lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Erik Hatcher (JIRA)" <j...@apache.org>
Subject [jira] [Issue Comment Edited] (SOLR-1895) ManifoldCF SearchComponent plugin for enforcing ManifoldCF security at search time
Date Tue, 20 Sep 2011 14:00:10 GMT

    [ https://issues.apache.org/jira/browse/SOLR-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108719#comment-13108719
] 

Erik Hatcher edited comment on SOLR-1895 at 9/20/11 1:59 PM:
-------------------------------------------------------------

bq. I don't think PostFilter has anything to do with this issue – IIUC, Post filter is a
good way to filter results after the query one-by-one. This component adds a Query to the
list of filters in the prepare stage. It works in tandem with an indexing strategy that puts
corresponding tokens on documents.

I guess you're right, as that'd be an implementation detail that would create any post filtering
queries using a PostFilter implementation, and then adding wrapping with a QueryWrapperFilter.
 The MCF filtering doesn't need post filtering... but maybe it'd still be advantageous to
leverage the new "cost" capability of filters.

bq. I just realized that Erik's proposal is somewhat different and seems to involve a broader
integration. If that's what winds up being done I'd like a pointer to an existing example
so I can stay consistent.

Yeah, basically like picking a spell check implementation or any of the other subplugins we
have within the various SearchComponent's in Solr.

As for my involvement here - I've got no time in the near future to contribute an implementation
of my idea, but should be fairly straightforward to leverage the ideas of how other Solr SearchComponents
get their implementation details via named "plugins".

      was (Author: ehatcher):
    bq. I don't think PostFilter has anything to do with this issue – IIUC, Post filter
is a good way to filter results after the query one-by-one. This component adds a Query to
the list of filters in the prepare stage. It works in tandem with an indexing strategy that
puts corresponding tokens on documents.

I guess you're right, as that'd be an implementation detail that would create any post filtering
queries using a PostFilter implementation, and then adding wrapping with a QueryWrapperFilter...
but probably MCF's filtering would benefit from post filtering too since it may not be advantageous/desirable
to cache those filters.  (maybe they aren't being cached given how they are created now anyway)

bq. I just realized that Erik's proposal is somewhat different and seems to involve a broader
integration. If that's what winds up being done I'd like a pointer to an existing example
so I can stay consistent.

Yeah, basically like picking a spell check implementation or any of the other subplugins we
have within the various SearchComponent's in Solr.

As for my involvement here - I've got no time in the near future to contribute an implementation
of my idea, but should be fairly straightforward to leverage the ideas of how other Solr SearchComponents
get their implementation details via named "plugins".
  
> ManifoldCF SearchComponent plugin for enforcing ManifoldCF security at search time
> ----------------------------------------------------------------------------------
>
>                 Key: SOLR-1895
>                 URL: https://issues.apache.org/jira/browse/SOLR-1895
>             Project: Solr
>          Issue Type: New Feature
>          Components: SearchComponents - other
>            Reporter: Karl Wright
>              Labels: document, security, solr
>             Fix For: 3.5, 4.0
>
>         Attachments: LCFSecurityFilter.java, LCFSecurityFilter.java, LCFSecurityFilter.java,
LCFSecurityFilter.java, SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch,
SOLR-1895.patch, SOLR-1895.patch
>
>
> I've written an LCF SearchComponent which filters returned results based on access tokens
provided by LCF's authority service.  The component requires you to configure the appropriate
authority service URL base, e.g.:
>   <!-- LCF document security enforcement component -->
>   <searchComponent name="lcfSecurity" class="LCFSecurityFilter">
>     <str name="AuthorityServiceBaseURL">http://localhost:8080/lcf-authority-service</str>
>   </searchComponent>
> Also required are the following schema.xml additions:
>    <!-- Security fields -->
>    <field name="allow_token_document" type="string" indexed="true" stored="false"
multiValued="true"/>
>    <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true"/>
>    <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
>    <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
> Finally, to tie it into the standard request handler, it seems to need to run last:
>   <requestHandler name="standard" class="solr.SearchHandler" default="true">
>     <arr name="last-components">
>       <str>lcfSecurity</str>
>     </arr>
> ...
> I have not set a package for this code.  Nor have I been able to get it reviewed by someone
as conversant with Solr as I would prefer.  It is my hope, however, that this module will
become part of the standard Solr 1.5 suite of search components, since that would tie it in
with LCF nicely.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message