Re: Implementing Authentication for Solr Indexing and Querying in a Spring Boot Project

Tue, 12 Dec 2023 12:05:56 -0800 

On 12/11/23 01:48, Uday Kumar wrote:

*1. Authentication for Indexing:*

We are currently using the SolrJ client for indexing documents into the
Solr index. However, with authentication enabled at Solr, we are uncertain
about the best practices for implementing authentication within the SolrJ
client during the indexing process. Could you provide guidance on how to
seamlessly integrate authentication into the SolrJ client for secure
document indexing?

*2. Authentication for Querying:*

On the querying side, we are using the `HttpURLConnection` package for
making requests to Solr Cloud. Given the authentication requirements, I am
seeking advice on how to properly authenticate and handle queries securely
using `HttpURLConnection`.
You can use a SolrJ client for both querying and indexing, there is no reason to use Java's HTTP. With Java's client, you have to handle the extraction of data from the response by parsing JSON or XML. SolrJ does the bulk of that work for you, and uses a more compact binary format on the wire rather than JSON. 

Here is some code for your perusal:

https://paste.elyograg.org/view/e5cce5db
Lines 26 and 27 are related to other parts of the overall program and don't contribute to client creation. A summary of what that code does: 

* create a builder for Http2SolrClient for talking to the source cluster.
* create a builder for Http2SolrClient as a "helper" client for the target cluster. 
* add authentication info to those two client builders.
* create a builder for CloudHttp2SolrClient for talking to the target cluster. 
* build the helper client for the target.
* build the source client.
* build the final target client.


*3. Secure Storage of User Credentials in Spring Boot:*

Additionally, we are exploring ways to securely store Solr Cloud
credentials (username and password) within our Spring Boot application
instead of raw text in properties file. Could you provide recommendations
or best practices for securely storing and retrieving Solr Cloud
credentials in a Spring Boot application?


You'll want to discuss that with Spring or in a general forum for Java.
In general, my opinion is that there is no real value to trying to obscure credentials beyond file permissions ... if someone manages to achieve admin capability on the server, they will be almost certainly be able to just use whatever mechanisms are already in place and gain access. 

Thanks,
Shawn

Reply via email to