You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by kr...@apache.org on 2019/12/20 04:19:41 UTC
[lucene-solr] branch branch_8x updated: SOLR-14106: Cleanup Jetty
SslContextFactory usage
This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch branch_8x
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/branch_8x by this push:
new 3f23002 SOLR-14106: Cleanup Jetty SslContextFactory usage
3f23002 is described below
commit 3f23002456f7b991dd51601e3228ddbc033eb6b7
Author: Kevin Risden <kr...@apache.org>
AuthorDate: Tue Dec 17 16:28:57 2019 -0500
SOLR-14106: Cleanup Jetty SslContextFactory usage
Jetty 9.4.16.v20190411 and up introduced separate
client and server SslContextFactory implementations.
This split requires the proper use of of
SslContextFactory in clients and server configs.
This fixes the following
* SSL with SOLR_SSL_NEED_CLIENT_AUTH not working since v8.2.0
* Http2SolrClient SSL not working in branch_8x
Signed-off-by: Kevin Risden <kr...@apache.org>
---
.../lucene/replicator/ReplicatorTestCase.java | 2 +-
solr/CHANGES.txt | 2 ++
.../solr/client/solrj/embedded/JettySolrRunner.java | 2 +-
.../test/org/apache/hadoop/http/HttpServer2.java | 2 +-
solr/server/etc/jetty-ssl.xml | 2 +-
solr/server/etc/jetty.xml | 2 +-
.../solr/client/solrj/embedded/SSLConfig.java | 21 ++++++++++-----------
.../solr/client/solrj/impl/Http2SolrClient.java | 9 +++------
.../java/org/apache/solr/util/SSLTestConfig.java | 4 ++--
9 files changed, 22 insertions(+), 24 deletions(-)
diff --git a/lucene/replicator/src/test/org/apache/lucene/replicator/ReplicatorTestCase.java b/lucene/replicator/src/test/org/apache/lucene/replicator/ReplicatorTestCase.java
index c482ec2..c2f47bf 100644
--- a/lucene/replicator/src/test/org/apache/lucene/replicator/ReplicatorTestCase.java
+++ b/lucene/replicator/src/test/org/apache/lucene/replicator/ReplicatorTestCase.java
@@ -61,7 +61,7 @@ public abstract class ReplicatorTestCase extends LuceneTestCase {
// talking to that server, but for the purposes of testing that should
// be good enough
final boolean useSsl = Boolean.getBoolean("tests.jettySsl");
- final SslContextFactory sslcontext = new SslContextFactory(false);
+ final SslContextFactory.Server sslcontext = new SslContextFactory.Server();
if (useSsl) {
if (null != System.getProperty("javax.net.ssl.keyStore")) {
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 58488c4..73459b3 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -56,6 +56,8 @@ Bug Fixes
* SOLR-14099: Fixed @LogLevel annotation in test-framework to correctly 'unset' Loggers after test (hossman)
+* SOLR-14106: Cleanup Jetty SslContextFactory usage (Ryan Rockenbaugh, Jan Hoydahl, Kevin Risden)
+
Other Changes
---------------------
diff --git a/solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java b/solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java
index 247702d..cafd2a0 100644
--- a/solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java
+++ b/solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java
@@ -278,7 +278,7 @@ public class JettySolrRunner {
// the server as well as any client actions taken by this JVM in
// talking to that server, but for the purposes of testing that should
// be good enough
- final SslContextFactory sslcontext = SSLConfig.createContextFactory(config.sslConfig);
+ final SslContextFactory.Server sslcontext = SSLConfig.createContextFactory(config.sslConfig);
HttpConfiguration configuration = new HttpConfiguration();
ServerConnector connector;
diff --git a/solr/core/src/test/org/apache/hadoop/http/HttpServer2.java b/solr/core/src/test/org/apache/hadoop/http/HttpServer2.java
