lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew McCombe <eupe...@gmail.com>
Subject Re: Security/authentication strategies
Date Thu, 29 Apr 2010 20:10:27 GMT
Thanks for this Peter.  I have managed to get this working with Tomcat.

Andrew

On 29 April 2010 12:11, Peter Sturge <peter.sturge@googlemail.com> wrote:
> Hi Andrew,
>
> Today, authentication is handled by the container (e.g. Tomcat, Jetty etc.).
>
>
> There's a thread I found to be very useful on this topic here:
>
> http://www.lucidimagination.com/search/document/d1e338dc452db2e4/how_can_i_protect_the_solr_cores
>
> This was for Jetty, but the idea is pretty much the same for Tomcat.
>
> HTH
>
> Peter
>
>
>
> On Thu, Apr 29, 2010 at 8:42 AM, Andrew McCombe <euperia@gmail.com> wrote:
>
>> Hi
>>
>> I'm planning on adding some protection to our solr servers and would
>> like to know what others are doing in this area.
>>
>> Basically I have a few solr cores running under tomcat6 and all use DH
>> to populate the solr index.  This is all behind a firewall and only
>> accessible from certain IP addresses.  Access to Solr Admin is open to
>> anyone in the company and many use it for checking data is in the
>> index and simple analysis.  However, they can also trigger a
>> full-import if they are careless (one of the cores takes 6 hours to
>> ingest the data).
>>
>> What would be the recommended way of protecting things like the DIH
>> functionality? HTTP Authentication via tomcat realms or are there any
>> other solutions?
>>
>> Thanks
>> Andrew McCombe
>> iWeb Solutions
>>
>

Mime
View raw message