lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-1895) ManifoldCF SearchComponent plugin for enforcing ManifoldCF security at search time
Date Tue, 27 Sep 2011 12:27:12 GMT

    [ https://issues.apache.org/jira/browse/SOLR-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13115436#comment-13115436
] 

Karl Wright commented on SOLR-1895:
-----------------------------------

bq. If it is MCF specific, I doubt there will be consensus to commit it if it really is MCF
specific, then maintaining it in MCF makes the most sense.

Well, part of it is going to be MCF-specific - namely the part that talks to the MCF authority
service and interprets the response.  Erik made it clear that that part has to be in contrib,
I think. He didn't sound like he had a problem with it being in Solr as long as it was in
contrib though.

bq. however, I don't think this is (or should be) MCF specific. The basic approach you take
is general, and I would love to see some building blocks like this exist in solr.

I would too, but I'm getting the impression that insufficient consensus exists to go forward
with the general infrastructure. So I'm looking to see if consensus exists for a stop-gap
solution, which is a contrib module that is MCF specific, with no common infrastructure (yet)
until consensus can be achieved.  When it is I can refactor the contrib module to use it.
 If this looks unlikely as well, I'll plan to build the infrastructure in the ManifoldCF world
to release Solr contrib modules that support ManifoldCF's security model.


                
> ManifoldCF SearchComponent plugin for enforcing ManifoldCF security at search time
> ----------------------------------------------------------------------------------
>
>                 Key: SOLR-1895
>                 URL: https://issues.apache.org/jira/browse/SOLR-1895
>             Project: Solr
>          Issue Type: New Feature
>          Components: SearchComponents - other
>            Reporter: Karl Wright
>              Labels: document, security, solr
>             Fix For: 3.5, 4.0
>
>         Attachments: LCFSecurityFilter.java, LCFSecurityFilter.java, LCFSecurityFilter.java,
LCFSecurityFilter.java, SOLR-1895-queries.patch, SOLR-1895-queries.patch, SOLR-1895-queries.patch,
SOLR-1895-queries.patch, SOLR-1895-service-plugin.patch, SOLR-1895-service-plugin.patch, SOLR-1895.patch,
SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch
>
>
> I've written an LCF SearchComponent which filters returned results based on access tokens
provided by LCF's authority service.  The component requires you to configure the appropriate
authority service URL base, e.g.:
>   <!-- LCF document security enforcement component -->
>   <searchComponent name="lcfSecurity" class="LCFSecurityFilter">
>     <str name="AuthorityServiceBaseURL">http://localhost:8080/lcf-authority-service</str>
>   </searchComponent>
> Also required are the following schema.xml additions:
>    <!-- Security fields -->
>    <field name="allow_token_document" type="string" indexed="true" stored="false"
multiValued="true"/>
>    <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true"/>
>    <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
>    <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
> Finally, to tie it into the standard request handler, it seems to need to run last:
>   <requestHandler name="standard" class="solr.SearchHandler" default="true">
>     <arr name="last-components">
>       <str>lcfSecurity</str>
>     </arr>
> ...
> I have not set a package for this code.  Nor have I been able to get it reviewed by someone
as conversant with Solr as I would prefer.  It is my hope, however, that this module will
become part of the standard Solr 1.5 suite of search components, since that would tie it in
with LCF nicely.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message