Thank You Shawn,will go through suggestions provided! *Thanks & Regards,* *Uday Kumar*
On Wed, Dec 13, 2023 at 1:35 AM Shawn Heisey <apa...@elyograg.org.invalid> wrote: > On 12/11/23 01:48, Uday Kumar wrote: > > *1. Authentication for Indexing:* > > > > We are currently using the SolrJ client for indexing documents into the > > Solr index. However, with authentication enabled at Solr, we are > uncertain > > about the best practices for implementing authentication within the SolrJ > > client during the indexing process. Could you provide guidance on how to > > seamlessly integrate authentication into the SolrJ client for secure > > document indexing? > > > > *2. Authentication for Querying:* > > > > On the querying side, we are using the `HttpURLConnection` package for > > making requests to Solr Cloud. Given the authentication requirements, I > am > > seeking advice on how to properly authenticate and handle queries > securely > > using `HttpURLConnection`. > > You can use a SolrJ client for both querying and indexing, there is no > reason to use Java's HTTP. With Java's client, you have to handle the > extraction of data from the response by parsing JSON or XML. SolrJ does > the bulk of that work for you, and uses a more compact binary format on > the wire rather than JSON. > > Here is some code for your perusal: > > https://paste.elyograg.org/view/e5cce5db > > Lines 26 and 27 are related to other parts of the overall program and > don't contribute to client creation. A summary of what that code does: > > * create a builder for Http2SolrClient for talking to the source cluster. > * create a builder for Http2SolrClient as a "helper" client for the > target cluster. > * add authentication info to those two client builders. > * create a builder for CloudHttp2SolrClient for talking to the target > cluster. > * build the helper client for the target. > * build the source client. > * build the final target client. > > > *3. Secure Storage of User Credentials in Spring Boot:* > > > > Additionally, we are exploring ways to securely store Solr Cloud > > credentials (username and password) within our Spring Boot application > > instead of raw text in properties file. Could you provide recommendations > > or best practices for securely storing and retrieving Solr Cloud > > credentials in a Spring Boot application? > > You'll want to discuss that with Spring or in a general forum for Java. > > In general, my opinion is that there is no real value to trying to > obscure credentials beyond file permissions ... if someone manages to > achieve admin capability on the server, they will be almost certainly be > able to just use whatever mechanisms are already in place and gain access. > > Thanks, > Shawn > >
