Fixed: Disallow unauthorized users to use Solr (OFBIZ-12792)

Adds a message explaining to unauthorized users they can't use Solr

solr/config/SolrUiLabels.xml

@@ -45,7 +45,6 @@ under the License.
     <property key="SolrMissingProductCategoryId">
         <value xml:lang="en">Missing product category id.</value>
     </property>
-
     <property key="SolrErrorManageLoginFirst">
         <value xml:lang="en">To manage Solr in OFBiz, you have to login first and have the permission to do so.</value>
     </property>
@@ -70,4 +69,7 @@ under the License.
     <property key="SolrErrorNoViewFilePermission">
         <value xml:lang="en">To view files of a Solr index in OFBiz, you should have the permission to do so.</value>
     </property>
-</resource>
+    <property key="SolrErrorUnauthorisedRequestForSecurityReason">
+        <value xml:lang="en">The request must be from an authorized user</value>
+    </property>
+</resource>

solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java

@@ -107,6 +107,12 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
 
         // check if the request is from an authorized user
         String servletPath = httpRequest.getServletPath();
+
+        if (servletPath.equals("/solrdefault/debug/dump")) {
+            sendJsonHeaderMessage(httpRequest, httpResponse, null, "SolrErrorUnauthorisedRequestForSecurityReason", null, locale);
+            return;
+        }
+
         if (UtilValidate.isNotEmpty(servletPath) && (servletPath.startsWith("/admin/") || servletPath.endsWith("/update")
                 || servletPath.endsWith("/update/json") || servletPath.endsWith("/update/csv") || servletPath.endsWith("/update/extract")
                 || servletPath.endsWith("/replication") || servletPath.endsWith("/file") || servletPath.endsWith("/file/"))) {