前言:請各大網友尊重本人原創知識分享,謹記本人博客:南國以南i
背景:solr默認安裝沒帶權限控制,每次進入頁面直接操作都有點裸奔的感覺。
一、SolrCloud集群模式
說明:要使用基本身份驗證您必須先創建一個security.json文件,對於基本身份驗證,security.json文件必須有一個authentication部分,它定義用於身份驗證的類。可以在創建文件時添加用戶名和密碼(例如:sha256(password+salt) hash),或者可以稍后使用基本驗證API添加。
1.示例security.json顯示了如下所示的顯示兩個部分:
{ "authentication":{ 【1】 "blockUnknown": true, 【2】 "class":"solr.BasicAuthPlugin", "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} 【3】 }, "authorization":{ "class":"solr.RuleBasedAuthorizationPlugin", "permissions":[{"name":"security-edit", "role":"admin"}], 【4】 "user-role":{"solr":"admin"} 【5】 } } 以下的解釋對應於上述的序號: 1.啟用基本身份驗證和基於規則的授權插件。 2.參數 "blockUnknown": true 表示不允許未經身份驗證的請求通過。 3.已定義了一個名為 "solr" 的用戶,其中有密碼 "SolrRocks"。 4."admin" 角色已定義,並且具有編輯安全設置的權限。 5."solr" 用戶已被定義為 "admin" 角色。
SolrCloud模式必須上傳security.json到ZooKeeper。首先登入ZooKeeper終端,輸入示例命令(內json字段已在上述說明)
#進入ZooKeeper終端 ./zkCli.sh
#修改ZooKeeper內security.josn節點文件 set /security.json '{"authentication":{"blockUnknown":true,"class":"solr.BasicAuthPlugin","credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}},"authorization":{"class":"solr.RuleBasedAuthorizationPlugin","permissions":[{"name":"security-edit","role":"admin"}],"user-role":{"solr":"admin"}}}'
2.重啟solr訪問,此時solr必須輸入用戶名和密碼進行登入驗證,這里配置了用戶名密碼是:solr:SolrRocks
3.solr用戶管理Api
#新增或修改密碼(如果用戶名存在,就修改密碼,否則就創建用戶) curl --user solr:SolrRocks http://localhost:8983/api/cluster/security/authentication -H 'Content-type:application/json' -d '{"set-user": {"solr":"solr","tom":"tom"}}' #刪除用戶 curl --user solr:SolrRocks http://localhost:8983/api/cluster/security/authentication -H 'Content-type:application/json' -d '{"delete-user": ["tom"]}'
二、Solr單機部署模式
1.修改tomcat/conf/tomcat-user.xml配置,添加用戶名、密碼
<?xml version='1.0' encoding='utf-8'?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <tomcat-users> <!-- NOTE: By default, no user is included in the "manager-gui" role required to operate the "/manager/html" web application. If you wish to use this app, you must define such a user - the username and password are arbitrary. --> <!-- NOTE: The sample user and role entries below are wrapped in a comment and thus are ignored when reading this file. Do not forget to remove <!.. ..> that surrounds them. <role rolename="tomcat"/> <role rolename="role1"/> <user username="tomcat" password="tomcat" roles="tomcat"/> <user username="both" password="tomcat" roles="tomcat,role1"/> <user username="role1" password="tomcat" roles="role1"/> --> <!-- 用戶名:solr、密碼:solr、roles:用戶級別--> <user username="solr" password="solr" roles="admin,manager"/> </tomcat-users>
2.修改tomcat/webapps/solr/WEB-INF/web.xml配置,在最后增加下面代碼
<security-constraint>
<web-resource-collection>
<web-resource-name>Restrict access to Solr admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
3.重啟solr訪問,此時solr必須輸入用戶名和密碼進行登入驗證,這里配置了用戶名密碼是:solr:solr
我是南國以南i記錄點滴每天成長一點點,學習是永無止境的!轉載請附原文鏈接!!!