SOLR-17864: Use modern format for allow urls and allow paths (#3813)

epugh · web-flow · commit fc2a22570a39 · 2025-10-31T07:40:41.000-04:00
* Migrate solr.allowPaths to solr.security.allow.paths
* Migrate solr.allowUrls to solr.security.allow.urls
* add properties to the ref guide
diff --git a/changelog/unreleased/SOLR_17864_part_trece.yml b/changelog/unreleased/SOLR_17864_part_trece.yml
@@ -0,0 +1,10 @@
+# See https://github.com/apache/solr/blob/main/dev-docs/changelog.adoc
+title: Migrated system properties solr.allowPaths and solr.allowUrls to modern equivalents.
+type: changed # added, changed, fixed, deprecated, removed, dependency_update, security, other
+authors:
+  - name: Eric Pugh
+links:
+  - name: SOLR-17864
+    url: https://issues.apache.org/jira/browse/SOLR-17864
+issues:
+  - 17864
diff --git a/gradle/testing/randomization/policies/solr-tests.policy b/gradle/testing/randomization/policies/solr-tests.policy
@@ -231,8 +231,8 @@ grant {
   permission java.io.FilePermission "${solr.logs.dir}", "read,write,delete,readlink";
   permission java.io.FilePermission "${solr.logs.dir}${/}-", "read,write,delete,readlink";
 
-  permission java.io.FilePermission "${solr.allowPaths}", "read,write,delete,readlink";
-  permission java.io.FilePermission "${solr.allowPaths}${/}-", "read,write,delete,readlink";
+  permission java.io.FilePermission "${solr.security.allow.paths}", "read,write,delete,readlink";
+  permission java.io.FilePermission "${solr.security.allow.paths}${/}-", "read,write,delete,readlink";
 
   permission java.io.FilePermission "${log4j.configurationFile}", "read,write,delete,readlink";
 
diff --git a/solr/benchmark/src/resources/solr.xml b/solr/benchmark/src/resources/solr.xml
@@ -26,8 +26,8 @@
   <str name="shareSchema">${shareSchema:false}</str>
   <str name="configSetBaseDir">${configSetBaseDir:configsets}</str>
   <str name="coreRootDirectory">${coreRootDirectory:.}</str>
-  <str name="allowPaths">${solr.allowPaths:}</str>
-  <str name="allowUrls">${solr.tests.allowUrls:}</str>
+  <str name="allowPaths">${solr.security.allow.paths:}</str>
+  <str name="allowUrls">${solr.tests.security.allow.urls:}</str>
 
   <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory">
     <str name="urlScheme">${urlScheme:}</str>
diff --git a/solr/bin/solr.in.cmd b/solr/bin/solr.in.cmd
@@ -201,9 +201,9 @@ REM set SOLR_GZIP_ENABLED=true
 
 REM When running Solr in non-cloud mode and if planning to do distributed search (using the "shards" parameter), the
 REM list of hosts needs to be defined in an allow-list or Solr will forbid the request. The allow-list can be configured
-REM in solr.xml, or if you are using the OOTB solr.xml, can be specified using the system property "solr.allowUrls".
+REM in solr.xml, or if you are using the OOTB solr.xml, can be specified using the system property "solr.security.allow.urls".
 REM Alternatively host checking can be disabled by setting the system property "solr.security.allow.urls.enabled=false"
-REM set SOLR_OPTS=%SOLR_OPTS% -Dsolr.allowUrls=http://localhost:8983,http://localhost:8984
+REM set SOLR_OPTS=%SOLR_OPTS% -Dsolr.security.allow.urls=http://localhost:8983,http://localhost:8984
 
