This is an automated email from the ASF dual-hosted git repository.
epugh pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/main by this push:
new fc2a22570a3 SOLR-17864: Use modern format for allow urls and allow
paths (#3813)
fc2a22570a3 is described below
commit fc2a22570a39ce42f2d8fc4270ec26bf9098ec35
Author: Eric Pugh <[email protected]>
AuthorDate: Fri Oct 31 07:40:41 2025 -0400
SOLR-17864: Use modern format for allow urls and allow paths (#3813)
* Migrate solr.allowPaths to solr.security.allow.paths
* Migrate solr.allowUrls to solr.security.allow.urls
* add properties to the ref guide
---
changelog/unreleased/SOLR_17864_part_trece.yml | 10 ++++++++++
.../testing/randomization/policies/solr-tests.policy | 4 ++--
solr/benchmark/src/resources/solr.xml | 4 ++--
solr/bin/solr.in.cmd | 6 +++---
solr/bin/solr.in.sh | 6 +++---
solr/core/src/java/org/apache/solr/core/SolrPaths.java | 2 +-
solr/core/src/test-files/solr/solr-50-all.xml | 2 +-
solr/core/src/test-files/solr/solr.xml | 4 ++--
.../BackupRestoreApiErrorConditionsTest.java | 4 ++--
.../test/org/apache/solr/core/TestCoreContainer.java | 18 +++++++++---------
.../src/test/org/apache/solr/core/TestSolrXml.java | 5 +++--
.../solr/core/snapshots/TestSolrCloudSnapshots.java | 4 ++--
.../solr/core/snapshots/TestSolrCoreSnapshots.java | 4 ++--
.../solr/handler/TestStressIncrementalBackup.java | 4 ++--
.../apache/solr/handler/TestStressThreadBackup.java | 4 ++--
.../modules/opentelemetry/src/test-files/solr/solr.xml | 2 +-
solr/packaging/test/test_security_manager.bats | 2 +-
solr/server/etc/security.policy | 4 ++--
solr/server/etc/security.properties | 2 +-
solr/server/solr/solr.xml | 4 ++--
.../pages/configuring-solr-xml.adoc | 6 +++---
.../configuration-guide/pages/coreadmin-api.adoc | 4 ++--
.../configuration-guide/pages/solr-properties.adoc | 7 +++++++
.../solrj-streaming/src/test-files/solrj/solr/solr.xml | 2 +-
.../DeprecatedSystemPropertyMappings.properties | 2 ++
solr/solrj/src/test-files/solrj/solr/solr.xml | 2 +-
.../src/java/org/apache/solr/SolrTestCaseJ4.java | 4 +---
.../org/apache/solr/cloud/MiniSolrCloudCluster.java | 2 +-
.../AbstractCloudBackupRestoreTestCase.java | 4 ++--
.../AbstractCollectionsAPIDistributedZkTestBase.java | 2 +-
30 files changed, 74 insertions(+), 56 deletions(-)
diff --git a/changelog/unreleased/SOLR_17864_part_trece.yml
b/changelog/unreleased/SOLR_17864_part_trece.yml
new file mode 100644
index 00000000000..c45519a633f
--- /dev/null
+++ b/changelog/unreleased/SOLR_17864_part_trece.yml
@@ -0,0 +1,10 @@
+# See https://github.com/apache/solr/blob/main/dev-docs/changelog.adoc
+title: Migrated system properties solr.allowPaths and solr.allowUrls to modern
equivalents.
+type: changed # added, changed, fixed, deprecated, removed, dependency_update,
security, other
+authors:
+ - name: Eric Pugh
+links:
+ - name: SOLR-17864
+ url: https://issues.apache.org/jira/browse/SOLR-17864
+issues:
+ - 17864
diff --git a/gradle/testing/randomization/policies/solr-tests.policy
b/gradle/testing/randomization/policies/solr-tests.policy
index 763a1330846..8daf6cf43ab 100644
--- a/gradle/testing/randomization/policies/solr-tests.policy
+++ b/gradle/testing/randomization/policies/solr-tests.policy
@@ -231,8 +231,8 @@ grant {
permission java.io.FilePermission "${solr.logs.dir}",
"read,write,delete,readlink";
permission java.io.FilePermission "${solr.logs.dir}${/}-",
"read,write,delete,readlink";
- permission java.io.FilePermission "${solr.allowPaths}",
"read,write,delete,readlink";
- permission java.io.FilePermission "${solr.allowPaths}${/}-",
"read,write,delete,readlink";
+ permission java.io.FilePermission "${solr.security.allow.paths}",
"read,write,delete,readlink";
+ permission java.io.FilePermission "${solr.security.allow.paths}${/}-",
"read,write,delete,readlink";
permission java.io.FilePermission "${log4j.configurationFile}",
"read,write,delete,readlink";
diff --git a/solr/benchmark/src/resources/solr.xml
b/solr/benchmark/src/resources/solr.xml
index 586c90f9e74..a7f85ea8fdc 100644
--- a/solr/benchmark/src/resources/solr.xml
+++ b/solr/benchmark/src/resources/solr.xml
@@ -26,8 +26,8 @@
<str name="shareSchema">${shareSchema:false}</str>
<str name="configSetBaseDir">${configSetBaseDir:configsets}</str>
<str name="coreRootDirectory">${coreRootDirectory:.}</str>
- <str name="allowPaths">${solr.allowPaths:}</str>
- <str name="allowUrls">${solr.tests.allowUrls:}</str>
+ <str name="allowPaths">${solr.security.allow.paths:}</str>
+ <str name="allowUrls">${solr.tests.security.allow.urls:}</str>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
<str name="urlScheme">${urlScheme:}</str>
diff --git a/solr/bin/solr.in.cmd b/solr/bin/solr.in.cmd
index 49db0c4f45e..7449de2cd9d 100755
--- a/solr/bin/solr.in.cmd
+++ b/solr/bin/solr.in.cmd
@@ -201,9 +201,9 @@ REM set SOLR_GZIP_ENABLED=true
REM When running Solr in non-cloud mode and if planning to do distributed
search (using the "shards" parameter), the
REM list of hosts needs to be defined in an allow-list or Solr will forbid the
request. The allow-list can be configured
-REM in solr.xml, or if you are using the OOTB solr.xml, can be specified using
the system property "solr.allowUrls".
