Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-1861

HTTP Authentication for sharded queries

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Implemented
    • Affects Version/s: 1.4
    • Fix Version/s: None
    • Component/s: search
    • Environment:

      Solr 1.4

      Description

      This issue came out of a requirement to have HTTP authentication for queries. Currently, HTTP authentication works for querying single servers, but it's not possible for distributed searches across multiple shards to receive authenticated http requests.

      This patch adds the option for Solr clients to pass shard-specific http credentials to SearchHandler, which can then use these credentials when making http requests to shards.

      Here's how the patch works:

      A final constant String called shardcredentials acts as the name of the SolrParams parameter key name.
      The format for the value associated with this key is a comma-delimited list of colon-separated tokens:
      {{ shard0:port0:username0:password0,shard1:port1:username1:password1,shardN:portN:usernameN:passwordN }}
      A client adds these parameters to their sharded request.
      In the absence of shardcredentials and/or matching credentials, the patch reverts to the existing behaviour of using a default http client (i.e. no credentials). This ensures b/w compatibility.

      When SearchHandler receives the request, it passes the 'shardcredentials' parameter to the HttpCommComponent via the submit() method.
      The HttpCommComponent parses the parameter string, and when it finds matching credentials for a given shard, it creates an HttpClient object with those credentials, and then sends the request using this.
      Note: Because the match comparison is a string compare (a.o.t. dns compare), the host/ip names used in the shardcredentials parameters must match those used in the shards parameter.

      Impl Notes:
      This patch is used and tested on the 1.4 release codebase. There weren't any significant diffs between the 1.4 release and the latest trunk for SearchHandler, so should be fine on other trunks, but I've only tested with the 1.4 release code base.

      1. SearchHandler.java
        20 kB
        Peter Sturge
      2. SearchHandler.java
        19 kB
        Peter Sturge

        Activity

        Hide
        janhoy Jan Høydahl added a comment -

        Closing ancient issue which is now superseded by the Autentication framework.

        Show
        janhoy Jan Høydahl added a comment - Closing ancient issue which is now superseded by the Autentication framework.
        Hide
        erickerickson Erick Erickson added a comment -

        2013 Old JIRA cleanup

        Show
        erickerickson Erick Erickson added a comment - 2013 Old JIRA cleanup
        Hide
        midiman Peter Sturge added a comment -

        Would a Solrj client be able to intrinsically handle a distributed shard request? It could make separate requests for each shard, but you wouldn't have the nice advantage of distributed searches, with aggregated facets, ranges etc. that's built-in on the server side. Or perhaps I've misunderstood your Solrj suggestion?

        Show
        midiman Peter Sturge added a comment - Would a Solrj client be able to intrinsically handle a distributed shard request? It could make separate requests for each shard, but you wouldn't have the nice advantage of distributed searches, with aggregated facets, ranges etc. that's built-in on the server side. Or perhaps I've misunderstood your Solrj suggestion?
        Hide
        lancenorskog Lance Norskog added a comment -

        If this was implemented inside SolrJ, then all SolrJ apps would be able to use authentication. It would be just as much code as putting the auth code in SearchHandler.

        Show
        lancenorskog Lance Norskog added a comment - If this was implemented inside SolrJ, then all SolrJ apps would be able to use authentication. It would be just as much code as putting the auth code in SearchHandler.
        Hide
        midiman Peter Sturge added a comment -

        A small update to this patch to support distributed searches with multiple cores.

        Show
        midiman Peter Sturge added a comment - A small update to this patch to support distributed searches with multiple cores.
        Hide
        midiman Peter Sturge added a comment -

        Apologies that this is the source file and not a diff'ed patch file.

        I've tried so many Win doze svn products, but I just can't get them to create a patch file (I'm sure this is more down to me not configuring them correctly, rather than rapidsvn, visualsvn, Tortoisesvn etc.).
        If someone would like to create a patch file from this source, that would be extraordinarily kind of you!
        In any case, the changes to this file are quite straightforward.

        Show
        midiman Peter Sturge added a comment - Apologies that this is the source file and not a diff'ed patch file. I've tried so many Win doze svn products, but I just can't get them to create a patch file (I'm sure this is more down to me not configuring them correctly, rather than rapidsvn, visualsvn, Tortoisesvn etc.). If someone would like to create a patch file from this source, that would be extraordinarily kind of you! In any case, the changes to this file are quite straightforward.

          People

          • Assignee:
            Unassigned
            Reporter:
            midiman Peter Sturge
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development