Anyone?
I have done more reading and testing and it seems like I want to:
Use SolrJ and embed solr in my webapp, but I want to disable the http
access to solr, meaning force all calls through my solrj interface I
am building (no admin access etc).
Is there a simple way to do this?
Am I better off running solr as a server on its own and using network
security?
thanks
Joel
On Nov 9, 2009, at 5:04 PM, Joel Nylund wrote:
Hi,
I have a java app that is deployed in jboss/tomcat container. I
would like to add my solr index to it. I have read about this and it
seems fairly straight forward, but im curious the best way to secure
it.
I require my users to login to my app to use it, so I want the
search functions to behave the same way. Ideally I would like to do
the solr queries from the client using ajax/json calls.
So given this my thinking was I should wrapper the solr servlet and
do a local proxy type interface to ensure security. Is there any
easier way to do this, or an example of a good way to do this? Or
does the solr servlet support a "interceptor" type pattern where I
can have it call a piece of code before I execute the call (this
application is old and not using std j2ee security so I dont think I
can use that.)
Another option is to do solrj on the server, and not do the client
side calls, in this case I think I could lock down the solr servlet
interface to only allow local calls.
thanks
Joel
