Techawaken

Securing Solr Admin Interface on Tomcat

Apache Solr Admin

Solr admin interface provides information about the solr and its running environment, provides the power to manage cores, view the logs etc. It is open to public by default hence a security risk, lets see how we can password protect the solr admin.

The steps mentioned have been tried in a hosting environment which has the following software installed.

  • apache-tomcat-7.0.55
  • jdk1.7.0_65
  • solr-4.10.0
  • CentOS 6.5

1. Create user and role in tomcat

Add the following line to the tomcat-users.xml within the <tomcat-user> element and save the file


<role rolename="solr_admin"/>
<user username="your_username" password="your_password" roles="solr_admin"/>

The file “tomcat-users.xml” is located at {{TOMCAT_DIR}}/conf/tomcat-users.xml. In our installation the file path was /opt/apache-tomcat-7.0.55/conf/tomcat-users.xml

2. Tell Solr application to use the created user to authenticate by the created role

We need to modify the web.xml file for solr application. The file “web.xml” is located at {{TOMCAT_DIR}}/webapps/{{SOLR_APPLICATION}}/WEB-INF/web.xml, in our case the path was /opt/apache-tomcat-7.0.55/webapps/solr-4.10.0/WEB-INF/web.xml

Add the following lines within <web-app> element and save the file


<!– START secure admin –>
<!– Define a Security Constraint on this Application –>
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr Admin</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>solr_admin</role-name>
</auth-constraint>
</security-constraint>
<!– Define the Login Configuration for this Application –>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Solr</realm-name>
</login-config>
<!– Security roles referenced by this web application –>
<security-role>
<description>Solr Admin Role</description>
<role-name>solr_admin</role-name>
</security-role>
<!– END secure admin –>

3. Restart the tomcat server

4. Open the solr admin URL like http://mydomain.com:8080/solr-4.10.0/ in web browser now, You should be prompted for credentials. Put your user name and password defined in tomcat-users.xml and you will be able to see admin interface. This makes your Solr password protected allowing only authorised persons to access it.

Relax now, your Solr admin is secure now!

Leave a Comment

Back to top