Thank you, I tested providing my implementation of authentication in security.json, uploaded file to ZK (just considering authentication), started nodes and it worked like a charm.
That required of course turning off Jetty basic auth. Although I'm not sure why you took this approach instead of supporting simple built-in basic auth and let us configure security the "old/easy" way. I'm guessing it has to do with future requirement of field/doc level security. I hope you can get rid of the war file soon and start promoting Solr as a set of libraries so one can easily embed/extend Solr, since some (especially me) might consider command line ZK operations are not that "continues delivery/automate everything/production" friendly. It's easy today to spin up a jetty and wire / point out resource classes or wire up CXF alongside to get things playing, but I'm probably missing out of other things since I see many mails usually in consensus of not embedding and rather want people to consider Solr as a stand-alone service, not sure why! I'm probably getting out of context here. Regards > On 27 Jul 2015, at 13:17, Noble Paul <noble.p...@gmail.com> wrote: > > Q.do you know when it would be released? > 5.3 will be released in another 3-4 weeks . > > Q.Are there any requirements of ZK authentication must be there as well? > NO > > bq.Providing my own security.json + class/implementation to verify > user/pass should work today with 5.2, right? > > Yes. But, if you modify your credentials or anything in that JSON, you > will have to restart all your nodes . > > Q.SOLR-7274 pluggable security is already in 5.2 (my requirement is to > provide user/pass in a secure manner, not as argument on cmd or from > (our unsecured) ZK but from a configuration restful service, > > I'm not clear what your question is. Basic Auth is a well-known > standard. We are just implementing that standard. We store all > credentials & permissions in ZK . That means it is only as secure as > your ZK . As long as nobody can write to ZK, your system is safe > >> On Wed, Jul 22, 2015 at 11:10 PM, Fadi Mohsen <fadi.moh...@gmail.com> wrote: >> Hi, I have some questions regarding basic auth and proper support in 5.3: >> >> do you know when it would be released? >> >> Are there any requirements of ZK authentication must be there as well? >> >> Do we store the user/pass in ZK? >> >> SOLR-7274 pluggable security is already in 5.2 (my requirement is to provide >> user/pass in a secure manner, not as argument on cmd or from (our unsecured) >> ZK but from a configuration restful service, >> I'm not sure 5.3 release would fit above requirement, can you reflect on >> this? >> >> Providing my own security.json + class/implementation to verify user/pass >> should work today with 5.2, right? >> >> Thanks >> Fadi >> >>> On 22 Jul 2015, at 14:33, Noble Paul <noble.p...@gmail.com> wrote: >>> >>> Solr 5.3 is coming with proper basic auth support >>> >>> >>> https://issues.apache.org/jira/browse/SOLR-7692 >>> >>>> On Wed, Jul 22, 2015 at 5:28 PM, Peter Sturge <peter.stu...@gmail.com> >>>> wrote: >>>> if you're using Jetty you can use the standard realms mechanism for Basic >>>> Auth, and it works the same on Windows or UNIX. There's plenty of docs on >>>> the Jetty site about getting this working, although it does vary somewhat >>>> depending on the version of Jetty you're running (N.B. I would suggest >>>> using Jetty 9, and not 8, as 8 is missing some key authentication classes). >>>> If, when you execute a search query to your Solr instance you get a >>>> username and password popup, then Jetty's auth is setup. If you don't then >>>> something's wrong in the Jetty config. >>>> >>>> it's worth noting that if you're doing distributed searches Basic Auth on >>>> its own will not work for you. This is because Solr sends distributed >>>> requests to remote instances on behalf of the user, and it has no knowledge >>>> of the web container's auth mechanics. We got 'round this by customizing >>>> Solr to receive credentials and use them for authentication to remote >>>> instances - SOLR-1861 is an old implementation for a previous release, and >>>> there has been some significant refactoring of SearchHandler since then, >>>> but the concept works well for distributed queries. >>>> >>>> Thanks, >>>> Peter >>>> >>>> >>>> >>>>> On Wed, Jul 22, 2015 at 11:18 AM, O. Klein <kl...@octoweb.nl> wrote: >>>>> >>>>> Steven White wrote >>>>>> Thanks for updating the wiki page. However, my issue remains, I cannot >>>>>> get >>>>>> Basic auth working. Has anyone got it working, on Windows? >>>>> >>>>> Doesn't work for me on Linux either. >>>>> >>>>> >>>>> >>>>> -- >>>>> View this message in context: >>>>> http://lucene.472066.n3.nabble.com/Basic-auth-tp4218053p4218519.html >>>>> Sent from the Solr - User mailing list archive at Nabble.com. >>> >>> >>> >>> -- >>> ----------------------------------------------------- >>> Noble Paul > > > > -- > ----------------------------------------------------- > Noble Paul
