> On Feb. 19, 2016, 4:07 a.m., Hao Hao wrote: > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java, > > line 89 > > <https://reviews.apache.org/r/42612/diff/2/?file=1258921#file1258921line89> > > > > So the request will be coming from the server or the end user?
Could be either. Internal requests use "solr", external requests could use "solr", although that's not common. On Feb. 19, 2016, 4:07 a.m., Gregory Chanan wrote: > > LGTM, with some minor comments. will fix. - Gregory ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/42612/#review119799 ----------------------------------------------------------- On Feb. 19, 2016, 2:19 a.m., Gregory Chanan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/42612/ > ----------------------------------------------------------- > > (Updated Feb. 19, 2016, 2:19 a.m.) > > > Review request for sentry, Hao Hao and Vamsee Yarlagadda. > > > Repository: sentry > > > Description > ------- > > RealTimeGet just ignores filter queries currently in Solr (see SOLR-8436) > which is how document level security is implemented, so if you can guess the > document ids, you can access them. > > Since we probably don't want to wait for a solr version with SOLR-8436 to be > released, this is a "temporary" workaround and some necessary testing. > > At a high level this works as follows: > - Run the normal RealTimeGet component > - Filter the responses from the component through the Filter generated from > the doc-level component > > Most of this is low-level solr/lucene code; most of the meat is in the > testing (TestRealTimeGet.java). > > > Diffs > ----- > > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureRealTimeGetHandler.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java > 666c0889e07ff329e30773518b28222c8420a510 > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java > 2495a9eecc00e8de4b297022625b33a98ad7323a > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java > ff508e12898ab0bf9e79f0cc8e1108e4a5ef82ad > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestRealTimeGet.java > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/resources/solr/collection1/conf/schema.xml > 66449ffe59b459352f8a735a208f020e48f0d9b4 > > sentry-tests/sentry-tests-solr/src/test/resources/solr/collection1/conf/solrconfig-doclevel.xml > 4459c0d04c62aa39c096da0faba7ff04fc2bf21b > > sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini > bccc63eeeab503f7e5d3655771eb0c7bef926bba > > Diff: https://reviews.apache.org/r/42612/diff/ > > > Testing > ------- > > Ran the unit tests. > > > Thanks, > > Gregory Chanan > >
