I am planning to run a java web application and solr in the same java container. I want the web application to be publicly accessible but solr 开发者_开发知识库to be accessible only to the other web applications in the same container. Solr should be accessible only as localhost and not from outside. Can we write some rules in the web-xml to achieve this?
This is actually a question for serverfault. Anyway, you can deal with this the same way you deal with any internal server, like a database server: don't give Solr a public IP, or put it behind a firewall.
Other than that, you could set up HTTP auth (Tomcat example) or set the container to only listen on localhost (that is, if your web app runs on the same box) (jetty example), but I recommend putting it behind a properly configured firewall instead.
Also see the SolrSecurity wiki page, but it deals mostly with Solr-level security.
For Resin you can define security constraint by ip addresses. Below is sample from Resin 2.X I'm using it might be slightly different for Resin 3 or 4
<host id='solr.mydomain.com' app-dir='/dev/null'>
<env-entry>
<env-entry-name>solr/home</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>/usr/local/java/solr-home</env-entry-value>
</env-entry>
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<ip-constraint>127.0.0.1</ip-constraint>
<ip-constraint>192.168.1.0/24</ip-constraint>
</security-constraint>
<war-dir>webapps/solr</war-dir>
<access-log id='log/solr-access.log'
format='%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"'/>
<error-log id='log/solr-error.log'/>
</host>
I found this link on the Solr wiki that details installation procedures and also ways of securing the application. http://wiki.apache.org/solr/SolrInstall
精彩评论