index 710b51a..97da5ec 100644
--- a/solr/core/src/test/org/apache/hadoop/http/HttpServer2.java
+++ b/solr/core/src/test/org/apache/hadoop/http/HttpServer2.java
@@ -506,7 +506,7 @@ public final class HttpServer2 implements FilterContainer {
httpConfig.addCustomizer(new SecureRequestCustomizer());
ServerConnector conn = createHttpChannelConnector(server, httpConfig);
- SslContextFactory sslContextFactory = new SslContextFactory();
+ SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setNeedClientAuth(needsClientAuth);
sslContextFactory.setKeyManagerPassword(keyPassword);
if (keyStore != null) {
diff --git a/solr/server/etc/jetty-ssl.xml b/solr/server/etc/jetty-ssl.xml
index 3670641..ac57b6b 100644
--- a/solr/server/etc/jetty-ssl.xml
+++ b/solr/server/etc/jetty-ssl.xml
@@ -6,7 +6,7 @@
<!-- This configuration must be used in conjunction with jetty.xml -->
<!-- and either jetty-https.xml or jetty-spdy.xml (but not both) -->
<!-- ============================================================= -->
-<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Call class="org.apache.solr.util.configuration.SSLConfigurationsFactory" name="current">
<Get name="keyStorePassword" id="keyStorePassword"/>
<Get name="trustStorePassword" id="trustStorePassword"/>
diff --git a/solr/server/etc/jetty.xml b/solr/server/etc/jetty.xml
index 4891989..ea13be0 100644
--- a/solr/server/etc/jetty.xml
+++ b/solr/server/etc/jetty.xml
@@ -132,7 +132,7 @@
<Arg>
<New class="org.eclipse.jetty.rewrite.handler.RedirectRegexRule">
<Set name="regex">^/$</Set>
- <Set name="replacement">/solr/</Set>
+ <Set name="location">/solr/</Set>
</New>
</Arg>
</Call>
diff --git a/solr/solrj/src/java/org/apache/solr/client/solrj/embedded/SSLConfig.java b/solr/solrj/src/java/org/apache/solr/client/solrj/embedded/SSLConfig.java
index 4091bf7..c5d0f3d 100644
--- a/solr/solrj/src/java/org/apache/solr/client/solrj/embedded/SSLConfig.java
+++ b/solr/solrj/src/java/org/apache/solr/client/solrj/embedded/SSLConfig.java
@@ -24,7 +24,6 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
* @see #setUseSSL
*/
public class SSLConfig {
-
private boolean useSsl;
private boolean clientAuth;
private String keyStore;
@@ -76,7 +75,7 @@ public class SSLConfig {
}
/**
- * Returns an SslContextFactory that should be used by a jetty server based on the specified
+ * Returns an SslContextFactory.Server that should be used by a jetty server based on the specified
* SSLConfig param which may be null.
*
* if the SSLConfig param is non-null, then this method will return the results of
@@ -88,8 +87,7 @@ public class SSLConfig {
*
* @see #createContextFactory()
*/
- public static SslContextFactory createContextFactory(SSLConfig sslConfig) {
-
+ public static SslContextFactory.Server createContextFactory(SSLConfig sslConfig) {
if (sslConfig != null) {
return sslConfig.createContextFactory();
}
@@ -102,7 +100,7 @@ public class SSLConfig {
}
/**
- * Returns an SslContextFactory that should be used by a jetty server based on this SSLConfig instance,
+ * Returns an SslContextFactory.Server that should be used by a jetty server based on this SSLConfig instance,
* or null if SSL should not be used.
*
* The default implementation generates a simple factory according to the keystore, truststore,
@@ -114,14 +112,13 @@ public class SSLConfig {
* @see #getTrustStore
* @see #getTrustStorePassword
*/
- public SslContextFactory createContextFactory() {
-
+ public SslContextFactory.Server createContextFactory() {
if (! isSSLMode()) {
return null;
}
// else...