 REM For a visual indication in the Admin UI of what type of environment this cluster is, configure
 REM a -Dsolr.environment property below. Valid values are prod, stage, test, dev, with an optional
@@ -234,7 +234,7 @@ REM set SOLR_UI_EXPERIMENTAL_ENABLED=false
 REM Solr is by default allowed to read and write data from/to SOLR_HOME and a few other well defined locations
 REM Sometimes it may be necessary to place a core or a backup on a different location or a different disk
 REM This parameter lets you specify file system path(s) to explicitly allow. The special value of '*' will allow any path
-REM set SOLR_OPTS=%SOLR_OPTS% -Dsolr.allowPaths=D:\,E:\other\path
+REM set SOLR_OPTS=%SOLR_OPTS% -Dsolr.security.allow.paths=D:\,E:\other\path
 
 REM Before version 9.0, Solr required a copy of solr.xml file in $SOLR_HOME. Now Solr will use a default file if not found.
 REM To restore the old behavior, set the variable below to true
diff --git a/solr/bin/solr.in.sh b/solr/bin/solr.in.sh
@@ -227,9 +227,9 @@
 
 # When running Solr in non-cloud mode and if planning to do distributed search (using the "shards" parameter), the
 # list of hosts needs to be defined in an allow-list or Solr will forbid the request. The allow-list can be configured
-# in solr.xml, or if you are using the OOTB solr.xml, can be specified using the system property "solr.allowUrls".
+# in solr.xml, or if you are using the OOTB solr.xml, can be specified using the system property "solr.security.allow.urls".
 # Alternatively host checking can be disabled by setting the system property "solr.security.allow.urls.enabled=false"
-#SOLR_OPTS="$SOLR_OPTS -Dsolr.allowUrls=http://localhost:8983,http://localhost:8984"
+#SOLR_OPTS="$SOLR_OPTS -Dsolr.security.allow.urls=http://localhost:8983,http://localhost:8984"
 
 # For a visual indication in the Admin UI of what type of environment this cluster is, configure
 # a -Dsolr.environment property below. Valid values are prod, stage, test, dev, with an optional
@@ -260,7 +260,7 @@
 # Solr is by default allowed to read and write data from/to SOLR_HOME and a few other well defined locations
 # Sometimes it may be necessary to place a core or a backup on a different location or a different disk
 # This parameter lets you specify file system path(s) to explicitly allow. The special value of '*' will allow any path
-#SOLR_OPTS="$SOLR_OPTS -Dsolr.allowPaths=/mnt/bigdisk,/other/path"
+#SOLR_OPTS="$SOLR_OPTS -Dsolr.security.allow.paths=/mnt/bigdisk,/other/path"
 
 # Solr can attempt to take a heap dump on out of memory errors. To enable this, uncomment the line setting
 # SOLR_HEAP_DUMP below. Heap dumps will be saved to SOLR_LOG_DIR/dumps by default. Alternatively, you can specify any
diff --git a/solr/core/src/java/org/apache/solr/core/SolrPaths.java b/solr/core/src/java/org/apache/solr/core/SolrPaths.java
@@ -78,7 +78,7 @@ public static void assertPathAllowed(Path pathToAssert, Set<Path> allowPaths)
           SolrException.ErrorCode.BAD_REQUEST,
           "Path "
               + path
-              + " must be relative to SOLR_HOME, SOLR_DATA_HOME coreRootDirectory. Set system property 'solr.allowPaths' to add other allowed paths.");
+              + " must be relative to SOLR_HOME, SOLR_DATA_HOME coreRootDirectory. Set system property 'solr.security.allow.paths' to add other allowed paths.");
     }
   }
 
diff --git a/solr/core/src/test-files/solr/solr-50-all.xml b/solr/core/src/test-files/solr/solr-50-all.xml
@@ -24,7 +24,7 @@
   <str name="configSetsHandler">testConfigSetsHandler</str>
   <str name="managementPath">testManagementPath</str>
   <str name="sharedLib">testSharedLib</str>
-  <str name="allowPaths">${solr.allowPaths:}</str>
+  <str name="allowPaths">${solr.security.allow.paths:}</str>
   <str name="shareSchema">${shareSchema:true}</str>
   <str name="coresLocator">testCoresLocator</str>
   <str name="coreSorter">testCoreSorter</str>
diff --git a/solr/core/src/test-files/solr/solr.xml b/solr/core/src/test-files/solr/solr.xml
@@ -26,8 +26,8 @@
   <str name="shareSchema">${shareSchema:false}</str>
   <str name="configSetBaseDir">${configSetBaseDir:configsets}</str>
   <str name="coreRootDirectory">${coreRootDirectory:.}</str>
-  <str name="allowPaths">${solr.allowPaths:}</str>
-  <str name="allowUrls">${solr.tests.allowUrls:}</str>
+  <str name="allowPaths">${solr.security.allow.paths:}</str>
+  <str name="allowUrls">${solr.tests.security.allow.urls:}</str>
   <bool name="hideStackTrace">${solr.hideStackTrace:true}</bool>
   <int name="indexSearcherExecutorThreads">4</int>
 
