Apache Solr

Java - SSL & Kerberos

run.sh

kinit

java \
  -cp uber-solr-ssl-kerberos-1.0-SNAPSHOT.jar \
  -Djavax.net.ssl.trustStore=./${TRUSTSTORE_PATH}.jks -Djavax.net.ssl.trustStorePassword=${TRUSTSTORE_PASSWORD} \
  -Djava.security.auth.login.config=./solr-client-jaas.conf \
  SolrSSLKerberosExample \
  "zk1.fqdn.com,zk2.fqdn.com,zk3.fqdn.com/solr" COLLECTION

solr-client-jaas.conf

SolrJClient {
  com.sun.security.auth.module.Krb5LoginModule required
  useTicketCache=true;
};
Client {
  com.sun.security.auth.module.Krb5LoginModule required
  useTicketCache=true
  serviceName="zookeeper";
};

SolrSSLKerberosExample

import org.apache.solr.client.solrj.impl.CloudSolrClient;
import org.apache.solr.client.solrj.impl.HttpClientUtil;
import org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer;
import org.apache.solr.common.SolrInputDocument;

public class SolrSSLKerberosExample {
  public static void main(String[] args) throws Exception {
    String zkHost = args[0];
    String collection = args[1];

    // Setup Krb5HttpClientConfigurator must be done before first SolrClient is instantiated
    if (System.getProperty(Krb5HttpClientConfigurer.LOGIN_CONFIG_PROP) != null) {
      HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
    }

    // Connect to Solr
    try(CloudSolrClient client = new CloudSolrClient(zkHost)) {
      SolrInputDocument doc = new SolrInputDocument();
      doc.addField("id", "1234");
      doc.addField("name", "A lovely summer holiday");
      client.add(collection, doc);
      client.commit(collection);
    }
  }
}