Hi folks!
I was asking this question last week already on the jetty mailing list, but
haven't got any answer.
I'm going to run multiple Solr instances on one server, which arises the need
of user authentication in front of Solr. I've done the following steps (after
a lot of others which didn't work):
=== snip ===
diff -wur solr-4.5.0.orig/example/etc/jetty.xml solr-4.5.0/example/etc/jetty.xml
--- solr-4.5.0.orig/example/etc/jetty.xml 2013-09-12 14:12:53.000000000 +0200
+++ solr-4.5.0/example/etc/jetty.xml 2013-10-28 17:14:49.000000000 +0100
@@ -12,6 +12,16 @@
<Configure id="Server" class="org.eclipse.jetty.server.Server">
+ <Call name="addBean">
+ <Arg>
+ <New class="org.eclipse.jetty.security.HashLoginService">
+ <Set name="name">Test Realm</Set>
+ <Set
name="config">/some/path/solr-4.5.0/example/passwords.properties</Set>
+ <Set name="refreshInterval">0</Set>
+ </New>
+ </Arg>
+ </Call>
+
<!-- =========================================================== -->
<!-- Server Thread Pool -->
<!-- =========================================================== -->
diff -wur solr-4.5.0.orig/example/etc/webdefault.xml
solr-4.5.0/example/etc/webdefault.xml
--- solr-4.5.0.orig/example/etc/webdefault.xml 2013-09-12 14:12:53.000000000
+0200
+++ solr-4.5.0/example/etc/webdefault.xml 2013-10-28 17:27:43.000000000
+0100
@@ -520,8 +520,14 @@
<url-pattern>/</url-pattern>
<http-method>TRACE</http-method>
</web-resource-collection>
- <auth-constraint/>
+ <auth-constraint>
+ <role-name>*</role-name>
+ </auth-constraint>
</security-constraint>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>Test Realm</realm-name>
+ </login-config>
</web-app>
diff
=== snap ===
The example/password.properties file contains the following test accounts:
=== snip ===
user: user,user
admin: admin,admin
=== snap ===
The problem now is that still no authentication is run by jetty and thus I
can connect to Solr core without being authenticated. What is still neede
to finally activate authentication?
Greetings,
Fabiano