diff --git a/solr/core/src/test/org/apache/solr/cloud/api/collections/BackupRestoreApiErrorConditionsTest.java b/solr/core/src/test/org/apache/solr/cloud/api/collections/BackupRestoreApiErrorConditionsTest.java
@@ -46,7 +46,7 @@ public class BackupRestoreApiErrorConditionsTest extends SolrCloudTestCase {
    */
   @BeforeClass
   public static void setUpClass() throws Exception {
-    System.setProperty("solr.allowPaths", "*");
+    System.setProperty("solr.security.allow.paths", "*");
     validBackupLocation = createTempDir().toAbsolutePath().toString();
 
     String solrXml = MiniSolrCloudCluster.DEFAULT_CLOUD_SOLR_XML;
@@ -78,7 +78,7 @@ public static void setUpClass() throws Exception {
 
   @AfterClass
   public static void tearDownClass() {
-    System.clearProperty("solr.allowPaths");
+    System.clearProperty("solr.security.allow.paths");
   }
 
   @Test
diff --git a/solr/core/src/test/org/apache/solr/core/TestCoreContainer.java b/solr/core/src/test/org/apache/solr/core/TestCoreContainer.java
@@ -506,7 +506,7 @@ public void testSolrInstallDir() throws Exception {
   private static final String ALLOW_PATHS_SOLR_XML =
       "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n"
           + "<solr>\n"
-          + "<str name=\"allowPaths\">${solr.allowPaths:}</str>\n"
+          + "<str name=\"allowPaths\">${solr.security.allow.paths:}</str>\n"
           + "</solr>";
 
   private static final String CUSTOM_HANDLERS_SOLR_XML =
@@ -630,7 +630,7 @@ public CustomConfigSetsHandler(CoreContainer cc) {
   @Test
   public void assertAllowPathFromSolrXml() throws Exception {
     Assume.assumeFalse(OS.isFamilyWindows());
-    System.setProperty("solr.allowPaths", "/var/solr");
+    System.setProperty("solr.security.allow.paths", "/var/solr");
     CoreContainer cc = init(ALLOW_PATHS_SOLR_XML);
     cc.assertPathAllowed(Path.of("/var/solr/foo"));
     try {
@@ -640,14 +640,14 @@ public void assertAllowPathFromSolrXml() throws Exception {
       /* Ignore */
     } finally {
       cc.shutdown();
-      System.clearProperty("solr.allowPaths");
+      System.clearProperty("solr.security.allow.paths");
     }
   }
 
   @Test
   public void assertAllowPathFromSolrXmlWin() throws Exception {
     Assume.assumeTrue(OS.isFamilyWindows());
-    System.setProperty("solr.allowPaths", "C:\\solr");
+    System.setProperty("solr.security.allow.paths", "C:\\solr");
     CoreContainer cc = init(ALLOW_PATHS_SOLR_XML);
     cc.assertPathAllowed(Path.of("C:\\solr\\foo"));
     try {
@@ -657,7 +657,7 @@ public void assertAllowPathFromSolrXmlWin() throws Exception {
       /* Ignore */
     } finally {
       cc.shutdown();
-      System.clearProperty("solr.allowPaths");
+      System.clearProperty("solr.security.allow.paths");
     }
   }
 
