lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Sturge <>
Subject Re: [jira] [Commented] (SOLR-1834) Document level security
Date Mon, 05 Sep 2011 19:13:17 GMT
Yes, there has been much work and discussions on doc-level security in Solr.
The main problem with building in application-level security into Solr
is that there are myriad ways to approach it, depending on
requirements, as well as plenty of issues to address generally
regarding security - e.g. where do the permissions come from, how to
verify the caller, etc. etc.

Currently, there are 3 patches available to this end:

1834 and 1895 use LCF to provide the security permissions. 1872 uses a
solr-local ACL file to deliver permissions.

The current trunk status quo is to leave security up to the web
container (e.g. Tomcat).
This makes sense, as the approaches above are relevant (or not)
depending on your specific requirements.



On Mon, Sep 5, 2011 at 11:18 AM, Ravish Bhagdev (JIRA) <> wrote:
>    [
> Ravish Bhagdev commented on SOLR-1834:
> --------------------------------------
> are there any plans for adding this or other document level or other search security
solutions into solr? This requirement is quite critical for most enterprise search apps I
would have thought?  Has this been discussed in detail elsewhere?
>> Document level security
>> -----------------------
>>                 Key: SOLR-1834
>>                 URL:
>>             Project: Solr
>>          Issue Type: New Feature
>>          Components: SearchComponents - other
>>    Affects Versions: 1.4
>>            Reporter: Anders Rask
>>         Attachments: SOLR-1834-with-LCF.patch, SOLR-1834.patch, html.rar
>> Attached to this issue is a patch that includes a framework for enabling document
level security in Solr as a search component. I did this as a Master thesis project at Findwise
in Stockholm and Findwise has now decided to contribute it back to the community. The component
was developed in spring 2009 and has been in use at a customer since autumn the same year.
>> There is a simple demo application up at
which also explains more about the component and how to set it up.
> --
> This message is automatically generated by JIRA.
> For more information on JIRA, see:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message