With version 5.3 Solr have full-featured authentication and authorization plugins that use Basic authentication and “permission rules” which are completely driven from ZooKeeper.
So I have tried that without success follwong the info in https://cwiki.apache.org/confluence/display/solr/Securing+Solr and http://lucidworks.com/blog/securing-solr-basic-auth-permission-rules: I followed this steps: *1) Set up a Zookeeper Ensemble (3 nodes).* *2) I upload the filesecurity.json to Zookeper* I used this command to upload the file: zkcli.bat -zkhost localhost:2181 -cmd putfile /security.json security.json Content of the file security.json: { "authentication":{ "class":"solr.BasicAuthPlugin", "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} }, "authorization":{ "class":"solr.RuleBasedAuthorizationPlugin", "user-role":{"solr":"admin"}, "permissions":[{"name":"security-edit", "role":"admin"}] }} I also tried with this security.json content: {"authentication":{"class":"solr.BasicAuthPlugin"},"authorization":{"class":"solr.RuleBasedAuthorizationPlugin"}} *3) ** I started Solr 5.3.0 in cloud mode (and 'bootstrap' ):* I used this command: ./solr start -c -z "localhost:2181,localhost:2182,localhost:2183" -s ../server/solrcloud_test -Dbootstrap_confdir=../server/solrcloud_test/configsets/basic_configs/conf -Dcollection.configName=c_test_cfg -f However, I can access directly to http://localhost:8983/solr and the browser doesn't ask me the credentials. In Solr Admin I can see the /security.json (with the correct content) and even the c_test_cfg under /cofigs . I can see this in the log when solr starts: 955 INFO (main) [ ] o.a.s.c.CoreContainer Security conf doesn't exist. Skipping setup for authorization module. 955 INFO (main) [ ] o.a.s.c.CoreContainer No authentication plugin used. Can anybody tell me what I'm doing wrong??