@@ -691,7 +691,7 @@ public void assertAllowPathWindows() {
   @Test
   public void assertAllowPathNormalization() throws Exception {
     Assume.assumeFalse(OS.isFamilyWindows());
-    System.setProperty("solr.allowPaths", "/var/solr/../solr");
+    System.setProperty("solr.security.allow.paths", "/var/solr/../solr");
     CoreContainer cc = init(ALLOW_PATHS_SOLR_XML);
     cc.assertPathAllowed(Path.of("/var/solr/foo"));
     assertThrows(
@@ -701,13 +701,13 @@ public void assertAllowPathNormalization() throws Exception {
           cc.assertPathAllowed(Path.of("/tmp"));
         });
     cc.shutdown();
-    System.clearProperty("solr.allowPaths");
+    System.clearProperty("solr.security.allow.paths");
   }
 
   @Test
   public void assertAllowPathNormalizationWin() throws Exception {
     Assume.assumeTrue(OS.isFamilyWindows());
-    System.setProperty("solr.allowPaths", "C:\\solr\\..\\solr");
+    System.setProperty("solr.security.allow.paths", "C:\\solr\\..\\solr");
     CoreContainer cc = init(ALLOW_PATHS_SOLR_XML);
     cc.assertPathAllowed(Path.of("C:\\solr\\foo"));
     assertThrows(
@@ -717,7 +717,7 @@ public void assertAllowPathNormalizationWin() throws Exception {
           cc.assertPathAllowed(Path.of("C:\\tmp"));
         });
     cc.shutdown();
-    System.clearProperty("solr.allowPaths");
+    System.clearProperty("solr.security.allow.paths");
   }
 
   private static Set<Path> ALLOWED_PATHS = Set.of(Path.of("/var/solr"));
diff --git a/solr/core/src/test/org/apache/solr/core/TestSolrXml.java b/solr/core/src/test/org/apache/solr/core/TestSolrXml.java
@@ -56,7 +56,8 @@ public void testAllInfoPresent() throws IOException {
     Files.copy(testSrcRoot.resolve("solr-50-all.xml"), solrHome.resolve("solr.xml"));
 
     System.setProperty(
-        "solr.allowPaths", OS.isFamilyWindows() ? "C:\\tmp,C:\\home\\john" : "/tmp,/home/john");
+        "solr.security.allow.paths",
+        OS.isFamilyWindows() ? "C:\\tmp,C:\\home\\john" : "/tmp,/home/john");
     System.setProperty(ContainerPluginsRegistry.CLUSTER_PLUGIN_EDIT_ENABLED, "false");
     NodeConfig cfg = SolrXmlConfig.fromSolrHome(solrHome, new Properties());
     CloudConfig ccfg = cfg.getCloudConfig();
@@ -139,7 +140,7 @@ public void testAllInfoPresent() throws IOException {
                         .map(s -> Path.of(s))
                         .collect(Collectors.toSet())));
     assertTrue("hideStackTrace", cfg.hideStackTraces());
-    System.clearProperty("solr.allowPaths");
+    System.clearProperty("solr.security.allow.paths");
 
     PluginInfo[] clusterPlugins = cfg.getClusterPlugins();
     assertEquals(3, clusterPlugins.length);
diff --git a/solr/core/src/test/org/apache/solr/core/snapshots/TestSolrCloudSnapshots.java b/solr/core/src/test/org/apache/solr/core/snapshots/TestSolrCloudSnapshots.java
@@ -70,7 +70,7 @@ public class TestSolrCloudSnapshots extends SolrCloudTestCase {
   @BeforeClass
   public static void setupClass() throws Exception {
     useFactory("solr.StandardDirectoryFactory");
-    System.setProperty("solr.allowPaths", "*");
+    System.setProperty("solr.security.allow.paths", "*");
     configureCluster(NUM_NODES) // nodes
         .addConfig(
             "conf1", TEST_PATH().resolve("configsets").resolve("cloud-minimal").resolve("conf"))
@@ -83,7 +83,7 @@ public static void setupClass() throws Exception {
   public static void teardownClass() {
     System.clearProperty("test.build.data");
     System.clearProperty("test.cache.data");
-    System.clearProperty("solr.allowPaths");
+    System.clearProperty("solr.security.allow.paths");
   }
 
