Jason Gerlowski created SOLR-17978:
--------------------------------------
Summary: Investigate SSL "specialcasing" of Jetty classpath
Key: SOLR-17978
URL: https://issues.apache.org/jira/browse/SOLR-17978
Project: Solr
Issue Type: Task
Components: scripts and tools
Affects Versions: 9.9, 10.0
Reporter: Jason Gerlowski
A coworker (credit to Shailja Roy) pointed out to me recently that the Jetty
classpath is given a few more directories whenever SSL is enabled. The code
for this is in the ["start Solr" portion of the "bin/solr"
scripts|https://github.com/apache/solr/blob/main/solr/bin/solr#L213]:
{code}
if [ "$SOLR_SSL_ENABLED" == "true" ]; then
SOLR_JETTY_CONFIG+=("--module=https"
"--lib=$DEFAULT_SERVER_DIR/solr-webapp/webapp/WEB-INF/lib/*")
{code}
I'm not a Jetty expert by any means so maybe this approach is "normal" and
unconcerning. But I recall discussions about the importance of maintaining the
distinction between the "Jetty" servlet classpath, and the classpath for the
Solr application proper.
The aim of this JIRA ticket is to investigate and clarify what the practical
consequences are (if any) of dumping a bunch of Solr jars onto Jetty's
classpath. If there *are* downsides, we should find an alternate way of
configuring SSL. Alternatively, if doing this is harmless, maybe we should
remove the conditionality here. (Currently there are 5 different directories
where jars "live" in a Solr deploy - reducing that number would be a nice
simplification for our users and for us developers as well.)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
