Yes, there has been much work and discussions on doc-level security in Solr. The main problem with building in application-level security into Solr is that there are myriad ways to approach it, depending on requirements, as well as plenty of issues to address generally regarding security - e.g. where do the permissions come from, how to verify the caller, etc. etc.
Currently, there are 3 patches available to this end: SOLR-1834 SOLR-1895 SOLR-1872 1834 and 1895 use LCF to provide the security permissions. 1872 uses a solr-local ACL file to deliver permissions. The current trunk status quo is to leave security up to the web container (e.g. Tomcat). This makes sense, as the approaches above are relevant (or not) depending on your specific requirements. HTH Peter On Mon, Sep 5, 2011 at 11:18 AM, Ravish Bhagdev (JIRA) <[email protected]> wrote: > > [ > https://issues.apache.org/jira/browse/SOLR-1834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13097108#comment-13097108 > ] > > Ravish Bhagdev commented on SOLR-1834: > -------------------------------------- > > are there any plans for adding this or other document level or other search > security solutions into solr? This requirement is quite critical for most > enterprise search apps I would have thought? Has this been discussed in > detail elsewhere? > >> Document level security >> ----------------------- >> >> Key: SOLR-1834 >> URL: https://issues.apache.org/jira/browse/SOLR-1834 >> Project: Solr >> Issue Type: New Feature >> Components: SearchComponents - other >> Affects Versions: 1.4 >> Reporter: Anders Rask >> Attachments: SOLR-1834-with-LCF.patch, SOLR-1834.patch, html.rar >> >> >> Attached to this issue is a patch that includes a framework for enabling >> document level security in Solr as a search component. I did this as a >> Master thesis project at Findwise in Stockholm and Findwise has now decided >> to contribute it back to the community. The component was developed in >> spring 2009 and has been in use at a customer since autumn the same year. >> There is a simple demo application up at >> http://demo.findwise.se:8880/SolrSecurity/ which also explains more about >> the component and how to set it up. > > -- > This message is automatically generated by JIRA. > For more information on JIRA, see: http://www.atlassian.com/software/jira > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
