Securing Solr on Tomcat access using a user account

最新推荐文章于 2025-08-12 23:15:00 发布

最新推荐文章于 2025-08-12 23:15:00 发布 · 125 阅读

文章标签：

#java #web.xml

本文介绍如何通过编辑Tomcat和Solr的相关配置文件实现Solr的安全认证设置，包括添加用户角色、配置认证约束及登录配置等步骤。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

Open [Tomcat install dir]\tomcat-users.xmlfor editing.

Add the following lines within the<tomcat-user>element and save the changes (using your own username and password):

<role rolename="solr_admin"/>

<user username="your_username"
      password="your_password"
      roles="solr_admin"
      />

Open [Tomcat install dir]\webapps\solr\WEB-INF\web.xmlfor editing.

"solr" in the path is the name of the instance you want to secure. Typically this is "solr," but may be different if you are running an advanced setup.

Add the following lines within the<web-app>element:

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Solr Lockdown</web-resource-name>
      <url-pattern>/</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>solr_admin</role-name>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Solr</realm-name>
  </login-config>

Save the changes and restart Tomcat. Test your changes by starting anewbrowser session and navigating to your site, for ex.http://localhost:8080/solr/. You should be prompted for credentials.

Download the followingcommunityserver_override.configfile.

Place this file in the root of your Web site directory.

Find the section in this file which is highlighted below and change it to read
http://your_username:your_password@localhost:8080/solr
replacing "your_username" and "your_password" and the host URI with the configured values

 
        <
        Override
        xpath
        =
        "/CommunityServer/Search/Solr" 
       
        mode
        =
        "change" 
       
        name
        =
        "host" 
       
        value
        =
        "<span style="
        background-color:#ffff00;">http://localhost:8080/solr</
        span
        >" 
       
        />

Save changes.

本人的操作：

1.tomcat的conf/tomcat-users.xml 添加

<role rolename="solr_admin"/>

<user username="your_username"
      password="your_password"
      roles="solr_admin"
      />

2.在

解压solr.war 找到web.xml

添加如下代码在<web-app></web-app> 元素中

<security-constraint>
<web-resource-collection>
<web-resource-name>Solr select Lockdown</web-resource-name>
<url-pattern>/cs/select/*</url-pattern> //任何用户都可以访问
</web-resource-collection>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Solr Lockdown</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>

<auth-constraint>
<role-name>solr_admin</role-name>
</auth-constraint> //管理员访问

</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Solr</realm-name>
</login-config>