Skip to content

solr-cool/solr-forward-authentication-plugin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

63 Commits
.github
.github
 
 
examples
examples
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Solr Forward Authentication Plugin

continuous integration Maven Central

A simple forward authentication plugin for Solr. Forward authentication moves the authentication process out of Solr into a reverse proxy like Traefik or Nginx running in front of Solr.

After authentication, the authenticated user is sent to Solr via a HTTP header. This plugins lets Solr accept this header and set the authenticated user accordingly.

Forward Authentication

How to use the plugin

Before using the plugin, please be familiar with Solr authentication and authorization.

To use the plugin, drop the release jar into the library directory of your Solr installation.

Configure authentication & authorization

To activate authentication & authorization, place a security.json in your Zookeeper root.

To activate forward authentication in Solr, use the ForwardAuthPlugin class as authentication class.

The httpUserHeader is an optional configuration.

{
    "authentication": {
        "class": "cool.solr.security.ForwardAuthPlugin",
        "httpUserHeader": "X-Forwarded-User"
    },
    "authorization": {
        "class": "cool.solr.security.DefaultRuleBasedAuthorizationPlugin",
        "defaultRole": "admin",
        "permissions": [
            {
                "name": "all",
                "role": "admin"
            }
        ]
    }
}

For authorization, the DefaultRuleBasedAuthorizationPlugin extends the RuleBasedAuthorizationPlugin by assigning users without an explicit user-role mapping a defaultRole.

Example

The examples folder contains a simple Docker Compose ensemble. From inside the directory, launch the Solr/Zookeeper ensemble:

$ docker-compose up

# Test connectivity (should return 200 OK)
$ curl -s "http://localhost:8983/api/node/system" | jq .security
{
  "tls": false
}

# Activate security
$ docker exec -it solr solr zk cp file:/opt/solr/server/solr/security.json zk:/security.json -z zookeeper:2181

# Test security (should return no data as we are not authorized)
$ curl "http://localhost:8983/api/node/system"

# Fake forward authentication (should return 200)
$ curl -sH "X-Forwarded-User: alice" "http://localhost:8983/api/node/system" \
    | jq .security
{
  "authenticationPlugin": "cool.solr.security.ForwardAuthPlugin",
  "authorizationPlugin": "cool.solr.security.DefaultRuleBasedAuthorizationPlugin",
  "username": "alice",
  "roles": [
    "admin"
  ],
  "tls": false
}

Building the project

This should install the current version into your local repository

$ ./mvn clean verify

License

This project is licensed under the Apache License, Version 2.

About

A simple forward authentication plugin for Solr

Topics

search authentication solr solr-plugin

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 4

1.0.1 Latest
Jun 14, 2022
+ 3 releases

Contributors 2

  •  
  •  

Languages