2

I have installed solr 7.7 standalone in my production server. I am trying to setup authentication mechanism using jetty approach. This is what I tried:

1.modified “/opt/solr/server/etc/jetty.xml

<Call name="addBean">
 <Arg>
  <New class="org.eclipse.jetty.security.HashLoginService">
   <Set name="name">Test Realm</Set>
   <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
   <Set name="refreshInterval">0</Set>
  </New>
 </Arg> 
</Call>

  1. created credentials file in /opt/solr/server/etc/realm.properties

    admin: admin123,core

  2. modified /opt/solr/server/etc/webdefault.xml

    <security-constraint>
 <web-resource-collection>
 <web-resource-name>Solr authenticated application</web-resource-name>
 <url-pattern>/</url-pattern>
 </web-resource-collection>

 <auth-constraint>
 <role-name>core</role-name>
 </auth-constraint>
</security-constraint>

<login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>Test Realm</realm-name>
</login-config>

After this If I restart solr service, solr is not getting started. In the logs I am getting error as:

 Suppressed: java.lang.NoSuchFieldException: refreshInterval
 Suppressed: java.lang.NoSuchFieldException: TYPE
 Suppressed: java.lang.NoSuchMethodException: org.eclipse.jetty.security.HashLoginService.setRefreshInterval(java.lang.String)
Kiran
  • 1,481
  • 6
  • 36
  • 66
  • Any reason why you're not [using the built-in authentication](https://lucene.apache.org/solr/guide/7_7/basic-authentication-plugin.html)? – MatsLindh Mar 27 '19 at 07:46
  • 1
    I was creating security.json in wrong place. That's why it was not working. Now I am able to get it work. – Kiran Mar 28 '19 at 03:54

2 Answers2

3

Create Security file:sudo vim /var/solr/data/security.json

{
"authentication":{
   "blockUnknown": true,
   "class":"solr.BasicAuthPlugin",
   "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
},
"authorization":{
   "class":"solr.RuleBasedAuthorizationPlugin",
   "permissions":[{"name":"security-edit",
      "role":"admin"}],
   "user-role":{"solr":"admin"}
}}

This will create user called "solr" with password SolrRocks

Then Restart solr service:sudo service solr restart

Verification:http://<ip_address>:8983/solr/admin/authentication

Kiran
  • 1,481
  • 6
  • 36
  • 66
0

refreshInterval did not work as the method has been deprecated in favor of setHotReload (boolean) in recent versions of Jetty.

https://archive.eclipse.org/jetty/9.3.11.v20160721/apidocs/org/eclipse/jetty/security/HashLoginService.html#setRefreshInterval-int-

Solr 7.7 uses Jetty 9.4.14.v20181114

https://lucene.apache.org/solr/8_4_1/changes/Changes.html#v7.7.0.versions_of_major_components

You can use the following in jett.xml, if you still want to try this instead of BasicAuthPlugin -

    <Call name="addBean">
      <Arg>
        <New class="org.eclipse.jetty.security.HashLoginService">
          <Set name="name">Login Required</Set>
          <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
          <Set name="HotReload">false</Set>
        </New>
      </Arg>
</Call>

By the way, this procedure has some issues since it uses the "BASIC" Authentication of HashLoginService as explained here.

Sandeep Dharembra
  • 192
  • 1
  • 2
  • 8