Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
None
-
None
Description
I've written an LCF SearchComponent which filters returned results based on access tokens provided by LCF's authority service. The component requires you to configure the appropriate authority service URL base, e.g.:
<!-- LCF document security enforcement component -->
<searchComponent name="lcfSecurity" class="LCFSecurityFilter">
<str name="AuthorityServiceBaseURL">http://localhost:8080/lcf-authority-service</str>
</searchComponent>
Also required are the following schema.xml additions:
<!-- Security fields -->
<field name="allow_token_document" type="string" indexed="true" stored="false" multiValued="true"/>
<field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true"/>
<field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
<field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
Finally, to tie it into the standard request handler, it seems to need to run last:
<requestHandler name="standard" class="solr.SearchHandler" default="true">
<arr name="last-components">
<str>lcfSecurity</str>
</arr>
...
I have not set a package for this code. Nor have I been able to get it reviewed by someone as conversant with Solr as I would prefer. It is my hope, however, that this module will become part of the standard Solr 1.5 suite of search components, since that would tie it in with LCF nicely.
Attachments
Attachments
Issue Links
- relates to
-
SOLR-1834 Document level security
- Open
-
SOLR-1872 Document-level Access Control in Solr
- Resolved
-
CONNECTORS-22 SOLR connector needs ability to ingest access tokens, in a manner that can be used with Lucene to enforce security
- Resolved