I am using apache solr server and i want to secure it by enabling Authentication and Authorization. Is there any way to authenticate solr apart from htaccess and zookeeper.
Asked
Active
Viewed 398 times
1 Answers
1
If you need to have the authentication inside Solr itself, your only existing, supported option is to use the built-in authentication and authorization through uploading a security.json file to Zookeeper. This supports Kerberos and basic http authentication.
There's also a hack based on extracting the bundled jetty and adding basic authentication to it before repackaging it again, but that will make each upgrade something that you have to handle specifically and make the same adjustments.
If you want to add any method outside of this, you're going to have to implement it yourself - either as a service in front of Solr (which is the usual way), or through extending Solr. The hard part about the last option is that if you're not going through the regular security.json configuration, you may forget to close down API endpoints.
By adding a service in front of Solr and configuring Solr to only bind to localhost - so that it's not accessible through the internet - you can customize and add any authentication and authorization you want to. But it will still require you to be careful if you want to control authorization and access to certain cores. If you want inter-node connectivity (sharding, solr cloud, etc) to still work, you'll have to account for that and allow Solr to bind to your local network ips as well.
MatsLindh
- 49,529
- 4
- 53
- 84