文档章节

Secure Solr admin interface on Tomcat

n
 nibilly
发布于 2015/12/15 15:30
字数 400
阅读 28
收藏 1

http://www.sphinxconsultant.com/secure-solr-admin-interface-tomcat/

Sorl admin interface is powerful tool to manage cores, debugging and lot of other stuff. At same time this can be very dangerous tool, because this page is open to public by default. In this post we will see how to make this interface password protected so only authorized users can access it by providing a password.

We are using tomcat 7 and solr 4.3 and tomcat 4.6.1 on Centos server. You must have root rights to performance these changes.

Create Role and user in tomcat

We will need to define an new role and new user in tomcat. This can be done by editing tomcat-users.xml file. In my case this file is found at
/usr/share/apache-tomcat-7.0.50/conf/tomcat-users.xml
so open this file with nano or vi like this. Just before the ending tag add following lines

<!– for Solr –>
<role rolrename=”solr_manager_role”/>
<user username=”solr_admin” password=”SecretPassword” roles=”solr_manager_role”/>

These lines are defining a new role “solr_manager_role” and adding a new user “solr_admin” and assigning the solr_manager_role to it. Save the file after changes.

Now we need to tell Solr application to use this user to authenticate by this role. So open the web.xml file for Sorl. For my case it was

/usr/share/apache-tomcat-7.0.50/webapps/solr/WEB-INF/web.xml

. Your path may vary so be sure that you are editing the correct file.

Open this file with your favorite text editor and just before the closing tag , add following lines

<!– START secure admin –>
<!– Define a Security Constraint on this Application –>
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr Admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>solr_manager_role</role-name>
</auth-constraint>
</security-constraint>

<!– Define the Login Configuration for this Application –>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Solr Admin Application</realm-name>
</login-config>

<!– Security roles referenced by this web application –>
<security-role>
<description>Solr Admin Role</description>
<role-name>solr_manager_role</role-name>
</security-role>
<!– END secure admin –>

Save the file after changes. Restart the tomcat and than browse to the solr admin application which is usually found at http://yourdomainorip:8080:/solr/. If every thing goes right you will see a password prompt. Put your user name and password defined in tomcat-users.xml and you will be able to see admin interface. This should make your Solr safe from public.

For optimizing Solr performance and quality of results please contact us

本文转载自:http://www.sphinxconsultant.com/secure-solr-admin-interface-tomcat/

共有 人打赏支持
n
粉丝 14
博文 179
码字总数 41779
作品 0
厦门
solr重启导致数据丢失,与solr.war的修改有关系吗?

我们的solr路径是这样的 tomcatwebappsolrsolr 今天修补无需帐号就可登录solr admin页面的漏洞时我们同时删掉了tomcatwebappsolrsolr下的admin文件夹与tomcatwebappsolr下solr.war压缩包内的...

耳朵的水
2013/11/05
710
2
SOLR4.6 安装、Tomcat 发布

前段工作需要,研究了下solr 用的是solr4.6版本,今天把基本的solr发布到Tomcat的步骤总结一下 1. 需要安装JDK: 我安装的是1.7.0 2.安装ant: 版本:Apache Ant(TM) version 1.8.2 ( apache...

David_Tio
2013/12/26
0
0
使用Solr构建企业级的全文检索(二)---------管理界面简介

昨天这个系列开篇了,今天就趁热打铁吧。有一点要注意的是,一开始我是在64位的Windows 7上的Tomcat中部署Solr的,在使用过程中发现非常的不稳定,经常添加两个文档或者是查询一两次后,tom...

嗯哼9925
2017/11/08
0
0
上传到zookeeper的两份配置被覆盖

@曾杰 你好,想跟你请教个问题: tomcat1080启动参数: JAVAOPTS="$JAVAOPTS -Dbootstrapconfdir=/root/zmf/solrcloud/solrbase1080/solrhome/programSerial/conf -Dcollection.configName=......

zmf
2014/11/14
958
0
【solr5.5环境搭建】在tomcat8里面部署solr5.5

1.准备基础环境 基于jdk1.7+tomcat8 +windows7,这里这些东西的配置就不说了 2.去官网下载solr5.5zip的包 http://mirror.bit.edu.cn/apache/lucene/solr/5.5.0/,选择zip的包,然后下载到本地...

ALAI丶
2016/02/25
10.1K
18

没有更多内容

加载失败,请刷新页面

加载更多

linux使用ntfs-3g操作ntfs格式硬盘

Linux内核目前只支持对微软NTFS文件系统的读取。 NTFS-3G 是微软 NTFS 文件系统的一个开源实现,同时支持读和写。NTFS-3G 开发者使用 FUSE 文件系统来辅助开发,同时对可移植性有益。 安装 ...

linuxprobe16
41分钟前
1
0
kubeadm部署kubernetes集群

一、环境要求 这里使用RHEL7.5 master、etcd:192.168.10.101,主机名:master node1:192.168.10.103,主机名:node1 node2:192.168.10.104,主机名:node2 所有机子能基于主机名通信,编辑...

人在艹木中
今天
7
0
Shell特殊符号总结以及cut,sort,wc,uniq,tee,tr,split命令

特殊符号总结一 * 任意个任意字符 ? 任意一个字符 # 注释字符 \ 脱义字符 | 管道符 # #号后的备注被忽略[root@centos01 ~]# ls a.txt # 备注 a.txt[root@centos01 ~]# a=1[root@centos01...

野雪球
今天
2
0
OSChina 周二乱弹 —— 程序员圣衣

Osc乱弹歌单(2018)请戳(这里) 【今日歌曲】 @达尔文:分享Skeeter Davis的单曲《The End of the World》 《The End of the World》- Skeeter Davis 手机党少年们想听歌,请使劲儿戳(这里...

小小编辑
今天
16
0
[ python import module ] 导入模块

import moudle_name ----> import module_name.py ---> import module_name.py文件路径 -----> sys.path (这里进行查找文件) # from app.web import Personimport app.web.Person as Pe......

_______-
昨天
5
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部