----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/42612/#review119799 -----------------------------------------------------------
Fix it, then Ship it! sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java (line 89) <https://reviews.apache.org/r/42612/#comment181152> So the request will be coming from the server or the end user? sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java (line 201) <https://reviews.apache.org/r/42612/#comment181150> space after for? LGTM, with some minor comments. - Hao Hao On Feb. 19, 2016, 2:19 a.m., Gregory Chanan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/42612/ > ----------------------------------------------------------- > > (Updated Feb. 19, 2016, 2:19 a.m.) > > > Review request for sentry, Hao Hao and Vamsee Yarlagadda. > > > Repository: sentry > > > Description > ------- > > RealTimeGet just ignores filter queries currently in Solr (see SOLR-8436) > which is how document level security is implemented, so if you can guess the > document ids, you can access them. > > Since we probably don't want to wait for a solr version with SOLR-8436 to be > released, this is a "temporary" workaround and some necessary testing. > > At a high level this works as follows: > - Run the normal RealTimeGet component > - Filter the responses from the component through the Filter generated from > the doc-level component > > Most of this is low-level solr/lucene code; most of the meat is in the > testing (TestRealTimeGet.java). > > > Diffs > ----- > > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureRealTimeGetHandler.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java > 666c0889e07ff329e30773518b28222c8420a510 > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java > 2495a9eecc00e8de4b297022625b33a98ad7323a > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java > ff508e12898ab0bf9e79f0cc8e1108e4a5ef82ad > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestRealTimeGet.java > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/resources/solr/collection1/conf/schema.xml > 66449ffe59b459352f8a735a208f020e48f0d9b4 > > sentry-tests/sentry-tests-solr/src/test/resources/solr/collection1/conf/solrconfig-doclevel.xml > 4459c0d04c62aa39c096da0faba7ff04fc2bf21b > > sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini > bccc63eeeab503f7e5d3655771eb0c7bef926bba > > Diff: https://reviews.apache.org/r/42612/diff/ > > > Testing > ------- > > Ran the unit tests. > > > Thanks, > > Gregory Chanan > >
