SOLR-10748: Make stream.body configurable and disabled by default

2017-07-06 14:56:58 +02:00 · 2017-07-06 14:56:58 +02:00 · 80b1430a3e
parent 112bdda47e
commit 80b1430a3e
22 changed files with 221 additions and 83 deletions
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@ -77,6 +77,8 @@ Other Changes
 * SOLR-10957: Changed SolrCoreParser.init to use the resource loader from getSchema()
  instead of the resource loader from getCore(). (Christine Poerschke)
 * SOLR-10748: Make stream.body configurable and disabled by default (janhoy)
 ==================  7.0.0 ==================
 Versions of Major Components
--- a/solr/contrib/ltr/src/test-files/solr/collection1/conf/solrconfig-ltr.xml
+++ b/solr/contrib/ltr/src/test-files/solr/collection1/conf/solrconfig-ltr.xml
@ -18,6 +18,9 @@
 <schemaFactory class="ClassicIndexSchemaFactory" />
 <requestDispatcher>
   <requestParsers enableStreamBody="true" />
 </requestDispatcher>
 <!-- Query parser used to rerank top docs with a provided model -->
 <queryParser name="ltr"
--- a/solr/contrib/ltr/src/test-files/solr/collection1/conf/solrconfig-ltr_Th10_10.xml
+++ b/solr/contrib/ltr/src/test-files/solr/collection1/conf/solrconfig-ltr_Th10_10.xml
@ -18,7 +18,10 @@
 <schemaFactory class="ClassicIndexSchemaFactory" />
-
+ <requestDispatcher>
   <requestParsers enableStreamBody="true" />
 </requestDispatcher>
 <!-- Query parser used to rerank top docs with a provided model -->
 <queryParser name="ltr" class="org.apache.solr.ltr.search.LTRQParserPlugin" >
  <int name="threadModule.totalPoolThreads">10</int> <!-- Maximum threads to use for all queries -->
--- a/solr/contrib/ltr/src/test-files/solr/collection1/conf/solrconfig-multiseg.xml
+++ b/solr/contrib/ltr/src/test-files/solr/collection1/conf/solrconfig-multiseg.xml
@ -18,7 +18,10 @@
 <schemaFactory class="ClassicIndexSchemaFactory" />
-
+ <requestDispatcher>
   <requestParsers enableStreamBody="true" />
 </requestDispatcher>
 <!-- Query parser used to rerank top docs with a provided model -->
 <queryParser name="ltr" class="org.apache.solr.ltr.search.LTRQParserPlugin" />
--- a/solr/core/src/java/org/apache/solr/core/SolrConfig.java
+++ b/solr/core/src/java/org/apache/solr/core/SolrConfig.java
@ -123,6 +123,7 @@ public class SolrConfig extends Config implements MapSerializable {
  private int formUploadLimitKB;
  private boolean enableRemoteStreams;
  private boolean enableStreamBody;
  private boolean handleSelect;
@ -308,6 +309,9 @@ public class SolrConfig extends Config implements MapSerializable {
    enableRemoteStreams = getBool(
        "requestDispatcher/requestParsers/@enableRemoteStreaming", false);
    enableStreamBody = getBool(
        "requestDispatcher/requestParsers/@enableStreamBody", false);
    handleSelect = getBool(
        "requestDispatcher/@handleSelect", !luceneMatchVersion.onOrAfter(Version.LUCENE_7_0_0));
@ -784,6 +788,10 @@ public class SolrConfig extends Config implements MapSerializable {
    return enableRemoteStreams;
  }
  public boolean isEnableStreamBody() {
    return enableStreamBody;
  }
  @Override
  public int getInt(String path) {
    return getInt(path, 0);
--- a/solr/core/src/java/org/apache/solr/servlet/SolrRequestParsers.java
+++ b/solr/core/src/java/org/apache/solr/servlet/SolrRequestParsers.java
@ -84,6 +84,7 @@ public class SolrRequestParsers
  private final HashMap<String, SolrRequestParser> parsers =
      new HashMap<>();
  private final boolean enableRemoteStreams;
  private final boolean enableStreamBody;
  private StandardRequestParser standard;
  private boolean handleSelect = true;
  private boolean addHttpRequestToContext;
@ -101,8 +102,9 @@ public class SolrRequestParsers
    final int multipartUploadLimitKB, formUploadLimitKB;
    if( globalConfig == null ) {
