[jira] [Commented] (SOLR-7576) Implement RequestHandler in Javascript

[David Smiley (JIRA)]

    [ 
https://issues.apache.org/jira/browse/SOLR-7576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14595091#comment-14595091
 ] 

David Smiley commented on SOLR-7576:
------------------------------------

bq.  Groovy is a security issue . JavaScript is easy to lock down

Can you please elaborate how that is so on the JVM?  I was unaware that some 
JVM languages were more secure than others, or frankly that it even matters 
since this is "trusted code" (we even have to sign it).

> Implement RequestHandler in Javascript
> --------------------------------------
>
>                 Key: SOLR-7576
>                 URL: https://issues.apache.org/jira/browse/SOLR-7576
>             Project: Solr
>          Issue Type: New Feature
>            Reporter: Noble Paul
>         Attachments: SOLR-7576.patch, SOLR-7576.patch
>
>
> Solr now support dynamic loading (SOLR-7073) of components and it is secured 
> in SOLR-7126
> We can extend the same functionality with JS as well
> the handler {{/js}} is implicitly registered
> To make this work
> * Solr should be started with {{-Denable.js.loading=true}}
> * The javascript must be loaded to the {{.system}} collection using the blob 
> store API
> * Configure the requesthandler with the JS blob name and version
> * Sign the javascript and pass the signature in a param called {{_sig}}
> The {{JSRequestHandler}} is implicitly defined and it can be accessed by 
> hitting {{/js/<jsname>/<version>}} 
> sample programs
> 1) writes a val to output
> {code:javascript}
> //empty line
> $.response().add('testkey','Test Val');
> {code}
> 2)  manipulate the output to add an extra field to each doc 
> {code}
> //empty line
> var l = [];
> $.query({
>               q: '*:*',
>               qt: '/select',
>               start:0,
>           }).forEach('response', function(doc) {
>                                          doc.put('script', 'Added this 
> value');
>                                          l.push(doc);
>           });
>  $.response().add('alldocs', l);
> {code}
> 3)  stream through all the docs
> {code:Javascript}
> $.query({
>               q: '*:*',
>               qt: '/select',
>               start:0,
>               distrib:'false'
>           }).pipe('response', 'docs', function(doc) { // the pipe function is 
> executed right before the response writer and right after the transformers   
>                                          if('IT'== doc.get('genre_s')) return 
> null;
>                                          doc.put('script', 'Added this 
> value');
>                                          return doc;
>           });
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org