+REM in solr.xml, or if you are using the OOTB solr.xml, can be specified using
the system property "solr.security.allow.urls".
REM Alternatively host checking can be disabled by setting the system property
"solr.security.allow.urls.enabled=false"
-REM set SOLR_OPTS=%SOLR_OPTS%
-Dsolr.allowUrls=http://localhost:8983,http://localhost:8984
+REM set SOLR_OPTS=%SOLR_OPTS%
-Dsolr.security.allow.urls=http://localhost:8983,http://localhost:8984
REM For a visual indication in the Admin UI of what type of environment this
cluster is, configure
REM a -Dsolr.environment property below. Valid values are prod, stage, test,
dev, with an optional
@@ -234,7 +234,7 @@ REM set SOLR_UI_EXPERIMENTAL_ENABLED=false
REM Solr is by default allowed to read and write data from/to SOLR_HOME and a
few other well defined locations
REM Sometimes it may be necessary to place a core or a backup on a different
location or a different disk
REM This parameter lets you specify file system path(s) to explicitly allow.
The special value of '*' will allow any path
-REM set SOLR_OPTS=%SOLR_OPTS% -Dsolr.allowPaths=D:\,E:\other\path
+REM set SOLR_OPTS=%SOLR_OPTS% -Dsolr.security.allow.paths=D:\,E:\other\path
REM Before version 9.0, Solr required a copy of solr.xml file in $SOLR_HOME.
Now Solr will use a default file if not found.
REM To restore the old behavior, set the variable below to true
diff --git a/solr/bin/solr.in.sh b/solr/bin/solr.in.sh
index 931cb6abdc8..3ec30035876 100644
--- a/solr/bin/solr.in.sh
+++ b/solr/bin/solr.in.sh
@@ -227,9 +227,9 @@
# When running Solr in non-cloud mode and if planning to do distributed search
(using the "shards" parameter), the
# list of hosts needs to be defined in an allow-list or Solr will forbid the
request. The allow-list can be configured
-# in solr.xml, or if you are using the OOTB solr.xml, can be specified using
the system property "solr.allowUrls".
+# in solr.xml, or if you are using the OOTB solr.xml, can be specified using
the system property "solr.security.allow.urls".
# Alternatively host checking can be disabled by setting the system property
"solr.security.allow.urls.enabled=false"
-#SOLR_OPTS="$SOLR_OPTS
-Dsolr.allowUrls=http://localhost:8983,http://localhost:8984";
+#SOLR_OPTS="$SOLR_OPTS
-Dsolr.security.allow.urls=http://localhost:8983,http://localhost:8984";
# For a visual indication in the Admin UI of what type of environment this
cluster is, configure
# a -Dsolr.environment property below. Valid values are prod, stage, test,
dev, with an optional
@@ -260,7 +260,7 @@
# Solr is by default allowed to read and write data from/to SOLR_HOME and a
few other well defined locations
# Sometimes it may be necessary to place a core or a backup on a different
location or a different disk
# This parameter lets you specify file system path(s) to explicitly allow. The
special value of '*' will allow any path
-#SOLR_OPTS="$SOLR_OPTS -Dsolr.allowPaths=/mnt/bigdisk,/other/path"
+#SOLR_OPTS="$SOLR_OPTS -Dsolr.security.allow.paths=/mnt/bigdisk,/other/path"
# Solr can attempt to take a heap dump on out of memory errors. To enable
this, uncomment the line setting
# SOLR_HEAP_DUMP below. Heap dumps will be saved to SOLR_LOG_DIR/dumps by
default. Alternatively, you can specify any
diff --git a/solr/core/src/java/org/apache/solr/core/SolrPaths.java
b/solr/core/src/java/org/apache/solr/core/SolrPaths.java
index daf63aeeb70..145f3818698 100644
--- a/solr/core/src/java/org/apache/solr/core/SolrPaths.java
+++ b/solr/core/src/java/org/apache/solr/core/SolrPaths.java
@@ -78,7 +78,7 @@ public final class SolrPaths {
SolrException.ErrorCode.BAD_REQUEST,
"Path "
+ path
- + " must be relative to SOLR_HOME, SOLR_DATA_HOME
coreRootDirectory. Set system property 'solr.allowPaths' to add other allowed
paths.");
+ + " must be relative to SOLR_HOME, SOLR_DATA_HOME
coreRootDirectory. Set system property 'solr.security.allow.paths' to add other
allowed paths.");
}
}
diff --git a/solr/core/src/test-files/solr/solr-50-all.xml
b/solr/core/src/test-files/solr/solr-50-all.xml
index 50781f5a718..de015c4213c 100644
--- a/solr/core/src/test-files/solr/solr-50-all.xml
+++ b/solr/core/src/test-files/solr/solr-50-all.xml
@@ -24,7 +24,7 @@
<str name="configSetsHandler">testConfigSetsHandler</str>
<str name="managementPath">testManagementPath</str>
<str name="sharedLib">testSharedLib</str>
- <str name="allowPaths">${solr.allowPaths:}</str>
+ <str name="allowPaths">${solr.security.allow.paths:}</str>
<str name="shareSchema">${shareSchema:true}</str>
<str name="coresLocator">testCoresLocator</str>
<str name="coreSorter">testCoreSorter</str>
diff --git a/solr/core/src/test-files/solr/solr.xml
b/solr/core/src/test-files/solr/solr.xml
index dfb9419efcc..e7019b3172d 100644
--- a/solr/core/src/test-files/solr/solr.xml
+++ b/solr/core/src/test-files/solr/solr.xml
@@ -26,8 +26,8 @@
<str name="shareSchema">${shareSchema:false}</str>
<str name="configSetBaseDir">${configSetBaseDir:configsets}</str>
<str name="coreRootDirectory">${coreRootDirectory:.}</str>
- <str name="allowPaths">${solr.allowPaths:}</str>
- <str name="allowUrls">${solr.tests.allowUrls:}</str>
+ <str name="allowPaths">${solr.security.allow.paths:}</str>
+ <str name="allowUrls">${solr.tests.security.allow.urls:}</str>
<bool name="hideStackTrace">${solr.hideStackTrace:true}</bool>
<int name="indexSearcherExecutorThreads">4</int>
diff --git
a/solr/core/src/test/org/apache/solr/cloud/api/collections/BackupRestoreApiErrorConditionsTest.java
b/solr/core/src/test/org/apache/solr/cloud/api/collections/BackupRestoreApiErrorConditionsTest.java
index 1e8d8658970..42cbeb4661c 100644
---
a/solr/core/src/test/org/apache/solr/cloud/api/collections/BackupRestoreApiErrorConditionsTest.java
+++
b/solr/core/src/test/org/apache/solr/cloud/api/collections/BackupRestoreApiErrorConditionsTest.java
@@ -46,7 +46,7 @@ public class BackupRestoreApiErrorConditionsTest extends
SolrCloudTestCase {
*/
@BeforeClass
public static void setUpClass() throws Exception {
- System.setProperty("solr.allowPaths", "*");
+ System.setProperty("solr.security.allow.paths", "*");
validBackupLocation = createTempDir().toAbsolutePath().toString();
String solrXml = MiniSolrCloudCluster.DEFAULT_CLOUD_SOLR_XML;
@@ -78,7 +78,7 @@ public class BackupRestoreApiErrorConditionsTest extends
SolrCloudTestCase {
@AfterClass
public static void tearDownClass() {
- System.clearProperty("solr.allowPaths");
+ System.clearProperty("solr.security.allow.paths");
