Solr Authentication (Standalone Mode)

  • service solr stop
  • /opt/solr-7.7.0/server/etc/webdefault.xml
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Disable TRACE</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>admin</role-name>
    </auth-constraint>
    </security-constraint>

    <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Solr Realm</realm-name>
    </login-config

     
  • /opt/solr-7.7.0/server/etc/jetty.xml
    <Call name="addBean">
    <Arg>
    <New class="org.eclipse.jetty.security.HashLoginService">
    <Set name="name">Solr Realm</Set>
    <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
    <Set name="refreshInterval">0</Set>
    </New>
    </Arg>
    </Call>

    at the end

     
  • Generate a password in encrypted format using the following utility provided by Jetty:
    ls /opt/solr/server/lib
    ext                                      jetty-servlet-9.4.14.v20181114.jar
    gmetric4j-1.0.7.jar                      jetty-servlets-9.4.14.v20181114.jar
    javax.servlet-api-3.1.0.jar              jetty-util-9.4.14.v20181114.jar
    jetty-continuation-9.4.14.v20181114.jar  jetty-webapp-9.4.14.v20181114.jar
    jetty-deploy-9.4.14.v20181114.jar        jetty-xml-9.4.14.v20181114.jar
    jetty-http-9.4.14.v20181114.jar          metrics-core-3.2.6.jar
    jetty-io-9.4.14.v20181114.jar            metrics-ganglia-3.2.6.jar
    jetty-jmx-9.4.14.v20181114.jar           metrics-graphite-3.2.6.jar
    jetty-rewrite-9.4.14.v20181114.jar       metrics-jetty9-3.2.6.jar
    jetty-security-9.4.14.v20181114.jar      metrics-jvm-3.2.6.jar
    jetty-server-9.4.14.v20181114.jar


     
  • java -cp lib/jetty-util-9.4.14.v20181114.jar org.eclipse.jetty.util.security.Password <Username> <Password>
    java -cp lib/jetty-util-9.4.14.v20181114.jar org.eclipse.jetty.util.security.Password solr 260986OBF:19q31awt19x219xk1awx19qb
    MD5:a0878576e9a3c1d9cd153934e79aaee2
    CRYPT:soTwTAwAjXYu6
  • nano /opt/solr/server/etc/realm.properties
    solr: CRYPT:soTwTAwAjXYu6,admin
     

FOR ME THIS METHOD DIDN'T WORK

 

Different approach (reliable)

cat  /etc/default/solr.in.sh | grep SOLR_HOME

cd {solr_home=directory} / cd /var/solr/data

nano security.json

{
"authentication":{
   "blockUnknown": true,
   "class":"solr.BasicAuthPlugin",
   "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
},
"authorization":{
   "class":"solr.RuleBasedAuthorizationPlugin",
   "permissions":[{"name":"security-edit",
      "role":"admin"}],
   "user-role":{"solr":"admin"}
}}

chown solr:solr security.json

nano /etc/default/solr.in.sh

SOLR_AUTH_TYPE="basic"
SOLR_AUTHENTICATION_OPTS="-Dbasicauth=solr:SolrRocks"

service solr restart

 curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json' -d '{
  "set-user": {"solr" : "my_password"}}'

{
  "responseHeader":{
    "status":0,
    "QTime":64}}

After this request your new encrypted password will be successfully recorded to /var/solr/data/security.json

and here it is!

 

Tags: