentication plugin class >>>>> obtained from ZK: solr.BasicAuthPlugin”. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Kevin >>>>>>>>>> >>>>>>>>>>> On Sep 1, 2015, at 12:31 AM, Noble Paul >>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> I'm investigating why restarts or first time start does not read >> the >>>>>>>>>>> security.json >>>>>>>>>>> >>>>>>>>>>> On Tue, Sep 1, 2015 at 1:00 PM, Noble Paul >> >>>>> wrote: >>>>>>>>>>>> I removed that statement >>>>>>>>>>>> >>>>>>>>>>>> "If activating the authorization plugin doesn't protect the >> admin >>>>> ui, >>>>>>>>>>>> how does one protect access to it?" >>>>>>>>>>>> >>>>>>>>>>>> One does not need to protect the admin UI. You only need to >> protect >>>>>>>>>>>> the relevant API calls . I mean it's OK to not protect the CSS >> and >>>>>>>>>>>> HTML stuff. But if you perform an action to create a core or >> do a >>>>>>>>>>>> query through admin UI , it automatically will prompt you for >>>>>>>>>>>> credentials (if those APIs are protected) >>>>>>>>>>>> >>>>>>>>>>>> On Tue, Sep 1, 2015 at 12:41 PM, Kevin Lee >>>>> wrote: >>>>>>>>>>>>> Thanks for the clarification! >>>>>>>>>>>>> >>>>>>>>>>>>> So is the wiki page incorrect at >>>>>>>>>>>>> >>>>> >> https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin >>>>> which says that the admin ui will require authentication once the >>>>> authorization plugin is activated? >>>>>>>>>>>>> >>>>>>>>>>>>> "An authorization plugin is also available to configure Solr >> with >>>>> permissions to perform various activities in the system. Once >> activated, >>>>> access to the Solr Admin UI and all requests will need to be >> authenticated >>>>> and users will be required to have the proper authorization for all >>>>> requests, including using the Admin UI and making any API calls." >>>>>>>>>>>>> >>>>>>>>>>>>> If activating the authorization plugin doesn't protect the >> admin >>>>> ui, how does one protect access to it? >>>>>>>>>>>>> >>>>>>>>>>>>> Also, the issue I'm having is not just at restart. According >> to >>>>> the docs security.json should be uploaded to Zookeeper before starting >> any >>>>> of the Solr instances. However, I tried to upload security.json before >>>>> starting any of the Solr instances, but it would not pick up the >> security >>>>> config until after the Solr instances are already running and then >>>>> uploading the security.json again. I can see in the logs at startup >> that >>>>> the Solr instances don't see any plugin enabled even though >> security.json >>>>> is already in zookeeper and then after they are started and the >>>>> security.json is uploaded again I see it reconfigure to use the plugin. >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> Kevin >>>>>>>>>>>>> >&g
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
gt;>>>>>>>> I'm investigating why restarts or first time start does not read > the > >>>>>>>>> security.json > >>>>>>>>> > >>>>>>>>> On Tue, Sep 1, 2015 at 1:00 PM, Noble Paul > > >>> wrote: > >>>>>>>>>> I removed that statement > >>>>>>>>>> > >>>>>>>>>> "If activating the authorization plugin doesn't protect the > admin > >>> ui, > >>>>>>>>>> how does one protect access to it?" > >>>>>>>>>> > >>>>>>>>>> One does not need to protect the admin UI. You only need to > protect > >>>>>>>>>> the relevant API calls . I mean it's OK to not protect the CSS > and > >>>>>>>>>> HTML stuff. But if you perform an action to create a core or > do a > >>>>>>>>>> query through admin UI , it automatically will prompt you for > >>>>>>>>>> credentials (if those APIs are protected) > >>>>>>>>>> > >>>>>>>>>> On Tue, Sep 1, 2015 at 12:41 PM, Kevin Lee > >>> wrote: > >>>>>>>>>>> Thanks for the clarification! > >>>>>>>>>>> > >>>>>>>>>>> So is the wiki page incorrect at > >>>>>>>>>>> > >>> > https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin > >>> which says that the admin ui will require authentication once the > >>> authorization plugin is activated? > >>>>>>>>>>> > >>>>>>>>>>> "An authorization plugin is also available to configure Solr > with > >>> permissions to perform various activities in the system. Once > activated, > >>> access to the Solr Admin UI and all requests will need to be > authenticated > >>> and users will be required to have the proper authorization for all > >>> requests, including using the Admin UI and making any API calls." > >>>>>>>>>>> > >>>>>>>>>>> If activating the authorization plugin doesn't protect the > admin > >>> ui, how does one protect access to it? > >>>>>>>>>>> > >>>>>>>>>>> Also, the issue I'm having is not just at restart. According > to > >>> the docs security.json should be uploaded to Zookeeper before starting > any > >>> of the Solr instances. However, I tried to upload security.json before > >>> starting any of the Solr instances, but it would not pick up the > security > >>> config until after the Solr instances are already running and then > >>> uploading the security.json again. I can see in the logs at startup > that > >>> the Solr instances don't see any plugin enabled even though > security.json > >>> is already in zookeeper and then after they are started and the > >>> security.json is uploaded again I see it reconfigure to use the plugin. > >>>>>>>>>>> > >>>>>>>>>>> Thanks, > >>>>>>>>>>> Kevin > >>>>>>>>>>> > >>>>>>>>>>>> On Aug 31, 2015, at 11:22 PM, Noble Paul < > noble.p...@gmail.com> > >>> wrote: > >>>>>>>>>>>> > >>>>>>>>>>>> Admin UI is not protected by any of these permissions. Only if > >>> you try > >>>>>>>>>>>> to perform a protected operation , it asks for a password. > >>>>>>>>>>>> > >>>>>>>>>>>> I'll investigate the restart problem and report my findings > >>>>>>>>>>>> > >>>>>>>>>>>>> On Tue, Sep 1, 2015 at 3:10 AM, Kevin Lee > >>> wrote: > >>>>>>>>>>>>> Anyone else running into any issues trying to get the > >>> authentication and authorization plugins in 5.3 working? > >>>>>>>>>>>>> > >>>>>>>>>>&
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
when calling the RELOAD action on the Collections >>> API. The only thing that seems to work is the custom permission “browse” >>> which is requiring authentication before allowing me to pull up the page. >>> Am I using the permissions correctly for the RuleBasedAuthorizationPlugin? >>>>>>>> >>>>>>>> { >>>>>>>> "authentication":{ >>>>>>>> "class":"solr.BasicAuthPlugin", >>>>>>>> "credentials": { >>>>>>>> "admin”:” ", >>>>>>>> "user": ” " >>>>>>>> } >>>>>>>> }, >>>>>>>> "authorization":{ >>>>>>>> "class":"solr.RuleBasedAuthorizationPlugin", >>>>>>>> "permissions": [ >>>>>>>> { >>>>>>>> "name":"security-edit", >>>>>>>> "role":"adminRole" >>>>>>>> }, >>>>>>>> { >>>>>>>> "name":"collection-admin-edit”, >>>>>>>> "role":"adminRole" >>>>>>>> }, >>>>>>>> { >>>>>>>> "name":"browse", >>>>>>>> "collection": "inventory", >>>>>>>> "path": "/browse", >>>>>>>> "role":"browseRole" >>>>>>>> } >>>>>>>> ], >>>>>>>> "user-role": { >>>>>>>> "admin": [ >>>>>>>> "adminRole", >>>>>>>> "browseRole" >>>>>>>> ], >>>>>>>> "user": [ >>>>>>>> "browseRole" >>>>>>>> ] >>>>>>>> } >>>>>>>> } >>>>>>>> } >>>>>>>> >>>>>>>> Also tried adding the permission using the Authorization API, but no >>> effect, still isn’t protecting the Collections API from being invoked >>> without a username password. I do see in the Solr logs that it sees the >>> updates because it outputs the messages “Updating /security.json …”, >>> “Security node changed”, “Initializing authorization plugin: >>> solr.RuleBasedAuthorizationPlugin” and “Authentication plugin class >>> obtained from ZK: solr.BasicAuthPlugin”. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Kevin >>>>>>>> >>>>>>>>> On Sep 1, 2015, at 12:31 AM, Noble Paul >>> wrote: >>>>>>>>> >>>>>>>>> I'm investigating why restarts or first time start does not read the >>>>>>>>> security.json >>>>>>>>> >>>>>>>>> On Tue, Sep 1, 2015 at 1:00 PM, Noble Paul >>> wrote: >>>>>>>>>> I removed that statement >>>>>>>>>> >>>>>>>>>> "If activating the authorization plugin doesn't protect the admin >>> ui, >>>>>>>>>> how does one protect access to it?" >>>>>>>>>> >>>>>>>>>> One does not need to protect the admin UI. You only need to protect >>>>>>>>>> the relevant API calls . I mean it's OK to not protect the CSS and >>>>>>>>>> HTML stuff. But if you perform an action to create a core or do a >>>>>>>>>> query through admin UI , it automatically will prompt you for &
