diff --git a/solr/bin/solr b/solr/bin/solr index cae386f8333..14d3f59ebb4 100755 --- a/solr/bin/solr +++ b/solr/bin/solr @@ -294,7 +294,7 @@ function print_usage() { if [ -z "$CMD" ]; then echo "" echo "Usage: solr COMMAND OPTIONS" - echo " where COMMAND is one of: start, stop, restart, status, healthcheck, create, create_core, create_collection, delete, version, zk" + echo " where COMMAND is one of: start, stop, restart, status, healthcheck, create, create_core, create_collection, delete, version, zk, auth" echo "" echo " Standalone server example (start Solr running in the background on port 8984):" echo "" @@ -544,6 +544,35 @@ function print_usage() { echo " : The Zookeeper path to create. Leading slash is assumed if not present." echo " Intermediate nodes are created as needed if not present." echo "" + elif [ "$CMD" == "auth" ]; then + echo "" + echo "Usage: solr auth enable [-type basicAuth] -credentials user:pass [-blockUnknown ] [-updateIncludeFileOnly ]" + echo " solr auth enable [-type basicAuth] -prompt [-blockUnknown ] [-updateIncludeFileOnly ]" + echo " solr auth disable [-updateIncludeFileOnly ]" + echo "" + echo " -type The authentication mechanism to enable. Defaults to 'basicAuth'." + echo "" + echo " -credentials The username and password of the initial user" + echo " Note: only one of -prompt or -credentials must be provided" + echo "" + echo " -prompt Prompts the user to provide the credentials" + echo " Note: only one of -prompt or -credentials must be provided" + echo "" + echo " -blockUnknown When true, this blocks out access to unauthenticated users. When not provided," + echo " this defaults to false (i.e. unauthenticated users can access all endpoints, except the" + echo " operations like collection-edit, security-edit, core-admin-edit etc.). Check the reference" + echo " guide for Basic Authentication for more details." + echo "" + echo " -updateIncludeFileOnly Only update the solr.in.sh or solr.in.cmd file, and skip actual enabling/disabling" + echo " authentication (i.e. don't update security.json)" + echo "" + echo " -z zkHost Zookeeper connection string" + echo "" + echo " -d Specify the Solr server directory" + echo "" + echo " -s Specify the Solr home directory. This is where any credentials or authentication" + echo " configuration files (e.g. basicAuth.conf) would be placed." + echo "" fi } # end print_usage @@ -1187,19 +1216,130 @@ if [[ "$SCRIPT_CMD" == "zk" ]]; then fi if [[ "$SCRIPT_CMD" == "auth" ]]; then - if [ -z "$AUTH_PORT" ]; then - for ID in `ps auxww | grep java | grep start\.jar | awk '{print $2}' | sort -r` - do - port=`jetty_port "$ID"` - if [ "$port" != "" ]; then - AUTH_PORT=$port + declare -a AUTH_PARAMS + if [ $# -gt 0 ]; then + while true; do + case "$1" in + enable|disable) + AUTH_OP=$1 + AUTH_PARAMS=("${AUTH_PARAMS[@]}" "$AUTH_OP") + shift + ;; + -z|-zkhost|zkHost) + ZK_HOST="$2" + AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-zkHost" "$ZK_HOST") + shift 2 + ;; + -t|-type) + AUTH_TYPE="$2" + AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-type" "$AUTH_TYPE") + shift 2 + ;; + -credentials) + AUTH_CREDENTIALS="$2" + AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-credentials" "$AUTH_CREDENTIALS") + shift 2 + ;; + -solrIncludeFile) + SOLR_INCLUDE="$2" + shift 2 + ;; + -prompt) + AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-prompt" "$2") + shift + ;; + -blockUnknown) + AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-blockUnknown" "$2") + shift break - fi - done + ;; + -updateIncludeFileOnly) + AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-updateIncludeFileOnly" "$2") + shift + break + ;; + -d|-dir) + if [[ -z "$2" || "${2:0:1}" == "-" ]]; then + print_usage "$SCRIPT_CMD" "Server directory is required when using the $1 option!" + exit 1 + fi + + if [[ "$2" == "." || "$2" == "./" || "$2" == ".." || "$2" == "../" ]]; then + SOLR_SERVER_DIR="$(pwd)/$2" + else + # see if the arg value is relative to the tip vs full path + if [[ "$2" != /* ]] && [[ -d "$SOLR_TIP/$2" ]]; then + SOLR_SERVER_DIR="$SOLR_TIP/$2" + else + SOLR_SERVER_DIR="$2" + fi + fi + # resolve it to an absolute path + SOLR_SERVER_DIR="$(cd "$SOLR_SERVER_DIR"; pwd)" + shift 2 + ;; + -s|-solr.home) + if [[ -z "$2" || "${2:0:1}" == "-" ]]; then + print_usage "$SCRIPT_CMD" "Solr home directory is required when using the $1 option!" + exit 1 + fi + + SOLR_HOME="$2" + shift 2 + ;; + -help|-usage|-h) + print_usage "$SCRIPT_CMD" + exit 0 + ;; + --) + shift + break + ;; + *) + shift + break + ;; + esac + done + fi + + if [ -z "$SOLR_SERVER_DIR" ]; then + SOLR_SERVER_DIR="$DEFAULT_SERVER_DIR" + fi + if [ ! -e "$SOLR_SERVER_DIR" ]; then + echo -e "\nSolr server directory $SOLR_SERVER_DIR not found!\n" + exit 1 + fi + if [ -z "$SOLR_HOME" ]; then + SOLR_HOME="$SOLR_SERVER_DIR/solr" + else + if [[ $SOLR_HOME != /* ]] && [[ -d "$SOLR_SERVER_DIR/$SOLR_HOME" ]]; then + SOLR_HOME="$SOLR_SERVER_DIR/$SOLR_HOME" + SOLR_PID_DIR="$SOLR_HOME" + elif [[ $SOLR_HOME != /* ]] && [[ -d "`pwd`/$SOLR_HOME" ]]; then + SOLR_HOME="$(pwd)/$SOLR_HOME" fi - solr_include_file=$SOLR_INCLUDE - run_tool auth "$@" -solrUrl "$SOLR_URL_SCHEME://$SOLR_TOOL_HOST:$AUTH_PORT/solr" -solrIncludeFile "$solr_include_file" - exit $? + fi + + if [ -z "$AUTH_OP" ]; then + print_usage "$SCRIPT_CMD" + exit 0 + fi + + AUTH_PARAMS=("${AUTH_PARAMS[@]}" "-solrIncludeFile" "$SOLR_INCLUDE") + + if [ -z "$AUTH_PORT" ]; then + for ID in `ps auxww | grep java | grep start\.jar | awk '{print $2}' | sort -r` + do + port=`jetty_port "$ID"` + if [ "$port" != "" ]; then + AUTH_PORT=$port + break + fi + done + fi + run_tool auth ${AUTH_PARAMS[@]} -solrUrl "$SOLR_URL_SCHEME://$SOLR_TOOL_HOST:$AUTH_PORT/solr" -authConfDir "$SOLR_HOME" + exit $? fi diff --git a/solr/bin/solr.cmd b/solr/bin/solr.cmd index d181f8d8060..1d093b9b403 100644 --- a/solr/bin/solr.cmd +++ b/solr/bin/solr.cmd @@ -276,7 +276,7 @@ goto done :script_usage @echo. @echo Usage: solr COMMAND OPTIONS -@echo where COMMAND is one of: start, stop, restart, healthcheck, create, create_core, create_collection, delete, version, zk +@echo where COMMAND is one of: start, stop, restart, healthcheck, create, create_core, create_collection, delete, version, zk, auth @echo. @echo Standalone server example (start Solr running in the background on port 8984): @echo. @@ -554,6 +554,35 @@ IF "%ZK_FULL%"=="true" ( ) goto done +:auth_usage +echo Usage: solr auth enable [-type basicAuth] -credentials user:pass [-blockUnknown ^] [-updateIncludeFileOnly ^] +echo solr auth enable [-type basicAuth] -prompt ^ [-blockUnknown ^] [-updateIncludeFileOnly ^] +echo solr auth disable [-updateIncludeFileOnly ^] +echo +echo -type ^ The authentication mechanism to enable. Defaults to 'basicAuth'. +echo +echo -credentials ^ The username and password of the initial user +echo Note: only one of -prompt or -credentials must be provided +echo +echo -prompt ^ Prompts the user to provide the credentials +echo Note: only one of -prompt or -credentials must be provided +echo +echo -blockUnknown ^ When true, this blocks out access to unauthenticated users. When not provided, +echo this defaults to false (i.e. unauthenticated users can access all endpoints, except the +echo operations like collection-edit, security-edit, core-admin-edit