Solr
  1. Solr
  2. SOLR-3421

Distributed Search doesn't allow for HTTP Authentication

    Details

      Description

      The distributed search feature allows one to configure the list of shards the SearchHandler should query and aggregate results from using the "shards" parameter. Unfortunately, there is no way to configure any sort of authentication between shards and a distributed search-enabled SearchHandler. It'd be good to be able to specify an authentication type, auth credentials, and transport security to allow installations that don't have the benefit of being protected by a firewall some measure of security.

        Activity

        Hide
        Peter Sturge added a comment -

        It's also worth noting that one of the advantages of this approach is that is allows for partial results to be returned (with error details in the response) if one or more shards are unavailable, but others are ok. An optional flag to allow this (or not) can switch this feature on or off.

        Show
        Peter Sturge added a comment - It's also worth noting that one of the advantages of this approach is that is allows for partial results to be returned (with error details in the response) if one or more shards are unavailable, but others are ok. An optional flag to allow this (or not) can switch this feature on or off.
        Hide
        Peter Sturge added a comment -

        There is an existing patch for this behaviour - see:
        issues.apache.org/jira/browse/SOLR-1861

        This patch allows distributed credentials to be passed inside the url, where SearchHandler then parses this an creates HttpConnections for each shard in the distributed search.
        Some useful extensions to this approach would be the use of certificates (instead of explicit credentials), and/or acl lists stored on the server side, with pre-authentication (e.g. via passing hash values instead of explicit credentials). The base mechanism provided in this patch can be used in both cases.

        HTH!
        Peter

        Show
        Peter Sturge added a comment - There is an existing patch for this behaviour - see: issues.apache.org/jira/browse/ SOLR-1861 This patch allows distributed credentials to be passed inside the url, where SearchHandler then parses this an creates HttpConnections for each shard in the distributed search. Some useful extensions to this approach would be the use of certificates (instead of explicit credentials), and/or acl lists stored on the server side, with pre-authentication (e.g. via passing hash values instead of explicit credentials). The base mechanism provided in this patch can be used in both cases. HTH! Peter

          People

          • Assignee:
            Unassigned
            Reporter:
            Michael Della Bitta
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:

              Development