- SslContextFactory factory = new SslContextFactory(false);
+ SslContextFactory.Server factory = new SslContextFactory.Server();
if (getKeyStore() != null)
factory.setKeyStorePath(getKeyStore());
if (getKeyStorePassword() != null)
@@ -136,12 +133,14 @@ public class SSLConfig {
factory.setTrustStorePassword(getTrustStorePassword());
}
return factory;
-
}
- private static SslContextFactory configureSslFromSysProps() {
+ public SslContextFactory.Client createClientContextFactory() {
+ return new SslContextFactory.Client();
+ }
- SslContextFactory sslcontext = new SslContextFactory(false);
+ private static SslContextFactory.Server configureSslFromSysProps() {
+ SslContextFactory.Server sslcontext = new SslContextFactory.Server();
if (null != System.getProperty("javax.net.ssl.keyStore")) {
sslcontext.setKeyStorePath
diff --git a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java
index 113ccc9..13b68c2 100644
--- a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java
+++ b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java
@@ -99,7 +99,6 @@ import org.slf4j.LoggerFactory;
import static org.apache.solr.client.solrj.impl.BaseHttpSolrClient.*;
import static org.apache.solr.common.util.Utils.getObjectByPath;
-// TODO: error handling, small Http2SolrClient features, security, ssl
/**
* Difference between this {@link Http2SolrClient} and {@link HttpSolrClient}:
* <ul>
@@ -180,13 +179,13 @@ public class Http2SolrClient extends SolrClient {
ThreadPoolExecutor httpClientExecutor = new ExecutorUtil.MDCAwareThreadPoolExecutor(32,
256, 60, TimeUnit.SECONDS, queue, new SolrjNamedThreadFactory("h2sc"));
- SslContextFactory sslContextFactory;
+ SslContextFactory.Client sslContextFactory;
boolean ssl;
if (builder.sslConfig == null) {
sslContextFactory = getDefaultSslContextFactory();
ssl = sslContextFactory.getTrustStore() != null || sslContextFactory.getTrustStorePath() != null;
} else {
- sslContextFactory = builder.sslConfig.createContextFactory();
+ sslContextFactory = builder.sslConfig.createClientContextFactory();
ssl = true;
}
@@ -868,7 +867,6 @@ public class Http2SolrClient extends SolrClient {
this.connectionTimeout = connectionTimeOut;
return this;
}
-
}
public Set<String> getQueryParams() {
@@ -921,7 +919,7 @@ public class Http2SolrClient extends SolrClient {
Http2SolrClient.defaultSSLConfig = null;
}
- private static SslContextFactory getDefaultSslContextFactory() {
+ private static SslContextFactory.Client getDefaultSslContextFactory() {
String checkPeerNameStr = System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME);
boolean sslCheckPeerName = true;
if (checkPeerNameStr == null || "false".equalsIgnoreCase(checkPeerNameStr)) {
@@ -949,5 +947,4 @@ public class Http2SolrClient extends SolrClient {
return sslContextFactory;
}
-
}
diff --git a/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java b/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
index 88b6a1c..9694312 100644
--- a/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
+++ b/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
@@ -184,7 +184,7 @@ public class SSLTestConfig {
return new SSLConfig(isSSLMode(), isClientAuthMode(), null, null, null, null) {
@Override
- public SslContextFactory createContextFactory() {
+ public SslContextFactory.Client createClientContextFactory() {
SslContextFactory.Client factory = new SslContextFactory.Client(!checkPeerName);
try {
factory.setSslContext(buildClientSSLContext());
@@ -212,7 +212,7 @@ public class SSLTestConfig {
return new SSLConfig(isSSLMode(), isClientAuthMode(), null, null, null, null) {
@Override
- public SslContextFactory createContextFactory() {
+ public SslContextFactory.Server createContextFactory() {
SslContextFactory.Server factory = new SslContextFactory.Server();
try {
SSLContextBuilder builder = SSLContexts.custom();