This is an automated email from the ASF dual-hosted git repository.
epugh pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/main by this push:
new 54e9edaef2f SOLR-17864: Migrate System Properties to modern
equivalents. (#3500)
54e9edaef2f is described below
commit 54e9edaef2f6c1bc46d9157d10ca146b9572d299
Author: Eric Pugh <[email protected]>
AuthorDate: Thu Aug 28 06:20:42 2025 -0400
SOLR-17864: Migrate System Properties to modern equivalents. (#3500)
* Migrate authentication.plugin and basicauth to modern equivalents.
* Be more generic in what we filter. Do not show credentials.
* Batch more of conversions. Removed deprecated
solr.redaction.system.pattern.
* Migrate to EnvUtils
---
solr/bin/solr.in.cmd | 2 +-
solr/bin/solr.in.sh | 2 +-
.../src/java/org/apache/solr/cli/AuthTool.java | 4 +--
.../src/java/org/apache/solr/core/NodeConfig.java | 29 ++++++++--------------
.../apache/solr/security/AuthenticationPlugin.java | 2 +-
.../apache/solr/cloud/RecoveryZkTestWithAuth.java | 2 +-
.../solr/cloud/TestAuthenticationFramework.java | 4 +--
.../org/apache/solr/cloud/TestPullReplica.java | 4 +--
.../admin/PropertiesRequestHandlerTest.java | 5 +++-
.../org/apache/solr/metrics/JvmMetricsTest.java | 7 ++++--
.../pages/basic-authentication-plugin.adoc | 4 +--
.../deployment-guide/pages/metrics-reporting.adoc | 2 +-
.../solr/client/solrj/impl/CloudSolrClient.java | 2 +-
.../PreemptiveBasicAuthClientBuilderFactory.java | 5 ++--
.../DeprecatedSystemPropertyMappings.properties | 5 ++++
.../client/solrj/impl/HttpSolrClientTestBase.java | 2 +-
16 files changed, 43 insertions(+), 38 deletions(-)
diff --git a/solr/bin/solr.in.cmd b/solr/bin/solr.in.cmd
index 9e01056cf69..dc6eb300834 100755
--- a/solr/bin/solr.in.cmd
+++ b/solr/bin/solr.in.cmd
@@ -175,7 +175,7 @@ REM Settings for authentication
REM Please configure only one of SOLR_AUTHENTICATION_CLIENT_BUILDER or
SOLR_AUTH_TYPE parameters
REM set
SOLR_AUTHENTICATION_CLIENT_BUILDER=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory
REM set SOLR_AUTH_TYPE=basic
-REM set SOLR_AUTHENTICATION_OPTS=-Dbasicauth=solr:SolrRocks
+REM set
SOLR_AUTHENTICATION_OPTS=-Dsolr.security.auth.basicauth.credentials=solr:SolrRocks
REM Settings for ZK ACL
REM set
SOLR_ZK_CREDS_AND_ACLS=-DzkACLProvider=org.apache.solr.common.cloud.DigestZkACLProvider
^
diff --git a/solr/bin/solr.in.sh b/solr/bin/solr.in.sh
index 38a98197816..ccbcf50aa9e 100644
--- a/solr/bin/solr.in.sh
+++ b/solr/bin/solr.in.sh
@@ -191,7 +191,7 @@
# Please configure only one of SOLR_AUTHENTICATION_CLIENT_BUILDER or
SOLR_AUTH_TYPE parameters
#SOLR_AUTHENTICATION_CLIENT_BUILDER="org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory"
#SOLR_AUTH_TYPE="basic"
-#SOLR_AUTHENTICATION_OPTS="-Dbasicauth=solr:SolrRocks"
+#SOLR_AUTHENTICATION_OPTS="-Dsolr.security.auth.basicauth.credentials=solr:SolrRocks"
# Settings for ZK ACL
#SOLR_ZK_CREDS_AND_ACLS="-DzkACLProvider=org.apache.solr.common.cloud.DigestZkACLProvider
\
diff --git a/solr/core/src/java/org/apache/solr/cli/AuthTool.java
b/solr/core/src/java/org/apache/solr/cli/AuthTool.java
index 597197b4ff8..3aacd4b9758 100644
--- a/solr/core/src/java/org/apache/solr/cli/AuthTool.java
+++ b/solr/core/src/java/org/apache/solr/cli/AuthTool.java
