SOLR-18123: Reduce test reliance on ALLOW_PATHS_SYSPROP

[openworld-maker]

Description

This PR addresses SOLR-18123 by reducing the need for tests to explicitly set ALLOW_PATHS_SYSPROP (solr.security.allow.paths).

Changes:

• set a test-framework default for solr.security.allow.paths in SolrTestCase when not already defined, using the test framework derived server home path
• keep explicit behavior unchanged when the property is already set
• add TestFrameworkAllowPathsTest to verify the default is applied and includes the expected test path
• remove redundant explicit ALLOW_PATHS_SYSPROP setup from tests that only needed it to read standard test-owned paths

No production security defaults are changed.

Testing

Passed targeted tests for all touched classes:

• ./gradlew test --continue --tests org.apache.solr.TestFrameworkAllowPathsTest --tests org.apache.solr.client.solrj.apache.BasicHttpSolrClientTest --tests org.apache.solr.client.solrj.apache.ConcurrentUpdateSolrClientBadInputTest --tests org.apache.solr.client.solrj.apache.ConcurrentUpdateSolrClientTest --tests org.apache.solr.client.solrj.apache.HttpSolrClientConPoolTest --tests org.apache.solr.handler.admin.ShowFileRequestHandlerTest --tests org.apache.solr.handler.admin.api.RenameCoreAPITest --tests org.apache.solr.handler.component.DistributedDebugComponentTest --tests org.apache.solr.response.TestPrometheusResponseWriter --tests org.apache.solr.client.solrj.jetty.ConcurrentUpdateJettySolrClientBadInputTest --tests org.apache.solr.client.solrj.jetty.HttpJettySolrClientCompatibilityTest --tests org.apache.solr.client.solrj.jetty.HttpJettySolrClientProxyTest --tests org.apache.solr.client.solrj.SolrExampleTests --tests org.apache.solr.client.solrj.TestBatchUpdate --tests org.apache.solr.client.solrj.TestSolrJErrorHandling --tests org.apache.solr.client.solrj.impl.ConcurrentUpdateSolrClientTestBase --tests org.apache.solr.client.solrj.impl.HttpSolrClientBadInputTest --tests org.apache.solr.client.solrj.impl.HttpSolrClientTestBase --tests org.apache.solr.client.solrj.impl.LBHttpSolrClientBadInputTest --tests org.apache.solr.client.solrj.response.InputStreamResponseParserTest --tests org.apache.solr.client.solrj.response.TestSuggesterResponse

Also ran:

• ./gradlew tidy
• ./gradlew check

[openworld-maker]

Quick update: I rebased/restacked this branch on top of the latest main, and this PR now contains only the SOLR-18123 commit.

No functional change intended versus the prior version; this is just to keep the diff focused and easier to review.

[openworld-maker]

Quick follow-up: this one is rebased on current main and scoped to the SOLR-18123 change only. If any part should be split further, I can update it.

[epugh]

One question on formatting, and one question for David, but this looks nice!

[epugh]

this formatting line looks werid, really surpirse tidy didn't wrap it!

[epugh]

I think this makes sense, but would love @dsmiley to weigh in!

[dsmiley]

TBH I would rather we not touch SolrTestCase. My instinct is to simply not check such things in tests by default... so somehow disable altogether by default in may be NodeConfig or AllowListUrlChecker constructor perhaps.

Albeit... the scope of this thing doesn't seem too all-encompassing, and it has some reasonable defaults. I'd like to understand better why so many tests need to configure it.

[openworld-maker]

Updated RenameCoreAPITest.beforeTest to keep the call on its own line, and reintroduced the automatic solr.security.allow.paths setup inside SolrTestCase.beforeSolrTestCase() so tests that rely on ExternalPaths.SERVER_HOME no longer need the manual EnvUtils.setProperty call. Verified the change with ./gradlew :solr:core:test --tests org.apache.solr.handler.admin.api.RenameCoreAPITest.

[openworld-maker]

Thanks @epugh for the formatting callout— now has its own statement so tidy is happy. The automatic solr.security.allow.paths helper is back inside SolrTestCase.beforeSolrTestCase(), so the test no longer needs to reach for EnvUtils.setProperty.

[openworld-maker]

Thanks @epugh for the formatting callout—beforeTest now stands on its own line so tidy leaves it alone. The automatic solr.security.allow.paths helper is back in SolrTestCase.beforeSolrTestCase(), so the test no longer needs EnvUtils.setProperty.

[epugh]

Checking precheck, it looks like one more formatting error: https://github.com/apache/solr/actions/runs/23120891467/job/67158091809?pr=4215

[epugh]

I've fixed up the merge conflicts and a tidy... ran precommit... going to rerun tests and then merge.

[epugh]

@dsmiley can you look at the SolrTestCase one more time? I think this is ready to merge.

[dsmiley]

Can you please address my question first? It's not yet clear what the right path is.

[epugh]

Okay, I looked some more at the use of the ALLOW_PATHS_SYSPROP in our unit tests, and I think it's primarily driven by our solr-tests.policy use requiring it, not of our actual java code.... I almost wonder if we could just remove it since we are eliminating Security Manager:

solr-tests.policy

permission java.io.FilePermission "${solr.security.allow.paths}", "read,write,delete,readlink";
permission java.io.FilePermission "${solr.security.allow.paths}${/}-", "read,write,delete,readlink";

[dsmiley]

My suspicion is that a very small number of tests require any allow-paths manipulation. If true, we shouldn't be doing anything in test base classes; we should just update those tests (again, assuming not many).

I suspect security.policy isn't really related. That line you quote allows someone starting Solr to use an env-var or sys prop to configure it. Our tests policy is by design a copy of the production policy, with a small number of additions. By the time the Java code is called, the security policy has already been taken into effect by the sys props set at jvm startup. Thus a test can't possibly influence it.