ACS-2544 - Remove shared secret from solrcore.properties and document JAVA_TOOL_OPTIONS alternative

(cherry picked from commit 421ad3dc5a4689e5cd9e833c5ba7715941f611ac)

search-services/README.md

@@ -386,7 +386,6 @@ The following environment variables are supported:
 | ENABLE_SPELLCHECK | true or false | Whether spellchecking is enabled or not. |
 | DISABLE_CASCADE_TRACKING | true or false | Whether cascade tracking is enabled or not. Disabling cascade tracking will improve performance, but result in some feature loss (e.g. path queries). |
 | ALFRESCO_SECURE_COMMS | https, secret or none | Whether communication with the repository is secured. See below. |
-| ALFRESCO_SECURE_COMMS_SHARED_SECRET | string | A shared secret for Solr and repository to authenticate each other |
 | SOLR_SSL_... | --- | These variables are also used to configure SSL. See below. |
 
 **Using Mutual Auth TLS (SSL)**
@@ -417,7 +416,7 @@ searchservices:develop
 
 **Using Shared secret authentication**
 
-An alternative is to use a shared secret in order to secure repo <-> solr commnunication. You just need to set `ALFRESCO_SECURE_COMMS=secret` **AND** `ALFRESCO_SECURE_COMMS_SHARED_SECRET=my_super_secret_secret`
+An alternative is to use a shared secret in order to secure repo <-> solr commnunication. You just need to set `ALFRESCO_SECURE_COMMS=secret` **AND** `JAVA_TOOL_OPTIONS="-Dalfresco.secureComms.secret=my_super_secret_secret"`
 
 SOLR Web Console will be available at:
 

search-services/packaging/src/docker/search_config_setup.sh

@@ -91,18 +91,16 @@ fi
 
 # By default Docker Image is using TLS Mutual Authentication (SSL) for communications with Repository
 # Plain HTTP can be enabled by setting ALFRESCO_SECURE_COMMS to 'none'
+# Plain HTTP with a secret word in the request header can be enabled by setting ALFRESCO_SECURE_COMMS to 'secret',
+# the secret word should be defined as a JVM argument like so: JAVA_TOOL_OPTIONS="-Dalfresco.secureComms.secret=my-secret-value"
 case "$ALFRESCO_SECURE_COMMS" in
    secret)
-      if [ -n "$ALFRESCO_SECURE_COMMS_SHARED_SECRET" ]; then
-         sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\nalfresco.secureComms.secret=${ALFRESCO_SECURE_COMMS_SHARED_SECRET}\n/" $SOLR_RERANK_CORE_FILE $SOLR_NORERANK_CORE_FILE
+     sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\n/" $SOLR_RERANK_CORE_FILE $SOLR_NORERANK_CORE_FILE
      if [[ -f ${PWD}/solrhome/alfresco/conf/solrcore.properties ]]; then
-             sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\nalfresco.secureComms.secret=${ALFRESCO_SECURE_COMMS_SHARED_SECRET}\n/" ${PWD}/solrhome/alfresco/conf/solrcore.properties
+         sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\n/" ${PWD}/solrhome/alfresco/conf/solrcore.properties
      fi
      if [[ -f ${PWD}/solrhome/archive/conf/solrcore.properties ]]; then
-             sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\nalfresco.secureComms.secret=${ALFRESCO_SECURE_COMMS_SHARED_SECRET}\n/" ${PWD}/solrhome/archive/conf/solrcore.properties
-         fi
-      else
-         LOG_WARN=1
+         sed -i "s/alfresco.secureComms=https/alfresco.secureComms=secret\n/" ${PWD}/solrhome/archive/conf/solrcore.properties
      fi
    ;;
    none)
@@ -117,7 +115,7 @@ case "$ALFRESCO_SECURE_COMMS" in
    https|'')
    ;;
    *)
-      LOG_WARN=2
+      LOG_WARN=1
    ;;
 esac