Support Questions
Find answers, ask questions, and share your expertise

Spring Data Solr Authentication

Explorer

Can someone please recommend what would be the appropriate authentication and authorization mechanism which support Spring Data Solr with Hortonoworks?

9 REPLIES 9

Cloudera Employee
@magarwal

, Ranger Solr plugin can provide authorization and auditing mechanism, for secured Solr Cloud environments, You can take a look to install and configure Solr Plugin here.

Explorer

@vsuvagia

Thanks. but this is regarding configuring solr to manage ranger audits. I am looking for some kind of authentication and authorization mechanism which support "Spring data solr " in solrcloud

Cloudera Employee

@magarwal, looks like you missed the Ranger Solr Plugin section which describes how to enable Ranger Solr plugin for Authorization purposes also Audits for solr related activities are generated by Ranger Solr plugin which can be viewed via Ranger UI. Additionally you can refer to this detailed article written by @Jonas Straub

Explorer

@vsuvagia

I am following article of @Jonas Straub but am getting 2 errors while installation of Kerberos and ranger

Kerberos

HTTP ERROR 403

Problem accessing /solr/. Reason:

GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

Ranger error

/usr/hdp/current/ranger-tagsync/conf directory doesnot exist

The directory above exist. it has root permission. Does it require ranger permsision

Hi @magarwal Its sounds like your JDK is outdated, what java version is running on your machines? Make sure you have installed the minimum JDK (e.g. 1.8.0_60)

Check out my post here https://community.hortonworks.com/questions/2580/accessing-hdp-web-ui-from-windows-pc-causes-gsshea....

Explorer

Thanks @Jonas Straub . But I have Open JDK 1.8.0_65

Interesting! Can you curl the Solr API of one of the instances?

e.g.

curl -v --negotiate -u : http://localhost:8983/solr/admin/collections?action=LIST&wt=json

Note: Make sure you have a valid kerberos ticket

Explorer

@Jonas Straub

I am getting 401 error. Authentication required. How can I check about my valid kerberos ticket.

Try "klist" command, it should show the ticket information