Has anyone ever been able to figure out how to get SOLR properly working again after a JVM upgrade of _51 or later?
I've read from a few sources that it's due to the permissions being changed in _51 forward and have applied the following (and several other iterations) to the java.policy file and restarted CF but Solr still remains broken.
permission java.net.SocketPermission "*", "connect,listen,accept,resolve";
permission java.net.SocketPermission "localhost:8983", "connect,listen,accept,resolve";
permission java.net.SocketPermission "localhost:1-", "connect,listen,accept,resolve";
This is a real problem as there are security issues fixed in the later JVM's and we need to upgrade.
I've been having the same issue, for a while. Still no solution.
Have you checked your Sandbox Security? I've noticed that if the CFAdmin JVM is pointing to Java 7.55 AND Sandbox Security is on, the Solr collections are broken (cannot administer in CFAdmin, and errors when trying to search); but if I turn off Sandbox Security (even with JVM 7.55), the Solr collections work and administer just fine.
Problem is - can't turn off Sandbox in production, NOR can we roll back to a pre-7.55 JVM.
Any possible solutions greatly appreciated.
Oh that’s interesting. We are using Sandbox security mostly to exclude some dangerous CF Tags.
We’ve been banging our heads on this for weeks as well. It’s surely a permissions issue and you’d think someone at Adobe would have been able to solve this by now. If we discover anything I’ll surely pass it along and I’d appreciate it if you’d do the same.
Sure thing. All I know, so far, is that Java "over-tightened" security (thanks to some Russian hackers) and severely limited socket permissions. Ever since 7.51. I've found articles on modifying /ColdFusion10/cfusion/jetty/jetty.lax, but nothing has worked.
I filed a bugbase report (zero votes), that did get some input by a few people, but no fix, yet. Charlie Arehart has also been giving some advice. But, so far, no one else has had this experience (that I've seen).
Oh, great news!
We’re going to implement this over the weekend. Send Adobe the bill for your time Thanks for the heads up!
Chicago.. very nice. I miss living, there.
So? Did the solution work, for you?
Actually we are on CF9 and can’t quite follow this part:
“go into Sandbox Security and click on the entry for CFIDE, then add "127.0.0.1" which enters as "connect,resolve".”
Are you referring to the “Server/Ports” tab?
Also, if you make a change to the neo-security file in the admin, won’t it over write your manual change in the future?
Here's what ultimately worked for us, on CF 9
In the default configuration, the neo-security file (<coldfusion>/lib/neo-security.xml) for CF9.1 contain three declarations of socket permissions in the following order:
Path: C:\ColdFusion9\wwwroot\WEB-INF\ Permissions: connect, resolve
Path: C:\inetpub\wwwroot\CFIDE Permissions: connect, resolve
Path: /* Permissions: connect, resolve
Manually edit the file and change each of the permissions above to connect, listen, resolve, then restart Coldfusion.
Glad you got that working! I just read on the Bugbase that this is going to be fixed in the next CF10 update, so your instructions should be quite valuable to anyone still running CF9.