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
;> "class":"solr.RuleBasedAuthorizationPlugin", >> >>>>> "permissions": [ >> >>>>> { >> >>>>> "name":"security-edit", >> >>>>> "role":"adminRole" >> >>>>> }, >> >>>>> { >> >>>>> "name":"collection-admin-edit”, >> >>>>> "role":"adminRole" >> >>>>> }, >> >>>>> { >> >>>>> "name":"browse", >> >>>>> "collection": "inventory", >> >>>>> "path": "/browse", >> >>>>> "role":"browseRole" >> >>>>> } >> >>>>> ], >> >>>>> "user-role": { >> >>>>> "admin": [ >> >>>>> "adminRole", >> >>>>> "browseRole" >> >>>>> ], >> >>>>> "user": [ >> >>>>> "browseRole" >> >>>>> ] >> >>>>> } >> >>>>> } >> >>>>> } >> >>>>> >> >>>>> Also tried adding the permission using the Authorization API, but no >> effect, still isn’t protecting the Collections API from being invoked >> without a username password. I do see in the Solr logs that it sees the >> updates because it outputs the messages “Updating /security.json …”, >> “Security node changed”, “Initializing authorization plugin: >> solr.RuleBasedAuthorizationPlugin” and “Authentication plugin class >> obtained from ZK: solr.BasicAuthPlugin”. >> >>>>> >> >>>>> Thanks, >> >>>>> Kevin >> >>>>> >> >>>>>> On Sep 1, 2015, at 12:31 AM, Noble Paul >> wrote: >> >>>>>> >> >>>>>> I'm investigating why restarts or first time start does not read the >> >>>>>> security.json >> >>>>>> >> >>>>>> On Tue, Sep 1, 2015 at 1:00 PM, Noble Paul >> wrote: >> >>>>>>> I removed that statement >> >>>>>>> >> >>>>>>> "If activating the authorization plugin doesn't protect the admin >> ui, >> >>>>>>> how does one protect access to it?" >> >>>>>>> >> >>>>>>> One does not need to protect the admin UI. You only need to protect >> >>>>>>> the relevant API calls . I mean it's OK to not protect the CSS and >> >>>>>>> HTML stuff. But if you perform an action to create a core or do a >> >>>>>>> query through admin UI , it automatically will prompt you for >> >>>>>>> credentials (if those APIs are protected) >> >>>>>>> >> >>>>>>> On Tue, Sep 1, 2015 at 12:41 PM, Kevin Lee >> wrote: >> >>>>>>>> Thanks for the clarification! >> >>>>>>>> >> >>>>>>>> So is the wiki page incorrect at >> >>>>>>>> >> https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin >> which says that the admin ui will require authentication once the >> authorization plugin is activated? >> >>>>>>>> >> >>>>>>>> "An authorization plugin is also available to configure Solr with >> permissions to perform various activities in the system. Once activated, >> access to the Solr Admin UI and all requests will need to be authenticated >> and users will be required to have the proper authorization for all >> requests, including using the Admin UI and making any API calls." >&
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
"collection": "inventory", > >>>>> "path": "/browse", > >>>>> "role":"browseRole" > >>>>> } > >>>>> ], > >>>>> "user-role": { > >>>>> "admin": [ > >>>>> "adminRole", > >>>>> "browseRole" > >>>>> ], > >>>>> "user": [ > >>>>> "browseRole" > >>>>> ] > >>>>> } > >>>>> } > >>>>> } > >>>>> > >>>>> Also tried adding the permission using the Authorization API, but no > effect, still isn’t protecting the Collections API from being invoked > without a username password. I do see in the Solr logs that it sees the > updates because it outputs the messages “Updating /security.json …”, > “Security node changed”, “Initializing authorization plugin: > solr.RuleBasedAuthorizationPlugin” and “Authentication plugin class > obtained from ZK: solr.BasicAuthPlugin”. > >>>>> > >>>>> Thanks, > >>>>> Kevin > >>>>> > >>>>>> On Sep 1, 2015, at 12:31 AM, Noble Paul > wrote: > >>>>>> > >>>>>> I'm investigating why restarts or first time start does not read the > >>>>>> security.json > >>>>>> > >>>>>> On Tue, Sep 1, 2015 at 1:00 PM, Noble Paul > wrote: > >>>>>>> I removed that statement > >>>>>>> > >>>>>>> "If activating the authorization plugin doesn't protect the admin > ui, > >>>>>>> how does one protect access to it?" > >>>>>>> > >>>>>>> One does not need to protect the admin UI. You only need to protect > >>>>>>> the relevant API calls . I mean it's OK to not protect the CSS and > >>>>>>> HTML stuff. But if you perform an action to create a core or do a > >>>>>>> query through admin UI , it automatically will prompt you for > >>>>>>> credentials (if those APIs are protected) > >>>>>>> > >>>>>>> On Tue, Sep 1, 2015 at 12:41 PM, Kevin Lee > wrote: > >>>>>>>> Thanks for the clarification! > >>>>>>>> > >>>>>>>> So is the wiki page incorrect at > >>>>>>>> > https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin > which says that the admin ui will require authentication once the > authorization plugin is activated? > >>>>>>>> > >>>>>>>> "An authorization plugin is also available to configure Solr with > permissions to perform various activities in the system. Once activated, > access to the Solr Admin UI and all requests will need to be authenticated > and users will be required to have the proper authorization for all > requests, including using the Admin UI and making any API calls." > >>>>>>>> > >>>>>>>> If activating the authorization plugin doesn't protect the admin > ui, how does one protect access to it? > >>>>>>>> > >>>>>>>> Also, the issue I'm having is not just at restart. According to > the docs security.json should be uploaded to Zookeeper before starting any > of the Solr instances. However, I tried to upload security.json before > starting any of the Solr instances, but it would not pick up the security > config until after the Solr instances are already running and then > uploading the security.json again. I can see in the logs at startup that > the Solr instances don't see any plugin enabled even though security.json > is already in zookeeper and then after they are started and the > security.json is uploaded again I see it reconfigure to use the plugin. > >>>>>>>> > >>>>>>>> Thanks, > >>>>>>>> Kevin > >>>>>>>> > >>>>>>>>> On Aug 31, 2015, at 11:22 PM, N
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
er-role": { >>>>> "admin": [ >>>>> "adminRole", >>>>> "browseRole" >>>>> ], >>>>> "user": [ >>>>> "browseRole" >>>>> ] >>>>> } >>>>> } >>>>> } >>>>> >>>>> Also tried adding the permission using the Authorization API, but no >>>>> effect, still isn’t protecting the Collections API from being invoked >>>>> without a username password. I do see in the Solr logs that it sees the >>>>> updates because it outputs the messages “Updating /security.json …”, >>>>> “Security node changed”, “Initializing authorization plugin: >>>>> solr.RuleBasedAuthorizationPlugin” and “Authentication plugin class >>>>> obtained from ZK: solr.BasicAuthPlugin”. >>>>> >>>>> Thanks, >>>>> Kevin >>>>> >>>>>> On Sep 1, 2015, at 12:31 AM, Noble Paul wrote: >>>>>> >>>>>> I'm investigating why restarts or first time start does not read the >>>>>> security.json >>>>>> >>>>>> On Tue, Sep 1, 2015 at 1:00 PM, Noble Paul wrote: >>>>>>> I removed that statement >>>>>>> >>>>>>> "If activating the authorization plugin doesn't protect the admin ui, >>>>>>> how does one protect access to it?" >>>>>>> >>>>>>> One does not need to protect the admin UI. You only need to protect >>>>>>> the relevant API calls . I mean it's OK to not protect the CSS and >>>>>>> HTML stuff. But if you perform an action to create a core or do a >>>>>>> query through admin UI , it automatically will prompt you for >>>>>>> credentials (if those APIs are protected) >>>>>>> >>>>>>> On Tue, Sep 1, 2015 at 12:41 PM, Kevin