On Wed, 19 Nov 2008 22:58:52 -0800 (PST) RaghavPrabhu <[EMAIL PROTECTED]> wrote:
> Im using multiple cores and all i need to do is,to make the each core in > secure manner. If i am accessing the particular core via url,it should ask > and validate the credentials say Username & Password for each core. You should be able to handle this @ the servlet container level. What I did, using Jetty + starting from the example app, was : 1) modify web.xml (part of the sources of solr.war, which you'll have to rebuild) to define the authentication constraints you want. [...] <!-- block by default. --> <security-constraint> <web-resource-collection> <web-resource-name>Default</web-resource-name> <url-pattern>/</url-pattern> </web-resource-collection> <auth-constraint/> <!-- BLOCK! --> </security-constraint> <!-- this constraint has no auth constraint or data constraint => allows without auth. --> <security-constraint> <web-resource-collection> <web-resource-name>AllowedQueries</web-resource-name> <url-pattern>/core1/select/*</url-pattern> <url-pattern>/core2/select/*</url-pattern> <url-pattern>/core3/select/*</url-pattern> </web-resource-collection> </security-constraint> <!-- this constraint allows access to admin pages, with basic auth --> <security-constraint> <web-resource-collection> <web-resource-name>Admin</web-resource-name> <!-- the admin for cores management --> <url-pattern>/admin/*</url-pattern> <!-- the admin for each individual core --> <url-pattern>/core1/admin/*</url-pattern> <url-pattern>/core2/admin/*</url-pattern> <url-pattern>/core3/admin/*</url-pattern> <!-- The Test core, full access to it --> <url-pattern>/_test_/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- Roles of users are defined int the properties file --> <!-- we allow users with admin-only access --> <role-name>Admin-role</role-name> <!-- we allow users with full access --> <role-name>FullAccess-role</role-name> </auth-constraint> </security-constraint> <!-- this constraint allows access to modify the data in the SOLR service, with basic auth --> <security-constraint> <web-resource-collection> <web-resource-name>RW</web-resource-name> <!-- the dataimport handler for each individual core --> <url-pattern>/core1/dataimport</url-pattern> <url-pattern>/core2/dataimport</url-pattern> <url-pattern>/core3/dataimport</url-pattern> <!-- the update handler (XML over HTTP) for each individual core --> <url-pattern>/core1/update/*</url-pattern> <url-pattern>/core2/update/*</url-pattern> <url-pattern>/core3/update/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- Roles of users are defined int the properties file --> <!-- we allow users with rw-only access --> <role-name>RW-role</role-name> <!-- we allow users with full access --> <role-name>FullAccess-role</role-name> </auth-constraint> </security-constraint> <!-- the Realm for this app. Ideally we should have different realms for each security-constraint, but I can't get it to work properly --> <login-config> <auth-method>BASIC</auth-method> <realm-name>SearchSvc</realm-name> </login-config> <security-role> <role-name>Admin-role</role-name> </security-role> <security-role> <role-name>FullAccess-role</role-name> </security-role> <security-role> <role-name>RW-role</role-name> </security-role> [...] 2) in Jetty's jetty.xml (or in a context...i just used jetty.xml), define where to get the AUTH details from : [...] <Set name="UserRealms"> <Array type="org.mortbay.jetty.security.UserRealm"> <Item> <New class="org.mortbay.jetty.security.HashUserRealm"> <Set name="name">SearchSvc</Set> <Set name="config"> <SystemProperty name="jetty.home" default="." />/etc/searchsvc_access.properties</Set> <!-- <Set name="reloadInterval">10</Set>--> <!-- <Call name="start"></Call>--> </New> </Item> [...] 3) Read in jetty's documentation how to create the .properties file with the auth info... I am not sure if this is the BEST way to do it ( i didn't have access to any stronger auth method than basic at the time), but it works exactly as intended. b _________________________ {Beto|Norberto|Numard} Meijome "I was born not knowing and have had only a little time to change that here and there." Richard Feynman I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.