Secure Solr admin interface on Tomcat

http://www.sphinxconsultant.com/secure-solr-admin-interface-tomcat/

Sorl admin interface is powerful tool to manage cores, debugging and lot of other stuff. At same time this can be very dangerous tool, because this page is open to public by default. In this post we will see how to make this interface password protected so only authorized users can access it by providing a password.

We are using tomcat 7 and solr 4.3 and tomcat 4.6.1 on Centos server. You must have root rights to performance these changes.

Create Role and user in tomcat

We will need to define an new role and new user in tomcat. This can be done by editing tomcat-users.xml file. In my case this file is found at
/usr/share/apache-tomcat-7.0.50/conf/tomcat-users.xml
so open this file with nano or vi like this. Just before the ending tag add following lines

<!– for Solr –>
<role rolrename=」solr_manager_role」/>
<user username=」solr_admin」 password=」SecretPassword」 roles=」solr_manager_role」/>

These lines are defining a new role 「solr_manager_role」 and adding a new user 「solr_admin」 and assigning the solr_manager_role to it. Save the file after changes.

Now we need to tell Solr application to use this user to authenticate by this role. So open the web.xml file for Sorl. For my case it was

/usr/share/apache-tomcat-7.0.50/webapps/solr/WEB-INF/web.xml

. Your path may vary so be sure that you are editing the correct file.

Open this file with your favorite text editor and just before the closing tag , add following lines

<!– START secure admin –>
<!– Define a Security Constraint on this Application –>
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr Admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>solr_manager_role</role-name>
</auth-constraint>
</security-constraint>

<!– Define the Login Configuration for this Application –>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Solr Admin Application</realm-name>
</login-config>

<!– Security roles referenced by this web application –>
<security-role>
<description>Solr Admin Role</description>
<role-name>solr_manager_role</role-name>
</security-role>
<!– END secure admin –>

Save the file after changes. Restart the tomcat and than browse to the solr admin application which is usually found at http://yourdomainorip:8080:/solr/. If every thing goes right you will see a password prompt. Put your user name and password defined in tomcat-users.xml and you will be able to see admin interface. This should make your Solr safe from public.

For optimizing Solr performance and quality of results please contact us