5
votes

I am applying authentication on SOLR Admin Panel using jetty. I have read so many tutorials and implemented using following steps:

Added following code in /solr/core/etc/jetty.xml :

   <Call name="addBean">
  <Arg>
    <New class="org.eclipse.jetty.security.HashLoginService">
      <Set name="name">Test Realm</Set>
      <Set name="config"><SystemProperty name="jetty.home" default="."/>/var/www/solr/core/etc/realm.properties</Set>
      <Set name="refreshInterval">0</Set>
    </New>
  </Arg>
</Call>

Added following code in /solr/core/solr-webapp/webapp/WEB-INF/web.xml:

    <security-constraint>
    <web-resource-collection>
      <web-resource-name>Solr authenticated application</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Test Realm</realm-name>

  </login-config>

And then created file realm.proprerties file in solr/core/etc with following line of code:

admin: OBF:1y0s1v1p1v2p1y0y, admin

But when I open solr admin panel using URL http://localhost:8983/solr/. I got a popup asking username and password. I fill username and password as I have added in realm.properties. But unable to login.

Please help me figuring out where I am wrong.

2
Putting the relative path instead of the absolute path into <SystemProperty name="jetty.home" default="."/>...</Set> solved it for me.Jens

2 Answers

13
votes

In your realm.properties file define the user as:

<username>: <password>, <role>

ex: admin: 12345, admin

Also check your "jetty.home" path. It should be the 'etc' directory in your SOLR core folder.

Also in realm.properties you should enter your password after hashing & for this there is a default SOLR utility which can be used as:

java -cp jetty-util-8.1.10.v20130312.jar org.eclipse.jetty.util.security.Password <username> <password>

ex: java -cp jetty-util-8.1.10.v20130312.jar org.eclipse.jetty.util.security.Password admin 12345

Output:

12345 OBF:19bv19bx19bz19c119c3 MD5:827ccb0eea8a706c4c34a16891f84e7b CRYPT:adpliAB3dA.06 You can use any of the three forms in properties file along with their type as:

admin: MD5:827ccb0eea8a706c4c34a16891f84e7b, admin

Hope this might help!

0
votes

Obfuscated password are not completely supported.

I can confirm that in SOLR 6.4.1 in Cloud Mode with build in Zookeeper, OBF passwords are partially supported. SOLR starts, the Admin UI works, but some of the other API's fail with an error indicating the passwords are incorrect.

SOLR-8897

We use an official certificate, not self signed.

Only clear text passwords seem to work in our instance.