@@ -343,7 +343,7 @@ public class AuthTool extends ToolBase {
"\nAdd the following lines to the solr.in.cmd file so that the
solr.cmd script can use subsequently.\n");
CLIO.out(
"set SOLR_AUTH_TYPE=basic\n"
- + "set SOLR_AUTHENTICATION_OPTS=\"-Dbasicauth="
+ + "set
SOLR_AUTHENTICATION_OPTS=\"-Dsolr.security.auth.basicauth.credentials="
+ username
+ ":"
+ password
@@ -353,7 +353,7 @@ public class AuthTool extends ToolBase {
"\nAdd the following lines to the solr.in.sh file so that the ./solr
script can use subsequently.\n");
CLIO.out(
"SOLR_AUTH_TYPE=\"basic\"\n"
- + "SOLR_AUTHENTICATION_OPTS=\"-Dbasicauth="
+ +
"SOLR_AUTHENTICATION_OPTS=\"-Dsolr.security.auth.basicauth.credentials="
+ username
+ ":"
+ password
diff --git a/solr/core/src/java/org/apache/solr/core/NodeConfig.java
b/solr/core/src/java/org/apache/solr/core/NodeConfig.java
index 290c17835b4..415430e12b1 100644
--- a/solr/core/src/java/org/apache/solr/core/NodeConfig.java
+++ b/solr/core/src/java/org/apache/solr/core/NodeConfig.java
@@ -40,6 +40,7 @@ import org.apache.solr.client.solrj.impl.SolrZkClientTimeout;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.SolrException.ErrorCode;
import org.apache.solr.common.cloud.SolrZkClient;
+import org.apache.solr.common.util.EnvUtils;
import org.apache.solr.common.util.StrUtils;
import org.apache.solr.logging.LogWatcherConfig;
import org.apache.solr.search.CacheConfig;
@@ -495,7 +496,7 @@ public class NodeConfig {
public static final String REDACTED_SYS_PROP_VALUE = "--REDACTED--";
- /** Returns the a system property value, or "--REDACTED--" if the system
property is hidden */
+ /** Returns the system property value, or "--REDACTED--" if the system
property is hidden */
public String getRedactedSysPropValue(String sysPropName) {
return hiddenSysPropPattern.test(sysPropName)
? REDACTED_SYS_PROP_VALUE
@@ -619,7 +620,7 @@ public class NodeConfig {
private Set<Path> allowPaths = Collections.emptySet();
private List<String> allowUrls = Collections.emptyList();
private boolean hideStackTrace =
-
!(Boolean.parseBoolean(System.getProperty("solr.responses.stacktrace.enabled",
"true")));
+ !EnvUtils.getPropertyAsBool("solr.responses.stacktrace.enabled", true);
private final Path solrHome;
private final String nodeName;
@@ -648,7 +649,7 @@ public class NodeConfig {
Set.of(
"javax\\.net\\.ssl\\.keyStorePassword",
"javax\\.net\\.ssl\\.trustStorePassword",
- "basicauth",
+ ".*credentials",
"zkDigestPassword",
"zkDigestReadonlyPassword",
"aws\\.secretKey", // AWS SDK v1
@@ -862,25 +863,17 @@ public class NodeConfig {
}
/**
- * Finds list of hiddenSysProps requested by system property or
environment variable or the
- * default
+ * Finds list of hiddenSysProps requested in priority of solr.xml, system
properties or the
+ * default set
*
- * @return set of raw hidden sysProps, may be regex
+ * @return set of raw hidden system properties, may be regex
*/
- private Set<String> resolveHiddenSysPropsFromSysPropOrEnvOrDefault(String
hiddenSysProps) {
- // Fall back to sysprop and env.var if nothing configured through
solr.xml
+ private Set<String> resolveHiddenSysProps(String hiddenSysProps) {
+ // Fall back to system properties if nothing configured through solr.xml
if (!StrUtils.isNotNullOrEmpty(hiddenSysProps)) {
