lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ryan McKinley (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-1895) ManifoldCF SearchComponent plugin for enforcing ManifoldCF security at search time
Date Tue, 20 Sep 2011 19:24:09 GMT

    [ https://issues.apache.org/jira/browse/SOLR-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108949#comment-13108949
] 

Ryan McKinley commented on SOLR-1895:
-------------------------------------

I like this patch because it builds a general allow/deny filter matrix that could work for
most authentication strategies where you know security info at index time.

It would be good to have a general starting place to implement security *somewhere* in the
solr codebase, though i don't see solr getting a full security stack.

re packaging: i'm fine with contrib or core -- contrib seems heavyweight for just this class.
 But as we look at things like SOLR-1834 and SOLR-1872 it would be good to have them in a
different module.  Maybe we should just go ahead and start in a module so it is easier to
modify in the future.



> ManifoldCF SearchComponent plugin for enforcing ManifoldCF security at search time
> ----------------------------------------------------------------------------------
>
>                 Key: SOLR-1895
>                 URL: https://issues.apache.org/jira/browse/SOLR-1895
>             Project: Solr
>          Issue Type: New Feature
>          Components: SearchComponents - other
>            Reporter: Karl Wright
>              Labels: document, security, solr
>             Fix For: 3.5, 4.0
>
>         Attachments: LCFSecurityFilter.java, LCFSecurityFilter.java, LCFSecurityFilter.java,
LCFSecurityFilter.java, SOLR-1895-service-plugin.patch, SOLR-1895-service-plugin.patch, SOLR-1895.patch,
SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch
>
>
> I've written an LCF SearchComponent which filters returned results based on access tokens
provided by LCF's authority service.  The component requires you to configure the appropriate
authority service URL base, e.g.:
>   <!-- LCF document security enforcement component -->
>   <searchComponent name="lcfSecurity" class="LCFSecurityFilter">
>     <str name="AuthorityServiceBaseURL">http://localhost:8080/lcf-authority-service</str>
>   </searchComponent>
> Also required are the following schema.xml additions:
>    <!-- Security fields -->
>    <field name="allow_token_document" type="string" indexed="true" stored="false"
multiValued="true"/>
>    <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true"/>
>    <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
>    <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
> Finally, to tie it into the standard request handler, it seems to need to run last:
>   <requestHandler name="standard" class="solr.SearchHandler" default="true">
>     <arr name="last-components">
>       <str>lcfSecurity</str>
>     </arr>
> ...
> I have not set a package for this code.  Nor have I been able to get it reviewed by someone
as conversant with Solr as I would prefer.  It is my hope, however, that this module will
become part of the standard Solr 1.5 suite of search components, since that would tie it in
with LCF nicely.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message