Shared Secret Communication Mode for Repository and SOLR

cancel
Showing results for 
Search instead for 
Did you mean: 

Shared Secret Communication Mode for Repository and SOLR

angelborroy
Alfresco Employee
0 0 372

ACS 7.1 includes a new mode for Alfresco/SOLR Communication named secret.

This is an additional mode to the existent ones (http and mtls) that provides an intermmediate level of security to protect this communications from unauthorized access.

Communication between Repository and SOLR happens using plain HTTP protocol with a Shared Secret in HTTP Header.

Configuration for Alfresco Repository

Recommended settings for alfresco-global.properties or Java Environment variables.

solr.host=solr6
solr.port=8983
solr.secureComms=secret
solr.sharedSecret=secret

You may use a more complex secret word than "secret" for your "solr.sharedSecret" property.

Configuration for Search Services

Recommended settings for solrcore.properties (remember to add these settings to both cores: alfresco and archive)

alfresco.host=alfresco
alfresco.port=8080
alfresco.secureComms=secret
alfresco.secureComms.secret=secret

You must use the same secret word configured in repository property ("solr.sharedSecret") as "alfresco.secureComms.secret" value.

This mode doesn't include authentication by default, but it will require to add the shared secret word ("secret" in the abova sample) in HTTP Header requests using by default X-Alfresco-Search-Secret property.

Accessing SOLR Web Console requires using a Browser plugin to add this header to the HTTP Request.

Additional information

More information about Alfresco/SOLR Communication modes is available in:

Deployment source code for the different modes is available in https://github.com/AlfrescoLabs/alfresco-solr-comm

About the Author
Angel Borroy is Hyland Developer Evangelist. Over the last 15 years, he has been working as a software architect on Java, BPM, document management and electronic signatures. He has been working with Alfresco during the last years to customize several implementations in large organizations and to provide add-ons to the Community based on Record Management and Electronic Signature. He writes (sometimes) on his personal blog http://angelborroy.wordpress.com. He is (proud) member of the Order of the Bee.