Lee >>>>>>> wrote: >>>>>>>> Thanks for the clarification! >>>>>>>> >>>>>>>> So is the wiki page incorrect at >>>>>>>> https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin >>>>>>>> which says that the admin ui will require authentication once the >>>>>>>> authorization plugin is activated? >>>>>>>> >>>>>>>> "An authorization plugin is also available to configure Solr with >>>>>>>> permissions to perform various activities in the system. Once >>>>>>>> activated, access to the Solr Admin UI and all requests will need to >>>>>>>> be authenticated and users will be required to have the proper >>>>>>>> authorization for all requests, including using the Admin UI and >>>>>>>> making any API calls." >>>>>>>> >>>>>>>> If activating the authorization plugin doesn't protect the admin ui, >>>>>>>> how does one protect access to it? >>>>>>>> >>>>>>>> Also, the issue I'm having is not just at restart. According to the >>>>>>>> docs security.json should be uploaded to Zookeeper before starting any >>>>>>>> of the Solr instances. However, I tried to upload security.json >>>>>>>> before starting any of the Solr instances, but it would not pick up >>>>>>>> the security config until after the Solr instances are already running >>>>>>>> and then uploading the security.json again. I can see in the logs at >>>>>>>> startup that the Solr instances don't see any plugin enabled even >>>>>>>> though security.json is already in zookeeper and then after they are >>>>>>>> started and the security.json is uploaded again I see it reconfigure >>>>>>>> to use the plugin. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Kevin >>>>>>>> >>>>>>>>> On Aug 31, 2015, at 11:22 PM, Noble Paul
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
gt;>> updates because it outputs the messages “Updating /security.json …”, >>>> “Security node changed”, “Initializing authorization plugin: >>>> solr.RuleBasedAuthorizationPlugin” and “Authentication plugin class >>>> obtained from ZK: solr.BasicAuthPlugin”. >>>> >>>> Thanks, >>>> Kevin >>>> >>>>> On Sep 1, 2015, at 12:31 AM, Noble Paul wrote: >>>>> >>>>> I'm investigating why restarts or first time start does not read the >>>>> security.json >>>>> >>>>> On Tue, Sep 1, 2015 at 1:00 PM, Noble Paul wrote: >>>>>> I removed that statement >>>>>> >>>>>> "If activating the authorization plugin doesn't protect the admin ui, >>>>>> how does one protect access to it?" >>>>>> >>>>>> One does not need to protect the admin UI. You only need to protect >>>>>> the relevant API calls . I mean it's OK to not protect the CSS and >>>>>> HTML stuff. But if you perform an action to create a core or do a >>>>>> query through admin UI , it automatically will prompt you for >>>>>> credentials (if those APIs are protected) >>>>>> >>>>>> On Tue, Sep 1, 2015 at 12:41 PM, Kevin Lee >>>>>> wrote: >>>>>>> Thanks for the clarification! >>>>>>> >>>>>>> So is the wiki page incorrect at >>>>>>> https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin >>>>>>> which says that the admin ui will require authentication once the >>>>>>> authorization plugin is activated? >>>>>>> >>>>>>> "An authorization plugin is also available to configure Solr with >>>>>>> permissions to perform various activities in the system. Once >>>>>>> activated, access to the Solr Admin UI and all requests will need to be >>>>>>> authenticated and users will be required to have the proper >>>>>>> authorization for all requests, including using the Admin UI and making >>>>>>> any API calls." >>>>>>> >>>>>>> If activating the authorization plugin doesn't protect the admin ui, >>>>>>> how does one protect access to it? >>>>>>> >>>>>>> Also, the issue I'm having is not just at restart. According to the >>>>>>> docs security.json should be uploaded to Zookeeper before starting any >>>>>>> of the Solr instances. However, I tried to upload security.json before >>>>>>> starting any of the Solr instances, but it would not pick up the >>>>>>> security config until after the Solr instances are already running and >>>>>>> then uploading the security.json again. I can see in the logs at >>>>>>> startup that the Solr instances don't see any plugin enabled even >>>>>>> though security.json is already in zookeeper and then after they are >>>>>>> started and the security.json is uploaded again I see it reconfigure to >>>>>>> use the plugin. >>>>>>> >>>>>>> Thanks, >>>>>>> Kevin >>>>>>> >>>>>>>> On Aug 31, 2015, at 11:22 PM, Noble Paul wrote: >>>>>>>> >>>>>>>> Admin UI is not protected by any of these permissions. Only if you try >>>>>>>> to perform a protected operation , it asks for a password. >>>>>>>> >>>>>>>> I'll investigate the restart problem and report my findings >>>>>>>> >>>>>>>>> On Tue, Sep 1, 2015 at 3:10 AM, Kevin Lee >>>>>>>>> wrote: >>>>>>>>> Anyone else running into any issues trying to get the authentication >>>>>>>>> and authorization plugins in 5.3 working? >>>>>>>>> >>>>>>>>>> On Aug 29, 2015, at 2:30 AM, Kevin Lee >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> I’m trying to use the new basic auth plugin for Solr
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
or first time start does not read the >>>> security.json >>>> >>>> On Tue, Sep 1, 2015 at 1:00 PM, Noble Paul wrote: >>>>> I removed that statement >>>>> >>>>> "If activating the authorization plugin doesn't protect the admin ui, >>>>> how does one protect access to it?" >>>>> >>>>> One does not need to protect the admin UI. You only need to protect >>>>> the relevant API calls . I mean it's OK to not protect the CSS and >>>>> HTML stuff. But if you perform an action to create a core or do a >>>>> query through admin UI , it automatically will prompt you for >>>>> credentials (if those APIs are protected) >>>>> >>>>> On Tue, Sep 1, 2015 at 12:41 PM, Kevin Lee >>>>> wrote: >>>>>> Thanks for the clarification! >>>>>> >>>>>> So is the wiki page incorrect at >>>>>> https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin >>>>>> which says that the admin ui will require authentication once the >>>>>> authorization plugin is activated? >>>>>> >>>>>> "An authorization plugin is also available to configure Solr with >>>>>> permissions to perform various activities in the system. Once activated, >>>>>> access to the Solr Admin UI and all requests will need to be >>>>>> authenticated and users will be required to have the proper >>>>>> authorization for all requests, including using the Admin UI and making >>>>>> any API calls." >>>>>> >>>>>> If activating the authorization plugin doesn't protect the admin ui, how >>>>>> does one protect access to it? >>>>>> >>>>>> Also, the issue I'm having is not just at restart. According to the >>>>>> docs security.json should be uploaded to Zookeeper before starting any >>>>>> of the Solr instances. However, I tried to upload security.json before >>>>>> starting any of the Solr instances, but it would not pick up the >>>>>> security config until after the Solr instances are already running and >>>>>> then uploading the security.json again. I can see in the logs at >>>>>> startup that the Solr instances don't see any plugin enabled even though >>>>>> security.json is already in zookeeper and then after they are started >>>>>> and the security.json is uploaded again I see it reconfigure to use the >>>>>> plugin. >>>>>> >>>>>> Thanks, >>>>>> Kevin >>>>>> >>>>>>> On Aug 31, 2015, at 11:22 PM, Noble Paul wrote: >>>>>>> >>>>>>> Admin UI is not protected by any of these permissions. Only if you try >>>>>>> to perform a protected operation , it asks for a password. >>>>>>> >>>>>>> I'll investigate the restart problem and report my findings >>>>>>> >>>>>>>> On Tue, Sep 1, 2015 at 3:10 AM, Kevin Lee >>>>>>>> wrote: >>>>>>>> Anyone else running into any issues trying to get the authentication >>>>>>>> and authorization plugins in 5.3 working? >>>>>>>> >>>>>>>>> On Aug 29, 2015, at 2:30 AM, Kevin Lee >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> I’m trying to use the new basic auth plugin for Solr 5.3 and it >>>>>>>>> doesn’t seem to be working quite right. Not sure if I’m missing >>>>>>>>> steps or there is a bug. I am able to get it to protect access to a >>>>>>>>> URL under a collection, but am unable to get it to secure access to >>>>>>>>> the Admin UI. In addition, after stopping the Solr and Zookeeper >>>>>>>>> instances, the security.json is still in Zookeeper, however Solr is >>>>>>>>> allowing access to everything again like the security configuration >>>>>>>>> isn’t in place. >>>>>>>>> >>>>>>>>> Con
