{"id":20816317,"url":"https://github.com/riptano/solrj-auth","last_synced_at":"2025-12-25T13:51:19.380Z","repository":{"id":6700789,"uuid":"7946197","full_name":"riptano/solrj-auth","owner":"riptano","description":"SolrJ Authentication Library for use with DSE search","archived":false,"fork":false,"pushed_at":"2016-04-09T16:23:48.000Z","size":25,"stargazers_count":2,"open_issues_count":2,"forks_count":1,"subscribers_count":176,"default_branch":"master","last_synced_at":"2025-01-18T15:52:28.304Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/riptano.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-01-31T21:40:44.000Z","updated_at":"2021-05-26T08:31:17.000Z","dependencies_parsed_at":"2022-09-08T14:11:32.423Z","dependency_job_id":null,"html_url":"https://github.com/riptano/solrj-auth","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riptano%2Fsolrj-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riptano%2Fsolrj-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riptano%2Fsolrj-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riptano%2Fsolrj-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/riptano","download_url":"https://codeload.github.com/riptano/solrj-auth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243164660,"owners_count":20246717,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-17T21:29:42.065Z","updated_at":"2025-12-25T13:51:19.331Z","avatar_url":"https://github.com/riptano.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"SolrJ-Auth for DSE Search\n================\n\nHandles initializing Solr with custom helpers to support Kerberos authentication \u0026 SSL encryption. These helpers must be setup before Solr creates any HTTPClient objects, so the ```initXXX``` methods should be called as early as possible during application initialization. Additionally, once Solr has been initialized, subsequent calls to either ```initXXX``` method will have no effect.\n\nThis library must be used with the DSE specific SolrJ component. Both jars are shipped as part of the DSE distro, and the SolrJ library should be used as a drop in replacement for the regular Apache library in client applications which want to access secured DSE search services using SolrJ.\n\nOptions for configuring Kerberos authentication via SPNEGO\n=====================================\n\nUse the SolrHttpClientInitializer class to configure SolrJ with a SpnegoAuthenticator, a plugin which is used internally by every instance of HttpSolrServer. It performs authentication using SPNEGO/GSSAPI/Kerberos and additionally caches authentication tokens on a per-host basis. Optionally, all HTTP requests performed as part of the SPNEGO protocol can be carried out using secure connections if an SSLContext is supplied. To use the Kerberos credentials a keytab file, both the file and the Principal must be supplied. If neither is supplied, then credentials from the local Kerberos ticket cache will be used. Supplying either a keytab or Principal, but not both is not supported and will result in an error.\n\nEnable Kerberos authentication using credentials from local ticket cache\n-----------------------------------------------------------------------------------------------------------\n\n```java\nSolrHttpClientInitializer.initAuthentication(new AuthenticationOptions());\n```\n  \nEnable Kerberos authentication using a specified Principal and a keytab file\n---------------------------------------------------------------------------------------------------------------\n\n```java\nSolrHttpClientInitializer.initAuthentication(\n           new AuthenticationOptions()\n                .withPrincipal(new KerberosPrincipal(\"user@REALM\"))\n                .withKeytab(new File(\"/path/to/keytab\")));\n```\n \nEnable Kerberos authentication using credentials from local ticket cache and SSL encryption\n------------------------------------------------------------------------------------------------------------\nHTTP requests during the SPNEGO protocol negotiation will be encrypted \nand use a specific X509HostnameVerifier - the very lax version supplied \nby HTTPClient\n\n```java\nSolrHttpClientInitializer.initAuthentication(\n           new AuthenticationOptions()\n                .withPrincipal(new KerberosPrincipal(\"user@REALM\"))\n                .withKeytab(new File(\"/path/to/keytab\"))\n                .withSSLContext(SSLContext.getDefault())\n                .withHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER));\n```\n \nTurn on SSL encryption for all client / server HTTP requests\n---------------------------------------------------------------------------------------\nHostnames will be verified using the system default X509HostnameVerifier\n\n```java\nSolrHttpClientInitializer.initEncryption(\n           new EncryptionOptions()\n                .withSSLContext(SSLContext.getDefault()));\n```\n \nTurn on SSL encryption for all client / server HTTP requests \n------------------------------------------------------------------------------------------\nHostnames will be verified using the specified X509HostnameVerifier\n\n```java\nSolrHttpClientInitializer.initEncryption(\n           new EncryptionOptions()\n                .withSSLContext(SSLContext.getDefault())\n                .withHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER));\n```\n\nCode Sample\n========\n\nThe solrj-auth-examples subproject contains a working demo which can be run from the command line using maven. It assumes a secured running DSE search node is running.\n\n```\nsolrj-auth-examples$ mvn exec:java -Durl=https://example.host:8983/solr/wiki.solr -Dprincipal=user@REALM -Dkeytab=/home/user/test.keytab -Dtruststore=/home/user/truststore.jks -Dtruststore_pwd=cassandra -Dkeystore=/home/user/keystore.jks -Dkeystore_pwd=cassandra\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Friptano%2Fsolrj-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Friptano%2Fsolrj-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Friptano%2Fsolrj-auth/lists"}