      multipartUploadLimitKB = formUploadLimitKB = Integer.MAX_VALUE; 
-      enableRemoteStreams = true;
+      enableRemoteStreams = false;
-      handleSelect = true;
+      enableStreamBody = false;
      handleSelect = false;
      addHttpRequestToContext = false;
    } else {
      multipartUploadLimitKB = globalConfig.getMultipartUploadLimitKB();
@ -110,6 +112,7 @@ public class SolrRequestParsers
      formUploadLimitKB = globalConfig.getFormUploadLimitKB();
      enableRemoteStreams = globalConfig.isEnableRemoteStreams();
      enableStreamBody = globalConfig.isEnableStreamBody();
      // Let this filter take care of /select?xxx format
      handleSelect = globalConfig.isHandleSelect();
@ -121,9 +124,10 @@ public class SolrRequestParsers
  private SolrRequestParsers() {
    enableRemoteStreams = false;
    enableStreamBody = false;
    handleSelect = false;
    addHttpRequestToContext = false;
-    init(2048, 2048);
+    init(Integer.MAX_VALUE, Integer.MAX_VALUE);
  }
  private void init( int multipartUploadLimitKB, int formUploadLimitKB) {       
@ -202,7 +206,7 @@ public class SolrRequestParsers
    strs = params.getParams( CommonParams.STREAM_FILE );
    if( strs != null ) {
      if( !enableRemoteStreams ) {
-        throw new SolrException( ErrorCode.BAD_REQUEST, "Remote Streaming is disabled." );
+        throw new SolrException( ErrorCode.BAD_REQUEST, "Remote Streaming is disabled. See http://lucene.apache.org/solr/guide/requestdispatcher-in-solrconfig.html for help" );
      }
      for( final String file : strs ) {
        ContentStreamBase stream = new ContentStreamBase.FileStream( new File(file) );
@ -216,6 +220,9 @@ public class SolrRequestParsers
    // Check for streams in the request parameters
    strs = params.getParams( CommonParams.STREAM_BODY );
    if( strs != null ) {
      if( !enableStreamBody ) {
        throw new SolrException( ErrorCode.BAD_REQUEST, "Stream Body is disabled. See http://lucene.apache.org/solr/guide/requestdispatcher-in-solrconfig.html for help" );
      }
      for( final String body : strs ) {
        ContentStreamBase stream = new ContentStreamBase.StringStream( body );
        if( contentType != null ) {
--- a/solr/core/src/resources/EditableSolrConfigAttributes.json
+++ b/solr/core/src/resources/EditableSolrConfigAttributes.json
@ -65,7 +65,8 @@
    "requestParsers":{
      "multipartUploadLimitInKB":0,
      "formdataUploadLimitInKB":0,
-      "enableRemoteStreaming":0,
+      "enableRemoteStreaming":10,
      "enableStreamBody":10,
      "addHttpRequestToContext":0}},
  "peerSync":{
    "useRangeVersions":11
--- a/solr/core/src/test-files/solr/collection1/conf/solrconfig-managed-schema.xml
+++ b/solr/core/src/test-files/solr/collection1/conf/solrconfig-managed-schema.xml
@ -29,6 +29,11 @@
  <codecFactory class="solr.SchemaCodecFactory"/>
  <requestDispatcher>
    <!-- Tests rely on stream.body -->
    <requestParsers enableStreamBody="true" />
  </requestDispatcher>
  <query>
    <filterCache
        enabled="${filterCache.enabled:false}"
--- a/solr/core/src/test-files/solr/collection1/conf/solrconfig-schemaless.xml
+++ b/solr/core/src/test-files/solr/collection1/conf/solrconfig-schemaless.xml
@ -35,6 +35,10 @@
    </updateLog>
  </updateHandler>
  <requestDispatcher>
    <requestParsers enableStreamBody="true" />
  </requestDispatcher>
  <requestHandler name="/select" class="solr.SearchHandler">
    <bool name="httpCaching">true</bool>
  </requestHandler>
--- a/solr/core/src/test-files/solr/collection1/conf/solrconfig-tlog.xml
+++ b/solr/core/src/test-files/solr/collection1/conf/solrconfig-tlog.xml
@ -31,6 +31,9 @@
    <str name="solr.hdfs.blockcache.global">${solr.hdfs.blockcache.global:true}</str>
  </directoryFactory>
  <schemaFactory class="ClassicIndexSchemaFactory"/>