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
. I mean it's OK to not protect the CSS and >>>> HTML stuff. But if you perform an action to create a core or do a >>>> query through admin UI , it automatically will prompt you for >>>> credentials (if those APIs are protected) >>>> >>>> On Tue, Sep 1, 2015 at 12:41 PM, Kevin Lee >>>> wrote: >>>>> Thanks for the clarification! >>>>> >>>>> So is the wiki page incorrect at >>>>> https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin >>>>> which says that the admin ui will require authentication once the >>>>> authorization plugin is activated? >>>>> >>>>> "An authorization plugin is also available to configure Solr with >>>>> permissions to perform various activities in the system. Once activated, >>>>> access to the Solr Admin UI and all requests will need to be >>>>> authenticated and users will be required to have the proper authorization >>>>> for all requests, including using the Admin UI and making any API calls." >>>>> >>>>> If activating the authorization plugin doesn't protect the admin ui, how >>>>> does one protect access to it? >>>>> >>>>> Also, the issue I'm having is not just at restart. According to the docs >>>>> security.json should be uploaded to Zookeeper before starting any of the >>>>> Solr instances. However, I tried to upload security.json before starting >>>>> any of the Solr instances, but it would not pick up the security config >>>>> until after the Solr instances are already running and then uploading the >>>>> security.json again. I can see in the logs at startup that the Solr >>>>> instances don't see any plugin enabled even though security.json is >>>>> already in zookeeper and then after they are started and the >>>>> security.json is uploaded again I see it reconfigure to use the plugin. >>>>> >>>>> Thanks, >>>>> Kevin >>>>> >>>>>> On Aug 31, 2015, at 11:22 PM, Noble Paul wrote: >>>>>> >>>>>> Admin UI is not protected by any of these permissions. Only if you try >>>>>> to perform a protected operation , it asks for a password. >>>>>> >>>>>> I'll investigate the restart problem and report my findings >>>>>> >>>>>>> On Tue, Sep 1, 2015 at 3:10 AM, Kevin Lee >>>>>>> wrote: >>>>>>> Anyone else running into any issues trying to get the authentication >>>>>>> and authorization plugins in 5.3 working? >>>>>>> >>>>>>>> On Aug 29, 2015, at 2:30 AM, Kevin Lee >>>>>>>> wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> I’m trying to use the new basic auth plugin for Solr 5.3 and it >>>>>>>> doesn’t seem to be working quite right. Not sure if I’m missing steps >>>>>>>> or there is a bug. I am able to get it to protect access to a URL >>>>>>>> under a collection, but am unable to get it to secure access to the >>>>>>>> Admin UI. In addition, after stopping the Solr and Zookeeper >>>>>>>> instances, the security.json is still in Zookeeper, however Solr is >>>>>>>> allowing access to everything again like the security configuration >>>>>>>> isn’t in place. >>>>>>>> >>>>>>>> Contents of security.json taken from wiki page, but edited to produce >>>>>>>> valid JSON. Had to move comma after 3rd from last “}” up to just >>>>>>>> after the last “]”. >>>>>>>> >>>>>>>> { >>>>>>>> "authentication":{ >>>>>>>> "class":"solr.BasicAuthPlugin", >>>>>>>> "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= >>>>>>>> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} >>>>>>>> }, >>>>>>>> "authorization":{ >>>>>>>> "class":"solr.RuleBasedAuthorizationPlugin", >
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
PI calls." >>>> >>>> If activating the authorization plugin doesn't protect the admin ui, how >>>> does one protect access to it? >>>> >>>> Also, the issue I'm having is not just at restart. According to the docs >>>> security.json should be uploaded to Zookeeper before starting any of the >>>> Solr instances. However, I tried to upload security.json before starting >>>> any of the Solr instances, but it would not pick up the security config >>>> until after the Solr instances are already running and then uploading the >>>> security.json again. I can see in the logs at startup that the Solr >>>> instances don't see any plugin enabled even though security.json is >>>> already in zookeeper and then after they are started and the security.json >>>> is uploaded again I see it reconfigure to use the plugin. >>>> >>>> Thanks, >>>> Kevin >>>> >>>>> On Aug 31, 2015, at 11:22 PM, Noble Paul wrote: >>>>> >>>>> Admin UI is not protected by any of these permissions. Only if you try >>>>> to perform a protected operation , it asks for a password. >>>>> >>>>> I'll investigate the restart problem and report my findings >>>>> >>>>>> On Tue, Sep 1, 2015 at 3:10 AM, Kevin Lee >>>>>> wrote: >>>>>> Anyone else running into any issues trying to get the authentication and >>>>>> authorization plugins in 5.3 working? >>>>>> >>>>>>> On Aug 29, 2015, at 2:30 AM, Kevin Lee >>>>>>> wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I’m trying to use the new basic auth plugin for Solr 5.3 and it doesn’t >>>>>>> seem to be working quite right. Not sure if I’m missing steps or there >>>>>>> is a bug. I am able to get it to protect access to a URL under a >>>>>>> collection, but am unable to get it to secure access to the Admin UI. >>>>>>> In addition, after stopping the Solr and Zookeeper instances, the >>>>>>> security.json is still in Zookeeper, however Solr is allowing access to >>>>>>> everything again like the security configuration isn’t in place. >>>>>>> >>>>>>> Contents of security.json taken from wiki page, but edited to produce >>>>>>> valid JSON. Had to move comma after 3rd from last “}” up to just after >>>>>>> the last “]”. >>>>>>> >>>>>>> { >>>>>>> "authentication":{ >>>>>>> "class":"solr.BasicAuthPlugin", >>>>>>> "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= >>>>>>> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} >>>>>>> }, >>>>>>> "authorization":{ >>>>>>> "class":"solr.RuleBasedAuthorizationPlugin", >>>>>>> "permissions":[{"name":"security-edit", >>>>>>> "role":"admin"}], >>>>>>> "user-role":{"solr":"admin"} >>>>>>> }} >>>>>>> >>>>>>> Here are the steps I followed: >>>>>>> >>>>>>> Upload security.json to zookeeper >>>>>>> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile >>>>>>> /security.json ~/solr/security.json >>>>>>> >>>>>>> Use zkCli.sh from Zookeeper to ensure the security.json is in Zookeeper >>>>>>> at /security.json. It is there and looks like what was originally >>>>>>> uploaded. >>>>>>> >>>>>>> Start Solr Instances >>>>>>> >>>>>>> Attempt to create a permission, however get the following error: >>>>>>> { >>>>>>> "responseHeader":{ >>>>>>> "status":400, >>>>>>> "QTime":0}, >>>>>>> "error":{ >>>>>>> "msg":"No authorization plugin configured", >>>>>>>
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
Hi Kevin, Were you able to get a workaround / fix for your problem ? I'm also looking to secure Collection and Update APIs by upgrading to 5.3. Just wondering if it's worth the upgrade or should I wait for the next version, which will probably address this. Regards, Shamik -- View this message in context: http://lucene.472066.n3.nabble.com/Issue-Using-Solr-5-3-Authentication-and-Authorization-Plugins-tp4226011p4226552.html Sent from the Solr - User mailing list archive at Nabble.com.
