Securing Solr – Setup Basic Authentication

Solr  support Basic authentication for users with the use of the BasicAuthPlugin.An authorization plugin is also available to configure Solr with permissions to perform various activities in the system.

In this article we will discuss step by step process of how to enable basic authenticaion.

Step 1:Enable properties in solr.in.cmd for windows and solr.in.sh for linux

Add the following line to the solr.in.sh or solr.in.cmd file. This example tells the bin/solr command line to to use “basic” as the type of authentication, and to pass credentials with the user-name “solr” and password “SolrRocks”:

set SOLR_AUTH_TYPE=basic
set SOLR_AUTHENTICATION_OPTS="-Dbasicauth=solr:SolrRocks"

Step 2: Create security.json file

To use Basic authentication, you must first create a security.json file.

For Basic authentication, the security.json file must have an authentication part which defines the class being used for authentication.
Usernames and passwords (as a sha256(password+salt) hash) could be added when the file is created, or can be added later with the Basic authentication API

Example:

{
"authentication":{
   "blockUnknown": true,
   "class":"solr.BasicAuthPlugin",
   "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
},
"authorization":{
   "class":"solr.RuleBasedAuthorizationPlugin",
   "permissions":[{"name":"security-edit",
      "role":"admin"}],
   "user-role":{"solr":"admin"}
}}

Note: “If blockUnknown does not appear in the security.json file, it will default to false. This has the effect of not requiring authentication at all.”

Step 3: Upload security.json file

The security.json file needs to be in the proper location before a Solr instance comes up so Solr starts with the security plugin enabled.

In SolrCloud Mode

When we we run solr in cloud mode,We need to upload security.json file in zookeeper.Use below commands t upload security file.

zkcli.bat -zkhost localhost:2181 -cmd put /security123.json "{"authentication":{"blockUnknown": true,"class":"solr.BasicAuthPlugin","credentials":{"USER_NAMW":"PASSWORD"}}}"

In Standalone Mode

When we run solr as a standalone mode we need to put security.json file in SOLR_HOME directory.

Step 4:Start Solr

Once all these settings done.Start solr using solr start script.if everything is fine then when we trying to access solr it will ask for username and password.

Refer Solr Reference Guide for more details.