  <requestDispatcher>
    <requestParsers enableStreamBody="true" />
  </requestDispatcher>
  <dataDir>${solr.data.dir:}</dataDir>
--- a/solr/core/src/test-files/solr/collection1/conf/solrconfig.xml
+++ b/solr/core/src/test-files/solr/collection1/conf/solrconfig.xml
@ -457,7 +457,7 @@
  </searchComponent>
  <requestDispatcher>
-    <requestParsers enableRemoteStreaming="true" multipartUploadLimitInKB="-1" />
+    <requestParsers enableRemoteStreaming="true" enableStreamBody="true" multipartUploadLimitInKB="-1" />
    <httpCaching lastModifiedFrom="openTime" etagSeed="Solr" never304="false">
      <cacheControl>max-age=30, public</cacheControl>
    </httpCaching>
--- a/solr/core/src/test-files/solr/crazy-path-to-config.xml
+++ b/solr/core/src/test-files/solr/crazy-path-to-config.xml
@ -38,7 +38,9 @@
    <boolTofilterOptimizer enabled="true" cacheSize="32" threshold=".05"/>
  </query>
-  <requestDispatcher/>
+  <requestDispatcher>
    <requestParsers enableStreamBody="true" />
  </requestDispatcher>
  <requestHandler name="/select" class="solr.SearchHandler" />
  <requestHandler name="/crazy_custom_qt" class="solr.SearchHandler">
--- a/solr/core/src/test/org/apache/solr/cloud/TestConfigSetsAPI.java
+++ b/solr/core/src/test/org/apache/solr/cloud/TestConfigSetsAPI.java
@ -37,6 +37,7 @@ import java.nio.charset.StandardCharsets;
 import java.nio.file.FileVisitResult;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.SimpleFileVisitor;
 import java.nio.file.attribute.BasicFileAttributes;
 import java.util.Arrays;
 import java.util.Collection;
@ -47,10 +48,10 @@ import java.util.LinkedList;
 import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
 import java.nio.file.SimpleFileVisitor;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipOutputStream;
 import com.google.common.collect.ImmutableMap;
 import org.apache.commons.io.FileUtils;
 import org.apache.http.HttpEntity;
 import org.apache.http.client.HttpClient;
@ -61,27 +62,22 @@ import org.apache.http.util.EntityUtils;
 import org.apache.lucene.util.TestUtil;
 import org.apache.solr.SolrTestCaseJ4;
 import org.apache.solr.client.solrj.SolrClient;
 import org.apache.solr.client.solrj.SolrQuery;
 import org.apache.solr.client.solrj.SolrRequest;
 import org.apache.solr.client.solrj.SolrServerException;
 import org.apache.solr.client.solrj.embedded.JettySolrRunner;
 import org.apache.solr.client.solrj.impl.CloudSolrClient;
 import org.apache.solr.client.solrj.impl.HttpClientUtil;
 import org.apache.solr.client.solrj.impl.HttpSolrClient;
 import org.apache.solr.client.solrj.request.ConfigSetAdminRequest;
 import org.apache.solr.client.solrj.request.ConfigSetAdminRequest.Create;
 import org.apache.solr.client.solrj.request.ConfigSetAdminRequest.Delete;
 import org.apache.solr.client.solrj.request.QueryRequest;
 import org.apache.solr.client.solrj.response.CollectionAdminResponse;
 import org.apache.solr.client.solrj.response.ConfigSetAdminResponse;
 import org.apache.solr.common.SolrException;
 import org.apache.solr.common.SolrException.ErrorCode;
 import org.apache.solr.common.SolrInputDocument;
 import org.apache.solr.common.cloud.SolrZkClient;
 import org.apache.solr.common.cloud.ZkConfigManager;
 import org.apache.solr.common.cloud.ZkStateReader;
 import org.apache.solr.common.params.CollectionParams.CollectionAction;
 import org.apache.solr.common.params.CommonParams;
 import org.apache.solr.common.params.ConfigSetParams;
 import org.apache.solr.common.params.ConfigSetParams.ConfigSetAction;
 import org.apache.solr.common.params.ModifiableSolrParams;
@ -104,8 +100,6 @@ import org.noggit.ObjectBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import com.google.common.collect.ImmutableMap;
 /**
 * Simple ConfigSets API tests on user errors and simple success cases.
