By default, Solr has no Authentication or Authorization configured which is convenient for development but dangerous for deployment. Once a Solr cluster has been configured to limit access via Authentication and Authorization, credentials are required for any access of the system.
However, it is possible to restrict access to most features of a Solr cluster while leaving specific endpoints available for anonymous use.
Allowing Anonymous Access to Solr
First, you need to allow anonymous access to Solr by disabling the blockUnknown configuration parameter using the Authentication API. Simply set blockUnknown to false using the authentication endpoint on the instance:
echo '{"set-property": {"blockUnknown":false}}' | http 'https://solr.aaronwalker.dev:8983/solr/admin/authentication'
Once this is disabled, anonymous users can make requests to the Solr instance.
Granting Anonymous Users Access to Specific Endpoints
Explicit access must be granted to endpoints before anonymous users can use those endpoints as the existing Authorization configuration will likely block them.
For example, setting the following permission configuration using the Authorization API will grant anonymous users access to the “select” endpoint by specifying the special “null” role.
{
"set-permission": {
"name": "anonymous_select",
"path": "/select/*",
"role": null
}
}
echo '{"set-permission": {"name": "anonymous_select","path": "/select/*","role": null}}' | http 'https://solr.aaronwalker.dev:8983/solr/admin/authorization'
Restoring Security Configuration
These changes can be rolled back by simply deleting the added role (which must be done by index, “5” is used as an example below) and disabling anonymous logins:
echo '{"set-property": {"blockUnknown":true}}' | http 'https://solr.aaronwalker.dev:8983/solr/admin/authentication'
echo '{"delete-permission": 5 }' | http 'https://solr.aaronwalker.dev:8983/solr/admin/authorization'
References:
- Anonymous Read discussion on Nabble Solr forum
- Examples use httpie syntax and assume Solr credentials are stored for brevity