- String fromProps = System.getProperty("solr.hiddenSysProps");
- // Back-compat for solr 9x
- // DEPRECATED: Remove in 10.0
- if (StrUtils.isNotNullOrEmpty(fromProps)) {
- fromProps = System.getProperty("solr.redaction.system.pattern");
- }
- String fromEnv = System.getenv("SOLR_HIDDEN_SYS_PROPS");
+ String fromProps =
EnvUtils.getProperty("solr.responses.hidden.sys.props");
if (StrUtils.isNotNullOrEmpty(fromProps)) {
hiddenSysProps = fromProps;
- } else if (StrUtils.isNotNullOrEmpty(fromEnv)) {
- hiddenSysProps = fromEnv;
}
}
Set<String> hiddenSysPropSet = Collections.emptySet();
@@ -939,7 +932,7 @@ public class NodeConfig {
hideStackTrace,
configSetServiceClass,
modules,
- resolveHiddenSysPropsFromSysPropOrEnvOrDefault(hiddenSysProps));
+ resolveHiddenSysProps(hiddenSysProps));
}
public NodeConfigBuilder setSolrResourceLoader(SolrResourceLoader
resourceLoader) {
diff --git
a/solr/core/src/java/org/apache/solr/security/AuthenticationPlugin.java
b/solr/core/src/java/org/apache/solr/security/AuthenticationPlugin.java
index 7c576020446..c453b25b788 100644
--- a/solr/core/src/java/org/apache/solr/security/AuthenticationPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/AuthenticationPlugin.java
@@ -38,7 +38,7 @@ import org.eclipse.jetty.client.Request;
*/
public abstract class AuthenticationPlugin implements SolrInfoBean {
- public static final String AUTHENTICATION_PLUGIN_PROP =
"authenticationPlugin";
+ public static final String AUTHENTICATION_PLUGIN_PROP =
"solr.security.auth.plugin";
public static final String HTTP_HEADER_X_SOLR_AUTHDATA = "X-Solr-AuthData";
// Metrics
diff --git
a/solr/core/src/test/org/apache/solr/cloud/RecoveryZkTestWithAuth.java
b/solr/core/src/test/org/apache/solr/cloud/RecoveryZkTestWithAuth.java
index 2cec10d8610..600afb136af 100644
--- a/solr/core/src/test/org/apache/solr/cloud/RecoveryZkTestWithAuth.java
+++ b/solr/core/src/test/org/apache/solr/cloud/RecoveryZkTestWithAuth.java
@@ -50,7 +50,7 @@ public class RecoveryZkTestWithAuth extends SolrCloudTestCase
{
System.setProperty(
HttpClientUtil.SYS_PROP_HTTP_CLIENT_BUILDER_FACTORY,
"org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory");
- System.setProperty("basicauth", SecurityJson.USER_PASS);
+ System.setProperty("solr.security.auth.basicauth.credentials",
SecurityJson.USER_PASS);
}
cluster =
diff --git
a/solr/core/src/test/org/apache/solr/cloud/TestAuthenticationFramework.java
b/solr/core/src/test/org/apache/solr/cloud/TestAuthenticationFramework.java
index 33db91dd0aa..7e061e02907 100644
--- a/solr/core/src/test/org/apache/solr/cloud/TestAuthenticationFramework.java
+++ b/solr/core/src/test/org/apache/solr/cloud/TestAuthenticationFramework.java
@@ -58,7 +58,7 @@ public class TestAuthenticationFramework extends
SolrCloudTestCase {
private void setupAuthenticationPlugin() {
System.setProperty(
- "authenticationPlugin",
+ "solr.security.auth.plugin",
"org.apache.solr.cloud.TestAuthenticationFramework$MockAuthenticationPlugin");
MockAuthenticationPlugin.expectedUsername = null;
MockAuthenticationPlugin.expectedPassword = null;
@@ -85,7 +85,7 @@ public class TestAuthenticationFramework extends
SolrCloudTestCase {
@Override
public void tearDown() throws Exception {
