ACS-2544 - Remove shared secret from solrcore.properties and document JAVA_TOOL_OPTIONS alternative

(cherry picked from commit 421ad3dc5a4689e5cd9e833c5ba7715941f611ac)
2025-09-10 14:11:25 +00:00 · 2022-02-10 17:11:20 +01:00
parent 66692aaecf
commit d785cb7774
2 changed files with 11 additions and 14 deletions
--- a/search-services/README.md
+++ b/search-services/README.md
@@ -386,7 +386,6 @@ The following environment variables are supported:
 | ENABLE_SPELLCHECK | true or false | Whether spellchecking is enabled or not. |
 | DISABLE_CASCADE_TRACKING | true or false | Whether cascade tracking is enabled or not. Disabling cascade tracking will improve performance, but result in some feature loss (e.g. path queries). |
 | ALFRESCO_SECURE_COMMS | https, secret or none | Whether communication with the repository is secured. See below. |
-| ALFRESCO_SECURE_COMMS_SHARED_SECRET | string | A shared secret for Solr and repository to authenticate each other |
 | SOLR_SSL_... | --- | These variables are also used to configure SSL. See below. |

 **Using Mutual Auth TLS (SSL)**
@@ -417,7 +416,7 @@ searchservices:develop

 **Using Shared secret authentication**

-An alternative is to use a shared secret in order to secure repo <-> solr commnunication. You just need to set `ALFRESCO_SECURE_COMMS=secret` **AND** `ALFRESCO_SECURE_COMMS_SHARED_SECRET=my_super_secret_secret`
+An alternative is to use a shared secret in order to secure repo <-> solr commnunication. You just need to set `ALFRESCO_SECURE_COMMS=secret` **AND** `JAVA_TOOL_OPTIONS="-Dalfresco.secureComms.secret=my_super_secret_secret"`

 SOLR Web Console will be available at:

--- a/search-services/packaging/src/docker/search_config_setup.sh
+++ b/search-services/packaging/src/docker/search_config_setup.sh
@@ -91,19 +91,17 @@ fi

 # By default Docker Image is using TLS Mutual Authentication (SSL) for communications with Repository
 # Plain HTTP can be enabled by setting ALFRESCO_SECURE_COMMS to 'none'
+# Plain HTTP with a secret word in the request header can be enabled by setting ALFRESCO_SECURE_COMMS to 'secret',
+# the secret word should be defined as a JVM argument like so: JAVA_TOOL_OPTIONS="-Dalfresco.secureComms.secret=my-secret-value"
 case "$ALFRESCO_SECURE_COMMS" in
   secret)
-      if [ -n "$ALFRESCO_SECURE_COMMS_SHARED_SECRET" ]; then
-         sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\nalfresco.secureComms.secret=${ALFRESCO_SECURE_COMMS_SHARED_SECRET}\n/" $SOLR_RERANK_CORE_FILE $SOLR_NORERANK_CORE_FILE
-         if [[ -f ${PWD}/solrhome/alfresco/conf/solrcore.properties ]]; then
-             sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\nalfresco.secureComms.secret=${ALFRESCO_SECURE_COMMS_SHARED_SECRET}\n/" ${PWD}/solrhome/alfresco/conf/solrcore.properties
-         fi
-         if [[ -f ${PWD}/solrhome/archive/conf/solrcore.properties ]]; then
-             sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\nalfresco.secureComms.secret=${ALFRESCO_SECURE_COMMS_SHARED_SECRET}\n/" ${PWD}/solrhome/archive/conf/solrcore.properties
-         fi
-      else
-         LOG_WARN=1
-      fi
+     sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\n/" $SOLR_RERANK_CORE_FILE $SOLR_NORERANK_CORE_FILE
+     if [[ -f ${PWD}/solrhome/alfresco/conf/solrcore.properties ]]; then
+         sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\n/" ${PWD}/solrhome/alfresco/conf/solrcore.properties
+     fi
+     if [[ -f ${PWD}/solrhome/archive/conf/solrcore.properties ]]; then
+         sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\n/" ${PWD}/solrhome/archive/conf/solrcore.properties
+     fi
   ;;
   none)
     sed -i "s/alfresco.secureComms=https/alfresco.secureComms=none\n/" $SOLR_RERANK_CORE_FILE $SOLR_NORERANK_CORE_FILE
@@ -117,7 +115,7 @@ case "$ALFRESCO_SECURE_COMMS" in
   https|'')
   ;;
   *)
-      LOG_WARN=2
+      LOG_WARN=1
   ;;
 esac