Thanks a lot. This is the suggestion we are proceeding forward with. On Thu, Oct 12, 2017 at 7:59 PM, Trey Grainger <solrt...@gmail.com> wrote:
> You can also just "replace" the registered xml query parser with another > parser. I imagine you're doing this for security reasons, which means you > just want the actual xml query parser to not be executable through a query. > Try adding the following line to your solrconfig.xml: > <queryParser name=“xmlparser” class=“solr.ExtendedDismaxQParserPlugin” > /> > > This way, the xml query parser is loaded in as a version of the eDismax > query parser instead, and any queries the are trying to reference the xml > query parser through local params will instead hit the eDismax query parser > and use its parsing logic instead. > > All the best, > > Trey Grainger > SVP of Engineering @ Lucidworks > Co-author, Solr in Action <http://solrinaction.com/> > http://www.treygrainger.com > > - > > On Thu, Oct 12, 2017 at 6:56 PM, Shawn Heisey <apa...@elyograg.org> wrote: > > > On 10/12/2017 3:18 PM, Manikandan Sivanesan wrote: > > > >> I'm looking for a way to disable the query parser XmlQParserPlugin > >> (org.apache.solr.search.XmlQParserPlugin) through solrconfig.xml . > >> Following the instructions mentioned here > >> <https://wiki.apache.org/solr/SolrConfigXml#Enable.2Fdisable_components > > > >> to > >> disable a query parser. > >> > >> This is the part that I added to solrconfig. > >> <queryParser name="xmlparser" class="XmlQParserPlugin" > >> enable="{enable.xmlparser:false}/> > >> > >> I have uploaded it to zk and reloaded the collection. But I still see > the > >> XmlQParserPlugin loaded in > >> in the Plugin/Stats => QUERYPARSER section of Solr Admin Console. > >> > > > > Through experimentation, I was able to figure out that the configuration > > of query parsers DOES support the "enable" attribute. Initially I > thought > > it might not. > > > > With this invalid configuration (the class is missing a character), Solr > > will start correctly: > > > > <queryParser name="flibble" class="solr.XmlQParserPlugi" enable="false"/> > > > > But if I change the enable attribute to "true" instead of "false", Solr > > will NOT successfully load the core with that config, because it > contains a > > class that cannot be found. > > > > The actual problem you're running into is that almost every query parser > > implementation that Solr has is hard-coded and explicitly loaded by code > in > > QParserPlugin. One of those parsers is the XML parser that you want to > > disable. > > > > I think it would be a good idea to go through the list of hard-coded > > parsers in the QParserPlugin class and make it a MUCH smaller list. Some > > of the parsers, especially the XML parser, probably should require > explicit > > configuration rather than being included by default. > > > > Thanks, > > Shawn > > > > > -- Manikandan Sivanesan Senior Software Engineer