- System.clearProperty("authenticationPlugin");
+ System.clearProperty("solr.security.auth.plugin");
shutdownCluster();
super.tearDown();
}
diff --git a/solr/core/src/test/org/apache/solr/cloud/TestPullReplica.java
b/solr/core/src/test/org/apache/solr/cloud/TestPullReplica.java
index 38ad8bf4f3d..a5642b81942 100644
--- a/solr/core/src/test/org/apache/solr/cloud/TestPullReplica.java
+++ b/solr/core/src/test/org/apache/solr/cloud/TestPullReplica.java
@@ -89,7 +89,7 @@ public class TestPullReplica extends SolrCloudTestCase {
@BeforeClass
public static void createTestCluster() throws Exception {
- System.setProperty("cloudSolrClientMaxStaleRetries", "1");
+ System.setProperty("solr.solrj.cloud.max.stale.retries", "1");
System.setProperty("zkReaderGetLeaderRetryTimeoutMs", "1000");
configureCluster(2) // 2 + random().nextInt(3)
@@ -99,7 +99,7 @@ public class TestPullReplica extends SolrCloudTestCase {
@AfterClass
public static void tearDownCluster() {
- System.clearProperty("cloudSolrClientMaxStaleRetries");
+ System.clearProperty("solr.solrj.cloud.max.stale.retries");
System.clearProperty("zkReaderGetLeaderRetryTimeoutMs");
TestInjection.reset();
}
diff --git
a/solr/core/src/test/org/apache/solr/handler/admin/PropertiesRequestHandlerTest.java
b/solr/core/src/test/org/apache/solr/handler/admin/PropertiesRequestHandlerTest.java
index c9120121586..f64b96ae311 100644
---
a/solr/core/src/test/org/apache/solr/handler/admin/PropertiesRequestHandlerTest.java
+++
b/solr/core/src/test/org/apache/solr/handler/admin/PropertiesRequestHandlerTest.java
@@ -39,7 +39,10 @@ public class PropertiesRequestHandlerTest extends
SolrTestCaseJ4 {
public void testRedaction() throws Exception {
for (String propName :
new String[] {
- "some.password", "javax.net.ssl.trustStorePassword", "basicauth",
"some.Secret"
+ "some.password",
+ "javax.net.ssl.trustStorePassword",
+ "solr.security.auth.basicauth.credentials",
+ "some.Secret"
}) {
System.setProperty(propName, PASSWORD);
NamedList<Object> properties = readProperties();
diff --git a/solr/core/src/test/org/apache/solr/metrics/JvmMetricsTest.java
b/solr/core/src/test/org/apache/solr/metrics/JvmMetricsTest.java
index b7dbd43a611..014ea19e6f5 100644
--- a/solr/core/src/test/org/apache/solr/metrics/JvmMetricsTest.java
+++ b/solr/core/src/test/org/apache/solr/metrics/JvmMetricsTest.java
@@ -85,9 +85,9 @@ public class JvmMetricsTest extends SolrJettyTestBase {
@Test
public void testSystemProperties() {
- if (System.getProperty("basicauth") == null) {
+ if (System.getProperty("solr.security.auth.basicauth.credentials") ==
null) {
// make sure it's set
- System.setProperty("basicauth", "foo:bar");
+ System.setProperty("solr.security.auth.basicauth.credentials",
"foo:bar");
}
SolrMetricManager metricManager =
getJetty().getCoreContainer().getMetricManager();
Map<String, Metric> metrics =
metricManager.registry("solr.jvm").getMetrics();
@@ -101,6 +101,9 @@ public class JvmMetricsTest extends SolrJettyTestBase {
(k, v) -> {
if
(NodeConfig.NodeConfigBuilder.DEFAULT_HIDDEN_SYS_PROPS.contains(k)) {
assertNull("hidden property " + k + " present!",
values.get(k));
+ } else if (k == "solr.security.auth.basicauth.credentials") {
+ // DEFAULT_HIDDEN_SYS_PROPS.contains doesn't match a partial
pattern.
