You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Karl Wright (JIRA)" <ji...@apache.org> on 2010/04/29 11:17:53 UTC
[jira] Commented: (SOLR-1895) LCF SearchComponent plugin for
enforcing LCF security at search time
[ https://issues.apache.org/jira/browse/SOLR-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12862140#action_12862140 ]
Karl Wright commented on SOLR-1895:
-----------------------------------
One thing I forgot in the original description...
The plug-in looks for an authenticated user name in the input argument "AuthenticatedUserName", which should be in the form 'user@domain' if this is an AD user. If no such argument is found, the plug-in allows only open documents to be returned (that is, those that have no security whatsoever). Note that the plug-in makes no attempt whatsoever to authenticate the user; that is presumed to take place at another level.
> LCF SearchComponent plugin for enforcing LCF security at search time
> --------------------------------------------------------------------
>
> Key: SOLR-1895
> URL: https://issues.apache.org/jira/browse/SOLR-1895
> Project: Solr
> Issue Type: New Feature
> Components: SearchComponents - other
> Reporter: Karl Wright
> Fix For: 1.5
>
> Attachments: LCFSecurityFilter.java, LCFSecurityFilter.java, LCFSecurityFilter.java
>
>
> I've written an LCF SearchComponent which filters returned results based on access tokens provided by LCF's authority service. The component requires you to configure the appropriate authority service URL base, e.g.:
> <!-- LCF document security enforcement component -->
> <searchComponent name="lcfSecurity" class="LCFSecurityFilter">
> <str name="AuthorityServiceBaseURL">http://localhost:8080/lcf-authority-service</str>
> </searchComponent>
> Also required are the following schema.xml additions:
> <!-- Security fields -->
> <field name="allow_token_document" type="string" indexed="true" stored="false" multiValued="true"/>
> <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true"/>
> <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
> <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
> Finally, to tie it into the standard request handler, it seems to need to run last:
> <requestHandler name="standard" class="solr.SearchHandler" default="true">
> <arr name="last-components">
> <str>lcfSecurity</str>
> </arr>
> ...
> I have not set a package for this code. Nor have I been able to get it reviewed by someone as conversant with Solr as I would prefer. It is my hope, however, that this module will become part of the standard Solr 1.5 suite of search components, since that would tie it in with LCF nicely.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org