Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Java Code example to connect to SOLR using Kerberos and SASL

SOLVED Go to solution

Java Code example to connect to SOLR using Kerberos and SASL

New Contributor

Does anyone out there have an example of Java code that can connect to a Cloudra SOLR collection (under zookeeper) that uses Kerberos and the correct SASL parameters?   Googling brings up some suggestions and some not ready for prime time classes.  I'm looking for connection code, not a Morphlines example.

 

Thanks,  Rick

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Java Code example to connect to SOLR using Kerberos and SASL

New Contributor

I got this to work as follows (but there's a twist when dealing with Eclipse from Windows):

 

System.setProperty("javax.net.ssl.trustStorePassword","xxxxxx");
System.setProperty("java.security.auth.login.config", "C:\\my_jaas.conf");
String zkHosts = "zookeeper1.com:2181,zookeeper2.ghp.com:2181,zookeeper3.ghp.com:2181/solr";

Krb5HttpClientBuilder krbBuild = new Krb5HttpClientBuilder();
SolrHttpClientBuilder kb = krbBuild.getBuilder();
HttpClientUtil.setHttpClientBuilder(kb);
CloudSolrClient solrServer = new CloudSolrClient.Builder().withZkHost(zkHosts).build();

String collectionName = "test_col";
solrServer.setDefaultCollection(collectionName);
solrServer.connect();

SolrQuery parameters = new SolrQuery();
parameters.set("q", "*:*");
try {
solrServer.commit();
QueryResponse response = solrServer.query(parameters);
for (SolrDocument solrDocument : response.getResults()) {
System.out.println(" " + solrDocument.toString());
}
krbBuild.close();
solrServer.close();
} catch (SolrServerException | IOException e) {
e.printStackTrace();
}

 

If you are working from a Windows Environment and Windows is generating your TGT Kerberos keys and Kerberos is hooked into AD (that is, not using MIT Kerberos), then you need to update the registry as follows (thanks to Cloudera Systems Engineer Tom Roach):

 

On windows, to use your kerberos tickets from AD in your Java program, you need to setup this Windows registry.

 

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters

Value Name: AllowTgtSessionKey

Value Type: REG_DWORD

Value: 0x01

 

jaas.conf:

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true
principal="myuser@MYDOMAIN.COM";
};

3 REPLIES 3

Re: Java Code example to connect to SOLR using Kerberos and SASL

Cloudera Employee

Hi Rick,

 

Did you find this info in Cloudera Search documentation - does this help?

 

https://www.cloudera.com/documentation/enterprise/latest/topics/search_using_kerberos.html

 

Nick

Re: Java Code example to connect to SOLR using Kerberos and SASL

Cloudera Employee

Re: Java Code example to connect to SOLR using Kerberos and SASL

New Contributor

I got this to work as follows (but there's a twist when dealing with Eclipse from Windows):

 

System.setProperty("javax.net.ssl.trustStorePassword","xxxxxx");
System.setProperty("java.security.auth.login.config", "C:\\my_jaas.conf");
String zkHosts = "zookeeper1.com:2181,zookeeper2.ghp.com:2181,zookeeper3.ghp.com:2181/solr";

Krb5HttpClientBuilder krbBuild = new Krb5HttpClientBuilder();
SolrHttpClientBuilder kb = krbBuild.getBuilder();
HttpClientUtil.setHttpClientBuilder(kb);
CloudSolrClient solrServer = new CloudSolrClient.Builder().withZkHost(zkHosts).build();

String collectionName = "test_col";
solrServer.setDefaultCollection(collectionName);
solrServer.connect();

SolrQuery parameters = new SolrQuery();
parameters.set("q", "*:*");
try {
solrServer.commit();
QueryResponse response = solrServer.query(parameters);
for (SolrDocument solrDocument : response.getResults()) {
System.out.println(" " + solrDocument.toString());
}
krbBuild.close();
solrServer.close();
} catch (SolrServerException | IOException e) {
e.printStackTrace();
}

 

If you are working from a Windows Environment and Windows is generating your TGT Kerberos keys and Kerberos is hooked into AD (that is, not using MIT Kerberos), then you need to update the registry as follows (thanks to Cloudera Systems Engineer Tom Roach):

 

On windows, to use your kerberos tickets from AD in your Java program, you need to setup this Windows registry.

 

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters

Value Name: AllowTgtSessionKey

Value Type: REG_DWORD

Value: 0x01

 

jaas.conf:

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true
principal="myuser@MYDOMAIN.COM";
};