+ assertNull("hidden property " + k + " present!",
values.get(k));
} else {
assertEquals(v, values.get(String.valueOf(k)));
}
diff --git
a/solr/solr-ref-guide/modules/deployment-guide/pages/basic-authentication-plugin.adoc
b/solr/solr-ref-guide/modules/deployment-guide/pages/basic-authentication-plugin.adoc
index 530b3736bc9..8979e1da24a 100644
---
a/solr/solr-ref-guide/modules/deployment-guide/pages/basic-authentication-plugin.adoc
+++
b/solr/solr-ref-guide/modules/deployment-guide/pages/basic-authentication-plugin.adoc
@@ -335,7 +335,7 @@ Alternatively, users can use SolrJ's
`PreemptiveBasicAuthClientBuilderFactory` t
To enable this feature, users should set the following system property
`-Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory`.
`PreemptiveBasicAuthClientBuilderFactory` allows applications to provide
credentials in two different ways:
-. The `basicauth` system property can be passed, containing the credentials
directly (e.g., `-Dbasicauth=username:password`).
+. The `solr.security.auth.basicauth.credentials` system property can be
passed, containing the credentials directly (e.g.,
`-Dsolr.security.auth.basicauth.credentials=username:password`).
This option is straightforward, but may expose the credentials in the command
line, depending on how they're set.
. The `solr.httpclient.config` system property can be passed, containing a
path to a properties file holding the credentials.
Inside this file the username and password can be specified as
`httpBasicAuthUser` and `httpBasicAuthPassword`, respectively.
@@ -356,7 +356,7 @@ Add the following line to the `solr.in.sh` or `solr.in.cmd`
file:
[source,bash]
----
SOLR_AUTH_TYPE="basic"
-SOLR_AUTHENTICATION_OPTS="-Dbasicauth=solr:SolrRocks"
+SOLR_AUTHENTICATION_OPTS="-Dsolr.security.auth.basicauth.credentials=solr:SolrRocks"
----
This tells the `bin/solr` command line to to use "basic" as the type of
authentication, and to pass credentials with the user-name "solr" and password
"SolrRocks".
