Connecting a rails application with sunspot to a tomcat/solr server with authorization

Question

Okay, so I have a separate server with solr and this connects perfectly fine with the app. Using the usual sunspot.yml we have something like:

production:
  solr:
    hostname: domain
    port: 8080
    log_level: WARNING
    path: path/to/data

The problem is I wanted to authorization to my tomcat app. It seems that as long as you know the domain and port you could just go and visit solr/admin. So in my tomcat web.xml I added:

<security-constraint>
    <web-resource-collection>
      <web-resource-name> 
        Solr authenticated application
      </web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>role</role-name>
    </auth-constraint>
  </security-constraint>
   <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>REALM</realm-name>
  </login-config>
  <security-role>
    <description>ROLE NAME</description>
    <role-name>role</role-name>
  </security-role>

This would require anyone visiting solr/admin a username and password before being granted access. The problem is how do I tell my rails app about this? After doing this and I get an expected "Unauthorized" response when my rails app tries to access the solr server. I know it would probably go into the sunspot.yml file but what do I have to add?

Answer 1

I'm not sure that the Sunspot configuration supports a Basic Auth username and password via the YAML. Those options are all concatenated together to be assigned to Sunspot.config.solr.url and later given to RSolr. That's a simple oversight — a pull request at https://github.com/outoftime/sunspot would be welcome to fix that.

You will have better luck either assigning Sunspot.config.solr.url directly in an initializer, or by specifying the URL via an environment variable. Sunspot supports the SOLR_URL and WEBSOLR_URL environment variables, and in doing so should preserve a Basic Auth username and password.

To test this in your development environment:

rake sunspot:reindex SOLR_URL=http://admin:foobar@localhost:8983/solr
rails server SOLR_URL=http://admin:foobar@localhost:8983/solr

Answer 2

https://github.com/justinko/sunspot-rails-http-basic-auth

gem install this. its HTTP Basic Authentication support for sunspot_rails. You can then put the username and password in the sunspot.yml that is generated.