lucene-solr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lance Norskog <goks...@gmail.com>
Subject Re: Document level security in Apache Solr
Date Thu, 08 Apr 2010 02:50:07 GMT
For automated testing, a mock implementation of the authentication
APIs is usually the approach. The DataImportHandler tests use a mock
database and a mock solr index.

On Fri, Apr 2, 2010 at 4:35 PM, Ryan McKinley <ryantxu@gmail.com> wrote:
> Hi Anders-
>
> see comments below...
>
>>
>> Two weeks ago I created a JIRA issue (
>> https://issues.apache.org/jira/browse/SOLR-1834) involving document level
>> security in Apache Solr and submitted a patch containing a search component
>> that can be seen as a starting point for making Solr handle document level
>> security. I believe that document security is an essential part of an
>> enterprise search engine and I hope that this contribution can start a
>> discussion about how this should be handled in Solr (possibly in conjunction
>> with the Lucene Connector Framework).
>>
>
> Thanks for posting the code -- a quick pass it looks good.  I agree
> some cordination with Lucene Connectors will make sense.
>
> On the patch, it looks good, but to get into the the dist, it will
> probably need some sort of tests.  I'm not sure how that would work
> with windows authentication (I don't' know much about it, but it has
> been on my long term TODO list for a while!)  Perhaps we could have
> tests that would run on systems that have somethign to test agains,
> but not fail when running on linux (or something)
>
>
>> As this contribution shows I would like to help to develop the security
>> capabilities of Solr together with the community because I believe that it
>> will improve Solr’s appeal to large enterprises. Moreover I think that most
>> of us believe that a transparent security system will in the end give rise
>> to the best security.
>>
>
> agree  -- the more people to poke holes, the better
>
>
>> I hope some of you can take the time to look at the patch, try it out and
>> think about:
>>
>> 1)      1. Should this be a contrib module in Solr? (And if so, what needs
>> to be done to contribute it?)
>>
>
> I think a contrib module makes sense.  For things to move forward, a
> committer needs to step up to the plate.  I would love to, but don't
> have much time soon.  To make it easier for people to feel comfortable
> with it, tests and doc help lots.
>
>
>> 2)      2. Should document level security be a core feature in Solr? (And if
>> so, what is the best way to integrate it into Solr?)
>
> I'm not quite sure what you mean by 'core' -- I think it makes sense
> to live as a contrib for a while and see how things develop.
>
>
>>
>> 3)      3. How can this integrate with connectors like the Lucene Connector
>> Framework? I.e. how do you create a uniform way to talk about Access Control
>> Lists (http://en.wikipedia.org/wiki/Access_control_list).
>>
>
> good question!  That would be really powerful.
>
>
>>
>>
>> P.s (for the nerdy)
>>
>> I have some ideas about putting the security deeper into Solr, perhaps by
>> creating a secure SolrIndexReader and a secure SolrIndexSearcher that are
>> fed user credentials from a search component. What do you think about this?
>>
>
> What are you thinking here?  To me, it seems like the index would need
> to contain all data and a SearchComponet would take user credentials
> and augment the query (group:[a b c] or whatever)
>
> The advantage of keeping the same IndexSearch across all users is that
> it can share a cache where appropriate.
>
>
>> As I understand it, currently it’s possible to declare your own
>> SolrIndexReader but not your own SolrIndexSearcher.
>>
>
> not sure on this...
>
>
> ryan
>



-- 
Lance Norskog
goksron@gmail.com

Mime
View raw message