[solr] branch branch_9_2 updated: SOLR-16735: Allow custom configuration of Jetty's SecureRequestCustomizer (#1547)

Thu, 06 Apr 2023 22:04:03 -0700 

This is an automated email from the ASF dual-hosted git repository.

tflobbe pushed a commit to branch branch_9_2
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/branch_9_2 by this push:
     new d9d86fb22a5 SOLR-16735: Allow custom configuration of Jetty's 
SecureRequestCustomizer (#1547)
d9d86fb22a5 is described below

commit d9d86fb22a561dfccfe9c06ec5235c84dc3d34a6
Author: Tomas Eduardo Fernandez Lobbe <[email protected]>
AuthorDate: Thu Apr 6 17:30:27 2023 -0700

    SOLR-16735: Allow custom configuration of Jetty's SecureRequestCustomizer 
(#1547)
    
    This change allows users that use TLS to configure Jetty's 
SecureRequestCustomizer using System properties on startup
---
 solr/CHANGES.txt              | 4 ++++
 solr/server/etc/jetty-ssl.xml | 9 ++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index f957ace3202..8fea6fa650a 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -15,6 +15,10 @@ Bug Fixes
 * SOLR-16728: Fix Classloading Exception for inter-node requests when using 
SSL and HTTP2.
   All Jetty classes are able to be shared between the Jetty server and webApp 
now. (Houston Putman)
 
+Other Changes
+---------------------
+* SOLR-16735: Allow custom configuration of Jetty's SecureRequestCustomizer 
(Tomás Fernández Löbbe)
+
 Dependency Upgrades
 ---------------------
 (No changes)
diff --git a/solr/server/etc/jetty-ssl.xml b/solr/server/etc/jetty-ssl.xml
index dda2f14e3ee..878f9386720 100644
--- a/solr/server/etc/jetty-ssl.xml
+++ b/solr/server/etc/jetty-ssl.xml
@@ -32,7 +32,14 @@
   <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
     <Arg><Ref refid="httpConfig"/></Arg>
     <Call name="addCustomizer">
-      <Arg><New 
class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
+      <Arg>
+        <New class="org.eclipse.jetty.server.SecureRequestCustomizer">
+          <Arg name="sniRequired" type="boolean"><Property 
name="solr.jetty.ssl.sniRequired" default="false"/></Arg>
+          <Arg name="sniHostCheck" type="boolean"><Property 
name="solr.jetty.ssl.sniHostCheck" default="true"/></Arg>
+          <Arg name="stsMaxAgeSeconds" type="int"><Property 
name="solr.jetty.ssl.stsMaxAgeSeconds" default="-1"/></Arg>
+          <Arg name="stsIncludeSubdomains" type="boolean"><Property 
name="solr.jetty.ssl.stsIncludeSubdomains" default="false"/></Arg>
+        </New>
+      </Arg>
     </Call>
   </New>

Reply via email to