   @Test
diff --git a/solr/core/src/test/org/apache/solr/core/snapshots/TestSolrCoreSnapshots.java b/solr/core/src/test/org/apache/solr/core/snapshots/TestSolrCoreSnapshots.java
@@ -68,7 +68,7 @@ public class TestSolrCoreSnapshots extends SolrCloudTestCase {
 
   @BeforeClass
   public static void setupClass() throws Exception {
-    System.setProperty("solr.allowPaths", "*");
+    System.setProperty("solr.security.allow.paths", "*");
     useFactory("solr.StandardDirectoryFactory");
     configureCluster(1) // nodes
         .addConfig(
@@ -81,7 +81,7 @@ public static void setupClass() throws Exception {
   public static void teardownClass() {
     System.clearProperty("test.build.data");
     System.clearProperty("test.cache.data");
-    System.clearProperty("solr.allowPaths");
+    System.clearProperty("solr.security.allow.paths");
   }
 
   @Test
diff --git a/solr/core/src/test/org/apache/solr/handler/TestStressIncrementalBackup.java b/solr/core/src/test/org/apache/solr/handler/TestStressIncrementalBackup.java
@@ -50,7 +50,7 @@ public class TestStressIncrementalBackup extends SolrCloudTestCase {
   @Before
   public void beforeTest() throws Exception {
     backupPath = createTempDir(getTestClass().getSimpleName() + "_backups");
-    System.setProperty("solr.allowPaths", backupPath.toString());
+    System.setProperty("solr.security.allow.paths", backupPath.toString());
 
     // NOTE: we don't actually care about using SolrCloud, but we want to use SolrClient and I can't
     // bring myself to deal with the nonsense that is SolrJettyTestBase.
@@ -96,7 +96,7 @@ public void afterTest() throws Exception {
       coreClient.close();
     }
 
-    System.clearProperty("solr.allowPaths");
+    System.clearProperty("solr.security.allow.paths");
   }
 
   @SuppressWarnings("AssertionFailureIgnored") // failure happens inside a thread
diff --git a/solr/core/src/test/org/apache/solr/handler/TestStressThreadBackup.java b/solr/core/src/test/org/apache/solr/handler/TestStressThreadBackup.java
@@ -77,12 +77,12 @@ public class TestStressThreadBackup extends SolrCloudTestCase {
 
   @BeforeClass
   public static void beforeClass() {
-    System.setProperty("solr.allowPaths", "*");
+    System.setProperty("solr.security.allow.paths", "*");
   }
 
   @AfterClass
   public static void afterClass() {
-    System.clearProperty("solr.allowPaths");
+    System.clearProperty("solr.security.allow.paths");
   }
 
   @Before
diff --git a/solr/modules/opentelemetry/src/test-files/solr/solr.xml b/solr/modules/opentelemetry/src/test-files/solr/solr.xml
@@ -26,7 +26,7 @@
   <str name="configSetBaseDir">${configSetBaseDir:configsets}</str>
   <str name="coreRootDirectory">${coreRootDirectory:.}</str>
   <str name="collectionsHandler">${collectionsHandler:solr.CollectionsHandler}</str>
-  <str name="allowUrls">${solr.tests.allowUrls:}</str>
+  <str name="allowUrls">${solr.tests.security.allow.urls:}</str>
 
   <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory">
     <str name="urlScheme">${urlScheme:}</str>
diff --git a/solr/packaging/test/test_security_manager.bats b/solr/packaging/test/test_security_manager.bats
@@ -40,7 +40,7 @@ teardown() {
   backup_dir="$(cd -P "${backup_dir}" && pwd)"
 