}
@Test
diff --git a/solr/core/src/test/org/apache/solr/core/TestCoreContainer.java
b/solr/core/src/test/org/apache/solr/core/TestCoreContainer.java
index 471c024118d..de48a7c2276 100644
--- a/solr/core/src/test/org/apache/solr/core/TestCoreContainer.java
+++ b/solr/core/src/test/org/apache/solr/core/TestCoreContainer.java
@@ -506,7 +506,7 @@ public class TestCoreContainer extends SolrTestCaseJ4 {
private static final String ALLOW_PATHS_SOLR_XML =
"<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n"
+ "<solr>\n"
- + "<str name=\"allowPaths\">${solr.allowPaths:}</str>\n"
+ + "<str name=\"allowPaths\">${solr.security.allow.paths:}</str>\n"
+ "</solr>";
private static final String CUSTOM_HANDLERS_SOLR_XML =
@@ -630,7 +630,7 @@ public class TestCoreContainer extends SolrTestCaseJ4 {
@Test
public void assertAllowPathFromSolrXml() throws Exception {
Assume.assumeFalse(OS.isFamilyWindows());
- System.setProperty("solr.allowPaths", "/var/solr");
+ System.setProperty("solr.security.allow.paths", "/var/solr");
CoreContainer cc = init(ALLOW_PATHS_SOLR_XML);
cc.assertPathAllowed(Path.of("/var/solr/foo"));
try {
@@ -640,14 +640,14 @@ public class TestCoreContainer extends SolrTestCaseJ4 {
/* Ignore */
} finally {
cc.shutdown();
- System.clearProperty("solr.allowPaths");
+ System.clearProperty("solr.security.allow.paths");
}
}
@Test
public void assertAllowPathFromSolrXmlWin() throws Exception {
Assume.assumeTrue(OS.isFamilyWindows());
- System.setProperty("solr.allowPaths", "C:\\solr");
+ System.setProperty("solr.security.allow.paths", "C:\\solr");
CoreContainer cc = init(ALLOW_PATHS_SOLR_XML);
cc.assertPathAllowed(Path.of("C:\\solr\\foo"));
try {
@@ -657,7 +657,7 @@ public class TestCoreContainer extends SolrTestCaseJ4 {
/* Ignore */
} finally {
cc.shutdown();
- System.clearProperty("solr.allowPaths");
+ System.clearProperty("solr.security.allow.paths");
}
}
@@ -691,7 +691,7 @@ public class TestCoreContainer extends SolrTestCaseJ4 {
@Test
public void assertAllowPathNormalization() throws Exception {
Assume.assumeFalse(OS.isFamilyWindows());
- System.setProperty("solr.allowPaths", "/var/solr/../solr");
+ System.setProperty("solr.security.allow.paths", "/var/solr/../solr");
CoreContainer cc = init(ALLOW_PATHS_SOLR_XML);
cc.assertPathAllowed(Path.of("/var/solr/foo"));
assertThrows(
@@ -701,13 +701,13 @@ public class TestCoreContainer extends SolrTestCaseJ4 {
cc.assertPathAllowed(Path.of("/tmp"));
});
cc.shutdown();
- System.clearProperty("solr.allowPaths");
+ System.clearProperty("solr.security.allow.paths");
}
@Test
public void assertAllowPathNormalizationWin() throws Exception {
Assume.assumeTrue(OS.isFamilyWindows());
- System.setProperty("solr.allowPaths", "C:\\solr\\..\\solr");
+ System.setProperty("solr.security.allow.paths", "C:\\solr\\..\\solr");
CoreContainer cc = init(ALLOW_PATHS_SOLR_XML);
cc.assertPathAllowed(Path.of("C:\\solr\\foo"));
assertThrows(
@@ -717,7 +717,7 @@ public class TestCoreContainer extends SolrTestCaseJ4 {
cc.assertPathAllowed(Path.of("C:\\tmp"));
});
cc.shutdown();
- System.clearProperty("solr.allowPaths");
+ System.clearProperty("solr.security.allow.paths");
}
private static Set<Path> ALLOWED_PATHS = Set.of(Path.of("/var/solr"));
diff --git a/solr/core/src/test/org/apache/solr/core/TestSolrXml.java
b/solr/core/src/test/org/apache/solr/core/TestSolrXml.java
index 9cfc310ba0d..eec57a73bb4 100644
--- a/solr/core/src/test/org/apache/solr/core/TestSolrXml.java
+++ b/solr/core/src/test/org/apache/solr/core/TestSolrXml.java
@@ -56,7 +56,8 @@ public class TestSolrXml extends SolrTestCaseJ4 {
Files.copy(testSrcRoot.resolve("solr-50-all.xml"),
solrHome.resolve("solr.xml"));
System.setProperty(
- "solr.allowPaths", OS.isFamilyWindows() ? "C:\\tmp,C:\\home\\john" :
"/tmp,/home/john");
+ "solr.security.allow.paths",
+ OS.isFamilyWindows() ? "C:\\tmp,C:\\home\\john" : "/tmp,/home/john");
System.setProperty(ContainerPluginsRegistry.CLUSTER_PLUGIN_EDIT_ENABLED,
"false");
NodeConfig cfg = SolrXmlConfig.fromSolrHome(solrHome, new Properties());
CloudConfig ccfg = cfg.getCloudConfig();
@@ -139,7 +140,7 @@ public class TestSolrXml extends SolrTestCaseJ4 {
.map(s -> Path.of(s))
.collect(Collectors.toSet())));
assertTrue("hideStackTrace", cfg.hideStackTraces());
- System.clearProperty("solr.allowPaths");
+ System.clearProperty("solr.security.allow.paths");
PluginInfo[] clusterPlugins = cfg.getClusterPlugins();
assertEquals(3, clusterPlugins.length);
