SOLR_SECURITY_MANAGER_ENABLED=false worked, thank you Kevin.
________________________________ From: Matthew Castrigno <castr...@slhs.org> Sent: Thursday, November 17, 2022 2:46 PM To: users@solr.apache.org <users@solr.apache.org> Subject: Re: Security error attempting to access req in updateProcessorScript Thank you Kevin for your reply. Yes I am running 9. 0 I am looking for SOLR_SECURITY_MANAGER_ENABLED in solr. in. sh, solr. in. cmd or security. policy file but none of these files seem to exist. Does the default install include these file or do ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside the St. Luke's email system. ZjQcmQRYFpfptBannerEnd Thank you Kevin for your reply. Yes I am running 9.0 I am looking for SOLR_SECURITY_MANAGER_ENABLED in solr.in.sh, solr.in.cmd or security.policy file but none of these files seem to exist. Does the default install include these file or do I need to create them? Where should they reside? Thank you. ________________________________ From: Kevin Risden <kris...@apache.org> Sent: Thursday, November 17, 2022 2:17 PM To: users@solr.apache.org <users@solr.apache.org> Cc: Thomas Corthals <tho...@klascement.net> Subject: Re: Security error attempting to access req in updateProcessorScript I'm assuming you are using Solr 9 and running into this. Solr 9 enabled the Java security manager by default which protects against a bunch of stuff potentially. One quick workaround is setting SOLR_SECURITY_MANAGER_ENABLED=false in solr. in. sh ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside the St. Luke's email system. ZjQcmQRYFpfptBannerEnd I'm assuming you are using Solr 9 and running into this. Solr 9 enabled the Java security manager by default which protects against a bunch of stuff potentially. One quick workaround is setting SOLR_SECURITY_MANAGER_ENABLED=false in solr.in.sh or however you run Solr to disable the security manager. If this meets your security posture needs. Another option is to modify the security.policy file with additional permissions as needed. There might be some oversight here in what policy is added. https://urldefense.com/v3/__https://solr.apache.org/guide/solr/latest/configuration-guide/script-update-processor.html*enababling-the-scriptingupdateprocessor-and-scripting-engines__;Iw!!FkC3_z_N!KLdbXu-V6Hxi86oBpkEyPYhpZuPBNTPHAkLArKr-VZR7hJ0wbbSIJLqi--gyflxe_Puas4l9BQZ_YA$ KevinRisden On Thu, Nov 17, 2022 at 2:31 PM Matthew Castrigno <castr...@slhs.org> wrote: > I even tried using the line from the example verbatim and it throws the > same error (except with a real argument. > some_param = req.getParams().get("commit") > > Is this a bug? It should be easy for anyone to reproduce. > > > ________________________________ > From: Matthew Castrigno <castr...@slhs.org> > Sent: Thursday, November 17, 2022 11:39 AM > To: users@solr.apache.org <users@solr.apache.org> > Cc: Thomas Corthals <tho...@klascement.net> > Subject: Security error attempting to access req in updateProcessorScript > > Hello Community, I am getting this error message in the response when I > attempt to access req in a script. "msg": "Unable to invoke function > processAdd in script: test-script. js: TypeError: Can not extend/implement > [class org. apache. solr. request. SolrQueryRequestBase] > ZjQcmQRYFpfptBannerStart > This Message Is From an External Sender > This message came from outside the St. Luke's email system. > > ZjQcmQRYFpfptBannerEnd > > Hello Community, > > I am getting this error message in the response when I attempt to access > req in a script. > "msg":"Unable to invoke function processAdd in script: test-script.js: > TypeError: Can not extend/implement [class > org.apache.solr.request.SolrQueryRequestBase] because of > java.security.AccessControlException: access denied > (\"java.lang.RuntimePermission\" > \"accessClassInPackage.jdk.nashorn.internal.runtime\") in <eval> at line > number 15", > > line 15 is request = req.getJSON(); > > Thank you for any insights you can provide, they are most helpful. > > /* > This is a basic skeleton JavaScript update processor. > > In order for this to be executed, it must be properly wired into > solrconfig.xml; by default it is commented out in > the example solrconfig.xml and must be uncommented to be enabled. > > See > https://urldefense.com/v3/__http://wiki.apache.org/solr/ScriptUpdateProcessor__;!!FkC3_z_N!MBn-jeyLMfpIcec-Bywg7gSZ5GCpOOmmrQ8jAGqbjNcfqa8RFkgXMZTPt01o_ph6uUqZ8KHAVCzPgA$ >formore details. > */ > > function processAdd(cmd) { > > > doc = cmd.solrDoc; // org.apache.solr.common.SolrInputDocument > childDocsPresent = doc.hasChildDocuments(); > request = req.getJSON(); > // request.forEach((key, value) => { > // logger.warn(key, value) > // }); > > logger.warn("The value of child docs present is " + childDocsPresent); > > > // Set a field value: > // doc.setField("foo_s", "whatever"); > > // Get a configuration parameter: > // config_param = params.get('config_param'); // "params" only exists if > processor configured with <lst name="params"> > > // Get a request parameter: > // some_param = req.getParams().get("some_param") > > // Add a field of field names that match a pattern: > // - Potentially useful to determine the fields/attributes represented > in a result set, via faceting on field_name_ss > // field_names = doc.getFieldNames().toArray(); > // for(i=0; i < field_names.length; i++) { > // field_name = field_names[i]; > // if (/attr_.*/.test(field_name)) { doc.addField("attribute_ss", > field_names[i]); } > // } > > } > function processDelete(cmd) { > // no-op > } > > function processMergeIndexes(cmd) { > // no-op > } > > function processCommit(cmd) { > // no-op > } > > function processRollback(cmd) { > // no-op > } > > function finish() { > // no-op > } > > > > ---------------------------------------------------------------------- > "This message is intended for the use of the person or entity to which it > is addressed and may contain information that is confidential or > privileged, the disclosure of which is governed by applicable law. If the > reader of this message is not the intended recipient, you are hereby > notified that any dissemination, distribution, or copying of this > information is strictly prohibited. If you have received this message by > error, please notify us immediately and destroy the related message." > > > ---------------------------------------------------------------------- > "This message is intended for the use of the person or entity to which it > is addressed and may contain information that is confidential or > privileged, the disclosure of which is governed by applicable law. If the > reader of this message is not the intended recipient, you are hereby > notified that any dissemination, distribution, or copying of this > information is strictly prohibited. If you have received this message by > error, please notify us immediately and destroy the related message." > ---------------------------------------------------------------------- "This message is intended for the use of the person or entity to which it is addressed and may contain information that is confidential or privileged, the disclosure of which is governed by applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this information is strictly prohibited. If you have received this message by error, please notify us immediately and destroy the related message." ---------------------------------------------------------------------- "This message is intended for the use of the person or entity to which it is addressed and may contain information that is confidential or privileged, the disclosure of which is governed by applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this information is strictly prohibited. If you have received this message by error, please notify us immediately and destroy the related message."
