[
https://issues.apache.org/jira/browse/SOLR-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108340#comment-13108340
]
Koji Sekiguchi edited comment on SOLR-1895 at 9/20/11 3:02 AM:
---------------------------------------------------------------
Thank you for reviewing the patch, Chris and Erik! I'll update the patch to
incorporate some of your comment.
For now:
bq. the examples of solrconfig here show the query component coming before the
mcf component. Is that right? Shouldn't mcf come first to set the constraints
for the query component's work?
As the security filter works at prepare phase, this is right.
bq. I'm a little weary of adding the MCF "dependency" to Solr core though (yes,
I know it doesn't require MCF for compilation or run-time, but depends on MCF's
security scheme).
I agree, so I placed it in contrib/auth at first time.
bq. What about MCF maintaining this filter as a Solr plugin rather than it
going into the core of Solr?
I'd like to hear about it from Karl. :)
was (Author: koji):
Thank you for reviewing the patch, Chris and Male! I'll update the patch to
incorporate some of your comment.
For now:
bq. the examples of solrconfig here show the query component coming before the
mcf component. Is that right? Shouldn't mcf come first to set the constraints
for the query component's work?
As the security filter works at prepare phase, this is right.
bq. I'm a little weary of adding the MCF "dependency" to Solr core though (yes,
I know it doesn't require MCF for compilation or run-time, but depends on MCF's
security scheme).
I agree, so I placed it in contrib/auth at first time.
bq. What about MCF maintaining this filter as a Solr plugin rather than it
going into the core of Solr?
I'd like to hear about it from Karl. :)
> ManifoldCF SearchComponent plugin for enforcing ManifoldCF security at search
> time
> ----------------------------------------------------------------------------------
>
> Key: SOLR-1895
> URL: https://issues.apache.org/jira/browse/SOLR-1895
> Project: Solr
> Issue Type: New Feature
> Components: SearchComponents - other
> Reporter: Karl Wright
> Labels: document, security, solr
> Fix For: 3.5, 4.0
>
> Attachments: LCFSecurityFilter.java, LCFSecurityFilter.java,
> LCFSecurityFilter.java, LCFSecurityFilter.java, SOLR-1895.patch,
> SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch,
> SOLR-1895.patch
>
>
> I've written an LCF SearchComponent which filters returned results based on
> access tokens provided by LCF's authority service. The component requires
> you to configure the appropriate authority service URL base, e.g.:
> <!-- LCF document security enforcement component -->
> <searchComponent name="lcfSecurity" class="LCFSecurityFilter">
> <str
> name="AuthorityServiceBaseURL">http://localhost:8080/lcf-authority-service</str>
> </searchComponent>
> Also required are the following schema.xml additions:
> <!-- Security fields -->
> <field name="allow_token_document" type="string" indexed="true"
> stored="false" multiValued="true"/>
> <field name="deny_token_document" type="string" indexed="true"
> stored="false" multiValued="true"/>
> <field name="allow_token_share" type="string" indexed="true"
> stored="false" multiValued="true"/>
> <field name="deny_token_share" type="string" indexed="true" stored="false"
> multiValued="true"/>
> Finally, to tie it into the standard request handler, it seems to need to run
> last:
> <requestHandler name="standard" class="solr.SearchHandler" default="true">
> <arr name="last-components">
> <str>lcfSecurity</str>
> </arr>
> ...
> I have not set a package for this code. Nor have I been able to get it
> reviewed by someone as conversant with Solr as I would prefer. It is my
> hope, however, that this module will become part of the standard Solr 1.5
> suite of search components, since that would tie it in with LCF nicely.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