   export SOLR_SECURITY_MANAGER_ENABLED=true
-  export SOLR_OPTS="-Dsolr.allowPaths=${backup_dir} -Djava.io.tmpdir=${test_tmp_dir}"
+  export SOLR_OPTS="-Dsolr.security.allow.paths=${backup_dir} -Djava.io.tmpdir=${test_tmp_dir}"
   run solr start
   run solr create -c COLL_NAME
   run solr api --solr-url "http://localhost:${SOLR_PORT}/solr/admin/collections?action=BACKUP&name=test&collection=COLL_NAME&location=file://${backup_dir}"
diff --git a/solr/server/etc/security.policy b/solr/server/etc/security.policy
@@ -201,8 +201,8 @@ grant {
   permission java.io.FilePermission "${solr.logs.dir}", "read,write,delete,readlink";
   permission java.io.FilePermission "${solr.logs.dir}${/}-", "read,write,delete,readlink";
 
-  permission java.io.FilePermission "${solr.allowPaths}", "read,write,delete,readlink";
-  permission java.io.FilePermission "${solr.allowPaths}${/}-", "read,write,delete,readlink";
+  permission java.io.FilePermission "${solr.security.allow.paths}", "read,write,delete,readlink";
+  permission java.io.FilePermission "${solr.security.allow.paths}${/}-", "read,write,delete,readlink";
 
   permission java.io.FilePermission "${solr.sharedLib}", "read,readlink";
   permission java.io.FilePermission "${solr.sharedLib}${/}-", "read,readlink";
diff --git a/solr/server/etc/security.properties b/solr/server/etc/security.properties
@@ -20,5 +20,5 @@
 # as protection against DNS spoofing.  We set this back to the default (non-security-manager)
 # value of 30 seconds, to prevent surprising behavior (e.g. nodes in cloud environments without
 # static IP addresses). Users concerned about DNS spoofing should instead follow best practices:
-# populating solr.allowUrls, enabling TLS, etc.
+# populating solr.security.allow.urls, enabling TLS, etc.
 networkaddress.cache.ttl=30
diff --git a/solr/server/solr/solr.xml b/solr/server/solr/solr.xml
@@ -31,8 +31,8 @@
   <int name="maxBooleanClauses">${solr.max.booleanClauses:1024}</int>
   <str name="sharedLib">${solr.sharedLib:}</str>
   <str name="modules">${solr.modules:}</str>
-  <str name="allowPaths">${solr.allowPaths:}</str>
-  <str name="allowUrls">${solr.allowUrls:}</str>
+  <str name="allowPaths">${solr.security.allow.paths:}</str>
+  <str name="allowUrls">${solr.security.allow.urls:}</str>
   <str name="hideStackTrace">${solr.hideStackTrace:false}</str>
   <int name="indexSearcherExecutorThreads">${solr.searchThreads:0}</int>
 
diff --git a/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc b/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc
@@ -35,8 +35,8 @@ The default `solr.xml` file is found in `$SOLR_TIP/server/solr/solr.xml` and loo
   <int name="maxBooleanClauses">${solr.max.booleanClauses:1024}</int>
   <str name="sharedLib">${solr.sharedLib:}</str>
   <str name="modules">${solr.modules:}</str>
-  <str name="allowPaths">${solr.allowPaths:}</str>
-  <str name="allowUrls">${solr.allowUrls:}</str>
+  <str name="allowPaths">${solr.security.allow.paths:}</str>
+  <str name="allowUrls">${solr.security.allow.urls:}</str>
   <str name="hideStackTrace">${solr.hideStackTrace:false}</str>
 
   <solrcloud>
@@ -285,7 +285,7 @@ When running Solr as a user-managed cluster and using the `shards` parameter, a
 +
 In SolrCloud mode, the allow-list is automatically configured to include all live nodes in the cluster.
 +
-The allow-list can also be configured with the `solr.allowUrls` system property in `solr.in.sh` / `solr.in.cmd`.
+The allow-list can also be configured with the `solr.security.allow.urls` system property in `solr.in.sh` / `solr.in.cmd`.
 If you need to disable this feature for backwards compatibility, you can set the system property `solr.security.allow.urls.enabled=false`.
 
