[solr] branch branch_9x updated: SOLR-16735: Allow custom configuration of Jetty's SecureRequestCustomizer (#1547)

Thu, 06 Apr 2023 21:22:22 -0700 

This is an automated email from the ASF dual-hosted git repository.

tflobbe pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/branch_9x by this push:
     new 76a7fa33240 SOLR-16735: Allow custom configuration of Jetty's 
SecureRequestCustomizer (#1547)
76a7fa33240 is described below

commit 76a7fa332404227fa8dd8cf1bb869ac9acad6d57
Author: Tomas Eduardo Fernandez Lobbe <[email protected]>
AuthorDate: Thu Apr 6 17:30:27 2023 -0700

    SOLR-16735: Allow custom configuration of Jetty's SecureRequestCustomizer 
(#1547)
    
    This change allows users that use TLS to configure Jetty's 
SecureRequestCustomizer using System properties on startup
---
 solr/CHANGES.txt              | 2 ++
 solr/server/etc/jetty-ssl.xml | 9 ++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index aaf7d865987..2b97f9ad84f 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -93,6 +93,8 @@ Other Changes
 
 * SOLR-16604: Use Solr Client Builders directly in unit tests instead of 
delegating to SolrTestCaseJ4. (Eric Pugh, David Smiley)
 
+* SOLR-16735: Allow custom configuration of Jetty's SecureRequestCustomizer 
(Tomás Fernández Löbbe)
+
 ==================  9.2.0 ==================
 
 New Features
diff --git a/solr/server/etc/jetty-ssl.xml b/solr/server/etc/jetty-ssl.xml
index dda2f14e3ee..878f9386720 100644
--- a/solr/server/etc/jetty-ssl.xml
+++ b/solr/server/etc/jetty-ssl.xml
@@ -32,7 +32,14 @@
   <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
     <Arg><Ref refid="httpConfig"/></Arg>
     <Call name="addCustomizer">
-      <Arg><New 
class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
+      <Arg>
+        <New class="org.eclipse.jetty.server.SecureRequestCustomizer">
+          <Arg name="sniRequired" type="boolean"><Property 
name="solr.jetty.ssl.sniRequired" default="false"/></Arg>
+          <Arg name="sniHostCheck" type="boolean"><Property 
name="solr.jetty.ssl.sniHostCheck" default="true"/></Arg>
+          <Arg name="stsMaxAgeSeconds" type="int"><Property 
name="solr.jetty.ssl.stsMaxAgeSeconds" default="-1"/></Arg>
+          <Arg name="stsIncludeSubdomains" type="boolean"><Property 
name="solr.jetty.ssl.stsIncludeSubdomains" default="false"/></Arg>
+        </New>
+      </Arg>
     </Call>
   </New>

Reply via email to