Hi, What is the recommended pattern for securing a multicore solr instance, accessed by different applications ? In our case, we need to prevent application A from accessing the core of application B. Also, we need to avoid the use of username/password authentication wherever possible. I have read the wiki page on solr security and it talks about path based authentication, but both DIGEST and BASIC auth are username/password based so i'm looking for alternatives.
One idea i had was to use https and create a x509 cert per application, with a different subject per application. Then on the solr server i would somehow need to extend the component that is responsible for delegating /sorl/appA/* to the appA request handlers (is there such thing even ?) and verify that requests for /appA are done over https with a valid certificate that has /appA as subject. Is this feasible ? Or maybe there is an easier way of doing this ? Thanks, Jorg
