文档章节

Secure Solr admin interface on Tomcat

n
 nibilly
发布于 2015/12/15 15:30
字数 400
阅读 27
收藏 1

http://www.sphinxconsultant.com/secure-solr-admin-interface-tomcat/

Sorl admin interface is powerful tool to manage cores, debugging and lot of other stuff. At same time this can be very dangerous tool, because this page is open to public by default. In this post we will see how to make this interface password protected so only authorized users can access it by providing a password.

We are using tomcat 7 and solr 4.3 and tomcat 4.6.1 on Centos server. You must have root rights to performance these changes.

Create Role and user in tomcat

We will need to define an new role and new user in tomcat. This can be done by editing tomcat-users.xml file. In my case this file is found at
/usr/share/apache-tomcat-7.0.50/conf/tomcat-users.xml
so open this file with nano or vi like this. Just before the ending tag add following lines

<!– for Solr –>
<role rolrename=”solr_manager_role”/>
<user username=”solr_admin” password=”SecretPassword” roles=”solr_manager_role”/>

These lines are defining a new role “solr_manager_role” and adding a new user “solr_admin” and assigning the solr_manager_role to it. Save the file after changes.

Now we need to tell Solr application to use this user to authenticate by this role. So open the web.xml file for Sorl. For my case it was

/usr/share/apache-tomcat-7.0.50/webapps/solr/WEB-INF/web.xml

. Your path may vary so be sure that you are editing the correct file.

Open this file with your favorite text editor and just before the closing tag , add following lines

<!– START secure admin –>
<!– Define a Security Constraint on this Application –>
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr Admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>solr_manager_role</role-name>
</auth-constraint>
</security-constraint>

<!– Define the Login Configuration for this Application –>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Solr Admin Application</realm-name>
</login-config>

<!– Security roles referenced by this web application –>
<security-role>
<description>Solr Admin Role</description>
<role-name>solr_manager_role</role-name>
</security-role>
<!– END secure admin –>

Save the file after changes. Restart the tomcat and than browse to the solr admin application which is usually found at http://yourdomainorip:8080:/solr/. If every thing goes right you will see a password prompt. Put your user name and password defined in tomcat-users.xml and you will be able to see admin interface. This should make your Solr safe from public.

For optimizing Solr performance and quality of results please contact us

本文转载自:http://www.sphinxconsultant.com/secure-solr-admin-interface-tomcat/

共有 人打赏支持
n
粉丝 12
博文 179
码字总数 41779
作品 0
厦门
solr重启导致数据丢失,与solr.war的修改有关系吗?

我们的solr路径是这样的 tomcatwebappsolrsolr 今天修补无需帐号就可登录solr admin页面的漏洞时我们同时删掉了tomcatwebappsolrsolr下的admin文件夹与tomcatwebappsolr下solr.war压缩包内的...

耳朵的水
2013/11/05
710
2
SOLR4.6 安装、Tomcat 发布

前段工作需要,研究了下solr 用的是solr4.6版本,今天把基本的solr发布到Tomcat的步骤总结一下 1. 需要安装JDK: 我安装的是1.7.0 2.安装ant: 版本:Apache Ant(TM) version 1.8.2 ( apache...

David_Tio
2013/12/26
0
0
使用Solr构建企业级的全文检索(二)---------管理界面简介

昨天这个系列开篇了,今天就趁热打铁吧。有一点要注意的是,一开始我是在64位的Windows 7上的Tomcat中部署Solr的,在使用过程中发现非常的不稳定,经常添加两个文档或者是查询一两次后,tom...

嗯哼9925
2017/11/08
0
0
上传到zookeeper的两份配置被覆盖

@曾杰 你好,想跟你请教个问题: tomcat1080启动参数: JAVAOPTS="$JAVAOPTS -Dbootstrapconfdir=/root/zmf/solrcloud/solrbase1080/solrhome/programSerial/conf -Dcollection.configName=......

zmf
2014/11/14
958
0
【solr5.5环境搭建】在tomcat8里面部署solr5.5

1.准备基础环境 基于jdk1.7+tomcat8 +windows7,这里这些东西的配置就不说了 2.去官网下载solr5.5zip的包 http://mirror.bit.edu.cn/apache/lucene/solr/5.5.0/,选择zip的包,然后下载到本地...

ALAI丶
2016/02/25
10.1K
18

没有更多内容

加载失败,请刷新页面

加载更多

下一页

49.Nginx防盗链 访问控制 解析php相关 代理服务器

12.13 Nginx防盗链 12.14 Nginx访问控制 12.15 Nginx解析php相关配置(502的问题) 12.16 Nginx代理 扩展 502问题汇总 http://ask.apelearn.com/question/9109 location优先级 http://blog....

王鑫linux
51分钟前
0
0
Nginx防盗链、访问控制、解析php相关配置、Nginx代理

一、Nginx防盗链 1. 编辑虚拟主机配置文件 vim /usr/local/nginx/conf/vhost/test.com.conf 2. 在配置文件中添加如下的内容 { expires 7d; valid_referers none blocked server_names *.tes......

芬野de博客
今天
0
0
spring EL 和资源调用

资源调用 import org.springframework.beans.factory.annotation.Value;import org.springframework.context.annotation.PropertySource;import org.springframework.core.io.Resource;......

Canaan_
今天
1
0
memcached命令行、memcached数据导出和导入

一、memcached命令行 yum装telnet yum install telent 进入memcached telnet 127.0.0.1 11211 命令最后的2表示,两位字节,30表示过期时间(秒) 查看key1 get key1 删除:ctrl+删除键 二、m...

Zhouliang6
今天
0
0
Linux定时备份MySQL数据库

做项目有时候要备份数据库,手动备份太麻烦,所以找了一下定时备份数据库的方法 Linux里有一个 crontab 命令被用来提交和管理用户的需要周期性执行的任务,就像Windows里的定时任务一样,用这...

月夜中徘徊
今天
1
1

没有更多内容

加载失败,请刷新页面

加载更多

下一页

返回顶部
顶部