On 2/27/2015 12:51 AM, Danesh Kuruppu wrote: > I am doing some feasibility studies for moving directly to solr 5.0.0. > > One more thing, It is related to standalone server. > > How security handle in solr standalone server. lets say, I configured my > application to use remote solr standalone server. > > 1. How I would enable secure communication between my application and solr > server. > 2. How solr server authenticate user.
Solr itself does not contain any security mechanisms, because Solr does not own *any* of the network communication layers where such security must be implemented. It is not currently possible for Solr to implement any reasonable security mechanisms. Eventually (hopefully in the near future), Solr will be a completely standalone application that does not rely on a servlet container, and when that happens, it will be possible to implement security within Solr itself. Right now, configuring SSL is not very hard, and you can also enable authentication in the servlet container. It's my understanding that using certificate-based authentication works already, but if you configure basic authentication (username/password), you will find any kind of distributed searching (including SolrCloud) will not function correctly. This is because Solr does not currently have any mechanism to provide the username/password when communicating with another instance. Thanks, Shawn
