[solr] branch branch_9x updated: SOLR-16728: Fix SSL & HTTP2 classloading (#1542)

Wed, 05 Apr 2023 07:04:10 -0700 

This is an automated email from the ASF dual-hosted git repository.

houston pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/branch_9x by this push:
     new 309df833cdc SOLR-16728: Fix SSL & HTTP2 classloading (#1542)
309df833cdc is described below

commit 309df833cdc1f64301b5f0cb83ab36766bc65bc7
Author: Houston Putman <[email protected]>
AuthorDate: Wed Apr 5 09:55:51 2023 -0400

    SOLR-16728: Fix SSL & HTTP2 classloading (#1542)
    
    (cherry picked from commit 4a47748342ec9dc20c864079aababf51c6b01c83)
---
 solr/CHANGES.txt                            |  3 ++
 solr/packaging/test/test_ssl.bats           | 61 +++++++++++++++++++++++++++++
 solr/server/contexts/solr-jetty-context.xml |  5 +--
 3 files changed, 65 insertions(+), 4 deletions(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index e1c405da0ce..5a0d3bbabd9 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -65,6 +65,9 @@ Bug Fixes
 * SOLR-16730: Fix NPE in SystemInfoHandler for inter-node requests that would 
cause the Nodes page not to load.
   SystemInfoHandler no longer populates the username, roles and permissions in 
inter-node requests. (Tomás Fernández Löbbe)
 
+* SOLR-16728: Fix Classloading Exception for inter-node requests when using 
SSL and HTTP2.
+  All Jetty classes are able to be shared between the Jetty server and webApp 
now. (Houston Putman)
+
 Dependency Upgrades
 ---------------------
 * PR#1494: Upgrade forbiddenapis to 3.5 (Uwe Schindler)
diff --git a/solr/packaging/test/test_ssl.bats 
b/solr/packaging/test/test_ssl.bats
new file mode 100644
index 00000000000..13ee4253928
--- /dev/null
+++ b/solr/packaging/test/test_ssl.bats
@@ -0,0 +1,61 @@
+#!/usr/bin/env bats
+
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+load bats_helper
+
+setup() {
+  common_clean_setup
+}
+
+teardown() {
+  # save a snapshot of SOLR_HOME for failed tests
+  save_home_on_failure
+
+  solr stop -all >/dev/null 2>&1
+}
+
+@test "start solr with ssl" {
+  # Create a keystore
+  export ssl_dir="${BATS_TEST_TMPDIR}/ssl"
+  mkdir -p "$ssl_dir"
+  (
+    cd "$ssl_dir"
+    rm -f solr-ssl.keystore.p12 solr-ssl.pem
+    keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass 
secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.p12 
-storetype PKCS12 -ext SAN=DNS:localhost,IP:127.0.0.1 -dname "CN=localhost, 
OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country"
+    openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem -passin 
pass:secret -passout pass:
+  )
+
+  # Set ENV_VARs so that Solr uses this keystore
+  export SOLR_SSL_ENABLED=true
+  export SOLR_SSL_KEY_STORE=$ssl_dir/solr-ssl.keystore.p12
+  export SOLR_SSL_KEY_STORE_PASSWORD=secret
+  export SOLR_SSL_TRUST_STORE=$ssl_dir/solr-ssl.keystore.p12
+  export SOLR_SSL_TRUST_STORE_PASSWORD=secret
+  export SOLR_SSL_NEED_CLIENT_AUTH=false
+  export SOLR_SSL_WANT_CLIENT_AUTH=false
+  export SOLR_SSL_CHECK_PEER_NAME=true
+  export SOLR_HOST=localhost
+
+  solr start -c
+  solr assert --started https://localhost:8983/solr --timeout 5000
+
+  run curl --cacert "$ssl_dir/solr-ssl.pem" 
'https://localhost:8983/solr/admin/collections?action=CREATE&collection.configName=_default&name=test&numShards=2&replicationFactor=1&router.name=compositeId&wt=json'
+  assert_output --partial '"status":0'
+
+  run curl --cacert "$ssl_dir/solr-ssl.pem" 
'https://localhost:8983/solr/test/select?q=*:*'
+  assert_output --partial '"numFound":0'
+}
diff --git a/solr/server/contexts/solr-jetty-context.xml 
b/solr/server/contexts/solr-jetty-context.xml
index c5df3ab2105..ec646738c3b 100644
--- a/solr/server/contexts/solr-jetty-context.xml
+++ b/solr/server/contexts/solr-jetty-context.xml
@@ -29,10 +29,7 @@
       <New id="removeServerClasses" 
class="org.eclipse.jetty.webapp.ClassMatcher">
         <Arg>
           <Array type="java.lang.String">
-            <Item>-org.eclipse.jetty.io.</Item>
-            <Item>-org.eclipse.jetty.http.</Item>
-            <Item>-org.eclipse.jetty.http2.</Item>
-            <Item>-org.eclipse.jetty.util.</Item>
+            <Item>-org.eclipse.jetty.</Item>
           </Array>
         </Arg>
       </New>

Reply via email to