lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] Commented: (SOLR-1895) LCF SearchComponent plugin for enforcing LCF security at search time
Date Fri, 30 Apr 2010 12:12:54 GMT

    [ https://issues.apache.org/jira/browse/SOLR-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12862643#action_12862643
] 

Karl Wright commented on SOLR-1895:
-----------------------------------

Hi Anders,

Indeed, I based some of the code in this ticket on code you had contributed in SOLR-1834.

If we cooperate, I would suggest that we take the time and effort to understand both SOLR-1834
and LCF, thoroughly.  It is not clear from your comments that you are familiar with the LCF
security model - which to me seems to have many of the same concepts as your offering, but
built as part of an extensible crawling framework.  If you want to become more familiar with
LCF, I suggest that you start here, and look especially into the "Concepts and Terminology"
link.

http://incubator.apache.org/connectors/developer-resources.html

I think I have a good idea of the code in SOLR-1834, but obviously I cannot read your intent,
and how you would anticipate system integrators make use of this proposal.  If you would like
to clarify, please provide some use cases (e.g. reasonably detailed scenarios) so that I'm
sure we are both on the same page. ;-)

Thanks,
Karl


> LCF SearchComponent plugin for enforcing LCF security at search time
> --------------------------------------------------------------------
>
>                 Key: SOLR-1895
>                 URL: https://issues.apache.org/jira/browse/SOLR-1895
>             Project: Solr
>          Issue Type: New Feature
>          Components: SearchComponents - other
>            Reporter: Karl Wright
>             Fix For: 1.5
>
>         Attachments: LCFSecurityFilter.java, LCFSecurityFilter.java, LCFSecurityFilter.java
>
>
> I've written an LCF SearchComponent which filters returned results based on access tokens
provided by LCF's authority service.  The component requires you to configure the appropriate
authority service URL base, e.g.:
>   <!-- LCF document security enforcement component -->
>   <searchComponent name="lcfSecurity" class="LCFSecurityFilter">
>     <str name="AuthorityServiceBaseURL">http://localhost:8080/lcf-authority-service</str>
>   </searchComponent>
> Also required are the following schema.xml additions:
>    <!-- Security fields -->
>    <field name="allow_token_document" type="string" indexed="true" stored="false"
multiValued="true"/>
>    <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true"/>
>    <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
>    <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
> Finally, to tie it into the standard request handler, it seems to need to run last:
>   <requestHandler name="standard" class="solr.SearchHandler" default="true">
>     <arr name="last-components">
>       <str>lcfSecurity</str>
>     </arr>
> ...
> I have not set a package for this code.  Nor have I been able to get it reviewed by someone
as conversant with Solr as I would prefer.  It is my hope, however, that this module will
become part of the standard Solr 1.5 suite of search components, since that would tie it in
with LCF nicely.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message