The thing is, basic auth doesn't work with Ajax requests .. which is, why you don't see the page loaded.
The Server normally responds in such cases with an 401 Header, which makes your browser prompt _you_ for the credentials, sending it back to the server which then delivers the page you ask for with an 200. Since the Ajax library (in that case we use jQuery) treats the 401 Header as an typical "error" (and doesn't do anything further with that information) you don't get the page nor are you prompted for the credentials. if possible, i'd suggest you use either access based on ip-addresses or -ranges .. or you make the jetty instance listen to localhost only and open an ssh tunnel, if needed. HTH Stefan On Sunday, December 1, 2013 at 12:23 PM, Jean-Pierre Lauris wrote: > Hi, > I'm using solr 4.4 with jetty and I'm trying to password-protect the > admin pages. > > I've read many posts from this list, as well as the main solr security doc : > http://wiki.apache.org/solr/SolrSecurity#Jetty_realm_example > > and added this to my web.xml (http://web.xml) > > <security-constraint> > <web-resource-collection> > <web-resource-name>Solr authenticated application</web-resource-name> > <url-pattern>/admin/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>admin-role</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>Test Realm</realm-name> > </login-config> > > I also managed my realm settings with jetty, and I guess I'm correct > on this side, since a simple "/*" protection (password protection for > all pages) works fine. > > However, for /admin/* the password is asked (and rejected if not > correct), but the page never loads (I see the left menu, as well as a > loading image on the main frame, but it never stops loading and never > show me an error message). > > I use the default start.jar with a custom solr.solr.home. > > There I'm at a point where any help will be appreciated! > Thanks, > >
