lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sharp, Jonathan" <JSh...@coh.org>
Subject Re: Securing Solr 1.4 in a glassfish container AS NEW THREAD
Date Fri, 23 Jul 2010 19:28:04 GMT
> Are you using the same instance of CommonsHttpSolrServer for all the
> requests?

I was.

I also tried creating a new instance every x requests, also resetting  
the credentials on the new instances, to see if it would make a  
difference.

Doing that, I get an exception after several instances of the  
httpserver (again several hundred PDFs) to the effect that the socket  
is still in use... Perhaps I am not releasing the resources properly...?

-Jon

On Jul 22, 2010, at 3:02 AM, "Bilgin Ibryam" <bibryam@gmail.com> wrote:

> Are you using the same instance of CommonsHttpSolrServer for all the
> requests?
>
> On Wed, Jul 21, 2010 at 4:50 PM, Sharp, Jonathan <JSharp@coh.org>  
> wrote:
>
>>
>> Some further information --
>>
>> I tried indexing a batch of PDFs with the client and Solr CELL,  
>> setting
>> the credentials in the httpclient. For some reason after successfully
>> indexing several hundred files I start getting a "SolrException:
>> Unauthorized" and an info message (for every subsequent file):
>>
>> INFO basic authentication scheme selected
>> Org.apache.commons.httpclient.HttpMethodDirector process
>> WWWAuthChallenge
>> INFO Failure authenticating with BASIC '<realm>'@host:port
>>
>> I increased session timeout in web.xml with no change. I'm looking
>> through the httpclient authentication now.
>>
>> -Jon
>>
>> -----Original Message-----
>> From: Sharp, Jonathan
>> Sent: Friday, July 16, 2010 8:59 AM
>> To: 'solr-user@lucene.apache.org'
>> Subject: RE: Securing Solr 1.4 in a glassfish container AS NEW THREAD
>>
>> Hi Bilgin,
>>
>> Thanks for the snippet -- that helps a lot.
>>
>> -Jon
>>
>> -----Original Message-----
>> From: Bilgin Ibryam [mailto:bibryam@gmail.com]
>> Sent: Friday, July 16, 2010 1:31 AM
>> To: solr-user@lucene.apache.org
>> Subject: Re: Securing Solr 1.4 in a glassfish container AS NEW THREAD
>>
>> Hi Jon,
>>
>> SolrJ (CommonsHttpSolrServer) internally uses apache http client to
>> connect
>> to solr. You can check there for some documentation.
>> I secured solr also with BASIC auth-method and use the following  
>> snippet
>> to
>> access it from solrJ:
>>
>>     //set username and password
>>     ((CommonsHttpSolrServer)
>> server).getHttpClient().getParams().setAuthenticationPreemptive 
>> (true);
>>     Credentials defaultcreds = new
>> UsernamePasswordCredentials("username",
>> "secret");
>>     ((CommonsHttpSolrServer)
>> server).getHttpClient().getState().setCredentials(new
>> AuthScope("localhost",
>> 80, AuthScope.ANY_REALM), defaultcreds);
>>
>> HTH
>> Bilgin Ibryam
>>
>>
>>
>> On Fri, Jul 16, 2010 at 2:35 AM, Sharp, Jonathan <JSharp@coh.org>  
>> wrote:
>>
>>> Hi All,
>>>
>>> I am considering securing Solr with basic auth in glassfish using  
>>> the
>>> container, by adding to web.xml and adding sun-web.xml file to the
>>> distributed WAR as below.
>>>
>>> If using SolrJ to index files, how can I provide the credentials for
>>> authentication to the http-client (or can someone point me in the
>> direction
>>> of the right documentation to do that or that will help me make the
>>> appropriate modifications) ?
>>>
>>> Also any comment on the below is appreciated.
>>>
>>> Add this to web.xml
>>> -----------------------------------------------
>>>  <login-config>
>>>      <auth-method>BASIC</auth-method>
>>>      <realm-name>SomeRealm</realm-name>
>>>  </login-config>
>>>  <security-constraint>
>>>      <web-resource-collection>
>>>          <web-resource-name>Admin Pages</web-resource-name>
>>>          <url-pattern>/admin</url-pattern>
>>>          <url-pattern>/admin/*</url-pattern>
>>>
>>>
>> <http-method>GET</http-method><http-method>POST</http-method><http-

