I even tried using the line from the example verbatim and it throws the same
error (except with a real argument.
some_param = req.getParams().get("commit")
Is this a bug? It should be easy for anyone to reproduce.
________________________________
From: Matthew Castrigno <castr...@slhs.org>
Sent: Thursday, November 17, 2022 11:39 AM
To: users@solr.apache.org <users@solr.apache.org>
Cc: Thomas Corthals <tho...@klascement.net>
Subject: Security error attempting to access req in updateProcessorScript
Hello Community, I am getting this error message in the response when I attempt
to access req in a script. "msg": "Unable to invoke function processAdd in
script: test-script. js: TypeError: Can not extend/implement [class org.
apache. solr. request. SolrQueryRequestBase]
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside the St. Luke's email system.
ZjQcmQRYFpfptBannerEnd
Hello Community,
I am getting this error message in the response when I attempt to access req in
a script.
"msg":"Unable to invoke function processAdd in script: test-script.js:
TypeError: Can not extend/implement [class
org.apache.solr.request.SolrQueryRequestBase] because of
java.security.AccessControlException: access denied
(\"java.lang.RuntimePermission\"
\"accessClassInPackage.jdk.nashorn.internal.runtime\") in <eval> at line number
15",
line 15 is request = req.getJSON();
Thank you for any insights you can provide, they are most helpful.
/*
This is a basic skeleton JavaScript update processor.
In order for this to be executed, it must be properly wired into
solrconfig.xml; by default it is commented out in
the example solrconfig.xml and must be uncommented to be enabled.
See
https://urldefense.com/v3/__http://wiki.apache.org/solr/ScriptUpdateProcessor__;!!FkC3_z_N!MBn-jeyLMfpIcec-Bywg7gSZ5GCpOOmmrQ8jAGqbjNcfqa8RFkgXMZTPt01o_ph6uUqZ8KHAVCzPgA$
for more details.
*/
function processAdd(cmd) {
doc = cmd.solrDoc; // org.apache.solr.common.SolrInputDocument
childDocsPresent = doc.hasChildDocuments();
request = req.getJSON();
// request.forEach((key, value) => {
// logger.warn(key, value)
// });
logger.warn("The value of child docs present is " + childDocsPresent);
// Set a field value:
// doc.setField("foo_s", "whatever");
// Get a configuration parameter:
// config_param = params.get('config_param'); // "params" only exists if
processor configured with <lst name="params">
// Get a request parameter:
// some_param = req.getParams().get("some_param")
// Add a field of field names that match a pattern:
// - Potentially useful to determine the fields/attributes represented in a
result set, via faceting on field_name_ss
// field_names = doc.getFieldNames().toArray();
// for(i=0; i < field_names.length; i++) {
// field_name = field_names[i];
// if (/attr_.*/.test(field_name)) { doc.addField("attribute_ss",
field_names[i]); }
// }
}
function processDelete(cmd) {
// no-op
}
function processMergeIndexes(cmd) {
// no-op
}
function processCommit(cmd) {
// no-op
}
function processRollback(cmd) {
// no-op
}
function finish() {
// no-op
}
----------------------------------------------------------------------
"This message is intended for the use of the person or entity to which it is
addressed and may contain information that is confidential or privileged, the
disclosure of which is governed by applicable law. If the reader of this
message is not the intended recipient, you are hereby notified that any
dissemination, distribution, or copying of this information is strictly
prohibited. If you have received this message by error, please notify us
immediately and destroy the related message."
----------------------------------------------------------------------
"This message is intended for the use of the person or entity to which it is
addressed and may contain information that is confidential or privileged, the
disclosure of which is governed by applicable law. If the reader of this
message is not the intended recipient, you are hereby notified that any
dissemination, distribution, or copying of this information is strictly
prohibited. If you have received this message by error, please notify us
immediately and destroy the related message."