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
instances don't see any plugin enabled even though security.json is already >>> in zookeeper and then after they are started and the security.json is >>> uploaded again I see it reconfigure to use the plugin. >>> >>> Thanks, >>> Kevin >>> >>>> On Aug 31, 2015, at 11:22 PM, Noble Paul wrote: >>>> >>>> Admin UI is not protected by any of these permissions. Only if you try >>>> to perform a protected operation , it asks for a password. >>>> >>>> I'll investigate the restart problem and report my findings >>>> >>>>> On Tue, Sep 1, 2015 at 3:10 AM, Kevin Lee >>>>> wrote: >>>>> Anyone else running into any issues trying to get the authentication and >>>>> authorization plugins in 5.3 working? >>>>> >>>>>> On Aug 29, 2015, at 2:30 AM, Kevin Lee wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> I’m trying to use the new basic auth plugin for Solr 5.3 and it doesn’t >>>>>> seem to be working quite right. Not sure if I’m missing steps or there >>>>>> is a bug. I am able to get it to protect access to a URL under a >>>>>> collection, but am unable to get it to secure access to the Admin UI. >>>>>> In addition, after stopping the Solr and Zookeeper instances, the >>>>>> security.json is still in Zookeeper, however Solr is allowing access to >>>>>> everything again like the security configuration isn’t in place. >>>>>> >>>>>> Contents of security.json taken from wiki page, but edited to produce >>>>>> valid JSON. Had to move comma after 3rd from last “}” up to just after >>>>>> the last “]”. >>>>>> >>>>>> { >>>>>> "authentication":{ >>>>>> "class":"solr.BasicAuthPlugin", >>>>>> "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= >>>>>> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} >>>>>> }, >>>>>> "authorization":{ >>>>>> "class":"solr.RuleBasedAuthorizationPlugin", >>>>>> "permissions":[{"name":"security-edit", >>>>>> "role":"admin"}], >>>>>> "user-role":{"solr":"admin"} >>>>>> }} >>>>>> >>>>>> Here are the steps I followed: >>>>>> >>>>>> Upload security.json to zookeeper >>>>>> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile >>>>>> /security.json ~/solr/security.json >>>>>> >>>>>> Use zkCli.sh from Zookeeper to ensure the security.json is in Zookeeper >>>>>> at /security.json. It is there and looks like what was originally >>>>>> uploaded. >>>>>> >>>>>> Start Solr Instances >>>>>> >>>>>> Attempt to create a permission, however get the following error: >>>>>> { >>>>>> "responseHeader":{ >>>>>> "status":400, >>>>>> "QTime":0}, >>>>>> "error":{ >>>>>> "msg":"No authorization plugin configured", >>>>>> "code":400}} >>>>>> >>>>>> Upload security.json again. >>>>>> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile >>>>>> /security.json ~/solr/security.json >>>>>> >>>>>> Issue the following to try to create the permission again and this time >>>>>> it’s successful. >>>>>> // Create a permission for mysearch endpoint >>>>>> curl --user solr:SolrRocks -H 'Content-type:application/json' -d >>>>>> '{"set-permission": {"name":"mycollection-search","collection": >>>>>> “mycollection","path":”/mysearch","role": "search-user"}}' >>>>>> http://localhost:8983/solr/admin/authorization >>>>>> >>>>>> { >>>>>> "responseHeader":{ >>>>>> "status":0, >>>>>> "QTime":7}} >>>>>> >>>>>> Issue the following commands to add users >>>>>> curl --user solr:SolrRocks >>>>>> http://localhost:8983/solr/admin/authentication -H >>>>>> 'Content-type:application/json' -d '{"set-user": {"admin" : “password" >>>>>> }}’ >>>>>> curl --user solr:SolrRocks >>>>>> http://localhost:8983/solr/admin/authentication -H >>>>>> 'Content-type:application/json' -d '{"set-user": {"user" : “password" }}' >>>>>> >>>>>> Issue the following command to add permission to users >>>>>> curl -u solr:SolrRocks -H 'Content-type:application/json' -d '{ >>>>>> "set-user-role" : {"admin": ["search-user", "admin"]}}' >>>>>> http://localhost:8983/solr/admin/authorization >>>>>> curl -u solr:SolrRocks -H 'Content-type:application/json' -d '{ >>>>>> "set-user-role" : {"user": ["search-user"]}}' >>>>>> http://localhost:8983/solr/admin/authorization >>>>>> >>>>>> After executing the above, access to /mysearch is protected until I >>>>>> restart the Solr and Zookeeper instances. However, the admin UI is >>>>>> never protected like the Wiki page says it should be once activated. >>>>>> >>>>>> https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin >>>>>> >>>>>> <https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin> >>>>>> >>>>>> Why does the authentication and authorization plugin not stay activated >>>>>> after restart and why is the Admin UI never protected? Am I missing any >>>>>> steps? >>>>>> >>>>>> Thanks, >>>>>> Kevin >>>> >>>> >>>> >>>> -- >>>> - >>>> Noble Paul >> >> >> >> -- >> - >> Noble Paul > > > > -- > - > Noble Paul
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
Looks like there is a bug in that . On start/restart the security.json is not loaded I shall open a ticket https://issues.apache.org/jira/browse/SOLR-8000 On Tue, Sep 1, 2015 at 1:01 PM, Noble Paul wrote: > I'm investigating why restarts or first time start does not read the > security.json > > On Tue, Sep 1, 2015 at 1:00 PM, Noble Paul wrote: >> I removed that statement >> >> "If activating the authorization plugin doesn't protect the admin ui, >> how does one protect access to it?" >> >> One does not need to protect the admin UI. You only need to protect >> the relevant API calls . I mean it's OK to not protect the CSS and >> HTML stuff. But if you perform an action to create a core or do a >> query through admin UI , it automatically will prompt you for >> credentials (if those APIs are protected) >> >> On Tue, Sep 1, 2015 at 12:41 PM, Kevin Lee wrote: >>> Thanks for the clarification! >>> >>> So is the wiki page incorrect at >>> https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin >>> which says that the admin ui will require authentication once the >>> authorization plugin is activated? >>> >>> "An authorization plugin is also available to configure Solr with >>> permissions to perform various activities in the system. Once activated, >>> access to the Solr Admin UI and all requests will need to be authenticated >>> and users will be required to have the proper authorization for all >>> requests, including using the Admin UI and making any API calls." >>> >>> If activating the authorization plugin doesn't protect the admin ui, how >>> does one protect access to it? >>> >>> Also, the issue I'm having is not just at restart. According to the docs >>> security.json should be uploaded to Zookeeper before starting any of the >>> Solr instances. However, I tried to upload security.json before starting >>> any of the Solr instances, but it would not pick up the security config >>> until after the Solr instances are already running and then uploading the >>> security.json again. I can see in the logs at startup that the Solr >>> instances don't see any plugin enabled even though security.json is already >>> in zookeeper and then after they are started and the security.json is >>> uploaded again I see it reconfigure to use the plugin. >>> >>> Thanks, >>> Kevin >>> >>>> On Aug 31, 2015, at 11:22 PM, Noble Paul wrote: >>>> >>>> Admin UI is not protected by any of these permissions. Only if you try >>>> to perform a protected operation , it asks for a password. >>>> >>>> I'll investigate the restart problem and report my findings >>>> >>>>> On Tue, Sep 1, 2015 at 3:10 AM, Kevin Lee >>>>> wrote: >>>>> Anyone else running into any issues trying to get the authentication and >>>>> authorization plugins in 5.3 working? >>>>> >>>>>> On Aug 29, 2015, at 2:30 AM, Kevin Lee wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> I’m trying to use the new basic auth plugin for Solr 5.3 and it doesn’t >>>>>> seem to be working quite right. Not sure if I’m missing steps or there >>>>>> is a bug. I am able to get it to protect access to a URL under a >>>>>> collection, but am unable to get it to secure access to the Admin UI. >>>>>> In addition, after stopping the Solr and Zookeeper instances, the >>>>>> security.json is still in Zookeeper, however Solr is allowing access to >>>>>> everything again like the security configuration isn’t in place. >>>>>> >>>>>> Contents of security.json taken from wiki page, but edited to produce >>>>>> valid JSON. Had to move comma after 3rd from last “}” up to just after >>>>>> the last “]”. >>>>>> >>>>>> { >>>>>> "authentication":{ >>>>>> "class":"solr.BasicAuthPlugin", >>>>>> "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= >>>>>> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} >>>>>> }, >>>>>> "authorization":{ >>>>>> "class":"solr.RuleBasedAuthorizationPlug
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
