You are here

SkyVault 2.0 » Administering » Configuring search » Solr 4 security

Running Without SSL

SkyVault uses SSL to secure communication between the repository server and the Solr 4 server. In this communication, SSL not only provides encryption, it is also used for authentication. This topic describes how to turn-off SSL and deactivate authentication between SkyVault repository and the Solr server.
  1. Set the solr.secureComms property to none in the SkyVault-global.properties file.
  2. Ensure that the solr.port property is set to the correct non-SSL port of the application server in which Solr is running.
  3. In the <solrRootDir>/archive-SpacesStore/conf/solrcore.properties file and <solrRootDir>/workspace-SpacesStore/conf/solrcore.properties file, do the following:
    1. Set the property SkyVault.secureComms property to none.
    2. Ensure that the SkyVault.port property is set to the correct non-SSL port of the application server in which your repository is running.
  4. In the repository web.xml, remove the following configuration: 

    <security-constraint>
   <web-resource-collection>
       <web-resource-name>SOLR</web-resource-name>
       <url-pattern>/service/api/solr/*</url-pattern>
   </web-resource-collection>

   <auth-constraint>
       <role-name>repoclient</role-name>
   </auth-constraint>

   <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
</security-constraint>

<security-constraint>
   <web-resource-collection>
       <web-resource-name>SOLR</web-resource-name>
       <url-pattern>/s/api/solr/*</url-pattern>
   </web-resource-collection>

   <auth-constraint>
       <role-name>repoclient</role-name>
   </auth-constraint>

   <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
</security-constraint>

<security-constraint>
    <web-resource-collection>
       <web-resource-name>SOLR</web-resource-name>
       <url-pattern>/wcservice/api/solr/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
       <role-name>repoclient</role-name>
    </auth-constraint>

    <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<security-constraint>
    <web-resource-collection>
       <web-resource-name>SOLR</web-resource-name>
       <url-pattern>/wcs/api/solr/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
       <role-name>repoclient</role-name>
    </auth-constraint>

    <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>Repository</realm-name>
</login-config>

<security-role>
    <role-name>repoclient</role-name>
</security-role>
  5. In the Solr web.xml, remove the following configuration: 

    <security-constraint>
   <web-resource-collection>
      <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
      <role-name>repository</role-name>
   </auth-constraint>
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
</security-constraint>
<login-config>
   <auth-method>CLIENT-CERT</auth-method>
      <realm-name>Solr</realm-name>
</login-config>
<security-role>
   <role-name>repository</role-name>
</security-role>
If you decide to turn-off SSL and deactivate authentication between SkyVault repository and the Solr server, you need to protect your environment. For more information, see Configuring SSL for a production environment.
Parent topic: Solr 4 security

© 2017 TBS-LLC. All Rights Reserved.