lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthew Mauriello" <mm578...@albany.edu>
Subject Re: [jira] Commented: (SOLR-1834) Document level security
Date Thu, 06 May 2010 01:40:28 GMT
Hello,

I am trying to understand more about securing solr on my tomcat 6 server
and I was curious how document level security works exactly? What prevents
a user from changing the username that gets appended to the query string?

I have a dynamic mysql user database that changes frequently and I am
looking for a way to have solr either reference the database or reference
session variables. Any proper way to set up security in solr to say work
with my PHP/JSP web application would be helpful. The project supervisor
doesn't really want to have to edit configuration files every time the
user database changes so I am looking for a dynamic solution. The project
has to be open to external users as well and we don't want to use IP
restrictions unless it is a last resort.

Thanks for your time,

~Matt


>     [
> https://issues.apache.org/jira/browse/SOLR-1834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12864498#action_12864498
> ]
>
> Anders Rask commented on SOLR-1834:
> -----------------------------------
>
> Hi Andreas,
>
> Sorry for my late reply.
>
> I haven't looked in to the difference between using the
> ResponseBuilder#getFilters and using filter's in a normal query. Are there
> any functional differences between the two ways other than that one of
> them utilizes Solr's filterCache and the other doesn't?
>
>> Document level security
>> -----------------------
>>
>>                 Key: SOLR-1834
>>                 URL: https://issues.apache.org/jira/browse/SOLR-1834
>>             Project: Solr
>>          Issue Type: New Feature
>>          Components: SearchComponents - other
>>    Affects Versions: 1.4
>>            Reporter: Anders Rask
>>         Attachments: html.rar, SOLR-1834.patch
>>
>>
>> Attached to this issue is a patch that includes a framework for enabling
>> document level security in Solr as a search component. I did this as a
>> Master thesis project at Findwise in Stockholm and Findwise has now
>> decided to contribute it back to the community. The component was
>> developed in spring 2009 and has been in use at a customer since autumn
>> the same year.
>> There is a simple demo application up at
>> http://demo.findwise.se:8880/SolrSecurity/ which also explains more
>> about the component and how to set it up.
>
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: dev-help@lucene.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message