I'm investigating why restarts or first time start does not read the security.json On Tue, Sep 1, 2015 at 1:00 PM, Noble Paul wrote: > I removed that statement > > "If activating the authorization plugin doesn't protect the admin ui, > how does one protect access to it?" > > One does not need to protect the admin UI. You only need to protect > the relevant API calls . I mean it's OK to not protect the CSS and > HTML stuff. But if you perform an action to create a core or do a > query through admin UI , it automatically will prompt you for > credentials (if those APIs are protected) > > On Tue, Sep 1, 2015 at 12:41 PM, Kevin Lee wrote: >> Thanks for the clarification! >> >> So is the wiki page incorrect at >> https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin >> which says that the admin ui will require authentication once the >> authorization plugin is activated? >> >> "An authorization plugin is also available to configure Solr with >> permissions to perform various activities in the system. Once activated, >> access to the Solr Admin UI and all requests will need to be authenticated >> and users will be required to have the proper authorization for all >> requests, including using the Admin UI and making any API calls." >> >> If activating the authorization plugin doesn't protect the admin ui, how >> does one protect access to it? >> >> Also, the issue I'm having is not just at restart. According to the docs >> security.json should be uploaded to Zookeeper before starting any of the >> Solr instances. However, I tried to upload security.json before starting >> any of the Solr instances, but it would not pick up the security config >> until after the Solr instances are already running and then uploading the >> security.json again. I can see in the logs at startup that the Solr >> instances don't see any plugin enabled even though security.json is already >> in zookeeper and then after they are started and the security.json is >> uploaded again I see it reconfigure to use the plugin. >> >> Thanks, >> Kevin >> >>> On Aug 31, 2015, at 11:22 PM, Noble Paul wrote: >>> >>> Admin UI is not protected by any of these permissions. Only if you try >>> to perform a protected operation , it asks for a password. >>> >>> I'll investigate the restart problem and report my findings >>> >>>> On Tue, Sep 1, 2015 at 3:10 AM, Kevin Lee >>>> wrote: >>>> Anyone else running into any issues trying to get the authentication and >>>> authorization plugins in 5.3 working? >>>> >>>>> On Aug 29, 2015, at 2:30 AM, Kevin Lee wrote: >>>>> >>>>> Hi, >>>>> >>>>> I’m trying to use the new basic auth plugin for Solr 5.3 and it doesn’t >>>>> seem to be working quite right. Not sure if I’m missing steps or there >>>>> is a bug. I am able to get it to protect access to a URL under a >>>>> collection, but am unable to get it to secure access to the Admin UI. In >>>>> addition, after stopping the Solr and Zookeeper instances, the >>>>> security.json is still in Zookeeper, however Solr is allowing access to >>>>> everything again like the security configuration isn’t in place. >>>>> >>>>> Contents of security.json taken from wiki page, but edited to produce >>>>> valid JSON. Had to move comma after 3rd from last “}” up to just after >>>>> the last “]”. >>>>> >>>>> { >>>>> "authentication":{ >>>>> "class":"solr.BasicAuthPlugin", >>>>> "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= >>>>> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} >>>>> }, >>>>> "authorization":{ >>>>> "class":"solr.RuleBasedAuthorizationPlugin", >>>>> "permissions":[{"name":"security-edit", >>>>>"role":"admin"}], >>>>> "user-role":{"solr":"admin"} >>>>> }} >>>>> >>>>> Here are the steps I followed: >>>>> >>>>> Upload security.json to zookeeper >>>>> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile >>>>> /se
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
I removed that statement "If activating the authorization plugin doesn't protect the admin ui, how does one protect access to it?" One does not need to protect the admin UI. You only need to protect the relevant API calls . I mean it's OK to not protect the CSS and HTML stuff. But if you perform an action to create a core or do a query through admin UI , it automatically will prompt you for credentials (if those APIs are protected) On Tue, Sep 1, 2015 at 12:41 PM, Kevin Lee wrote: > Thanks for the clarification! > > So is the wiki page incorrect at > https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin > which says that the admin ui will require authentication once the > authorization plugin is activated? > > "An authorization plugin is also available to configure Solr with permissions > to perform various activities in the system. Once activated, access to the > Solr Admin UI and all requests will need to be authenticated and users will > be required to have the proper authorization for all requests, including > using the Admin UI and making any API calls." > > If activating the authorization plugin doesn't protect the admin ui, how does > one protect access to it? > > Also, the issue I'm having is not just at restart. According to the docs > security.json should be uploaded to Zookeeper before starting any of the Solr > instances. However, I tried to upload security.json before starting any of > the Solr instances, but it would not pick up the security config until after > the Solr instances are already running and then uploading the security.json > again. I can see in the logs at startup that the Solr instances don't see > any plugin enabled even though security.json is already in zookeeper and then > after they are started and the security.json is uploaded again I see it > reconfigure to use the plugin. > > Thanks, > Kevin > >> On Aug 31, 2015, at 11:22 PM, Noble Paul wrote: >> >> Admin UI is not protected by any of these permissions. Only if you try >> to perform a protected operation , it asks for a password. >> >> I'll investigate the restart problem and report my findings >> >>> On Tue, Sep 1, 2015 at 3:10 AM, Kevin Lee wrote: >>> Anyone else running into any issues trying to get the authentication and >>> authorization plugins in 5.3 working? >>> >>>> On Aug 29, 2015, at 2:30 AM, Kevin Lee wrote: >>>> >>>> Hi, >>>> >>>> I’m trying to use the new basic auth plugin for Solr 5.3 and it doesn’t >>>> seem to be working quite right. Not sure if I’m missing steps or there is >>>> a bug. I am able to get it to protect access to a URL under a collection, >>>> but am unable to get it to secure access to the Admin UI. In addition, >>>> after stopping the Solr and Zookeeper instances, the security.json is >>>> still in Zookeeper, however Solr is allowing access to everything again >>>> like the security configuration isn’t in place. >>>> >>>> Contents of security.json taken from wiki page, but edited to produce >>>> valid JSON. Had to move comma after 3rd from last “}” up to just after >>>> the last “]”. >>>> >>>> { >>>> "authentication":{ >>>> "class":"solr.BasicAuthPlugin", >>>> "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= >>>> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} >>>> }, >>>> "authorization":{ >>>> "class":"solr.RuleBasedAuthorizationPlugin", >>>> "permissions":[{"name":"security-edit", >>>>"role":"admin"}], >>>> "user-role":{"solr":"admin"} >>>> }} >>>> >>>> Here are the steps I followed: >>>> >>>> Upload security.json to zookeeper >>>> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile >>>> /security.json ~/solr/security.json >>>> >>>> Use zkCli.sh from Zookeeper to ensure the security.json is in Zookeeper at >>>> /security.json. It is there and looks like what was originally uploaded. >>>> >>>> Start Solr Instances >>>> >>>> Attempt to create a permission, however get the following error: >>>> { >>>> "responseHeader":{ >>>> "status":400, >>>> &
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
Thanks for the clarification! So is the wiki page incorrect at https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin which says that the admin ui will require authentication once the authorization plugin is activated? "An authorization plugin is also available to configure Solr with permissions to perform various activities in the system. Once activated, access to the Solr Admin UI and all requests will need to be authenticated and users will be required to have the proper authorization for all requests, including using the Admin UI and making any API calls." If activating the authorization plugin doesn't protect the admin ui, how does one protect access to it? Also, the issue I'm having is not just at restart. According to the docs security.json should be uploaded to Zookeeper before starting any of the Solr instances. However, I tried to upload security.json before starting any of the Solr instances, but it would not pick up the security config until after the Solr instances are already running and then uploading the security.json again. I can see in the logs at startup that the Solr instances don't see any plugin enabled even though security.json is already in zookeeper and then after they are started and the security.json is uploaded again I see it reconfigure to use the plugin. Thanks, Kevin > On Aug 31, 2015, at 11:22 PM, Noble Paul wrote: > > Admin UI is not protected by any of these permissions. Only if you try > to perform a protected operation , it asks for a password. > > I'll investigate the restart problem and report my findings > >> On Tue, Sep 1, 2015 at 3:10 AM, Kevin Lee wrote: >> Anyone else running into any issues trying to get the authentication and >> authorization plugins in 5.3 working? >> >>> On Aug 29, 2015, at 2:30 AM, Kevin Lee wrote: >>> >>> Hi, >>> >>> I’m trying to use the new basic auth plugin for Solr 5.3 and it doesn’t >>> seem to be working quite right. Not sure if I’m missing steps or there is >>> a bug. I am able to get it to protect access to a URL under a collection, >>> but am unable to get it to secure access to the Admin UI. In addition, >>> after stopping the Solr and Zookeeper instances, the security.json is still >>> in Zookeeper, however Solr is allowing access to everything again like the >>> security configuration isn’t in place. >>> >>> Contents of security.json taken from wiki page, but edited to produce valid >>> JSON. Had to move comma after 3rd from last “}” up to just after the last >>> “]”. >>> >>> { >>> "authentication":{ >>> "class":"solr.BasicAuthPlugin", >>> "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= >>> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} >>> }, >>> "authorization":{ >>> "class":"solr.RuleBasedAuthorizationPlugin", >>> "permissions":[{"name":"security-edit", >>>"role":"admin"}], >>> "user-role":{"solr":"admin"} >>> }} >>> >>> Here are the steps I followed: >>> >>> Upload security.json to zookeeper >>> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile >>> /security.json ~/solr/security.json >>> >>> Use zkCli.sh from Zookeeper to ensure the security.json is in Zookeeper at >>> /security.json. It is there and looks like what was originally uploaded. >>> >>> Start Solr Instances >>> >>> Attempt to create a permission, however get the following error: >>> { >>> "responseHeader":{ >>> "status":400, >>> "QTime":0}, >>> "error":{ >>> "msg":"No authorization plugin configured", >>> "code":400}} >>> >>> Upload security.json again. >>> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile >>> /security.json ~/solr/security.json >>> >>> Issue the following to try to create the permission again and this time >>> it’s successful. >>> // Create a permission for mysearch endpoint >>> curl --user solr:SolrRocks -H 'Content-type:application/json' -d >>> '{"set-permission": {"name":"mycollection-search","collection": >>> “mycollection","path":”/mysearch","role"
