You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by ge...@apache.org on 2019/12/11 12:16:18 UTC
[lucene-solr] branch master updated: SOLR-13972: Warn about
insecure settings on startup (#1058)
This is an automated email from the ASF dual-hosted git repository.
gerlowskija pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/master by this push:
new d8aa045 SOLR-13972: Warn about insecure settings on startup (#1058)
d8aa045 is described below
commit d8aa04575f2f011ba95fe69f0e9c5526733039c3
Author: Jason Gerlowski <ge...@apache.org>
AuthorDate: Wed Dec 11 07:16:09 2019 -0500
SOLR-13972: Warn about insecure settings on startup (#1058)
---
.../src/java/org/apache/solr/core/CoreContainer.java | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/solr/core/src/java/org/apache/solr/core/CoreContainer.java b/solr/core/src/java/org/apache/solr/core/CoreContainer.java
index a9db133..f494f50 100644
--- a/solr/core/src/java/org/apache/solr/core/CoreContainer.java
+++ b/solr/core/src/java/org/apache/solr/core/CoreContainer.java
@@ -40,6 +40,7 @@ import java.util.concurrent.Future;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Maps;
+import org.apache.commons.lang3.StringUtils;
import org.apache.http.auth.AuthSchemeProvider;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.config.Lookup;
@@ -657,6 +658,7 @@ public class CoreContainer {
securityConfHandler = isZooKeeperAware() ? new SecurityConfHandlerZk(this) : new SecurityConfHandlerLocal(this);
reloadSecurityProperties();
+ warnUsersOfInsecureSettings();
this.backupRepoFactory = new BackupRepositoryFactory(cfg.getBackupRepositoryPlugins());
createHandler(ZK_PATH, ZookeeperInfoHandler.class.getName(), ZookeeperInfoHandler.class);
@@ -897,6 +899,21 @@ public class CoreContainer {
initializeAuditloggerPlugin((Map<String, Object>) securityConfig.getData().get("auditlogging"));
}
+ private void warnUsersOfInsecureSettings() {
+ if (authenticationPlugin == null || authorizationPlugin == null) {
+ log.warn("Not all security plugins configured! authentication={} authorization={}. Solr is only as secure as " +
+ "you make it. Consider configuring authentication/authorization before exposing Solr to users internal or " +
+ "external. See https://s.apache.org/solrsecurity for more info",
+ (authenticationPlugin != null) ? "enabled" : "disabled",
+ (authorizationPlugin != null) ? "enabled" : "disabled");
+ }
+
+ if (authenticationPlugin !=null && StringUtils.isNotEmpty(System.getProperty("solr.jetty.https.port"))) {
+ log.warn("Solr authentication is enabled, but SSL is off. Consider enabling SSL to protect user credentials and " +
+ "data with encryption.");
+ }
+ }
+
private static void checkForDuplicateCoreNames(List<CoreDescriptor> cds) {
Map<String, Path> addedCores = Maps.newHashMap();
for (CoreDescriptor cd : cds) {