 */
@ -331,7 +325,6 @@ public class TestConfigSetsAPI extends SolrTestCaseJ4 {
    uploadConfigSet("regular", suffix, null, null);
    // try to create a collection with the uploaded configset
    createCollection("newcollection", "regular" + suffix, 1, 1, solrCluster.getSolrClient());
    xsltRequest("newcollection");
  }
  @Test
@ -506,35 +499,6 @@ public class TestConfigSetsAPI extends SolrTestCaseJ4 {
      zout.close();
    }
  }
  private void xsltRequest(String collection) throws SolrServerException, IOException {
    String baseUrl = solrCluster.getJettySolrRunners().get(0).getBaseUrl().toString();
    try (HttpSolrClient client = getHttpSolrClient(baseUrl + "/" + collection)) {
      String xml = 
          "<random>" +
              " <document>" +
              "  <node name=\"id\" value=\"12345\"/>" +
              "  <node name=\"name\" value=\"kitten\"/>" +
              "  <node name=\"text\" enhance=\"3\" value=\"some other day\"/>" +
              "  <node name=\"title\" enhance=\"4\" value=\"A story\"/>" +
              "  <node name=\"timestamp\" enhance=\"5\" value=\"2011-07-01T10:31:57.140Z\"/>" +
              " </document>" +
              "</random>";
      SolrQuery query = new SolrQuery();
      query.setQuery( "*:*" );//for anything
      query.add("qt","/update");
      query.add(CommonParams.TR, "xsl-update-handler-test.xsl");
      query.add("stream.body", xml);
      query.add("commit", "true");
      try {
        client.query(query);
        fail("This should've returned a 401.");
      } catch (SolrException ex) {
        assertEquals(ErrorCode.UNAUTHORIZED.code, ex.code());
      }
    }
  }
  public void scriptRequest(String collection) throws SolrServerException, IOException {
    SolrClient client = solrCluster.getSolrClient();
--- a/solr/core/src/test/org/apache/solr/core/TestConfigOverlay.java
+++ b/solr/core/src/test/org/apache/solr/core/TestConfigOverlay.java
@ -53,6 +53,7 @@ public class TestConfigOverlay extends LuceneTestCase {
    assertTrue(isEditableProp("requestDispatcher.requestParsers.multipartUploadLimitInKB", false, null));
    assertTrue(isEditableProp("requestDispatcher.requestParsers.formdataUploadLimitInKB", false, null));
    assertTrue(isEditableProp("requestDispatcher.requestParsers.enableRemoteStreaming", false, null));
    assertTrue(isEditableProp("requestDispatcher.requestParsers.enableStreamBody", false, null));
    assertTrue(isEditableProp("requestDispatcher.requestParsers.addHttpRequestToContext", false, null));
    assertTrue(isEditableProp("requestDispatcher.handleSelect", false, null));
--- a/solr/core/src/test/org/apache/solr/core/TestSolrConfigHandler.java
+++ b/solr/core/src/test/org/apache/solr/core/TestSolrConfigHandler.java
@ -182,7 +182,8 @@ public class TestSolrConfigHandler extends RestTestBase {
    log.info("going to send config command. path {} , payload: {}", uri, payload);
    String response = harness.post(uri, json);
    Map map = (Map) ObjectBuilder.getVal(new JSONParser(new StringReader(response)));
-    assertNull(response, map.get("errors"));
+    assertNull(response, map.get("errorMessages"));
    assertNull(response, map.get("errors")); // Will this ever be returned?
