[jira] Created: (SOLR-1895) LCF SearchComponent plugin for enforcing LCF security at search time

Wed, 28 Apr 2010 14:34:27 -0700 

LCF SearchComponent plugin for enforcing LCF security at search time
--------------------------------------------------------------------

                 Key: SOLR-1895
                 URL: https://issues.apache.org/jira/browse/SOLR-1895
             Project: Solr
          Issue Type: New Feature
          Components: SearchComponents - other
            Reporter: Karl Wright
             Fix For: 1.5
         Attachments: LCFSecurityFilter.java

I've written an LCF SearchComponent which filters returned results based on 
access tokens provided by LCF's authority service.  The component requires you 
to configure the appropriate authority service URL base, e.g.:

  <!-- LCF document security enforcement component -->
  <searchComponent name="lcfSecurity" class="LCFSecurityFilter">
    <str 
name="AuthorityServiceBaseURL">http://localhost:8080/lcf-authority-service</str>
  </searchComponent>

Also required are the following schema.xml additions:

   <!-- Security fields -->
   <field name="allow_token_document" type="string" indexed="true" 
stored="false" multiValued="true"/>
   <field name="deny_token_document" type="string" indexed="true" 
stored="false" multiValued="true"/>
   <field name="allow_token_share" type="string" indexed="true" stored="false" 
multiValued="true"/>
   <field name="deny_token_share" type="string" indexed="true" stored="false" 
multiValued="true"/>

Finally, to tie it into the standard request handler, it seems to need to run 
last:

  <requestHandler name="standard" class="solr.SearchHandler" default="true">
    <arr name="last-components">
      <str>lcfSecurity</str>
    </arr>
...

I have not set a package for this code.  Nor have I been able to get it 
reviewed by someone as conversant with Solr as I would prefer.  It is my hope, 
however, that this module will become part of the standard Solr 1.5 suite of 
search components, since that would tie it in with LCF nicely.




-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to