Return-Path: X-Original-To: apmail-lucene-solr-commits-archive@minotaur.apache.org Delivered-To: apmail-lucene-solr-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1B1B54952 for ; Mon, 9 May 2011 21:36:02 +0000 (UTC) Received: (qmail 42447 invoked by uid 500); 9 May 2011 21:36:02 -0000 Delivered-To: apmail-lucene-solr-commits-archive@lucene.apache.org Received: (qmail 42417 invoked by uid 500); 9 May 2011 21:36:02 -0000 Mailing-List: contact solr-commits-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: solr-dev@lucene.apache.org Delivered-To: mailing list solr-commits@lucene.apache.org Received: (qmail 42410 invoked by uid 99); 9 May 2011 21:36:01 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 May 2011 21:36:01 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.131] (HELO eos.apache.org) (140.211.11.131) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 May 2011 21:35:59 +0000 Received: from eos.apache.org (localhost [127.0.0.1]) by eos.apache.org (Postfix) with ESMTP id A46F8F8 for ; Mon, 9 May 2011 21:35:38 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: Apache Wiki To: Apache Wiki Date: Mon, 09 May 2011 21:35:38 -0000 Message-ID: <20110509213538.92732.88906@eos.apache.org> Subject: =?utf-8?q?=5BSolr_Wiki=5D_Update_of_=22SolrSecurity=22_by_JanHoydahl?= X-Virus-Checked: Checked by ClamAV on apache.org Dear Wiki user, You have subscribed to a wiki page or wiki category on "Solr Wiki" for chan= ge notification. The "SolrSecurity" page has been changed by JanHoydahl. The comment on this change is: Added comments to ManifoldCF security. http://wiki.apache.org/solr/SolrSecurity?action=3Ddiff&rev1=3D25&rev2=3D26 -------------------------------------------------- = =3D=3D Document Level Security =3D=3D = + =3D=3D=3D Manifold CF (Connector Framework) =3D=3D=3D + One way to add document level security to your search is through Apache [= [http://incubator.apache.org/connectors/|ManifoldCF]]. ManifoldCF "defines = a security model for target repositories that permits them to enforce sourc= e-repository security policies". + = + It works by adding security tokens from the source repositories as metada= ta on the indexed documents. Then, at query time, a Search Component adds a= filter to all queries, matching only documents the logged-in user is allow= ed to see. ManifoldCF supports AD security out of the box. + = =3D=3D=3D Write Your Own RequestHandler or SearchComponent =3D=3D=3D *Stub - this is incomplete* + = + If ManifoldCF does not solve your need, first consider writing a Manifold= CF plugin. Or roll your own. = If you need permission based authentication -- where user A can update do= cument 1 and 2, but not 3 -- you will need to augment the request with user= information. Either you can add parameters to the query string (?u=3DXXX&= p=3DYYY) or use a custom dispatcher filter that augments the context: {{{ @@ -173, +180 @@ = }}} = - =3D=3D=3D Manifold CF (Connector Framework) =3D=3D=3D - One way to add document level security to your search is through Apache [= [http://incubator.apache.org/connectors/|ManifoldCF]]. ManifoldCF "defines = a security model for target repositories that permits them to enforce sourc= e-repository security policies". - = =3D=3D Streaming Consideration =3D=3D = If streaming is enabled, you need to make sure Solr is as secure as it ne= eds to be. When streaming is enabled, the parameters "stream.url" will go = to a remote site and download the content. Likewise, "stream.file" will re= ad a file on disk.