Restrict Apache Solr access in Glassfish. Basic Authentication vs. Firewalling
I have an Apache Solr instance deployed in Glassfish and I am using this Solr instance from Java code via Solrj. The thing is, that I want to restrict access to Solr so that just this Java code can access it (the code can run from different IP addresses).
My first thought was to change the web.xml
of my deployed Solr instance to add Basic Authentication using a Glassfish's file-based Realms, because I used this to restrict access to a REST interface in another project. So I've added the following lines into the Solr web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>has to be a USER</description>
<role-name>USERS</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>userauth</realm-name>
</login-config>
<security-role>
<role-name>USERS</role-name>
</security-role>
But somehow this thing doesn't work for Solr access. I don't get the authentication dialog, which is pretty weird, because it worked in another setup.
In 开发者_Go百科general, is this way of protecting a Solr instance a good approach or should I try another one? In the Solr Security page, they talking about firewalling the Solr instance. I am not a Linux admin, but I think iptables would be a possible solution and there are some nice answers on serverfault (e.g. this one).
What do you think?
OK, my solution was really to use firewalling instead of modifying Solr in some way.
精彩评论