Saturday, March 11, 2017

Running Solr NonSSL way - Alfresco 5.x

Many times we are keeping default configuration with Alfresco -> SOLR communication.
Sometime we require that they want to communicate without SSL (https) communication to reduce network overhead and security impact performance.

So to turn off Alfresco repository and solr server communication via SSL, we are following below steps useful to us.



For Alfresco Repository configuration

  1. Set solr.secureComms=none  in alfresco-global.properties file
  2. Make sure solr.port you set is non-ssl in application config where solr is running.
  3. For the below path
<solrRootDir>/archive-SpacesStore/conf/solrcore.properties
<solrRootDir>/workspace-SpacesStore/conf/solrcore.properties

  • set  alfresco.secureComms=none
  • verify alfresco.port is set to nonSSL port.

Inside repository web.xml remove below block
<security-constraint>
   <web-resource-collection>
       <web-resource-name>SOLR</web-resource-name>
       <url-pattern>/service/api/solr/*</url-pattern>
   </web-resource-collection>

   <auth-constraint>
       <role-name>repoclient</role-name>
   </auth-constraint>

   <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
</security-constraint>

<security-constraint>
   <web-resource-collection>
       <web-resource-name>SOLR</web-resource-name>
       <url-pattern>/s/api/solr/*</url-pattern>
   </web-resource-collection>

   <auth-constraint>
       <role-name>repoclient</role-name>
   </auth-constraint>

   <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
</security-constraint>

<security-constraint>
    <web-resource-collection>
       <web-resource-name>SOLR</web-resource-name>
       <url-pattern>/wcservice/api/solr/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
       <role-name>repoclient</role-name>
    </auth-constraint>

    <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<security-constraint>
    <web-resource-collection>
       <web-resource-name>SOLR</web-resource-name>
       <url-pattern>/wcs/api/solr/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
       <role-name>repoclient</role-name>
    </auth-constraint>

    <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>Repository</realm-name>
</login-config>

<security-role>
    <role-name>repoclient</role-name>
</security-role>
In solr   web.xml  remove below block

<security-constraint>
   <web-resource-collection>
      <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
      <role-name>repository</role-name>
   </auth-constraint>
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
</security-constraint>
<login-config>
   <auth-method>CLIENT-CERT</auth-method>
      <realm-name>Solr</realm-name>
</login-config>
<security-role>
   <role-name>repository</role-name>
</security-role>
restart application server to take effect.
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)