一、在配置solr的时候我们曾在solr的WEB-INF/web.xml中注释一段代码,那段代码就是对权限的控制。只需将注释代码更改为以下即可
<security-constraint> <web-resource-collection> <web-resource-name>Restrict access to Solr admin</web-resource-name> <url-pattern>/*</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>solr</role-name> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>default</realm-name> </login-config>二、替换之后进行如下操作
//在apache-tomcat-9.0.0.M9/conf下的tomcat-users.xml文件最后增加: <role rolename="solr"/> <user username="admin" password="new-password" roles="solr"/>以上操作方式来源于网络,亲测可用。
三、对于Java程序的操作
① spring的配置文件中solr.host=admin:123456@IP:端口号/solr/core名称
//例如: solr.host=admin:123456@127.0.0.1:8080/solr/new_core② 可以配置拦截器,进行请求过滤。Solr通过BASIC认证。可以添加请求头的方式进行认证(未实验,不提供代码示例。仅供参考)。
四、定时全量索引和增量索引权限配置
网上有很多关于solr-dataimporthandler-scheduler的jar.在前期的文章中也有说明和源码提供下载。但是源码中由于原作者的编码风格(不知道第几任作者,哈哈),也走了一些弯路。在此说明一下: 日志的提示级别,会导致在solr的web界面报异常,其实并不是异常信息。在GitHub下载源码没有此问题。
对于定时索引机上权限之后如何配置,查看官方文档没找到很好的解决办法,就在solr-dataimporthandler-scheduler.jar进行改造。在配置文件中增加认证字段,在发送请求是进行请求头的添加(采用BASIC)。
//示例: ################################################# # # # dataimport scheduler properties # # # ################################################# # to sync or not to sync # 1 - active; anything else - inactive syncEnabled=1 # which cores to schedule # in a multi-core environment you can decide which cores you want syncronized # leave empty or comment it out if using single-core deployment syncCores=new_core # solr server name or IP address # [defaults to localhost if empty] server=172.0.0.1 # solr server port # [defaults to 80 if empty] port=8080 # application name/context # [defaults to current ServletContextListener's context (app) name] webapp=solr # URL params [mandatory] # remainder of URL # 增量索引 params=/deltaimport?command=delta-import&clean=false&commit=true # schedule interval # number of minutes between two runs # [defaults to 30 if empty] interval=1 # 重做索引的时间间隔,单位分钟,默认7200,即5天; # 为空,为0,或者注释掉:表示永不重做索引 reBuildIndexInterval=0 # 重做索引的参数 # 全量索引 reBuildIndexParams=/dataimport?command=full-import&clean=true&commit=true # 重做索引时间间隔的计时开始时间,第一次真正执行的时间=reBuildIndexBeginTime+reBuildIndexInterval*60*1000; # 两种格式:2016-012-11 14:10:00 或者 14:10:00,后一种会自动补全日期部分为服务启动时的日期 reBuildIndexBeginTime=00:00:00 # 权限认证(用户名:密码) authorization=admin:123456源码修改:
//SolrDataImportProperties.java增加 public static final String AUTHORIZATION = "authorization"; //BaseTimerTask.java增加 protected String authorization; protected void reloadParams() { .... this.authorization = this.p.getProperty(SolrDataImportProperties.AUTHORIZATION); } protected void sendHttpPost(String completeUrl, String coreName) { //省略前半段...... URL url = new URL(completeUrl); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("POST"); conn.setRequestProperty("type", "submit"); conn.setDoOutput(true); //增加部分====start==== if (this.authorization != null){ String encoding = Base64.encode(this.authorization.getBytes()); conn.setRequestProperty ("Authorization", "Basic " + encoding); } //增加部分======end===== conn.connect(); logger.info(core + "<index update process> Full URL\t\t\t\t" + conn.getURL()); //省略后半段solr-dataimporthandler-scheduler源码 jar包下载
