Skip to content

Commit 582add7

Browse files
JacquesLeRouxJacquesLeRoux
committed
Fixed: Disallow unauthorized users to use Solr (OFBIZ-12792)
Adds a message explaining to unauthorized users they can't use Solr
1 parent d6c148e commit 582add7

File tree

2 files changed

+10
-2
lines changed

2 files changed

+10
-2
lines changed

solr/config/SolrUiLabels.xml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,6 @@ under the License.
4545
<property key="SolrMissingProductCategoryId">
4646
<value xml:lang="en">Missing product category id.</value>
4747
</property>
48-
4948
<property key="SolrErrorManageLoginFirst">
5049
<value xml:lang="en">To manage Solr in OFBiz, you have to login first and have the permission to do so.</value>
5150
</property>
@@ -70,4 +69,7 @@ under the License.
7069
<property key="SolrErrorNoViewFilePermission">
7170
<value xml:lang="en">To view files of a Solr index in OFBiz, you should have the permission to do so.</value>
7271
</property>
73-
</resource>
72+
<property key="SolrErrorUnauthorisedRequestForSecurityReason">
73+
<value xml:lang="en">The request must be from an authorized user</value>
74+
</property>
75+
</resource>

solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,12 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
8181

8282
// check if the request is from an authorized user
8383
String servletPath = httpRequest.getServletPath();
84+
85+
if (servletPath.equals("/solrdefault/debug/dump")) {
86+
sendJsonHeaderMessage(httpRequest, httpResponse, null, "SolrErrorUnauthorisedRequestForSecurityReason", null, locale);
87+
return;
88+
}
89+
8490
if (UtilValidate.isNotEmpty(servletPath) && (servletPath.startsWith("/admin/") || servletPath.endsWith("/update")
8591
|| servletPath.endsWith("/update/json") || servletPath.endsWith("/update/csv") || servletPath.endsWith("/update/extract")
8692
|| servletPath.endsWith("/replication") || servletPath.endsWith("/file") || servletPath.endsWith("/file/"))) {

0 commit comments

Comments
 (0)