web analytics

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 5 other subscribers


Securing Solr Admin Console

May 18, 2016 Posted in  Misc, Security No comments

The solr admin console, by default, is not secured or password protected. Anyone with the link can access all the details in the console. This post describes the steps required to secure the console. The post assumes that you followed the steps in the following two posts to

  1. Install Java and Jetty in the server
  2. Install Solr in the server

Our jetty installation is at /opt/jetty which is our java web server. Our solr installation is at /opt/solr which is our search platform.

We need to modify the following three files in order to secure the admin console.

  1. /opt/jetty/etc/jetty.xml
  2. /opt/jetty/etc/webdefault.xml
  3. /opt/jetty/etc/realm.properties

If you are not sure which files are to be edited, run the following command in the server and check for java_home variable. Check if there is an etc folder inside it and that is where you need to modify the files. Make sure you issue all commands as root.

[root@test ~]#   /etc/init.d/jetty check
Checking arguments to Jetty:
START_INI      =  /opt/jetty/start.ini
START_D        =  /opt/jetty/start.d
JETTY_HOME     =  /opt/jetty
JETTY_BASE     =  /opt/jetty
JETTY_CONF     =  /opt/jetty/etc/jetty.conf
JETTY_PID      =  /var/run/jetty.pid
JETTY_START    =  /opt/jetty/start.jar
JETTY_LOGS     =  /opt/jetty/logs
JETTY_STATE    =  /opt/jetty/jetty.state
CLASSPATH      =
JAVA           =  /usr/bin/java
JAVA_OPTIONS   =  -Dsolr.solr.home=/opt/solr -Djetty.logs=/opt/jetty/logs -Djetty.home=/opt/jetty -Djetty.base=/opt/jetty -Djava.io.tmpdir=/tmp
JETTY_ARGS     =  jetty.port=8080 jetty.state=/opt/jetty/jetty.state jetty-logging.xml jetty-started.xml
RUN_CMD        =  /usr/bin/java -Dsolr.solr.home=/opt/solr -Djetty.logs=/opt/jetty/logs -Djetty.home=/opt/jetty -Djetty.base=/opt/jetty -Djava.io.tmpdir=/tmp -jar /opt/jetty/start.jar jetty.port=8080 jetty.state=/opt/jetty/jetty.state jetty-logging.xml jetty-started.xml

Next open the file /opt/jetty/etc/jetty.xml and add the following contents to it.

[root@test ~]# vi /opt/jetty/etc/jetty.xml

<Call name=”addBean”>
<Arg>
<New class=”org.eclipse.jetty.security.HashLoginService”>
<Set name=”name”>MySolrRealm</Set>
<Set name=”config”>
<SystemProperty name=”jetty.home” default=”.”/>/etc/realm.properties
</Set>
<Set name=”refreshInterval”>0</Set>
</New>
</Arg>
</Call>

 

Next is to edit /opt/jetty/etc/webdefault.xml and add the following contents to it.

[root@test ~]# vi /opt/jetty/etc/webdefault.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>Solr authenticated application</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin-role</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MySolrRealm</realm-name>
</login-config>

 

Now, we need to enter the login details we will be using for the admin-role. I am giving the username as admin and password as admin123 for example. Make sure you use a strong password. Edit the file /opt/jetty/etc/realm.properties and add the following. Create the file if it doesn’t exist.

[root@test ~]# vi /opt/jetty/etc/realm.properties

admin: admin123, admin-role

Make sure all these files are owned by jetty user and then restart jetty

[root@test ~]# chown jetty.jetty /opt/jetty/etc/jetty.xml /opt/jetty/etc/webdefault.xml /opt/jetty/etc/realm.properties

[root@test ~]#/etc/init.d/jetty restart

Clear your browser cache and try accessing your solr admin console as http://1.2.3.4:8080/solr and you will be prompted for login now !!

 

Related Posts:

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>