etc.). Check the reference +echo guide for Basic Authentication for more details. +echo +echo -updateIncludeFileOnly ^ Only update the solr.in.sh or solr.in.cmd file, and skip actual enabling/disabling" +echo authentication (i.e. don't update security.json)" +echo +echo -z zkHost Zookeeper connection string +echo +echo -d Specify the Solr server directory" +echo +echo -s Specify the Solr home directory. This is where any credentials or authentication" +echo configuration files (e.g. basicAuth.conf) would be placed." +echo +goto done REM Really basic command-line arg parsing :parse_args @@ -1648,6 +1677,44 @@ goto done :run_auth +IF "%1"=="-help" goto usage +IF "%1"=="-usage" goto usage + +REM Options parsing. +REM Note: With the following technique of parsing, it is not possible +REM to have an option without a value. +set "AUTH_PARAMS=%1" +set "option=" +for %%a in (%*) do ( + if not defined option ( + set arg=%%a + if "!arg:~0,1!" equ "-" set "option=!arg!" + ) else ( + set "option!option!=%%a" + if "!option!" equ "-d" set "SOLR_SERVER_DIR=%%a" + if "!option!" equ "-s" set "SOLR_HOME=%%a" + if not "!option!" equ "-s" if not "!option!" equ "-d" ( + set "AUTH_PARAMS=!AUTH_PARAMS! !option! %%a" + ) + set "option=" + ) +) +IF "%SOLR_SERVER_DIR%"=="" set "SOLR_SERVER_DIR=%DEFAULT_SERVER_DIR%" +IF NOT EXIST "%SOLR_SERVER_DIR%" ( + set "SCRIPT_ERROR=Solr server directory %SOLR_SERVER_DIR% not found!" + goto err +) +IF "%SOLR_HOME%"=="" set "SOLR_HOME=%SOLR_SERVER_DIR%\solr" +IF EXIST "%cd%\%SOLR_HOME%" set "SOLR_HOME=%cd%\%SOLR_HOME%" +IF NOT EXIST "%SOLR_HOME%\" ( + IF EXIST "%SOLR_SERVER_DIR%\%SOLR_HOME%" ( + set "SOLR_HOME=%SOLR_SERVER_DIR%\%SOLR_HOME%" + ) ELSE ( + set "SCRIPT_ERROR=Solr home directory %SOLR_HOME% not found!" + goto err + ) +) + if "!AUTH_PORT!"=="" ( for /f "usebackq" %%i in (`dir /b "%SOLR_TIP%\bin" ^| findstr /i "^solr-.*\.port$"`) do ( set SOME_SOLR_PORT= @@ -1659,11 +1726,10 @@ if "!AUTH_PORT!"=="" ( ) ) ) -for /f "tokens=1,* delims= " %%a in ("%*") do set auth_params=%%b "%JAVA%" %SOLR_SSL_OPTS% %AUTHC_OPTS% %SOLR_ZK_CREDS_AND_ACLS% -Dsolr.install.dir="%SOLR_TIP%" ^ -Dlog4j.configuration="file:%DEFAULT_SERVER_DIR%\scripts\cloud-scripts\log4j.properties" ^ -classpath "%DEFAULT_SERVER_DIR%\solr-webapp\webapp\WEB-INF\lib\*;%DEFAULT_SERVER_DIR%\lib\ext\*" ^ - org.apache.solr.util.SolrCLI auth %auth_params% -solrIncludeFile "%SOLR_INCLUDE%" ^ + org.apache.solr.util.SolrCLI auth %AUTH_PARAMS% -solrIncludeFile "%SOLR_INCLUDE%" -authConfDir "%SOLR_HOME%" ^ -solrUrl !SOLR_URL_SCHEME!://%SOLR_TOOL_HOST%:!AUTH_PORT!/solr goto done diff --git a/solr/core/src/java/org/apache/solr/util/SolrCLI.java b/solr/core/src/java/org/apache/solr/util/SolrCLI.java index 0fef03c85bf..aedb9edd22f 100644 --- a/solr/core/src/java/org/apache/solr/util/SolrCLI.java +++ b/solr/core/src/java/org/apache/solr/util/SolrCLI.java @@ -3526,49 +3526,59 @@ public class SolrCLI { public Option[] getOptions() { return new Option[]{ OptionBuilder - .withArgName("enable") - .withDescription("Enable authentication.") - .create("enable"), + .withArgName("type") + .hasArg() + .withDescription("The authentication mechanism to enable. Defaults to 'basicAuth'.") + .create("type"), OptionBuilder - .withArgName("disable") - .withDescription("Disable existing authentication.") - .create("disable"), + .withArgName("credentials") + .hasArg() + .withDescription("Credentials in the format username:password. Example: -credentials solr:SolrRocks") + .create("credentials"), OptionBuilder - .withArgName("type") - .hasArg() - .withDescription("basicAuth") - .create("type"), + .withArgName("prompt") + .hasArg() + .withDescription("Prompts