lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitry Goldenberg" <>
Subject RE: searching portions of an index
Date Sun, 25 Dec 2005 20:16:19 GMT
You can implement a security filter, kind of like what the book Lucene in Action describes.
 It is a class that extends; you're required to implement
the following method:
public BitSet bits(IndexReader reader)
In it, you can decide whether a particular document may be viewed by the user.  The way I
do it is I associate an instance of the Filter class with my searcher before I execute a search
for a particular user:
Hits hits =, (Filter) filter, getSort());
The Filter has a condition interface registered with it which knows how to check whether the
user in question has specific access rights.  This condition is checked at runtime when I
get to read from IndexReader in the bits(IndexReader reader) method.  This way, the BitSet
returned by the Filter only contains the items viewable by the user in question.
I think this is much better than indexing your access control lists along with the document
data.  Any access changes may sometimes cause a significant amount of reindexing, as you pointed
out.  The only thing to watch out for is to make sure that your authorization checking mechanism
is optimized enough performance-wise so as not to clog up the results filtering process...
Hope this helps,
- Dmitry


From: Murali []
Sent: Wed 12/21/2005 9:32 AM
Subject: searching portions of an index


    I am new to lucene. We need to provide search to several users of a
system. Each user has access to a (different)set of documents. The same
document might be accessible by different users. I want to implement this
without indexing a document multiple times. The approach I thought of was to
use a field that is indexed, as well as stored in the index, which contains
the ids of all the users that can access the document. I could then use
boolean queries to search for documents accessible by a particular user. I
figured that I would have to delete and add the whole document again into
the system if a new user is to be given access to an already indexed
document(and I figure that this will happen frequently in the system). Is
there a better approach that I can take?


View raw message