In our previous two articles Securing Single Node Solr and Securing Solr Cluster we have discussed about how to enable ssl on solr node.In this article we will discuss how to accees SSL enable solr from solrj java client api.
Table of Contents
Access secure solr without any settings
We have execute simple match all docs query to check whether solr give result without any settings.Refer below code.
HttpSolrClient httpSolrClient = new HttpSolrClient.Builder("https://localhost:8983/solr/SecureSolrTest").build();
SolrQuery solrQuery = new SolrQuery();
solrQuery.setQuery("*:*");
solrQuery.set("fl","*");
solrQuery.setRows(10);
try {
QueryResponse solrResponse = httpSolrClient.query(solrQuery);
System.out.println(solrResponse);
System.out.println("Total Documents : "+solrResponse.getResults().getNumFound());
} catch (SolrServerException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}Above code will throw SSLhandShake exception.You can find complete stack trace as below
org.apache.solr.client.solrj.SolrServerException: IOException occured when talking to server at: https://localhost:8983/solr/SecureSolrTest at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:640) at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:253) at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:242) at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:178) at org.apache.solr.client.solrj.SolrClient.query(SolrClient.java:942) at org.apache.solr.client.solrj.SolrClient.query(SolrClient.java:957) at com.javadeveloperzone.SolrClientDemo.pingRequestDemo(SolrClientDemo.java:29) at com.javadeveloperzone.SolrClientDemo.main(SolrClientDemo.java:40) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ... 27 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ... 33 more
Possible Solutions
We can not access SSL enable solr directly from solrj client.We need to set keystore and truststore related properties as a System property to access solr. Find below SSL related properties we need to set.
System.setProperty("javax.net.ssl.keyStore", "/path/to/solr-ssl.keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "secret");
System.setProperty("javax.net.ssl.trustStore", "/path/to/solr-ssl.keystore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "secret");After setting above properties solrj now able to connect solr server and execute query.
Output
{responseHeader={status=0,QTime=34,params={q=*:*,fl=*,rows=10,wt=javabin,version=2}},response={numFound=0,start=0,docs=[]}}
Total Documents : 120
Was this post helpful?
Let us know if you liked the post. That’s the only way we can improve.
