In our previous two articles Securing Single Node Solr and Securing Solr Cluster  we have discussed about how to enable ssl on solr node.In this article we will discuss how to accees SSL enable solr from solrj java client api.

Access secure solr without any settings

We have execute simple match all docs query to check whether solr give result without any settings.Refer below code.

HttpSolrClient httpSolrClient = new HttpSolrClient.Builder("https://localhost:8983/solr/SecureSolrTest").build();
SolrQuery solrQuery = new SolrQuery();
solrQuery.setQuery("*:*");
solrQuery.set("fl","*");
solrQuery.setRows(10);
try {
QueryResponse solrResponse = httpSolrClient.query(solrQuery);
System.out.println(solrResponse);
System.out.println("Total Documents : "+solrResponse.getResults().getNumFound());
} catch (SolrServerException e) {
 e.printStackTrace();
} catch (IOException e) {
 e.printStackTrace();
}

Above code will throw SSLhandShake exception.You can find complete stack trace as below

org.apache.solr.client.solrj.SolrServerException: IOException occured when talking to server at: https://localhost:8983/solr/SecureSolrTest
  at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:640)
  at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:253)
  at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:242)
  at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:178)
  at org.apache.solr.client.solrj.SolrClient.query(SolrClient.java:942)
  at org.apache.solr.client.solrj.SolrClient.query(SolrClient.java:957)
  at com.javadeveloperzone.SolrClientDemo.pingRequestDemo(SolrClientDemo.java:29)
  at com.javadeveloperzone.SolrClientDemo.main(SolrClientDemo.java:40)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
  at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
  at sun.security.validator.Validator.validate(Validator.java:260)
  at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
  at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
  at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
  ... 27 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
  at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
  at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
  ... 33 more

Possible Solutions

We can not access SSL enable solr directly from solrj client.We need to set keystore and truststore related properties as a System property to access solr. Find below SSL related properties we need to set.

System.setProperty("javax.net.ssl.keyStore", "/path/to/solr-ssl.keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "secret");
System.setProperty("javax.net.ssl.trustStore", "/path/to/solr-ssl.keystore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "secret");

After setting above properties solrj now able to connect solr server and execute query.

Output

{responseHeader={status=0,QTime=34,params={q=*:*,fl=*,rows=10,wt=javabin,version=2}},response={numFound=0,start=0,docs=[]}}
Total Documents : 120

 

 

Was this post helpful?
Let us know, if you liked the post. Only in this way, we can improve us.
Yes
No

Leave a Reply

Your email address will not be published. Required fields are marked *