Skip to content
05/17/2022
  • FB
  • Twitter
  • YouTube
  • Instagram

An open mind, an open question…

Primary Menu
  • About
    • Editorial Clients
    • Election Calendar
    • Recommended Books
  • COVID Tracker
  • Japan YT Stars!
    • Audrey&Kate: Dynamic Duo!
    • BabySaster: Lolita Guitar Project
    • Naomi Club: Comedian, Actress, Fashion Designer!
    • Perfume: Electro-pop Trio
    • Yoyoka: Drummer Extraordinaire!
  • Know-It-All
    • Modern Art
    • Think on This
  • This is RUSH!
    • Rush Discography
    • RUSH Appreciation
    • RUSH Playlist
  • J-POP!
    • NOKKO – Hallelujah! (1992)
    • KEIZO NAKANISHI – Starting Over (1994)
  • Home
  • Code Snippets
  • Is it possible to secure Apache Solr 8.5.1 dashboard page but not the query page?
  • Code Snippets
  • Technology
  • Web/Dev

Is it possible to secure Apache Solr 8.5.1 dashboard page but not the query page?

I am using Solr version 8.5.1 as a standalone application and would like to secure the solr dashboard UI with basic auth. I know that there is a built-in basic auth with security.json but when I do that all the select query url that is called from my application got blocked also. I want to [...]
admin 04/21/2022 516 words

I am using Solr version 8.5.1 as a standalone application and would like to secure the solr dashboard UI with basic auth. I know that there is a built-in basic auth with security.json but when I do that all the select query url that is called from my application got blocked also. I want to leave the query urls open but only secure the dashboard. Is this possible?

I am using basic security.json setup found on https://lucene.apache.org/solr/guide/8_5/basic-authentication-plugin.html#basic-authentication-plugin

EDIT: I saw this page How can I secure Solr 5.3.1 only admin pages but adding authentication in jetty.xml and web.xml doesn’t seem to work anymore with version 8.5.1

 
user avatarOlaf Kock
 
user avatarPhudith Pattharakositkul
  • See lucene.apache.org/solr/guide/8_5/… – the read permission gives read access to most features by default, but adding a custom rule with /select that doesn’t require authentication should be possible, then having password authentication for all other endpoints. The example given under permission ordering resolution should be close to what you want. lucene.apache.org/solr/guide/8_5/…

    – MatsLindh

    Jun 12, 2020 at 18:51

  • Thank you for the response MatsLindh but can you explain how would you add a custom rule that doesn’t require authentication? I have been trying but no success so far. There is property “blockUnknown” that needs to set to be set to true for authentication to started working but this will prevent the request without authentication alltogether.

    – Phudith Pattharakositkul

    Jun 12, 2020 at 20:20

  • You have to set blockUnknown to false, then add a rule that blocks everything – blockUnknown is in relation to those request that doesn’t match any of your rules (All requests w/o credentials will be rejected with a 401 error. Set ‘blockUnknown’ to false (or remove it altogether) if you wish to let unauthenticated requests to go through. However, if a particular resource is protected by a rule, they are rejected anyway with a 401 error.)

    – MatsLindh

    Jun 12, 2020 at 20:38

  • Okay that make sense MatsLindh. Can you please provide an example of security.json you have in mind? I’m struggle to understand how rule can be applied to unauthenticated user. aren’t rules suppose to apply to only specific roles? How do you apply rules to unauthenticated user?

    – Phudith Pattharakositkul

    Jun 12, 2020 at 21:14

  • Okay I finally got it to work. I took MatsLindh’s suggestion to set the blockUnknown to false and I make sure to have at least one user to have “core-admin-read” permission. This automatically requires the authentication when attempting to login on the UI

Here is an example of my security.json

{
   "authentication":{
      "blockUnknown":false,
      "class":"solr.BasicAuthPlugin",
      "credentials":{
         "solr":"...."
      },
      "realm":"My Solr users",
      "forwardCredentials":false,
      "":{
         "v":0
      }
   },
   "authorization":{
      "class":"solr.RuleBasedAuthorizationPlugin",
      "permissions":[
         {
            "name":"core-admin-read",
            "role":"admin"
         }
      ],
      "user-role":{
         "solr":"admin"
      }
   }
}
answered Jun 16, 2020 at 14:45
user avatarPhudith Pattharakositkul
 
  • I got the following to work in 8.8
{
  "authentication":{
    "blockUnknown":false,
    "class":"solr.BasicAuthPlugin",
    "credentials":{"solr":"..."}},
  "authorization":{
    "class":"solr.RuleBasedAuthorizationPlugin",
    "user-role":{"solr":"admin"},
    "permissions":[
      {
        "name":"all",
        "role":"admin",
        "index":1},
      {
        "name":"open_select",
        "collection":"*",
        "path":"/select",
        "role":null,
        "index":2}],
  "":{"v":0}
      }
}
answered Feb 8, 2021 at 0:52
 
user avatarAccidental Admin
 

Content retrieved from: https://stackoverflow.com/questions/62350486/is-it-possible-to-secure-apache-solr-8-5-1-dashboard-page-but-not-the-query-page.

Print to PDF

Continue Reading

Previous: Word VBA: Export TRADOS Segments to Text File
Next: How to Install and Configure Python on a Hosted Server

Related Stories

How to Install and Configure Python on a Hosted Server
1,146 words
  • PDF
  • Technology
  • Web/Dev

How to Install and Configure Python on a Hosted Server

04/24/2022
Word VBA: Export TRADOS Segments to Text File
200 words
  • Code Snippets
  • Technology
  • VBA Macros

Word VBA: Export TRADOS Segments to Text File

04/03/2022
A High-Risk Medical Device Didn’t Meet Federal Standards. The Government Paid Millions for More.
954 words
  • Government
  • Health
  • Technology

A High-Risk Medical Device Didn’t Meet Federal Standards. The Government Paid Millions for More.

01/07/2022

You may have missed

How to Install and Configure Python on a Hosted Server
1,146 words
  • PDF
  • Technology
  • Web/Dev

How to Install and Configure Python on a Hosted Server

04/24/2022
Is it possible to secure Apache Solr 8.5.1 dashboard page but not the query page?
516 words
  • Code Snippets
  • Technology
  • Web/Dev

Is it possible to secure Apache Solr 8.5.1 dashboard page but not the query page?

04/21/2022
Word VBA: Export TRADOS Segments to Text File
200 words
  • Code Snippets
  • Technology
  • VBA Macros

Word VBA: Export TRADOS Segments to Text File

04/03/2022
No dinner at My Uncle’s with Tara Setmayer (The Mary Trump Show)
Length: 49:11
  • Feature Videos

No dinner at My Uncle’s with Tara Setmayer (The Mary Trump Show)

02/27/2022
  • Normal
  • Large
  • X-Large
  • FB
  • Twitter
  • YouTube
  • Instagram
Copyright © All rights reserved. | BGMusic by Spyro Gyra - Rites of Summer.