Hello, I am trying to understand more about securing solr on my tomcat 6 server and I was curious how document level security works exactly? What prevents a user from changing the username that gets appended to the query string?
I have a dynamic mysql user database that changes frequently and I am looking for a way to have solr either reference the database or reference session variables. Any proper way to set up security in solr to say work with my PHP/JSP web application would be helpful. The project supervisor doesn't really want to have to edit configuration files every time the user database changes so I am looking for a dynamic solution. The project has to be open to external users as well and we don't want to use IP restrictions unless it is a last resort. Thanks for your time, ~Matt > [ > https://issues.apache.org/jira/browse/SOLR-1834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12864498#action_12864498 > ] > > Anders Rask commented on SOLR-1834: > ----------------------------------- > > Hi Andreas, > > Sorry for my late reply. > > I haven't looked in to the difference between using the > ResponseBuilder#getFilters and using filter's in a normal query. Are there > any functional differences between the two ways other than that one of > them utilizes Solr's filterCache and the other doesn't? > >> Document level security >> ----------------------- >> >> Key: SOLR-1834 >> URL: https://issues.apache.org/jira/browse/SOLR-1834 >> Project: Solr >> Issue Type: New Feature >> Components: SearchComponents - other >> Affects Versions: 1.4 >> Reporter: Anders Rask >> Attachments: html.rar, SOLR-1834.patch >> >> >> Attached to this issue is a patch that includes a framework for enabling >> document level security in Solr as a search component. I did this as a >> Master thesis project at Findwise in Stockholm and Findwise has now >> decided to contribute it back to the community. The component was >> developed in spring 2009 and has been in use at a customer since autumn >> the same year. >> There is a simple demo application up at >> http://demo.findwise.se:8880/SolrSecurity/ which also explains more >> about the component and how to set it up. > > -- > This message is automatically generated by JIRA. > - > You can reply to this email to add a comment to the issue online. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