diff --git
a/solr/core/src/test/org/apache/solr/core/snapshots/TestSolrCloudSnapshots.java
b/solr/core/src/test/org/apache/solr/core/snapshots/TestSolrCloudSnapshots.java
index 29535e39d5d..a6e04654eb6 100644
---
a/solr/core/src/test/org/apache/solr/core/snapshots/TestSolrCloudSnapshots.java
+++
b/solr/core/src/test/org/apache/solr/core/snapshots/TestSolrCloudSnapshots.java
@@ -70,7 +70,7 @@ public class TestSolrCloudSnapshots extends SolrCloudTestCase
{
@BeforeClass
public static void setupClass() throws Exception {
useFactory("solr.StandardDirectoryFactory");
- System.setProperty("solr.allowPaths", "*");
+ System.setProperty("solr.security.allow.paths", "*");
configureCluster(NUM_NODES) // nodes
.addConfig(
"conf1",
TEST_PATH().resolve("configsets").resolve("cloud-minimal").resolve("conf"))
@@ -83,7 +83,7 @@ public class TestSolrCloudSnapshots extends SolrCloudTestCase
{
public static void teardownClass() {
System.clearProperty("test.build.data");
System.clearProperty("test.cache.data");
- System.clearProperty("solr.allowPaths");
+ System.clearProperty("solr.security.allow.paths");
}
@Test
diff --git
a/solr/core/src/test/org/apache/solr/core/snapshots/TestSolrCoreSnapshots.java
b/solr/core/src/test/org/apache/solr/core/snapshots/TestSolrCoreSnapshots.java
index 0feb4af0ace..478a67aa479 100644
---
a/solr/core/src/test/org/apache/solr/core/snapshots/TestSolrCoreSnapshots.java
+++
b/solr/core/src/test/org/apache/solr/core/snapshots/TestSolrCoreSnapshots.java
@@ -68,7 +68,7 @@ public class TestSolrCoreSnapshots extends SolrCloudTestCase {
@BeforeClass
public static void setupClass() throws Exception {
- System.setProperty("solr.allowPaths", "*");
+ System.setProperty("solr.security.allow.paths", "*");
useFactory("solr.StandardDirectoryFactory");
configureCluster(1) // nodes
.addConfig(
@@ -81,7 +81,7 @@ public class TestSolrCoreSnapshots extends SolrCloudTestCase {
public static void teardownClass() {
System.clearProperty("test.build.data");
System.clearProperty("test.cache.data");
- System.clearProperty("solr.allowPaths");
+ System.clearProperty("solr.security.allow.paths");
}
@Test
diff --git
a/solr/core/src/test/org/apache/solr/handler/TestStressIncrementalBackup.java
b/solr/core/src/test/org/apache/solr/handler/TestStressIncrementalBackup.java
index f8965eddb3c..010b1e14a4e 100644
---
a/solr/core/src/test/org/apache/solr/handler/TestStressIncrementalBackup.java
+++
b/solr/core/src/test/org/apache/solr/handler/TestStressIncrementalBackup.java
@@ -50,7 +50,7 @@ public class TestStressIncrementalBackup extends
SolrCloudTestCase {
@Before
public void beforeTest() throws Exception {
backupPath = createTempDir(getTestClass().getSimpleName() + "_backups");
- System.setProperty("solr.allowPaths", backupPath.toString());
+ System.setProperty("solr.security.allow.paths", backupPath.toString());
// NOTE: we don't actually care about using SolrCloud, but we want to use
SolrClient and I can't
// bring myself to deal with the nonsense that is SolrJettyTestBase.
@@ -96,7 +96,7 @@ public class TestStressIncrementalBackup extends
SolrCloudTestCase {
coreClient.close();
}
- System.clearProperty("solr.allowPaths");
+ System.clearProperty("solr.security.allow.paths");
}
@SuppressWarnings("AssertionFailureIgnored") // failure happens inside a
thread
diff --git
a/solr/core/src/test/org/apache/solr/handler/TestStressThreadBackup.java
b/solr/core/src/test/org/apache/solr/handler/TestStressThreadBackup.java
index 885152f4794..9422dbbc267 100644
--- a/solr/core/src/test/org/apache/solr/handler/TestStressThreadBackup.java
+++ b/solr/core/src/test/org/apache/solr/handler/TestStressThreadBackup.java
@@ -77,12 +77,12 @@ public class TestStressThreadBackup extends
SolrCloudTestCase {
@BeforeClass
public static void beforeClass() {
- System.setProperty("solr.allowPaths", "*");
+ System.setProperty("solr.security.allow.paths", "*");
}
@AfterClass
public static void afterClass() {
- System.clearProperty("solr.allowPaths");
+ System.clearProperty("solr.security.allow.paths");
}
@Before
diff --git a/solr/modules/opentelemetry/src/test-files/solr/solr.xml
b/solr/modules/opentelemetry/src/test-files/solr/solr.xml
index 1e360085e82..49edb2f4e5b 100644
--- a/solr/modules/opentelemetry/src/test-files/solr/solr.xml
+++ b/solr/modules/opentelemetry/src/test-files/solr/solr.xml
@@ -26,7 +26,7 @@
<str name="configSetBaseDir">${configSetBaseDir:configsets}</str>
