Either way works, but running Solr as a server means that you have an
admin interface. That can be very useful. You will want it as soon as
someone asks why some document is not the first hit for their favorite
query.
wunder
On Nov 11, 2009, at 7:26 AM, Joel Nylund wrote:
Anyone?
I have done more reading and testing and it seems like I want to:
Use SolrJ and embed solr in my webapp, but I want to disable the
http access to solr, meaning force all calls through my solrj
interface I am building (no admin access etc).
Is there a simple way to do this?
Am I better off running solr as a server on its own and using
network security?
thanks
Joel
On Nov 9, 2009, at 5:04 PM, Joel Nylund wrote:
Hi,
I have a java app that is deployed in jboss/tomcat container. I
would like to add my solr index to it. I have read about this and
it seems fairly straight forward, but im curious the best way to
secure it.
I require my users to login to my app to use it, so I want the
search functions to behave the same way. Ideally I would like to do
the solr queries from the client using ajax/json calls.
So given this my thinking was I should wrapper the solr servlet and
do a local proxy type interface to ensure security. Is there any
easier way to do this, or an example of a good way to do this? Or
does the solr servlet support a "interceptor" type pattern where I
can have it call a piece of code before I execute the call (this
application is old and not using std j2ee security so I dont think
I can use that.)
Another option is to do solrj on the server, and not do the client
side calls, in this case I think I could lock down the solr servlet
interface to only allow local calls.
thanks
Joel