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
Admin UI is not protected by any of these permissions. Only if you try to perform a protected operation , it asks for a password. I'll investigate the restart problem and report my findings On Tue, Sep 1, 2015 at 3:10 AM, Kevin Lee wrote: > Anyone else running into any issues trying to get the authentication and > authorization plugins in 5.3 working? > >> On Aug 29, 2015, at 2:30 AM, Kevin Lee wrote: >> >> Hi, >> >> I’m trying to use the new basic auth plugin for Solr 5.3 and it doesn’t seem >> to be working quite right. Not sure if I’m missing steps or there is a bug. >> I am able to get it to protect access to a URL under a collection, but am >> unable to get it to secure access to the Admin UI. In addition, after >> stopping the Solr and Zookeeper instances, the security.json is still in >> Zookeeper, however Solr is allowing access to everything again like the >> security configuration isn’t in place. >> >> Contents of security.json taken from wiki page, but edited to produce valid >> JSON. Had to move comma after 3rd from last “}” up to just after the last >> “]”. >> >> { >> "authentication":{ >> "class":"solr.BasicAuthPlugin", >> "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= >> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} >> }, >> "authorization":{ >> "class":"solr.RuleBasedAuthorizationPlugin", >> "permissions":[{"name":"security-edit", >> "role":"admin"}], >> "user-role":{"solr":"admin"} >> }} >> >> Here are the steps I followed: >> >> Upload security.json to zookeeper >> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile >> /security.json ~/solr/security.json >> >> Use zkCli.sh from Zookeeper to ensure the security.json is in Zookeeper at >> /security.json. It is there and looks like what was originally uploaded. >> >> Start Solr Instances >> >> Attempt to create a permission, however get the following error: >> { >> "responseHeader":{ >>"status":400, >>"QTime":0}, >> "error":{ >>"msg":"No authorization plugin configured", >>"code":400}} >> >> Upload security.json again. >> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile >> /security.json ~/solr/security.json >> >> Issue the following to try to create the permission again and this time it’s >> successful. >> // Create a permission for mysearch endpoint >>curl --user solr:SolrRocks -H 'Content-type:application/json' -d >> '{"set-permission": {"name":"mycollection-search","collection": >> “mycollection","path":”/mysearch","role": "search-user"}}' >> http://localhost:8983/solr/admin/authorization >> >>{ >> "responseHeader":{ >>"status":0, >>"QTime":7}} >> >> Issue the following commands to add users >> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication >> -H 'Content-type:application/json' -d '{"set-user": {"admin" : “password" }}’ >> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication >> -H 'Content-type:application/json' -d '{"set-user": {"user" : “password" }}' >> >> Issue the following command to add permission to users >> curl -u solr:SolrRocks -H 'Content-type:application/json' -d '{ >> "set-user-role" : {"admin": ["search-user", "admin"]}}' >> http://localhost:8983/solr/admin/authorization >> curl -u solr:SolrRocks -H 'Content-type:application/json' -d '{ >> "set-user-role" : {"user": ["search-user"]}}' >> http://localhost:8983/solr/admin/authorization >> >> After executing the above, access to /mysearch is protected until I restart >> the Solr and Zookeeper instances. However, the admin UI is never protected >> like the Wiki page says it should be once activated. >> >> https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin >> >> <https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin> >> >> Why does the authentication and authorization plugin not stay activated >> after restart and why is the Admin UI never protected? Am I missing any >> steps? >> >> Thanks, >> Kevin -- - Noble Paul
Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
Anyone else running into any issues trying to get the authentication and authorization plugins in 5.3 working? > On Aug 29, 2015, at 2:30 AM, Kevin Lee wrote: > > Hi, > > I’m trying to use the new basic auth plugin for Solr 5.3 and it doesn’t seem > to be working quite right. Not sure if I’m missing steps or there is a bug. > I am able to get it to protect access to a URL under a collection, but am > unable to get it to secure access to the Admin UI. In addition, after > stopping the Solr and Zookeeper instances, the security.json is still in > Zookeeper, however Solr is allowing access to everything again like the > security configuration isn’t in place. > > Contents of security.json taken from wiki page, but edited to produce valid > JSON. Had to move comma after 3rd from last “}” up to just after the last > “]”. > > { > "authentication":{ > "class":"solr.BasicAuthPlugin", > "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= > Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} > }, > "authorization":{ > "class":"solr.RuleBasedAuthorizationPlugin", > "permissions":[{"name":"security-edit", > "role":"admin"}], > "user-role":{"solr":"admin"} > }} > > Here are the steps I followed: > > Upload security.json to zookeeper > ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile > /security.json ~/solr/security.json > > Use zkCli.sh from Zookeeper to ensure the security.json is in Zookeeper at > /security.json. It is there and looks like what was originally uploaded. > > Start Solr Instances > > Attempt to create a permission, however get the following error: > { > "responseHeader":{ >"status":400, >"QTime":0}, > "error":{ >"msg":"No authorization plugin configured", >"code":400}} > > Upload security.json again. > ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile > /security.json ~/solr/security.json > > Issue the following to try to create the permission again and this time it’s > successful. > // Create a permission for mysearch endpoint >curl --user solr:SolrRocks -H 'Content-type:application/json' -d > '{"set-permission": {"name":"mycollection-search","collection": > “mycollection","path":”/mysearch","role": "search-user"}}' > http://localhost:8983/solr/admin/authorization > >{ > "responseHeader":{ >"status":0, >"QTime":7}} > > Issue the following commands to add users > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H > 'Content-type:application/json' -d '{"set-user": {"admin" : “password" }}’ > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H > 'Content-type:application/json' -d '{"set-user": {"user" : “password" }}' > > Issue the following command to add permission to users > curl -u solr:SolrRocks -H 'Content-type:application/json' -d '{ > "set-user-role" : {"admin": ["search-user", "admin"]}}' > http://localhost:8983/solr/admin/authorization > curl -u solr:SolrRocks -H 'Content-type:application/json' -d '{ > "set-user-role" : {"user": ["search-user"]}}' > http://localhost:8983/solr/admin/authorization > > After executing the above, access to /mysearch is protected until I restart > the Solr and Zookeeper instances. However, the admin UI is never protected > like the Wiki page says it should be once activated. > > https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin > > <https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin> > > Why does the authentication and authorization plugin not stay activated after > restart and why is the Admin UI never protected? Am I missing any steps? > > Thanks, > Kevin
Solr 5.3 Faceting on Children with Block Join Parser
Apologies for cross posting a question from SO here. I am very interested in the new faceting on child documents feature of Solr 5.3 and would like to know if somebody has figured out how to do it as asked in the question on http://stackoverflow.com/questions/32212949/solr-5-3-faceting-on-children-with-block-join-parser Thanks for any hints, Tom The question is: Solr 5.3 supports faceting on nested documents [1], with a great tutorial from Yonik [2]. In the tutorial example, the query to get the documents for faceting is directly performed on the child documents: $ curl http://localhost:8983/solr/demo/query -d ' q=author_s:yonik&fl=id,comment_t& json.facet={ genres : { type: terms, field: cat_s, domain: { blockParent : "type_s:book" } } }' What I do not know is how to facet on child documents returned from a Block Join Parent Query Parser [3] and provided through ExpandComponent [4]. What I have working so far is the same as in the example from the ExpandComponent [4]: Query the child fields to return the parent documents (see 1.), then expand the result to get the relevant child documents (see 2.) 1. q={!parent which="type_s:parent" v='text_t:solr'} 2. &expand=true&expand.field=ISBN_s&expand.q=*:* What I need: Having steps 1.) and 2.) already working, how can we facet on some field (does not matter which) of the returned child documents from (2.) ? [1]: http://yonik.com/solr-5-3/ [2]: http://yonik.com/solr-nested-objects/ [3]: https://cwiki.apache.org/confluence/display/solr/Other+Parsers [4]: http://heliosearch.org/expand-block-join/
