laminelam commented on code in PR #857: URL: https://github.com/apache/solr/pull/857#discussion_r870826774
########## solr/solrj/src/java/org/apache/solr/common/cloud/SolrZkClient.java: ########## @@ -236,16 +242,19 @@ protected ZkCredentialsProvider createZkCredentialsToAddAutomatically() { if (!StringUtils.isEmpty(zkCredentialsProviderClassName)) { try { log.info("Using ZkCredentialsProvider: {}", zkCredentialsProviderClassName); - return (ZkCredentialsProvider) - Class.forName(zkCredentialsProviderClassName).getConstructor().newInstance(); + ZkCredentialsProvider zkCredentialsProvider = + (ZkCredentialsProvider) + Class.forName(zkCredentialsProviderClassName).getConstructor().newInstance(); + zkCredentialsProvider.setZkCredentialsInjector(zkCredentialsInjector); + return zkCredentialsProvider; } catch (Throwable t) { // just ignore - go default log.warn( "VM param zkCredentialsProvider does not point to a class implementing ZkCredentialsProvider and with a non-arg constructor", t); } } - log.debug("Using default ZkCredentialsProvider"); + log.warn("Using default ZkCredentialsProvider"); Review Comment: The default one is not secure, it defaults the ACLs to _OPEN_ACL_UNSAFE_ Will add some explanation/suggestions to the message. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org