  }
--- a/solr/core/src/test/org/apache/solr/request/TestRemoteStreaming.java
+++ b/solr/core/src/test/org/apache/solr/request/TestRemoteStreaming.java
@ -20,15 +20,14 @@ import org.apache.commons.io.IOUtils;
 import org.apache.lucene.util.LuceneTestCase;
 import org.apache.solr.SolrJettyTestBase;
 import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
 import org.apache.solr.client.solrj.SolrQuery;
 import org.apache.solr.client.solrj.SolrClient;
 import org.apache.solr.client.solrj.SolrQuery;
 import org.apache.solr.client.solrj.SolrServerException;
 import org.apache.solr.client.solrj.impl.HttpSolrClient;
 import org.apache.solr.client.solrj.request.QueryRequest;
 import org.apache.solr.client.solrj.response.QueryResponse;
 import org.apache.solr.common.SolrException;
 import org.apache.solr.common.SolrInputDocument;
 import org.apache.solr.common.SolrException.ErrorCode;
 import org.apache.solr.common.SolrInputDocument;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
@ -120,30 +119,7 @@ public class TestRemoteStreaming extends SolrJettyTestBase {
      assertSame(ErrorCode.BAD_REQUEST, ErrorCode.getErrorCode(se.code()));
    }
  }
-
+  
  /** SOLR-3161
   * Technically stream.body isn't remote streaming, but there wasn't a better place for this test method. */
  @Test(expected = SolrException.class)
  public void testQtUpdateFails() throws SolrServerException, IOException {
    SolrQuery query = new SolrQuery();
    query.setQuery( "*:*" );//for anything
    query.add("echoHandler","true");
    //sneaky sneaky
    query.add("qt","/update");
    query.add("stream.body","<delete><query>*:*</query></delete>");
    QueryRequest queryRequest = new QueryRequest(query) {
      @Override
      public String getPath() { //don't let superclass substitute qt for the path
        return "/select";
      }
    };
    QueryResponse rsp = queryRequest.process(getSolrClient());
    //!! should *fail* above for security purposes
    String handler = (String) rsp.getHeader().get("handler");
    System.out.println(handler);
  }
  /** Compose a url that if you get it, it will delete all the data. */
  private String makeDeleteAllUrl() throws UnsupportedEncodingException {
    HttpSolrClient client = (HttpSolrClient) getSolrClient();
--- a/solr/core/src/test/org/apache/solr/request/TestStreamBody.java
+++ b/solr/core/src/test/org/apache/solr/request/TestStreamBody.java
@ -0,0 +1,138 @@
 /*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.apache.solr.request;
 import java.io.File;
 import java.lang.invoke.MethodHandles;
 import java.util.SortedMap;
 import java.util.TreeMap;
 import org.apache.commons.io.FileUtils;
 import org.apache.solr.client.solrj.SolrQuery;
 import org.apache.solr.client.solrj.request.QueryRequest;
 import org.apache.solr.common.SolrException;
 import org.apache.solr.common.params.CommonParams;
 import org.apache.solr.util.RestTestBase;
 import org.apache.solr.util.RestTestHarness;
 import org.eclipse.jetty.servlet.ServletHolder;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.restlet.ext.servlet.ServerServlet;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import static org.apache.solr.core.TestSolrConfigHandler.runConfigCommand;
 public class TestStreamBody extends RestTestBase {
  private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
  private static final String collection = "collection1";
  private static final String confDir = collection + "/conf";
  @Before
  public void before() throws Exception {
    File tmpSolrHome = createTempDir().toFile();
    FileUtils.copyDirectory(new File(TEST_HOME()), tmpSolrHome.getAbsoluteFile());
    final SortedMap<ServletHolder, String> extraServlets = new TreeMap<>();
    final ServletHolder solrRestApi = new ServletHolder("SolrSchemaRestApi", ServerServlet.class);
    solrRestApi.setInitParameter("org.restlet.application", "org.apache.solr.rest.SolrSchemaRestApi");
    extraServlets.put(solrRestApi, "/schema/*");  // '/schema/*' matches '/schema', '/schema/', and '/schema/whatever...'
