为解决Solr对外网访问的安全问题,添加了基本认证,但导致定时任务出现401未认证错误。通过修改源代码和SolrDataImportProperties.java文件,添加认证信息,并在dataimport.properties中配置username和password,实现了定时任务的正常运行。建议密码加密以确保配置文件的安全性,确保所用依赖jar与Solr版本兼容。
由于Apache Solr在对外网访问时候暴露端口可能会造成的安全问题,所以对登录solr控制台加了一个基本认证来实现对用户身份的辨识。但是由于solr的定时任务的jar中发送http请求并没有添加基本认证,所以日志中一直会有401 未认证的记录(solr.log)。这里做一个记录:
源代码:
protected void sendHttpPost(String completeUrl, String coreName) {
DateFormat df = new SimpleDateFormat("dd.MM.yyyy HH:mm:ss SSS");
Date startTime = new Date();
String core = "[" + coreName + "] ";
logger.info(core + "<index update process> Process started at .............. " + df
.format(startTime));
try {
URL url = new URL(completeUrl);
HttpURLConnection conn = (HttpURLConnection)url.openConnection();
conn.setRequestMethod("GET");
conn.setRequestProperty("type", "submit");
conn.setDoOutput(true);
conn.connect();
logger.info(core + "<index update process> Full URL\t\t\t\t" + conn
.getURL());
logger.info(core + "<index update process> Response message\t\t\t" + conn
.getResponseMessage());
logger.info(core + "<index update process> Response code\t\t\t" + conn
.getResponseCode());
if (conn.getResponseCode() != 200) {
reloadParams();
}
conn.disconnect();
logger.info(core + "<index update process> Disconnected from server\t\t" + this.server);
Date endTime = new Date();
logger.info(core + "<index update process> Process ended at ................ " + df
.format(endTime));
} catch (MalformedURLException mue) {
logger.error("Failed to assemble URL for HTTP POST", mue);
} catch (IOException ioe) {
logger.error("Failed to connect to the specified URL while trying to send HTTP POST", ioe);
}
catch (Exception e) {
logger.error("Failed to send HTTP POST", e);
}
}
修改后:
realoadParams(){
...
username = p.getProperty(SolrDataImportProperties.USERNAME);
password = p.getProperty(SolrDataImportProperties.PASSWORD);
...
}
protected void sendHttpPost(String completeUrl, String coreName) {
DateFormat df = new SimpleDateFormat("dd.MM.yyyy HH:mm:ss SSS");
Date startTime = new Date();
// prepare the core var
String core = coreName == null ? "" : "[" + coreName + "] ";
logger.info(core + "<index update process> Process started at .............. " + df.format(startTime));
try {
URL url = new URL(completeUrl);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
// set http basic auth
if ((this.username != null && !this.username.trim().equals(""))
&& (this.password != null && !this.password.trim().equals(""))) {
String auth = this.username + ":" + this.password;
byte[] rel = Base64.getEncoder().encode(auth.getBytes());
String res = new String(rel);
conn.setRequestProperty("Authorization", "Basic " + res);
}
conn.setRequestProperty("type", "submit");
conn.setDoOutput(true);
// Send HTTP POST
conn.connect();
logger.info(core + "<index update process> Full URL\t\t\t\t" + conn.getURL());
logger.info(core + "<index update process> Response message\t\t\t" + conn.getResponseMessage());
logger.info(core + "<index update process> Response code\t\t\t" + conn.getResponseCode());
// listen for change in properties file if an error occurs
if (conn.getResponseCode() != 200) {
reloadParams();
}
conn.disconnect();
logger.info(core + "<index update process> Disconnected from server\t\t" + server);
Date endTime = new Date();
logger.info(core + "<index update process> Process ended at ................ " + df.format(endTime));
} catch (MalformedURLException mue) {
logger.error("Failed to assemble URL for HTTP POST", mue);
} catch (IOException ioe) {
logger.error("Failed to connect to the specified URL while trying to send HTTP POST", ioe);
} catch (Exception e) {
logger.error("Failed to send HTTP POST", e);
}
}
这是主体部分,同时还需要修改SolrDataImportProperties.java文件,在这个文件中需要添加:
public static final String USERNAME = "username";
public static final String PASSWORD = "password";
至此,已经基本完成。可打成jar替换原有的jar。修改dataimport.properties,添加username和password字段。这只是提供了一个初始思路,进一步的可对password加密,然后在代码中解密,这样保证配置文件中密码的安全性。
注意:所使用的依赖jar版本一定要适配solr的版本
扫一扫
886
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
