solr+tomcat登陆权限控制

最新推荐文章于 2024-02-01 16:14:21 发布

zhouyq_2019

最新推荐文章于 2024-02-01 16:14:21 发布

阅读量495

点赞数

分类专栏：工作问题文章标签： java tomcat权限设置 solr控制台权限控制

本文链接：https://blog.csdn.net/zhouyq_2019/article/details/88769697

版权

工作问题专栏收录该内容

5 篇文章 0 订阅

订阅专栏

最近在做solr控制台的权限控制，再一次学习了tomcat登陆控制。

标题 tomcat中登陆控制

路径：tomcat-8.0.29\webapps\manager\META-INF\tomcat-user.xml
配置如下：

<role rolename="manager-gui"/>
  <role rolename="admin-gui"/>
 <user username="tomcat" password="tomcat" roles="manager-gui,admin-gui"/>

如果出现点击登陆就跳转403
注释或修改为如下配置

<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>

标题solr后台权限控制

简单的依赖tomcat登陆

修改tomcat-8.0.29/webapps/solr/WEB-INF路径下的web.xml配置

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Restrict access to Solr admin</web-resource-name>
        <url-pattern>/admin/*</url-pattern>
        <http-method>DELETE</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        <http-method>PUT</http-method>
    </web-resource-collection>
    <auth-constraint>
    <!--  role-name 对应tomcat中role 可以自定义role    -->
        <role-name>admin-gui</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>default</realm-name>
</login-config>

限制ip访问
修改增加 apache-tomcat-8.5.39\conf中server.xml

 	
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
               
	    <!-- 增加ip控制-->
		<Context path="/solr" reloadable="false" docBase="/var/www">
       <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.0.*|localhost|127.0.0.1"/>
       </Context>
       
      </Host>
    </Engine>
  </Service>
</Server>