<str name="coreRootDirectory">${coreRootDirectory:.}</str>
<str
name="collectionsHandler">${collectionsHandler:solr.CollectionsHandler}</str>
- <str name="allowUrls">${solr.tests.allowUrls:}</str>
+ <str name="allowUrls">${solr.tests.security.allow.urls:}</str>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
<str name="urlScheme">${urlScheme:}</str>
diff --git a/solr/packaging/test/test_security_manager.bats
b/solr/packaging/test/test_security_manager.bats
index 886082208fd..9dc1d022ced 100644
--- a/solr/packaging/test/test_security_manager.bats
+++ b/solr/packaging/test/test_security_manager.bats
@@ -40,7 +40,7 @@ teardown() {
backup_dir="$(cd -P "${backup_dir}" && pwd)"
export SOLR_SECURITY_MANAGER_ENABLED=true
- export SOLR_OPTS="-Dsolr.allowPaths=${backup_dir}
-Djava.io.tmpdir=${test_tmp_dir}"
+ export SOLR_OPTS="-Dsolr.security.allow.paths=${backup_dir}
-Djava.io.tmpdir=${test_tmp_dir}"
run solr start
run solr create -c COLL_NAME
run solr api --solr-url
"http://localhost:${SOLR_PORT}/solr/admin/collections?action=BACKUP&name=test&collection=COLL_NAME&location=file://${backup_dir}";
diff --git a/solr/server/etc/security.policy b/solr/server/etc/security.policy
index df5550df7f1..bc95bc46fae 100644
--- a/solr/server/etc/security.policy
+++ b/solr/server/etc/security.policy
@@ -201,8 +201,8 @@ grant {
permission java.io.FilePermission "${solr.logs.dir}",
"read,write,delete,readlink";
permission java.io.FilePermission "${solr.logs.dir}${/}-",
"read,write,delete,readlink";
- permission java.io.FilePermission "${solr.allowPaths}",
"read,write,delete,readlink";
- permission java.io.FilePermission "${solr.allowPaths}${/}-",
"read,write,delete,readlink";
+ permission java.io.FilePermission "${solr.security.allow.paths}",
"read,write,delete,readlink";
+ permission java.io.FilePermission "${solr.security.allow.paths}${/}-",
"read,write,delete,readlink";
permission java.io.FilePermission "${solr.sharedLib}", "read,readlink";
permission java.io.FilePermission "${solr.sharedLib}${/}-", "read,readlink";
diff --git a/solr/server/etc/security.properties
b/solr/server/etc/security.properties
index da0ff6269e3..f62863ccd49 100644
--- a/solr/server/etc/security.properties
+++ b/solr/server/etc/security.properties
@@ -20,5 +20,5 @@
# as protection against DNS spoofing. We set this back to the default
(non-security-manager)
# value of 30 seconds, to prevent surprising behavior (e.g. nodes in cloud
environments without
# static IP addresses). Users concerned about DNS spoofing should instead
follow best practices:
-# populating solr.allowUrls, enabling TLS, etc.
+# populating solr.security.allow.urls, enabling TLS, etc.
networkaddress.cache.ttl=30
diff --git a/solr/server/solr/solr.xml b/solr/server/solr/solr.xml
index ac4193c8ea4..ff1d9708416 100644
--- a/solr/server/solr/solr.xml
+++ b/solr/server/solr/solr.xml
@@ -31,8 +31,8 @@
<int name="maxBooleanClauses">${solr.max.booleanClauses:1024}</int>
<str name="sharedLib">${solr.sharedLib:}</str>
<str name="modules">${solr.modules:}</str>
- <str name="allowPaths">${solr.allowPaths:}</str>
- <str name="allowUrls">${solr.allowUrls:}</str>
+ <str name="allowPaths">${solr.security.allow.paths:}</str>
+ <str name="allowUrls">${solr.security.allow.urls:}</str>
<str name="hideStackTrace">${solr.hideStackTrace:false}</str>
<int name="indexSearcherExecutorThreads">${solr.searchThreads:0}</int>
diff --git
a/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc
b/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc
index 9ac52030507..4a4246efff8 100644
---
a/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc
+++
b/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc
@@ -35,8 +35,8 @@ The default `solr.xml` file is found in
`$SOLR_TIP/server/solr/solr.xml` and loo
<int name="maxBooleanClauses">${solr.max.booleanClauses:1024}</int>
<str name="sharedLib">${solr.sharedLib:}</str>
<str name="modules">${solr.modules:}</str>
- <str name="allowPaths">${solr.allowPaths:}</str>
- <str name="allowUrls">${solr.allowUrls:}</str>
+ <str name="allowPaths">${solr.security.allow.paths:}</str>
+ <str name="allowUrls">${solr.security.allow.urls:}</str>
<str name="hideStackTrace">${solr.hideStackTrace:false}</str>
<solrcloud>
@@ -285,7 +285,7 @@ When running Solr as a user-managed cluster and using the
`shards` parameter, a
+
In SolrCloud mode, the allow-list is automatically configured to include all
live nodes in the cluster.
