lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amin Mohammed-Coleman <>
Subject Filtering question/advice
Date Fri, 04 Sep 2009 09:17:05 GMT

I am looking at applying a security filter for our lucene document and I was
wondering if I could get feedback on whether the solution I have come up
with.  Firstly I will explain the scenario and followed by the proposed

We have a concept of a Layer which is a project whereby a broker can trade
with underwriters.  A layer can have more than one underwriter working on
this project therefore both underwriters can search for the same layer.  The
issue is the following:

UWA signs business on a Layer L1 using a reference 'HELLO'

UWB signs business on the same Layer L1 using a reference 'BYE'

Both Underwriters are legitimately allowed to access the Layer L1 so the
security rules will not remove any search hits for L1. However, if UWB
searches for text 'HELLO' he should not get L1 in his search results as he
is not to know that L1 includes a writer reference HELLO for UWA. In the
simple case he will see this result.  Now this is not acceptable for our

The proposed solution is that we do the following:

uw-reference = HELLO
uw-reference = BYE

With additional field like

uw-uwa = HELLO
uw-uwb = BYE

So when UWB performs a search of "HELLO" there will be an additional filter
applied which would be like "uw-uwb:HELLO" so the final query would be like:

uw-reference:HELLO + (uw-uwb:HELLO) (approximately)


I created a test case to test this solution and it works. The problem is
that if UWB searches for "HELLO" that exists in another field such as:
data:HELLO then he should get a result. It's only when the query is matched
on reference he should not see anything.  My testcase fails when the match
is made on the data field as the security filter does not pass (valid
filter).  Is there a way around this?  Hope this made sense!

Any advice would be highly appreciated

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message