 `hideStackTrace`::
diff --git a/solr/solr-ref-guide/modules/configuration-guide/pages/coreadmin-api.adoc b/solr/solr-ref-guide/modules/configuration-guide/pages/coreadmin-api.adoc
@@ -193,7 +193,7 @@ Same as `name` on the `<core>` element.
 The directory where files for this core should be stored.
 Same as `instanceDir` on the `<core>` element.
 The default is the value specified for the `name` parameter if not supplied.
-This directory must be inside `SOLR_HOME`, `SOLR_DATA_HOME` or one of the paths specified by system property `solr.allowPaths`.
+This directory must be inside `SOLR_HOME`, `SOLR_DATA_HOME` or one of the paths specified by system property `solr.security.allow.paths`.
 
 `config`::
 +
@@ -223,7 +223,7 @@ See xref:schema-factory.adoc[] for details.
 |===
 +
 Name of the data directory relative to `instanceDir`.
-If absolute value is used, it must be inside `SOLR_HOME`, `SOLR_DATA_HOME` or one of the paths specified by system property `solr.allowPaths`.
+If absolute value is used, it must be inside `SOLR_HOME`, `SOLR_DATA_HOME` or one of the paths specified by system property `solr.security.allow.paths`.
 
 `configSet`::
 +
diff --git a/solr/solr-ref-guide/modules/configuration-guide/pages/solr-properties.adoc b/solr/solr-ref-guide/modules/configuration-guide/pages/solr-properties.adoc
@@ -84,6 +84,13 @@ NOTE: Properties marked with "!" indicate inverted meaning between old and new p
 
 |solr.security.auth.basicauth.credentials|basicauth||Defines basic authentication credentials.
 
+|solr.security.allow.paths|solr.allowPaths||A comma seperated list of paths for reading from.
+
+|solr.security.allow.urls|solr.allowUrls||A comma seperated list of urls for reading from.
+
+|solr.security.allow.urls.enabled|!solr.disable.allow.urls|false|If using an allow list of accessible urls is enabled. 
+
+
 |solr.security.auth.plugin|authenticationPlugin||Specifies the authentication plugin to use.
 
 |solr.solrj.cloud.max.stale.retries|cloudSolrClientMaxStaleRetries|5|Sets the maximum number of retries for stale connection attempts in SolrJ cloud client.
diff --git a/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml b/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml
diff --git a/solr/solrj/src/resources/DeprecatedSystemPropertyMappings.properties b/solr/solrj/src/resources/DeprecatedSystemPropertyMappings.properties
diff --git a/solr/solrj/src/test-files/solrj/solr/solr.xml b/solr/solrj/src/test-files/solrj/solr/solr.xml
diff --git a/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java b/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java
diff --git a/solr/test-framework/src/java/org/apache/solr/cloud/MiniSolrCloudCluster.java b/solr/test-framework/src/java/org/apache/solr/cloud/MiniSolrCloudCluster.java
diff --git a/solr/test-framework/src/java/org/apache/solr/cloud/api/collections/AbstractCloudBackupRestoreTestCase.java b/solr/test-framework/src/java/org/apache/solr/cloud/api/collections/AbstractCloudBackupRestoreTestCase.java
diff --git a/solr/test-framework/src/java/org/apache/solr/cloud/api/collections/AbstractCollectionsAPIDistributedZkTestBase.java b/solr/test-framework/src/java/org/apache/solr/cloud/api/collections/AbstractCollectionsAPIDistributedZkTestBase.java

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ public static void assertPathAllowed(Path pathToAssert, Set<Path> allowPaths)`
`78`	`78`	`SolrException.ErrorCode.BAD_REQUEST,`
`79`	`79`	`"Path "`
`80`	`80`	`+ path`
`81`		`- + " must be relative to SOLR_HOME, SOLR_DATA_HOME coreRootDirectory. Set system property 'solr.allowPaths' to add other allowed paths.");`
	`81`	`+ + " must be relative to SOLR_HOME, SOLR_DATA_HOME coreRootDirectory. Set system property 'solr.security.allow.paths' to add other allowed paths.");`
`82`	`82`	`}`
`83`	`83`	`}`
`84`	`84`