+
-The allow-list can also be configured with the `solr.allowUrls` system
property in `solr.in.sh` / `solr.in.cmd`.
+The allow-list can also be configured with the `solr.security.allow.urls`
system property in `solr.in.sh` / `solr.in.cmd`.
If you need to disable this feature for backwards compatibility, you can set
the system property `solr.security.allow.urls.enabled=false`.
`hideStackTrace`::
diff --git
a/solr/solr-ref-guide/modules/configuration-guide/pages/coreadmin-api.adoc
b/solr/solr-ref-guide/modules/configuration-guide/pages/coreadmin-api.adoc
index 3dc595d3bb7..656310886cf 100644
--- a/solr/solr-ref-guide/modules/configuration-guide/pages/coreadmin-api.adoc
+++ b/solr/solr-ref-guide/modules/configuration-guide/pages/coreadmin-api.adoc
@@ -193,7 +193,7 @@ Same as `name` on the `<core>` element.
The directory where files for this core should be stored.
Same as `instanceDir` on the `<core>` element.
The default is the value specified for the `name` parameter if not supplied.
-This directory must be inside `SOLR_HOME`, `SOLR_DATA_HOME` or one of the
paths specified by system property `solr.allowPaths`.
+This directory must be inside `SOLR_HOME`, `SOLR_DATA_HOME` or one of the
paths specified by system property `solr.security.allow.paths`.
`config`::
+
@@ -223,7 +223,7 @@ See xref:schema-factory.adoc[] for details.
|===
+
Name of the data directory relative to `instanceDir`.
-If absolute value is used, it must be inside `SOLR_HOME`, `SOLR_DATA_HOME` or
one of the paths specified by system property `solr.allowPaths`.
+If absolute value is used, it must be inside `SOLR_HOME`, `SOLR_DATA_HOME` or
one of the paths specified by system property `solr.security.allow.paths`.
`configSet`::
+
diff --git
a/solr/solr-ref-guide/modules/configuration-guide/pages/solr-properties.adoc
b/solr/solr-ref-guide/modules/configuration-guide/pages/solr-properties.adoc
index d7cda01d3a6..774c37fcf51 100644
--- a/solr/solr-ref-guide/modules/configuration-guide/pages/solr-properties.adoc
+++ b/solr/solr-ref-guide/modules/configuration-guide/pages/solr-properties.adoc
@@ -84,6 +84,13 @@ NOTE: Properties marked with "!" indicate inverted meaning
between old and new p
|solr.security.auth.basicauth.credentials|basicauth||Defines basic
authentication credentials.
+|solr.security.allow.paths|solr.allowPaths||A comma seperated list of paths
for reading from.
+
+|solr.security.allow.urls|solr.allowUrls||A comma seperated list of urls for
reading from.
+
+|solr.security.allow.urls.enabled|!solr.disable.allow.urls|false|If using an
allow list of accessible urls is enabled.
+
+
|solr.security.auth.plugin|authenticationPlugin||Specifies the authentication
plugin to use.
|solr.solrj.cloud.max.stale.retries|cloudSolrClientMaxStaleRetries|5|Sets the
maximum number of retries for stale connection attempts in SolrJ cloud client.
diff --git a/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml
b/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml
index 518621dfad7..ca7a553a152 100644
--- a/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml
+++ b/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml
@@ -25,7 +25,7 @@
<str name="shareSchema">${shareSchema:false}</str>
<str name="configSetBaseDir">${configSetBaseDir:configsets}</str>
<str name="coreRootDirectory">${coreRootDirectory:.}</str>
- <str name="allowUrls">${solr.tests.allowUrls:}</str>
+ <str name="allowUrls">${solr.tests.security.allow.urls:}</str>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
<str name="urlScheme">${urlScheme:}</str>
diff --git
a/solr/solrj/src/resources/DeprecatedSystemPropertyMappings.properties
b/solr/solrj/src/resources/DeprecatedSystemPropertyMappings.properties
index bd1a3a97164..773c319b6d3 100644
--- a/solr/solrj/src/resources/DeprecatedSystemPropertyMappings.properties
+++ b/solr/solrj/src/resources/DeprecatedSystemPropertyMappings.properties
@@ -47,7 +47,9 @@
solr.resourceloading.restricted.enabled=!solr.allow.unsafe.resourceloading
solr.responses.hidden.sys.props=solr.hidden.sys.props
solr.responses.stacktrace.enabled=!solr.hide.stack.trace
+solr.security.allow.paths=solr.allow.paths
solr.security.allow.urls.enabled=!solr.disable.allow.urls
+solr.security.allow.urls=solr.allow.urls
solr.security.auth.basicauth.credentials=basicauth