diff --git
a/solr/solr-ref-guide/modules/deployment-guide/pages/metrics-reporting.adoc
b/solr/solr-ref-guide/modules/deployment-guide/pages/metrics-reporting.adoc
index 61f60827c3c..ef02fcd5042 100644
--- a/solr/solr-ref-guide/modules/deployment-guide/pages/metrics-reporting.adoc
+++ b/solr/solr-ref-guide/modules/deployment-guide/pages/metrics-reporting.adoc
@@ -149,7 +149,7 @@ If this section is not defined, the following default
configuration is used whic
<hiddenSysProps>
<str>javax.net.ssl.keyStorePassword</str>
<str>javax.net.ssl.trustStorePassword</str>
- <str>basicauth</str>
+ <str>solr.security.auth.basicauth.credentials</str>
<str>zkDigestPassword</str>
<str>zkDigestReadonlyPassword</str>
</hiddenSysProps>
diff --git
a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/CloudSolrClient.java
b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/CloudSolrClient.java
index c30ed4165c6..00a5018e7b7 100644
--- a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/CloudSolrClient.java
+++ b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/CloudSolrClient.java
@@ -89,7 +89,7 @@ public abstract class CloudSolrClient extends SolrClient {
// no of times collection state to be reloaded if stale state error is
received
private static final int MAX_STALE_RETRIES =
- Integer.parseInt(System.getProperty("cloudSolrClientMaxStaleRetries",
"5"));
+
Integer.parseInt(System.getProperty("solr.solrj.cloud.max.stale.retries", "5"));
private final Random rand = new Random();
private final boolean updatesToLeaders;
diff --git
a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/PreemptiveBasicAuthClientBuilderFactory.java
b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/PreemptiveBasicAuthClientBuilderFactory.java
index d58f645b38a..da38da18953 100644
---
a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/PreemptiveBasicAuthClientBuilderFactory.java
+++
b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/PreemptiveBasicAuthClientBuilderFactory.java
@@ -57,7 +57,8 @@ public class PreemptiveBasicAuthClientBuilderFactory
implements HttpClientBuilde
* this will expose the password on the command-line, it is not very secure.
But this mechanism is
* added for backwards compatibility.
*/
- public static final String SYS_PROP_BASIC_AUTH_CREDENTIALS = "basicauth";
+ public static final String SYS_PROP_BASIC_AUTH_CREDENTIALS =
+ "solr.security.auth.basicauth.credentials";
private static PreemptiveAuth requestInterceptor = new PreemptiveAuth(new
BasicScheme());
@@ -152,7 +153,7 @@ public class PreemptiveBasicAuthClientBuilderFactory
implements HttpClientBuilde
|| StrUtils.isNullOrEmpty(ss.get(0))
|| StrUtils.isNullOrEmpty(ss.get(1))) {
throw new IllegalArgumentException(
- "Invalid Authentication credentials: Please provide 'basicauth'
in the 'user:password' format");
+ "Invalid Authentication credentials: Please provide
'solr.security.auth.basicauth.credentials' in the 'user:password' format");
}
defaultParams =
new MapSolrParams(
diff --git
a/solr/solrj/src/resources/DeprecatedSystemPropertyMappings.properties
b/solr/solrj/src/resources/DeprecatedSystemPropertyMappings.properties
index b63af2b47a4..9c2aa1e519f 100644
--- a/solr/solrj/src/resources/DeprecatedSystemPropertyMappings.properties
+++ b/solr/solrj/src/resources/DeprecatedSystemPropertyMappings.properties
@@ -23,3 +23,8 @@ disable.config.edit=solr.api.config.edit.enabled
configset.upload.enabled=solr.configset.upload.enabled
disable.v2.api=solr.api.v2.enabled
solr.hide.stack.trace=solr.responses.stacktrace.enabled
+authentication.plugin=solr.security.auth.plugin
+basicauth=solr.security.auth.basicauth.credentials
+cloud.solr.client.max.stale.retries=solr.solrj.cloud.max.stale.retries
+configset.upload.enabled=solr.configset.upload.enabled
+solr.hidden.sys.props=solr.responses.hidden.sys.props
diff --git
a/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpSolrClientTestBase.java
b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpSolrClientTestBase.java
index 2b8077ccc1e..4a25432cbfa 100644
---
a/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpSolrClientTestBase.java
+++
b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpSolrClientTestBase.java
@@ -89,7 +89,7 @@ public abstract class HttpSolrClientTestBase extends
SolrJettyTestBase {
@Override
public void tearDown() throws Exception {
- System.clearProperty("basicauth");
+ System.clearProperty("solr.security.auth.basicauth.credentials");
System.clearProperty(HttpClientUtil.SYS_PROP_HTTP_CLIENT_BUILDER_FACTORY);
DebugServlet.clear();
super.tearDown();
