You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@lucene.apache.org by John Wang <jo...@gmail.com> on 2004/07/22 19:59:27 UTC
authentication support in lucene
Hi:
Maybe this has been asked before.
Is there a plan to support ACL check on the documents in lucene?
Say I have a customized ACL check module, e.g.:
boolean ACLCheck(int docID,String user,String password);
And have some sort of framework to plug in something like that.
I was looking at the Filter class. I guess I can read the entire
index, for each document, feed it to the authentication module, if
authenticated, bitset the docID and return the BitSet instance. I
sounds very slow for large hits. I guess I can play with cacheing
etc.
Any other ideas?
Thanks
-John
---------------------------------------------------------------------
To unsubscribe, e-mail: lucene-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: lucene-user-help@jakarta.apache.org
Re: authentication support in lucene
Posted by Kelvin Tan <li...@relevanz.com>.
On Fri, 23 Jul 2004 10:09:25 +0100, Dave Spencer said:
>> I implemented ACL checking via Filters. Caching filters definitely helps, but
>> may not be applicable in every situation. I stored the UUID of each document
in
>> the database as well as in Lucene. That way, by retrieving a list of
accessible
>> documents via SQL, I can create the necessary BitSet.
>
> Maybe the only hope then is different indexes based on coarse grained
> "roles", not find grained ACLs.
That really depends on how much access (low/high-level) you have to the security
subsystem.
Different indexes can be pretty expensive to maintain, and creating a new role
involves creation of a new index? *ugh*
kelvin
---------------------------------------------------------------------
To unsubscribe, e-mail: lucene-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: lucene-user-help@jakarta.apache.org
Re: authentication support in lucene
Posted by Dave Spencer <da...@tropo.com>.
Kelvin Tan wrote:
> If you don't have low-level access to the framework that can retrieve a batch
> list of accessible IDs, document-by-document checking of ACL will be _painful_.
>
> I implemented ACL checking via Filters. Caching filters definitely helps, but
> may not be applicable in every situation. I stored the UUID of each document in
> the database as well as in Lucene. That way, by retrieving a list of accessible
> documents via SQL, I can create the necessary BitSet.
Maybe the only hope then is different indexes based on coarse grained
"roles", not find grained ACLs.
>
> Kelvin
>
> On Thu, 22 Jul 2004 19:59:27 +0200, John Wang said:
>
>>Hi:
>>Maybe this has been asked before.
>>Is there a plan to support ACL check on the documents in lucene?
>>Say I have a customized ACL check module, e.g.:
>>boolean ACLCheck(int docID,String user,String password);
>>And have some sort of framework to plug in something like that.
>>I was looking at the Filter class. I guess I can read the entire
>>index, for each document, feed it to the authentication module, if
>>authenticated, bitset the docID and return the BitSet instance. I
>>sounds very slow for large hits. I guess I can play with cacheing
>>etc.
>>Any other ideas?
>>Thanks
>>-John
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: lucene-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: lucene-user-help@jakarta.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: lucene-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: lucene-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: lucene-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: lucene-user-help@jakarta.apache.org
Re: authentication support in lucene
Posted by Kelvin Tan <li...@relevanz.com>.
If you don't have low-level access to the framework that can retrieve a batch
list of accessible IDs, document-by-document checking of ACL will be _painful_.
I implemented ACL checking via Filters. Caching filters definitely helps, but
may not be applicable in every situation. I stored the UUID of each document in
the database as well as in Lucene. That way, by retrieving a list of accessible
documents via SQL, I can create the necessary BitSet.
Kelvin
On Thu, 22 Jul 2004 19:59:27 +0200, John Wang said:
> Hi:
> Maybe this has been asked before.
> Is there a plan to support ACL check on the documents in lucene?
> Say I have a customized ACL check module, e.g.:
> boolean ACLCheck(int docID,String user,String password);
> And have some sort of framework to plug in something like that.
> I was looking at the Filter class. I guess I can read the entire
> index, for each document, feed it to the authentication module, if
> authenticated, bitset the docID and return the BitSet instance. I
> sounds very slow for large hits. I guess I can play with cacheing
> etc.
> Any other ideas?
> Thanks
> -John
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: lucene-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: lucene-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: lucene-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: lucene-user-help@jakarta.apache.org