solr.security.auth.plugin=authentication.plugin
diff --git a/solr/solrj/src/test-files/solrj/solr/solr.xml
b/solr/solrj/src/test-files/solrj/solr/solr.xml
index d99d1a1c56f..4db68848b8f 100644
--- a/solr/solrj/src/test-files/solrj/solr/solr.xml
+++ b/solr/solrj/src/test-files/solrj/solr/solr.xml
@@ -25,7 +25,7 @@
<str name="shareSchema">${shareSchema:false}</str>
<str name="configSetBaseDir">${configSetBaseDir:configsets}</str>
<str name="coreRootDirectory">${coreRootDirectory:.}</str>
- <str name="allowUrls">${solr.tests.allowUrls:}</str>
+ <str name="allowUrls">${solr.tests.security.allow.urls:}</str>
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
<str name="urlScheme">${urlScheme:}</str>
diff --git a/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
b/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
index 257e6ac9431..8068705858a 100644
--- a/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
+++ b/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
@@ -175,9 +175,7 @@ public abstract class SolrTestCaseJ4 extends SolrTestCase {
public static final String SYSTEM_PROPERTY_SOLR_TESTS_MERGEPOLICYFACTORY =
"solr.tests.mergePolicyFactory";
- public static final String TEST_URL_ALLOW_LIST =
- "solr.tests." + AllowListUrlChecker.URL_ALLOW_LIST;
-
+ public static final String TEST_URL_ALLOW_LIST =
"solr.tests.security.allow.urls";
protected static String coreName = DEFAULT_TEST_CORENAME;
public static int DEFAULT_CONNECTION_TIMEOUT = 60000; // default socket
connection timeout in ms
diff --git
a/solr/test-framework/src/java/org/apache/solr/cloud/MiniSolrCloudCluster.java
b/solr/test-framework/src/java/org/apache/solr/cloud/MiniSolrCloudCluster.java
index 01c0fe43d34..917c2335409 100644
---
a/solr/test-framework/src/java/org/apache/solr/cloud/MiniSolrCloudCluster.java
+++
b/solr/test-framework/src/java/org/apache/solr/cloud/MiniSolrCloudCluster.java
@@ -106,7 +106,7 @@ public class MiniSolrCloudCluster {
"<solr>\n"
+ "\n"
+ " <str name=\"shareSchema\">${shareSchema:false}</str>\n"
- + " <str name=\"allowPaths\">${solr.allowPaths:}</str>\n"
+ + " <str name=\"allowPaths\">${solr.security.allow.paths:}</str>\n"
+ " <str
name=\"configSetBaseDir\">${configSetBaseDir:configsets}</str>\n"
+ " <str name=\"coreRootDirectory\">${coreRootDirectory:.}</str>\n"
+ " <str
name=\"collectionsHandler\">${collectionsHandler:solr.CollectionsHandler}</str>\n"
diff --git
a/solr/test-framework/src/java/org/apache/solr/cloud/api/collections/AbstractCloudBackupRestoreTestCase.java
b/solr/test-framework/src/java/org/apache/solr/cloud/api/collections/AbstractCloudBackupRestoreTestCase.java
index 7bdef3b8082..cb622bb42e8 100644
---
a/solr/test-framework/src/java/org/apache/solr/cloud/api/collections/AbstractCloudBackupRestoreTestCase.java
+++
b/solr/test-framework/src/java/org/apache/solr/cloud/api/collections/AbstractCloudBackupRestoreTestCase.java
@@ -78,12 +78,12 @@ public abstract class AbstractCloudBackupRestoreTestCase
extends SolrCloudTestCa
@BeforeClass
public static void createCluster() throws Exception {
docsSeed = random().nextLong();
- System.setProperty("solr.allowPaths", "*");
+ System.setProperty("solr.security.allow.paths", "*");
}
@AfterClass
public static void afterClass() throws Exception {
- System.clearProperty("solr.allowPaths");
+ System.clearProperty("solr.security.allow.paths");
}
/**
diff --git
a/solr/test-framework/src/java/org/apache/solr/cloud/api/collections/AbstractCollectionsAPIDistributedZkTestBase.java
b/solr/test-framework/src/java/org/apache/solr/cloud/api/collections/AbstractCollectionsAPIDistributedZkTestBase.java
index 349b2324911..f1aa6c29625 100644
---
a/solr/test-framework/src/java/org/apache/solr/cloud/api/collections/AbstractCollectionsAPIDistributedZkTestBase.java
+++
b/solr/test-framework/src/java/org/apache/solr/cloud/api/collections/AbstractCollectionsAPIDistributedZkTestBase.java
@@ -84,7 +84,7 @@ public abstract class
AbstractCollectionsAPIDistributedZkTestBase extends SolrCl
System.setProperty("createCollectionWaitTimeTillActive", "5");
TestInjection.randomDelayInCoreCreation = "true:5";
System.setProperty("validateAfterInactivity", "200");
- System.setProperty("solr.allowPaths", "*");
+ System.setProperty("solr.security.allow.paths", "*");
}
@Override