    System.setProperty("managed.schema.mutable", "true");
    System.setProperty("enable.update.log", "false");
    createJettyAndHarness(tmpSolrHome.getAbsolutePath(), "solrconfig-minimal.xml", "schema-rest.xml",
        "/solr", true, extraServlets);
    if (random().nextBoolean()) {
      log.info("These tests are run with V2 API");
      restTestHarness.setServerProvider(() -> jetty.getBaseUrl().toString() + "/____v2/cores/" + DEFAULT_TEST_CORENAME);
    }
  }
  @After
  public void after() throws Exception {
    if (jetty != null) {
      jetty.stop();
      jetty = null;
    }
    if (client != null) {
      client.close();
      client = null;
    }
    if (restTestHarness != null) {
      restTestHarness.close();
      restTestHarness = null;
    }
  }
  // SOLR-3161
  @Test
  public void testQtUpdateFails() throws Exception {
    enableStreamBody(true);
    SolrQuery query = new SolrQuery();
    query.setQuery( "*:*" );//for anything
    query.add("echoHandler","true");
    //sneaky sneaky
    query.add("qt","/update");
    query.add(CommonParams.STREAM_BODY,"<delete><query>*:*</query></delete>");
    QueryRequest queryRequest = new QueryRequest(query) {
      @Override
      public String getPath() { //don't let superclass substitute qt for the path
        return "/select";
      }
    };
    try {
      queryRequest.process(getSolrClient());
      fail();
    } catch (SolrException se) {
      assertTrue(se.getMessage(), se.getMessage().contains("Bad contentType for search handler :text/xml"));
    }
  }
  // Tests that stream.body is disabled by default, and can be edited through Config API
  @Test
  public void testStreamBodyDefaultAndConfigApi() throws Exception {
    SolrQuery query = new SolrQuery();
    query.add(CommonParams.STREAM_BODY,"<delete><query>*:*</query></delete>");
    query.add("commit","true");
    QueryRequest queryRequest = new QueryRequest(query) {
      @Override
      public String getPath() { //don't let superclass substitute qt for the path
        return "/update";
      }
    };    
    try {
      queryRequest.process(getSolrClient());
      fail();
    } catch (SolrException se) {
      assertTrue(se.getMessage(), se.getMessage().contains("Stream Body is disabled"));
    }
    enableStreamBody(true);
    queryRequest.process(getSolrClient());
  }
  // Enables/disables stream.body through Config API
  private void enableStreamBody(boolean enable) throws Exception {
    RestTestHarness harness = restTestHarness;
    String payload = "{ 'set-property' : { 'requestDispatcher.requestParsers.enableStreamBody':" + enable + "} }";
    runConfigCommand(harness, "/config?wt=json", payload);
  }
 }
--- a/solr/core/src/test/org/apache/solr/search/json/TestJsonRequest.java
+++ b/solr/core/src/test/org/apache/solr/search/json/TestJsonRequest.java
@ -20,6 +20,7 @@ import org.apache.lucene.util.LuceneTestCase;
 import org.apache.solr.JSONTestUtil;
 import org.apache.solr.SolrTestCaseHS;
 import org.apache.solr.common.params.CommonParams;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
@ -181,33 +182,33 @@ public class TestJsonRequest extends SolrTestCaseHS {
    //
    // with body
    //
-    client.testJQ(params("stream.body", "{query:'cat_s:A'}", "stream.contentType", "application/json")
+    client.testJQ(params(CommonParams.STREAM_BODY, "{query:'cat_s:A'}", "stream.contentType", "application/json")
        , "response/numFound==2"
    );
    // test body in conjunction with query params
-    client.testJQ(params("stream.body", "{query:'cat_s:A'}", "stream.contentType", "application/json", "json.filter", "'where_s:NY'")
+    client.testJQ(params(CommonParams.STREAM_BODY, "{query:'cat_s:A'}", "stream.contentType", "application/json", "json.filter", "'where_s:NY'")
