The custom dispatcher filter example on http://wiki.apache.org/solr/SolrSecurity seems to be what I need however I don't understand the code. Could someone break it down for me? Thanks.
pof wrote: > > I want to use filtering or similar, any help? > > > Otis Gospodnetic wrote: >> >> >> That URL to your Solr Admin page should never be exposed to the outside >> world. You can play with network, routing, DNS and other similar things >> to make sure one can't get to this from the outside even if the URL is >> know. >> >> Otis >> -- >> Sematext -- http://sematext.com/ -- Lucene - Solr - Nutch >> >> >> >> ----- Original Message ---- >>> From: pof <melbournebeerba...@gmail.com> >>> To: solr-user@lucene.apache.org >>> Sent: Thursday, June 25, 2009 7:40:12 PM >>> Subject: Re: Solr document security >>> >>> >>> Thats what I was going to do originally, however what is stopping a user >>> from >>> simply running a search through http://localhost:8983/solr/admin/ of the >>> index server? >>> >>> >>> Norberto Meijome-6 wrote: >>> > >>> > On Wed, 24 Jun 2009 23:20:26 -0700 (PDT) >>> > pof wrote: >>> > >>> >> >>> >> Hi, I am wanting to add document-level security that works as >>> following: >>> >> An >>> >> external process makes a query to the index, depending on their >>> security >>> >> allowences based of a login id a list of hits are returned minus any >>> the >>> >> user are meant to know even exist. I was thinking maybe a custom >>> filter >>> >> with >>> >> a JDBC connection to check security of the user vs. the document. I'm >>> not >>> >> sure how I would add the filter or how to write the filter or how to >>> get >>> >> the >>> >> login id from a GET parameter. Any suggestions, comments etc.? >>> > >>> > Hi Brett, >>> > (keeping in mind that i've been away from SOLR for 8 months, but i >>> > dont think this was added of late) >>> > >>> > standard approach is to manage security @ your >>> > application layer, not @ SOLR. ie, search, return documents (which >>> should >>> > contain some kind of data to identify their ACL ) and then you can >>> decide >>> > whether to show it or not. >>> > >>> > HIH >>> > _________________________ >>> > {Beto|Norberto|Numard} Meijome >>> > >>> > "They never open their mouths without subtracting from the sum of >>> human >>> > knowledge." Thomas Brackett Reed >>> > >>> > I speak for myself, not my employer. Contents may be hot. Slippery >>> when >>> > wet. >>> > Reading disclaimers makes you go blind. Writing them is worse. You >>> have >>> > been >>> > Warned. >>> > >>> > >>> >>> -- >>> View this message in context: >>> http://www.nabble.com/Solr-document-security-tp24197620p24212752.html >>> Sent from the Solr - User mailing list archive at Nabble.com. >> >> >> > > -- View this message in context: http://www.nabble.com/Solr-document-security-tp24197620p24246685.html Sent from the Solr - User mailing list archive at Nabble.com.
