Disable authentication for search interface on https (admin web server port)
|
These steps are only applicable for Funnelback versions 14.2 to 15.0 Funnelback versions 14.0 and lower provide access to the Search UI 's/search.html' via http and https without authentication by default. In Funnelback 15+ search UI binds to both HTTP 80 and HTTPS 443 with admin UI on port 8443 meaning by default no authentication is required for HTTPS access to search UI. |
Background
This article shows how to remove the authentication requirement from https search results in Funnelback 14.2 and earlier.
Web server configuration details
If the web server port is 8443 for https then accessing https://<server>:8443/s/search.html?collection=<COLLECTION-ID> would require the user to enter a username and password.
Funnelback runs two web servers usually on 8443 (admin/https) and 80 (search/http), with responsibility for serving administration services and search services.
-
Admin: Usually on port 8443 and restricted to the https protocol. This requires authentication to access the Funnelback admin UI (
/search/admin), APIs, and the Funnelback search UI (/s/search.html,/s/search.json,/s/search.xml,/search/search.cgi,/search/xml.cgi). -
Public: Usually on port 80 (or 8080) and restricted to http protocol. This requires no authentication and has no access only to the Funnelback search UI (
/s/search.html,/s/search.json,/s/search.xml,/search/search.cgi,/search/xml.cgi).
Remove authentication to https
To remove the authentication required for https to the public UI:
-
Edit
web/conf/contexts-https/funnelback-publicui.xmland remove thesecurityHandlerandoverrideDescriptorsections. i.e.:<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd"> <Configure class="org.eclipse.jetty.webapp.WebAppContext"> <Set name="contextPath">/s</Set> <Set name="war"><SystemProperty name="funnelback.installdir" />/web/webapps/funnelback-publicui.war</Set> <Set name="copyWebDir">false</Set> <Call name="setAttribute"> <Arg>ExecutionContext</Arg> <Arg>Admin</Arg> </Call> <!-- Delete from here to ... --> <!-- Set auth. constraints on the Modern UI deployed on the Admin context --> <Set name="overrideDescriptor"><SystemProperty name="funnelback.installdir" />/web/conf/modernui-auth.xml</Set> <Set name="securityHandler"> <New class="org.eclipse.jetty.security.ConstraintSecurityHandler"> <Set name="realmName">Funnelback Administration</Set> <Set name="loginService"> <New class="org.eclipse.jetty.jaas.JAASLoginService"> <Set name="name">Funnelback Administration</Set> <Set name="loginModuleName">authentication</Set> </New> </Set> <Call name="addConstraintMapping"> <Arg> <New class="org.eclipse.jetty.security.ConstraintMapping"> <Set name="pathSpec">/*</Set> <Set name="constraint"> <New class="org.eclipse.jetty.util.security.Constraint" id="DefaultSecurityConstraint"> <Set name="authenticate">true</Set> <Set name="name">BASIC</Set> <Set name="roles"> <Array type="java.lang.String"> <Item>admin</Item> </Array> </Set> </New> </Set> </New> </Arg> </Call> </New> </Set> <!-- ... to here --> <Set name="errorHandler"> <New class="org.eclipse.jetty.servlet.ErrorPageErrorHandler"> <Set name="showStacks">false</Set> </New> </Set> <Ref id="Server"> <Get id="sessionManager" name="sessionIdManager" /> </Ref> <Set name="sessionHandler"> <New class="org.eclipse.jetty.server.session.SessionHandler"> <Arg> <New class="org.eclipse.jetty.server.session.HashSessionManager"> <Set name="storeDirectory"><SystemProperty name="funnelback.installdir" />/web/work/sessions-https/publicui</Set> </New> <!-- Distributed sessions <New class="org.eclipse.jetty.server.session.JDBCSessionManager"> <Set name="idManager"><Ref id="sessionManager" /></Set> </New> --> </Arg> </New> </Set> </Configure> -
Restart Jetty.