如何仅保护Solr 5.3.1管理页面 [英] How can I secure Solr 5.3.1 only admin pages
问题描述
我对Solr并不陌生,在过去的一天半里,我一直在研究它,最后终于来到这里.
I am fairly new to Solr and I have been researching this for the past day and half and finally turning here.
我已经启动并正在运行Solr服务器,并且我的网络管理员在防火墙中配置了一条规则,以便我们可以从我的JavaScript应用程序中访问该规则以进行查询.这行得通.我遇到的问题是Solr管理员页面完全向世界开放,我已经尝试了各种帖子中描述的一切,除了ZooKeeper方法外,我真的不想尝试,因为我对设置不感兴趣ZooKeeper和SolrCloud.
I have a Solr server up and running and I had my network admin configure a rule in the firewall so that we can access it for queries from my JavaScript application. This works. The issue that I have is that the Solr admin pages is completely open to the world and I have tried everything as described in various posts with the exception of the ZooKeeper method which I don't really want to try coz I am not interested in setting up ZooKeeper and SolrCloud.
参考文章: http://muddyazian. blogspot.com/2013/11/how-to-re-require-password-authentication.html 和其他一些
我所做的是在/opt/solr/server/etc 中修改 jetty.xml 并将其添加
What I did was modify jetty.xml in /opt/solr/server/etc and added this
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Solr Admin Access</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
然后我在/opt/solr/server/solr-webapp/webapp/WEB-INF 下面的配置中添加到 web.xml
Then I added to web.xml in /opt/solr/server/solr-webapp/webapp/WEB-INF the config below
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr authenticated application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Solr Admin Access</realm-name>
</login-config>
然后我根据此帖子创建了一个realm.properties文件,对密码进行了哈希处理 Jetty/SOLR Admin面板密码
then I created a realm.properties file hashed the password according to this post Jetty/SOLR Admin Panel Password
Solr现在是安全的,但所有内容均受密码保护,我希望我的查询处于打开状态,其余部分都受保护.我尝试添加不同的url模式,例如/admin/*,/mycollection/dataimport/*等,但是这些似乎都不影响查询也是安全的.参考 https://gist.github.com/jstrassburg/9777027
Solr is now secure but everything is password protected, I want my queries to be open and the rest protected. I tried adding different url patterns such as /admin/* , /mycollection/dataimport/* etc but none of those seem to affect the fact that the query is also secure. Reference https://gist.github.com/jstrassburg/9777027
推荐答案
Following the advice of Exclude a JSP from web.xml's security-contraint you can keep your configuration as is, but expose that endpoints that you want to be public available.
因此,您可以在 web.xml 中添加这样的<security-constraint>,但将<auth-constraint>留给匹配的<url-pattern>.这将使其对公众开放.除了使用其余Solr实例的基本身份验证之外,您还可以逐步公开应公开的内核或处理程序.
So you could add a <security-constraint> like this to your web.xml, but leave out the <auth-constraint> for the matched <url-pattern>. This will make it open to the public. In addition with the basic auth for the rest of your Solr instance, you can then expose step by step the cores or handlers that shall be public.
<security-constraint>
<web-resource-collection>
<web-resource-name>mycollection</web-resource-name>
<url-pattern>/mycollection/*</url-pattern>
</web-resource-collection>
</security-constraint>
一个警告是,您将需要添加任何作为自己的URL模式公开的内容.但这也可能是一个优点,因为您可以选择对集合进行细粒度的访问控制-例如每个集合一个用户.
A caveat of this is that you will need to add anything that shall be public as an own URL pattern. But this may also be a plus, as you have the option to make fine grained access control to for the collections - e.g. one user per collection.
这篇关于如何仅保护Solr 5.3.1管理页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