        , "response/numFound==1"
    );
    // test that json body in params come "after" (will overwrite)
-    client.testJQ(params("stream.body", "{query:'*:*', filter:'where_s:NY'}", "stream.contentType", "application/json", "json","{query:'cat_s:A'}")
+    client.testJQ(params(CommonParams.STREAM_BODY, "{query:'*:*', filter:'where_s:NY'}", "stream.contentType", "application/json", "json","{query:'cat_s:A'}")
        , "response/numFound==1"
    );
    // test that json.x params come after body
-    client.testJQ(params("stream.body", "{query:'*:*', filter:'where_s:NY'}", "stream.contentType", "application/json", "json.query","'cat_s:A'")
+    client.testJQ(params(CommonParams.STREAM_BODY, "{query:'*:*', filter:'where_s:NY'}", "stream.contentType", "application/json", "json.query","'cat_s:A'")
        , "response/numFound==1"
    );
    // test facet with json body
-    client.testJQ(params("stream.body", "{query:'*:*', facet:{x:'unique(where_s)'}}", "stream.contentType", "application/json")
+    client.testJQ(params(CommonParams.STREAM_BODY, "{query:'*:*', facet:{x:'unique(where_s)'}}", "stream.contentType", "application/json")
        , "facets=={count:6,x:2}"
    );
    // test facet with json body, insert additional facets via query parameter
-    client.testJQ(params("stream.body", "{query:'*:*', facet:{x:'unique(where_s)'}}", "stream.contentType", "application/json", "json.facet.y","{terms:{field:where_s}}", "json.facet.z","'unique(where_s)'")
+    client.testJQ(params(CommonParams.STREAM_BODY, "{query:'*:*', facet:{x:'unique(where_s)'}}", "stream.contentType", "application/json", "json.facet.y","{terms:{field:where_s}}", "json.facet.z","'unique(where_s)'")
        , "facets=={count:6,x:2, y:{buckets:[{val:NJ,count:3},{val:NY,count:2}]}, z:2}"
    );
--- a/solr/solr-ref-guide/src/config-api.adoc
+++ b/solr/solr-ref-guide/src/config-api.adoc
@ -117,6 +117,7 @@ The properties that are configured with these commands are predefined and listed
 * `requestDispatcher.requestParsers.multipartUploadLimitInKB`
 * `requestDispatcher.requestParsers.formdataUploadLimitInKB`
 * `requestDispatcher.requestParsers.enableRemoteStreaming`
 * `requestDispatcher.requestParsers.enableStreamBody`
 * `requestDispatcher.requestParsers.addHttpRequestToContext`
 [[ConfigAPI-CommandsforCustomHandlersandLocalComponents]]
--- a/solr/solr-ref-guide/src/near-real-time-searching.adoc
+++ b/solr/solr-ref-guide/src/near-real-time-searching.adoc
@ -102,7 +102,7 @@ Example of `commit` and `optimize` with optional attributes:
 [[NearRealTimeSearching-PassingcommitandcommitWithinparametersaspartoftheURL]]
 === Passing commit and commitWithin Parameters as Part of the URL
-Update handlers can also get `commit`-related parameters as part of the update URL. This example adds a small test document and causes an explicit commit to happen immediately afterwards:
+Update handlers can also get `commit`-related parameters as part of the update URL, if the `stream.body` feature is enabled. This example adds a small test document and causes an explicit commit to happen immediately afterwards:
 [source,text]
 ----
@ -132,6 +132,8 @@ curl http://localhost:8983/solr/my_collection/update?commitWithin=10000
  -H "Content-Type: text/xml" --data-binary '<add><doc><field name="id">testdoc</field></doc></add>'
 ----
 WARNING: While the `stream.body` feature is great for development and testing, it should normally not be enabled in production systems, as it lets a user with READ permissions post data that may alter the system state. The feature is disabled by default. See <<requestdispatcher-in-solrconfig.adoc#RequestDispatcherinSolrConfig-requestParsersElement,RequestDispatcher in SolrConfig>> for details.  
