I will figure out. Essence of question was if it was there
out-of-the-box. Thanks!
Regards, Per Steffensen
On 1/11/13 5:38 PM, Markus Jelsma wrote:
Hmm, you need to set up the HttpClient in HttpShardHandlerFactory but you
cannot access the HttpServletRequest from there, it is only available in
SolrDispatchFilter AFAIK. And then, the HttpServletRequest can only return the
remote user name, not the password he, she or it provided. I don't know how to
obtain the password.
-----Original message-----
From:Per Steffensen <st...@designware.dk>
Sent: Fri 11-Jan-2013 15:28
To: solr-user@lucene.apache.org
Subject: Re: Forwarding authentication credentials in internal node-to-node
requests
Hmmm, it will not work for me. I want the "original" credential
forwarded in the sub-requests. The credentials are mapped to permissions
(authorization), and basically I dont want a user to be able have
something done in the (automatically performed by the contacted
solr-node) sub-requests that he is not authorized to do. Forward of
credentials is a must. So what you are saying is that I should expect to
have to do some modifications to Solr in order to achieve what I want?
Regards, Per Steffensen
On 1/11/13 2:11 PM, Markus Jelsma wrote:
Hi,
If your credentials are fixed i would configure username:password in your
request handler's shardHandlerFactory configuration section and then modify
HttpShardHandlerFactory.init() to create a HttpClient with an AuthScope
configured with those settings.
I don't think you can obtain the original credentials very easy when inside
HttpShardHandlerFactory.
Cheers
-----Original message-----
From:Per Steffensen <st...@designware.dk>
Sent: Fri 11-Jan-2013 13:07
To: solr-user@lucene.apache.org
Subject: Forwarding authentication credentials in internal node-to-node requests
Hi
I read http://wiki.apache.org/solr/SolrSecurity and know a lot about
webcontainer authentication and authorization. Im sure I will be able to
set it up so that each solr-node is will require HTTP authentication for
(selected) incoming requests.
But solr-nodes also make requests among each other and Im in doubt if
credentials are forwarded from the "original request" to the internal
sub-requests?
E.g. lets say that each solr-node is set up to require authentication
for search request. An "outside" user makes a distributed request
including correct username/password. Since it is a distributed search,
the node which handles the original request from the user will have to
make sub-requests to other solr-nodes but they also require correct
credentials in order to accept this sub-request. Are the credentials
from the original request duplicated to the sub-requests or what options
do I have?
Same thing goes for e.g. update requests if they are sent to a node
which does not run (all) the replica of the shard in which the documents
to be added/updated/deleted belong. The node needs to make sub-request
to other nodes, and it will require forwarding the credentials.
Does this just work out of the box, or ... ?
Regards, Per Steffensen