the user to provide the credentials. Use either -credentials or -prompt, not both") + .create("prompt"), OptionBuilder - .withArgName("credentials") - .hasArg() - .withDescription("Credentials in the format username:password. Example: -credentials solr:SolrRocks") - .create("credentials"), + .withArgName("blockUnknown") + .withDescription("Blocks all access for unknown users (requires authentication for all endpoints)") + .hasArg() + .create("blockUnknown"), OptionBuilder - .withArgName("prompt") - .withDescription("Prompt for credentials. Use either -credentials or -prompt, not both") - .create("prompt"), + .withArgName("solrIncludeFile") + .hasArg() + .withDescription("The Solr include file which contains overridable environment variables for configuring Solr configurations") + .create("solrIncludeFile"), OptionBuilder - .withArgName("blockUnknown") - .withDescription("Blocks all access for unknown users (requires authentication for all endpoints)") - .hasOptionalArg() - .create("blockUnknown"), + .withArgName("updateIncludeFileOnly") + .withDescription("Only update the solr.in.sh or solr.in.cmd file, and skip actual enabling/disabling" + + " authentication (i.e. don't update security.json)") + .hasArg() + .create("updateIncludeFileOnly"), OptionBuilder - .withArgName("solrIncludeFile") - .hasArg() - .withDescription("The Solr include file which contains overridable environment variables for configuring Solr configurations") - .create("solrIncludeFile"), + .withArgName("authConfDir") + .hasArg() + .isRequired() + .withDescription("This is where any authentication related configuration files, if any, would be placed.") + .create("authConfDir"), OptionBuilder - .withArgName("solrUrl") - .hasArg() - .withDescription("Solr URL") - .create("solrUrl"), + .withArgName("solrUrl") + .hasArg() + .withDescription("Solr URL") + .create("solrUrl"), + OptionBuilder + .withArgName("zkHost") + .hasArg() + .withDescription("ZooKeeper host") + .create("zkHost"), }; } @Override public int runTool(CommandLine cli) throws Exception { - if (cli.getOptions().length == 0 || cli.getArgs().length > 0 || cli.hasOption("h")) { - new HelpFormatter().printHelp("bin/solr auth [OPTIONS]", getToolOptions(this)); + if (cli.getOptions().length == 0 || cli.getArgs().length == 0 || cli.getArgs().length > 1 || cli.hasOption("h")) { + new HelpFormatter().printHelp("bin/solr auth [OPTIONS]", getToolOptions(this)); return 1; } @@ -3578,128 +3588,153 @@ public class SolrCLI { exit(1); } - if (cli.hasOption("enable") && cli.hasOption("disable")) { - System.out.println("You have specified both -enable and -disable. Only one should be provided."); - return 1; - } - if (cli.hasOption("enable")) { - String zkHost = getZkHost(cli); - if (zkHost == null) { - System.out.println("ZK Host not found. Solr should be running in cloud mode"); - exit(1); - } + String cmd = cli.getArgs()[0]; + boolean prompt = Boolean.parseBoolean(cli.getOptionValue("prompt", "false")); + boolean updateIncludeFileOnly = Boolean.parseBoolean(cli.getOptionValue("updateIncludeFileOnly", "false")); + switch (cmd) { + case "enable": + if (!prompt && !cli.hasOption("credentials")) { + System.out.println("Option -credentials or -prompt is required with enable."); + new HelpFormatter().printHelp("bin/solr auth [OPTIONS]", getToolOptions(this)); + exit(1); + } else if (!prompt && (cli.getOptionValue("credentials") == null || !cli.getOptionValue("credentials").contains(":"))) { + System.out.println("Option -credentials is not in correct format."); + new HelpFormatter().printHelp("bin/solr auth [OPTIONS]", getToolOptions(this)); + exit(1); + } - - if (cli.hasOption("credentials") == false && cli.hasOption("prompt") == false) { - System.out.println("Option -credentials or -prompt is required with -enable."); - new HelpFormatter().printHelp("bin/solr auth [OPTIONS]", getToolOptions(this)); - exit(1); - } else if (cli.hasOption("prompt") == false && - (cli.getOptionValue("credentials") == null || !cli.getOptionValue("credentials").contains(":"))) { - System.out.println("Option -credentials is not in correct format."); - new HelpFormatter().printHelp("bin/solr auth [OPTIONS]", getToolOptions(this)); - exit(1); - } + String zkHost = null; - String username, password; - if (cli.hasOption("credentials")) { - String credentials = cli.getOptionValue("credentials"); - username = credentials.split(":")[0]; - password = credentials.split(":")[1]; - } else { - Console console = System.console(); - username = console.readLine("Enter username: "); - password = new String(console.readPassword("Enter password: ")); - } - // check if security is already enabled or not - try (SolrZkClient zkClient = new SolrZkClient(zkHost, 10000)) { - if (zkClient.exists("/security.json", true)) { - byte oldSecurityBytes[] = zkClient.getData("/security.json", null, null, true); - if (!"{}".equals(new String(oldSecurityBytes, StandardCharsets.UTF_8).trim())) { - System.out.println("Security is already enabled. You can disable it with 'bin/solr auth -disable'. Existing security.json: \n" - + new String(oldSecurityBytes, StandardCharsets.UTF_8)); + if (!updateIncludeFileOnly) { + try { + zkHost = getZkHost(cli); + } catch (Exception ex) { + if (cli.hasOption("zkHost")) { + System.out.println("Couldn't get ZooKeeper host. Please make sure that ZooKeeper is running and the correct zkHost has been passed in."); + } else { + System.out.println("Couldn't get ZooKeeper host. Please make sure Solr is running in cloud mode, or a zkHost has been passed in."); + } exit(1); } + if (zkHost == null) { + if (cli.hasOption("zkHost")) { + System.out.println("Couldn't get ZooKeeper host. Please make sure that ZooKeeper is running and the correct zkHost has been passed in."); + } else { + System.out.println("Couldn't get ZooKeeper host. Please make sure Solr is running in cloud mode, or a zkHost has been passed in."); + } + exit(1); + } + + // check if security is already enabled or not + try (SolrZkClient zkClient = new SolrZkClient(zkHost, 10000)) { + if (zkClient.exists("/security.json", true)) { + byte oldSecurityBytes[] = zkClient.getData("/security.json", null, null, true); + if (!"{}".equals(new String(oldSecurityBytes, StandardCharsets.UTF_8).trim())) { + System.out.println("Security is already enabled. You can disable it with 'bin/solr auth disable'. Existing security.json: \n" + + new String(oldSecurityBytes, StandardCharsets.UTF_8)); + exit(1); + } + } + } } - } - boolean blockUnknown = cli.getOptionValue("blockUnknown") == null ? - cli.hasOption("blockUnknown"): Boolean.valueOf(cli.getOptionValue("blockUnknown")); + String username, password; + if (cli.hasOption("credentials")) { + String credentials = cli.getOptionValue("credentials"); + username = credentials.split(":")[0]; + password = credentials.split(":")[1]; + } else { + Console console = System.console(); + username = console.readLine("Enter username: "); + password = new String(console.readPassword("Enter password: ")); + } - String securityJson = "{" + - "\n \"authentication\":{" + - "\n \"blockUnknown\": " + blockUnknown + "," + - "\n \"class\":\"solr.BasicAuthPlugin\"," + - "\n \"credentials\":{\""+username+"\":\"" + Sha256AuthenticationProvider.getSaltedHashedValue(password) + "\"}" + - "\n }," + - "\n \"authorization\":{" + - "\n \"class\":\"solr.RuleBasedAuthorizationPlugin\"," + - "\n \"permissions\":[" + - "\n {\"name\":\"security-edit\", \"role\":\"admin\"}," + - "\n {\"name\":\"collection-admin-edit\", \"role\":\"admin\"}," + - "\n {\"name\":\"core-admin-edit\", \"role\":\"admin\"}" + - "\n ]," + - "\n \"user-role\":{\""+username+"\":\"admin\"}" + - "\n }" + - "\n}"; + boolean blockUnknown = Boolean.valueOf(cli.getOptionValue("blockUnknown", "false")); + + String securityJson = "{" + + "\n \"authentication\":{" + + "\n \"blockUnknown\": " + blockUnknown + "," + + "\n \"class\":\"solr.BasicAuthPlugin\"," + + "\n \"credentials\":{\"" + username + "\":\"" + Sha256AuthenticationProvider.getSaltedHashedValue(password) + "\"}" + + "\n }," + + "\n \"authorization\":{" + + "\n \"class\":\"solr.RuleBasedAuthorizationPlugin\"," + + "\n \"permissions\":[" + + "\n {\"name\":\"security-edit\", \"role\":\"admin\"}," + + "\n {\"name\":\"collection-admin-edit\", \"role\":\"admin\"}," + + "\n {\"name\":\"core-admin-edit\", \"role\":\"admin\"}" + + "\n ]," + + "\n \"user-role\":{\"" + username + "\":\"admin\"}" + + "\n }" + + "\n}"; + + if (!updateIncludeFileOnly) { System.out.println("Uploading following security.json: " + securityJson); - try (SolrZkClient zkClient = new SolrZkClient(zkHost, 10000)) { zkClient.setData("/security.json", securityJson.getBytes(StandardCharsets.UTF_8), true); } + } - String solrIncludeFilename = cli.getOptionValue("solrIncludeFile"); - File includeFile = new File(solrIncludeFilename); - if (includeFile.exists() == false || includeFile.canWrite() == false) { - System.out.println("Solr include file " + solrIncludeFilename + " doesn't exist or is not writeable."); - printAuthEnablingInstructions(username, password); - System.exit(0); - } - File basicAuthConfFile = new File(includeFile.getParent() + File.separator + "basicAuth.conf"); - - if (basicAuthConfFile.getParentFile().canWrite() == false) { - System.out.println("Cannot write to file: " + basicAuthConfFile.getAbsolutePath()); - printAuthEnablingInstructions(username, password); - System.exit(0); - } - - FileUtils.writeStringToFile(basicAuthConfFile, - "httpBasicAuthUser=" + username + "\nhttpBasicAuthPassword=" + password, StandardCharsets.UTF_8); + String solrIncludeFilename = cli.getOptionValue("solrIncludeFile"); + File includeFile = new File(solrIncludeFilename); + if (includeFile.exists() == false || includeFile.canWrite() == false) { + System.out.println("Solr include file " + solrIncludeFilename + " doesn't exist or is not writeable."); + printAuthEnablingInstructions(username, password); + System.exit(0); + } + String authConfDir = cli.getOptionValue("authConfDir"); + File basicAuthConfFile = new File(authConfDir + File.separator + "basicAuth.conf"); - // update the solr.in.sh file to contain the necessary authentication lines - updateIncludeFileEnableAuth(includeFile, basicAuthConfFile.getAbsolutePath(), username, password); - return 0; - } else if (cli.hasOption("disable")) { - String zkHost = getZkHost(cli); - if (zkHost == null) { - stdout.print("ZK Host not found. Solr should be running in cloud mode"); + if (basicAuthConfFile.getParentFile().canWrite() == false) { + System.out.println("Cannot write to file: " + basicAuthConfFile.getAbsolutePath()); + printAuthEnablingInstructions(username, password); + System.exit(0); + } + + FileUtils.writeStringToFile(basicAuthConfFile, + "httpBasicAuthUser=" + username + "\nhttpBasicAuthPassword=" + password, StandardCharsets.UTF_8); + + // update the solr.in.sh file to contain the necessary authentication lines + updateIncludeFileEnableAuth(includeFile, basicAuthConfFile.getAbsolutePath()); + return 0; + + case "disable": + if (!updateIncludeFileOnly) { + zkHost = getZkHost(cli); + if (zkHost == null) { + stdout.print("ZK Host not found. Solr should be running in cloud mode"); + exit(1); + } + + System.out.println("Uploading following security.json: {}"); + + try (SolrZkClient zkClient = new SolrZkClient(zkHost, 10000)) { + zkClient.setData("/security.json", "{}".getBytes(StandardCharsets.UTF_8), true); + } + } + + solrIncludeFilename = cli.getOptionValue("solrIncludeFile"); + includeFile = new File(solrIncludeFilename); + if (!includeFile.exists() || !includeFile.canWrite()) { + System.out.println("Solr include file " + solrIncludeFilename + " doesn't exist or is not writeable."); + System.out.println("Security has been disabled. Please remove any SOLR_AUTH_TYPE or SOLR_AUTHENTICATION_OPTS configuration from solr.in.sh/solr.in.cmd.\n"); + System.exit(0); + } + + // update the solr.in.sh file to comment out the necessary authentication lines + updateIncludeFileDisableAuth(includeFile); + return 0; + + default: + System.out.println("Valid auth commands are: enable, disable"); exit(1); - } - - System.out.println("Uploading following security.json: {}"); - - try (SolrZkClient zkClient = new SolrZkClient(zkHost, 10000)) { - zkClient.setData("/security.json", "{}".getBytes(StandardCharsets.UTF_8), true); - } - - String solrIncludeFilename = cli.getOptionValue("solrIncludeFile"); - File includeFile = new File(solrIncludeFilename); - if (includeFile.exists() == false || includeFile.canWrite() == false) { - System.out.println("Solr include file " + solrIncludeFilename + " doesn't exist or is not writeable."); - System.out.println("Security has been disabled. Please remove any SOLR_AUTH_TYPE or SOLR_AUTHENTICATION_OPTS configuration from solr.in.sh/solr.in.cmd.\n"); - System.exit(0); - } - - // update the solr.in.sh file to comment out the necessary authentication lines - updateIncludeFileDisableAuth(includeFile); - return 0; } - System.out.println("Options not understood (should be -enable or -disable)."); - new HelpFormatter().printHelp("bin/solr auth [OPTIONS]", getToolOptions(this)); + System.out.println("Options not understood."); + new HelpFormatter().printHelp("bin/solr auth [OPTIONS]", getToolOptions(this)); return 1; } - + private void printAuthEnablingInstructions(String username, String password) { if (SystemUtils.IS_OS_WINDOWS) { System.out.println("\nAdd the following lines to the solr.in.cmd file so that the solr.cmd script can use subsequently.\n"); @@ -3708,11 +3743,11 @@ public class SolrCLI { } else { System.out.println("\nAdd the following lines to the solr.in.sh file so that the ./solr script can use subsequently.\n"); System.out.println("SOLR_AUTH_TYPE=\"basic\"\n" - + "SOLR_AUTHENTICATION_OPTS=\"-DbasicAuth=" + username + ":" + password + "\"\n"); + + "SOLR_AUTHENTICATION_OPTS=\"-Dbasicauth=" + username + ":" + password + "\"\n"); } } - private void updateIncludeFileEnableAuth(File includeFile, String basicAuthConfFile, String username, String password) throws IOException { + private void updateIncludeFileEnableAuth(File includeFile, String basicAuthConfFile) throws IOException { List includeFileLines = FileUtils.readLines(includeFile, StandardCharsets.UTF_8); for (int i=0; i includeFileLines = FileUtils.readLines(includeFile, StandardCharsets.UTF_8); boolean hasChanged = false; @@ -3762,7 +3797,7 @@ public class SolrCLI { @Override protected void runImpl(CommandLine cli) throws Exception {} } - + public static class UtilsTool extends ToolBase { private Path serverPath; private Path logsPath;