>> metho
>> d>PUT</http-method><http-method>TRACE</http-method<http- 
>> method>HEAD</htt
>> p-method><http-method>OPTIONS</http-method><http-method>DELETE</

>> http-met
>> hod>
>>>      </web-resource-collection>
>>>      <auth-constraint>
>>>          <role-name>SomeAdminRole</role-name>
>>>      </auth-constraint>
>>>  </security-constraint>
>>>  <security-constraint>
>>>      <web-resource-collection>
>>>          <web-resource-name>Update Servlet</web-resource-name>
>>>          <url-pattern>/update/*</url-pattern>
>>>
>>>
>> <http-method>GET</http-method><http-method>POST</http-method><http-

>> metho
>> d>PUT</http-method><http-method>TRACE</http-method<http- 
>> method>HEAD</htt
>> p-method><http-method>OPTIONS</http-method><http-method>DELETE</

>> http-met
>> hod>
>>>      </web-resource-collection>
>>>      <auth-constraint>
>>>          <role-name>SomeUpdateRole</role-name>
>>>      </auth-constraint>
>>>  </security-constraint>
>>>  <security-constraint>
>>>      <web-resource-collection>
>>>          <web-resource-name>Select Servlet</web-resource-name>
>>>          <url-pattern>/select/*</url-pattern>
>>>
>>>
>> <http-method>GET</http-method><http-method>POST</http-method><http-

>> metho
>> d>PUT</http-method><http-method>TRACE</http-method<http- 
>> method>HEAD</htt
>> p-method><http-method>OPTIONS</http-method><http-method>DELETE</

>> http-met
>> hod>
>>>      </web-resource-collection>
>>>      <auth-constraint>
>>>          <role-name>SomeSearchRole</role-name>
>>>      </auth-constraint>
>>>  </security-constraint>
>>> -----------------------------------------------
>>>
>>> Also add this as sun-web.xml
>>>
>>> ------------------------------------------------
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD
>> Application
>>> Server 9.0 Servlet 2.5//EN" "
>>> http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
>>> <sun-web-app error-url="">
>>> <context-root>/Solr</context-root>
>>> <jsp-config>
>>>  <property name="keepgenerated" value="true">
>>>    <description>Keep a copy of the generated servlet class' java
>>> code.</description>
>>>  </property>
>>> </jsp-config>
>>> <security-role-mapping>
>>>    <role-name>SomeAdminRole</role-name>
>>>    <group-name>SomeAdminGroup</group-name>
>>> </security-role-mapping>
>>> <security-role-mapping>
>>>    <role-name>SomeUpdateRole</role-name>
>>>    <group-name>SomeUpdateGroup</group-name>
>>> </security-role-mapping>
>>> <security-role-mapping>
>>>    <role-name>SomeSearchRole</role-name>
>>>    <group-name>SomeSearchGroup</group-name>
>>> </security-role-mapping>
>>> </sun-web-app>
>>> --------------------------------------------------
>>>
>>> -Jon
>>>
>>>
>>> --- 
>>> ------------------------------------------------------------------
>>> SECURITY/CONFIDENTIALITY WARNING: This message and any attachments  
>>> are
>>> intended solely for the individual or entity to which they are
>> addressed.
>>> This communication may contain information that is privileged,
>> confidential,
>>> or exempt from disclosure under applicable law (e.g., personal  
>>> health
>>> information, research data, financial information). Because this
>> e-mail has
>>> been sent without encryption, individuals other than the intended
>> recipient
>>> may be able to view the information, forward it to others or tamper
>> with the
>>> information without the knowledge or consent of the sender. If you  
>>> are
>> not
>>> the intended recipient, or the employee or person responsible for
>> delivering
>>> the message to the intended recipient, any dissemination,  
>>> distribution
>> or
>>> copying of the communication is strictly prohibited. If you received
>> the
>>> communication in error, please notify the sender immediately by
>> replying to
>>> this message and deleting the message and any accompanying files  
>>> from
>> your
>>> system. If, due to the security risks, you do not wis
>>> h to
>>> receive further communications via e-mail, please reply to this
>> message and
>>> inform the sender that you do not wish to receive further e-mail  
>>> from
>> the
>>> sender.
>>> --- 
>>> ------------------------------------------------------------------
>>>
>>>
>>

Mime
View raw message