Thanks for the suggestions.
I tried to use SolrJ within my Servlet. Although the SolrJ QueryResponse is
not returning a well formed Json Object.
I need the Json String with quotes as below. although
QueryResponse.toString() doesn't return json with quotes at all.
jsonp1337064466204({"responseHeader":{"status":0,"QTime":0,"params":{"json.wrf":"jsonp1337064466204","facet":"true","facet.mincount":"1","q":"*:*","facet.limit":"-1","json.nl":"map","facet.field":["title","abstract"],"wt":"json","rows":"0"}},"response":{"numFound":0,"start":0,"docs":[]},"facet_counts":{"facet_queries":{},"facet_fields":{"title":{},"abstract":{}},"facet_dates":{},"facet_ranges":{}}})
Regards
Anupam
On Fri, May 11, 2012 at 7:56 PM, Welty, Richard <rwe...@ltionline.com>wrote:
> in fact, there's a sample proxy.php on the ajax-solr web page which can
> easily be modified into a security layer. my solr servers only listen to
> requests issued by a narrow list of systems, and everything gets routed
> through a modified copy of the proxy.php file, which checks whether the
> user is logged in, and adds terms to the query to limit returned results to
> those the user is permitted to see.
>
>
> -----Original Message-----
> From: Jan Høydahl [mailto:j...@hoydahl.no]
> Sent: Fri 5/11/2012 9:45 AM
> To: solr-user@lucene.apache.org
> Subject: Re: SOLR Security
>
> Hi,
>
> There is nothing stopping you from pointing Ajax-SOLR to a URL on your
> app-server, which acts as a security insulation layer between the Solr
> backend and the world. In this (thin) layer you can analyze the input and
> choose carefully what to let through and not.
>
> --
> Jan Høydahl, search solution architect
> Cominvent AS - www.facebook.com/Cominvent
> Solr Training - www.solrtraining.com
>
> On 11. mai 2012, at 06:37, Anupam Bhattacharya wrote:
>
> > Yes, I agree with you.
> >
> > But Ajax-SOLR Framework doesn't fit in that manner. Any alternative
> > solution ?
> >
> > Anupam
> >
> > On Fri, May 11, 2012 at 9:41 AM, Klostermeyer, Michael <
> > mklosterme...@riskexchange.com> wrote:
> >
> >> Instead of hitting the Solr server directly from the client, I think I
> >> would go through your application server, which would have access to all
> >> the users data and can forward that to the Solr server, thereby hiding
> it
> >> from the client.
> >>
> >> Mike
> >>
> >>
> >> -----Original Message-----
> >> From: Anupam Bhattacharya [mailto:anupam...@gmail.com]
> >> Sent: Thursday, May 10, 2012 9:53 PM
> >> To: solr-user@lucene.apache.org
> >> Subject: SOLR Security
> >>
> >> I am using Ajax-Solr Framework for creating a search interface. The
> search
> >> interface works well.
> >> In my case, the results have document level security so by even indexing
> >> records with there authorized users help me to filter results per user
> >> based on the authentication of the user.
> >>
> >> The problem that I have to a pass always a parameter to the SOLR Server
> >> with userid={xyz} which one can figure out from the SOLR URL(ajax call
> url)
> >> using Firebug tool in the Net Console on Firefox and can change this
> >> parameter value to see others records which he/she is not authorized.
> >> Basically it is Cross Site Scripting Issue.
> >>
> >> I have read about some approaches for Solr Security like Nginx with
> Jetty
> >> & .htaccess based security.Overall what i understand from this is that
> we
> >> can restrict users to do update/delete operations on SOLR as well as we
> can
> >> restrict the SOLR admin interface to certain IPs also. But How can I
> >> restrict the {solr-server}/solr/select based results from access by
> >> different user id's ?
> >>
>
>
>
>