 [[NearRealTimeSearching-ChangingdefaultcommitWithinBehavior]]
 === Changing default commitWithin Behavior
--- a/solr/solr-ref-guide/src/requestdispatcher-in-solrconfig.adoc
+++ b/solr/solr-ref-guide/src/requestdispatcher-in-solrconfig.adoc
@ -48,6 +48,8 @@ The `<requestParsers>` sub-element controls values related to parsing requests.
 The attribute `enableRemoteStreaming` controls whether remote streaming of content is allowed. If omitted or set to `false` (the default), streaming will not be allowed. Setting it to `true` lets you specify the location of content to be streamed using `stream.file` or `stream.url` parameters.
 The attribute `enableStreamBody` controls whether streaming content from the HTTP parameter `stream.body` is allowed. If omitted or set to `false` (the default), streaming will not be allowed. Setting it to `true` lets you pass data in the `stream.body` parameter.
 If you enable remote streaming, be sure that you have authentication enabled. Otherwise, someone could potentially gain access to your content by accessing arbitrary URLs. It's also a good idea to place Solr behind a firewall to prevent it from being accessed from untrusted clients.
 The attribute `multipartUploadLimitInKB` sets an upper limit in kilobytes on the size of a document that may be submitted in a multi-part HTTP POST request. The value specified is multiplied by 1024 to determine the size in bytes. A value of `-1` means MAX_INT, which is also the system default if omitted.
@ -59,11 +61,22 @@ The attribute `addHttpRequestToContext` can be used to indicate that the origina
 [source,xml]
 ----
 <requestParsers enableRemoteStreaming="false"
                enableStreamBody="false"
                multipartUploadLimitInKB="2048"
                formdataUploadLimitInKB="2048"
                addHttpRequestToContext="false" />
 ----
 The below command is an example of how to enable RemoteStreaming and BodyStreaming through <<config-api.adoc#ConfigAPI-CreatingandUpdatingCommonProperties,Config API>>:
 [source,bash]
 ----
 curl http://localhost:8983/solr/gettingstarted/config -H 'Content-type:application/json' -d'{
    "set-property" : {"requestDispatcher.requestParsers.enableRemoteStreaming":true},
    "set-property" : {"requestDispatcher.requestParsers.enableStreamBody":true}
 }'
 ----
 [[RequestDispatcherinSolrConfig-httpCachingElement]]
 == httpCaching Element
--- a/solr/solr-ref-guide/src/uploading-data-with-index-handlers.adoc
+++ b/solr/solr-ref-guide/src/uploading-data-with-index-handlers.adoc
@ -168,7 +168,7 @@ For posting XML messages contained in a file, you can use the alternative form:
 curl http://localhost:8983/solr/my_collection/update -H "Content-Type: text/xml" --data-binary @myfile.xml
 ----
-Short requests can also be sent using a HTTP GET command, URL-encoding the request, as in the following. Note the escaping of "<" and ">":
+Short requests can also be sent using a HTTP GET command, if enabled in <<requestdispatcher-in-solrconfig.adoc#RequestDispatcherinSolrConfig-requestParsersElement,RequestDispatcher in SolrConfig>> element, URL-encoding the request, as in the following. Note the escaping of "<" and ">":
 [source,bash]
 ----