Issue Using Solr 5.3 Authentication and Authorization Plugins
Hi, I’m trying to use the new basic auth plugin for Solr 5.3 and it doesn’t seem to be working quite right. Not sure if I’m missing steps or there is a bug. I am able to get it to protect access to a URL under a collection, but am unable to get it to secure access to the Admin UI. In addition, after stopping the Solr and Zookeeper instances, the security.json is still in Zookeeper, however Solr is allowing access to everything again like the security configuration isn’t in place. Contents of security.json taken from wiki page, but edited to produce valid JSON. Had to move comma after 3rd from last “}” up to just after the last “]”. { "authentication":{ "class":"solr.BasicAuthPlugin", "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} }, "authorization":{ "class":"solr.RuleBasedAuthorizationPlugin", "permissions":[{"name":"security-edit", "role":"admin"}], "user-role":{"solr":"admin"} }} Here are the steps I followed: Upload security.json to zookeeper ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile /security.json ~/solr/security.json Use zkCli.sh from Zookeeper to ensure the security.json is in Zookeeper at /security.json. It is there and looks like what was originally uploaded. Start Solr Instances Attempt to create a permission, however get the following error: { "responseHeader":{ "status":400, "QTime":0}, "error":{ "msg":"No authorization plugin configured", "code":400}} Upload security.json again. ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile /security.json ~/solr/security.json Issue the following to try to create the permission again and this time it’s successful. // Create a permission for mysearch endpoint curl --user solr:SolrRocks -H 'Content-type:application/json' -d '{"set-permission": {"name":"mycollection-search","collection": “mycollection","path":”/mysearch","role": "search-user"}}' http://localhost:8983/solr/admin/authorization { "responseHeader":{ "status":0, "QTime":7}} Issue the following commands to add users curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json' -d '{"set-user": {"admin" : “password" }}’ curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json' -d '{"set-user": {"user" : “password" }}' Issue the following command to add permission to users curl -u solr:SolrRocks -H 'Content-type:application/json' -d '{ "set-user-role" : {"admin": ["search-user", "admin"]}}' http://localhost:8983/solr/admin/authorization curl -u solr:SolrRocks -H 'Content-type:application/json' -d '{ "set-user-role" : {"user": ["search-user"]}}' http://localhost:8983/solr/admin/authorization After executing the above, access to /mysearch is protected until I restart the Solr and Zookeeper instances. However, the admin UI is never protected like the Wiki page says it should be once activated. https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin <https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin> Why does the authentication and authorization plugin not stay activated after restart and why is the Admin UI never protected? Am I missing any steps? Thanks, Kevin
Securing Solr 5.3 with Basic Authentication
With version 5.3 Solr have full-featured authentication and authorization plugins that use Basic authentication and “permission rules” which are completely driven from ZooKeeper. So I have tried that without success follwong the info in https://cwiki.apache.org/confluence/display/solr/Securing+Solr and http://lucidworks.com/blog/securing-solr-basic-auth-permission-rules: I followed this steps: *1) Set up a Zookeeper Ensemble (3 nodes).* *2) I upload the filesecurity.json to Zookeper* I used this command to upload the file: zkcli.bat -zkhost localhost:2181 -cmd putfile /security.json security.json Content of the file security.json: { "authentication":{ "class":"solr.BasicAuthPlugin", "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} }, "authorization":{ "class":"solr.RuleBasedAuthorizationPlugin", "user-role":{"solr":"admin"}, "permissions":[{"name":"security-edit", "role":"admin"}] }} I also tried with this security.json content: {"authentication":{"class":"solr.BasicAuthPlugin"},"authorization":{"class":"solr.RuleBasedAuthorizationPlugin"}} *3) ** I started Solr 5.3.0 in cloud mode (and 'bootstrap' ):* I used this command: ./solr start -c -z "localhost:2181,localhost:2182,localhost:2183" -s ../server/solrcloud_test -Dbootstrap_confdir=../server/solrcloud_test/configsets/basic_configs/conf -Dcollection.configName=c_test_cfg -f However, I can access directly to http://localhost:8983/solr and the browser doesn't ask me the credentials. In Solr Admin I can see the /security.json (with the correct content) and even the c_test_cfg under /cofigs . I can see this in the log when solr starts: 955 INFO (main) [ ] o.a.s.c.CoreContainer Security conf doesn't exist. Skipping setup for authorization module. 955 INFO (main) [ ] o.a.s.c.CoreContainer No authentication plugin used. Can anybody tell me what I'm doing wrong??
ANNOUNCE: Apache Solr Reference Guide for Solr 5.3 released
The Lucene PMC is pleased to announce the release of the Solr Reference Guide for Solr 5.3. This 577 page PDF is the definitive guide for using Apache Solr and can be downloaded from: https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/ If you have
Re: SOLR 5.3
The release is underway. Incorporating some corrections suggested by others. Expect an announcement ove rthe next few hours On Sun, Aug 23, 2015 at 6:44 PM, Arcadius Ahouansou wrote: > Solr-5.3 has been available for download from > http://mirror.catn.com/pub/apache/lucene/solr/5.3.0/ > > The redirection on the web site will probably be fixed before we get the > official announcement. > > Arcadius. > > On 23 August 2015 at 09:00, William Bell wrote: > >> At lucene.apache.org/solr it says SOLR 5.3 is there, but when I click on >> downloads it shows Solr 5.2.1... ?? >> >> "APACHE SOLR™ 5.3.0Solr is the popular, blazing-fast, open source >> enterprise search platform built on Apache Lucene™." >> >> -- >> Bill Bell >> billnb...@gmail.com >> cell 720-256-8076 >> > > > > -- > Arcadius Ahouansou > Menelic Ltd | Information is Power > M: 07908761999 > W: www.menelic.com > --- -- - Noble Paul
Re: SOLR 5.3
Solr-5.3 has been available for download from http://mirror.catn.com/pub/apache/lucene/solr/5.3.0/ The redirection on the web site will probably be fixed before we get the official announcement. Arcadius. On 23 August 2015 at 09:00, William Bell wrote: > At lucene.apache.org/solr it says SOLR 5.3 is there, but when I click on > downloads it shows Solr 5.2.1... ?? > > "APACHE SOLR™ 5.3.0Solr is the popular, blazing-fast, open source > enterprise search platform built on Apache Lucene™." > > -- > Bill Bell > billnb...@gmail.com > cell 720-256-8076 > -- Arcadius Ahouansou Menelic Ltd | Information is Power M: 07908761999 W: www.menelic.com ---
SOLR 5.3
At lucene.apache.org/solr it says SOLR 5.3 is there, but when I click on downloads it shows Solr 5.2.1... ?? "APACHE SOLR™ 5.3.0Solr is the popular, blazing-fast, open source enterprise search platform built on Apache Lucene™." -- Bill Bell billnb...@gmail.com cell 720-256-8076
Re: SOLR 5.3
On 8/4/2015 7:28 PM, William Bell wrote: > When do we think SOLR 5.3 might come out? > > It is nearly ready? There is no simple answer to this question. There are a lot of things that could change the release date. For anyone who wants to keep up on the pulse of releases, you can join the dev mailing list. Everything about development for the Lucene/Solr project is discussed in public, there are very few surprises: http://lucene.apache.org/solr/resources.html#mailing-lists Last week, we had someone volunteer to be release manager (RM) for 5.3. http://mail-archives.apache.org/mod_mbox/lucene-dev/201507.mbox/%3CCABVqxwCn+ue=uj_01dwgjstnn_lk1bv5tybexhk7fjfbjcu...@mail.gmail.com%3E Later, our volunteer said that something came up so it had to be pushed a little. http://mail-archives.apache.org/mod_mbox/lucene-dev/201508.mbox/%3ccabvqxwcvmuatk9tuy9rseu+jht7zovsmcogmb6narqhv9lo...@mail.gmail.com%3E The release process is documented in excruciating detail (from the point of view of the release manager) at this location: https://wiki.apache.org/lucene-java/ReleaseTodo Additional detail regarding the dev mailing list: This is a very high traffic list, due to the various automated notification emails that are sent there. If you join this list and have any way to filter emails into folders, you'll probably want to use that capability for these automated emails. Here are all the sieve filters that I have set up for the dev list: https://www.dropbox.com/s/k1qhwogeu7m7nci/elyograg-mailfilters-dev-lucene.png?dl=0 Thanks, Shawn
Re: SOLR 5.3
Are you watching lucene-dev list? The discussion is happening there. In short, the preparations have started, but there are things to cleanup and no RCs have been out yet. I don't think even a branch has been cut yet. So, a while to go still. Solr Analyzers, Tokenizers, Filters, URPs and even a newsletter: http://www.solr-start.com/ On 4 August 2015 at 21:28, William Bell wrote: > When do we think SOLR 5.3 might come out? > > It is nearly ready? > > -- > Bill Bell > billnb...@gmail.com > cell 720-256-8076
SOLR 5.3
When do we think SOLR 5.3 might come out? It is nearly ready? -- Bill Bell billnb...@gmail.com cell 720-256-8076