incubator-connectors-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Lucene Connector Framework > How to Write an Authority Connector
Date Tue, 09 Mar 2010 13:43:00 GMT
Space: Lucene Connector Framework (http://cwiki.apache.org/confluence/display/CONNECTORS)
Page: How to Write an Authority Connector (http://cwiki.apache.org/confluence/display/CONNECTORS/How+to+Write+an+Authority+Connector)

Added by Karl Wright:
---------------------------------------------------------------------
h1. Writing an Authority Connector

An authority connector to a repository allows a repository's security model to be enforced
by a search engine.  Its only function is to convert a user name (which is often a Kerberos
principal name) into a set of _access tokens_.

The definition of an access token within LCF for a given repository is completely defined
by the connectors that deal with that repository, with one exception.  That exception is for
Active Directory.  Active Directory is so prevalent as a repository authorization mechanism
that LCF currently treats it as the "default" authority - that is, if you don't specify another
authority when you define a repository connection, LCF presumes that you mean that Active
Directory should be the controlling authority for the connection.  In that case, an access
token is simply an Active Directory SID.

For those repositories that do not use Active Directory as their authorization mechanism,
an authority connector should be written, along with the repository connector for the repository.
 Access tokens in that case represent a contract between your implementation of the authority
connector for the repository, and the repository connector for the repository.  They must
work together to define access tokens that will limit document access when used properly within
any search engine query.

As is the case with all connectors under the LCF umbrella, an authority connector consists
of two parts:

* A class implementing an interface (in this case, _org.apache.lcf.authorities.interfaces.IAuthorityConnector_)
* A set of JSP's that implement the crawler UI for the connector

h3. Implementing the Authority Connector class

A very good place to start is to read the javadoc for the authority connector interface. 
You will note that the javadoc describes the usage and pooling model for a connector class
pretty thoroughly.  It is very important to understand the model thoroughly in order to write
reliable connectors!  Use of static variables, for one thing, must be done in a very careful
way, to avoid issues that would be hard to detect with a cursory test.

The second thing to do is to examine some of the provided authority connector implementations.
 The Documentum connector, the LiveLink connector, the Memex connector, and the Meridio connector
all include authority connectors which demonstrate (to some degree) the sorts of techniques
you will need for an effective implementation.  You will also note that all of these connectors
extend a framework-provided authority connector base class, found at _org.apache.lcf.authorities.authorities.BaseAuthorityConnector_.
 This base class furnishes some basic bookkeeping logic for managing the connector pool, as
well as default implementations of some of the less typical functionality a connector may
have.  For example, connectors are allowed to have database tables of their own, which are
instantiated when the connector is registered, and are torn down when the connector is removed.
 This is, however, not very typical, and the base implementation reflects that.

TODO: More implementation details

h3. Implementing a set of Authority Connector JSPs

The authority connector class you write provides, through one of its methods, a symbolic name
where the crawler UI will look for authority connector UI components.  Your components will
therefore have the following path, relative to the crawler UI web application:

_authorities/<connector_symbolic_name>_

For an authority connector, you need to furnish the following JSPs:

|| JSP name || Where it fits ||
| headerconfig.jsp | Called during the header section of authority connector configuration
editing page |
| editconfig.jsp | Called during the body section of the authority connector configuration
editing page |
| postconfig.jsp | Called when configuration editing page is posted, either on a repost or
on a save |
| viewconfig.jsp | Called when the connection configuration is being viewed |


TODO: More implementation details


Change your notification preferences: http://cwiki.apache.org/confluence/users/viewnotifications.action

Mime
View raw message