lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthew Mauriello" <>
Subject Re: [jira] Commented: (SOLR-1834) Document level security
Date Thu, 06 May 2010 01:40:28 GMT

I am trying to understand more about securing solr on my tomcat 6 server
and I was curious how document level security works exactly? What prevents
a user from changing the username that gets appended to the query string?

I have a dynamic mysql user database that changes frequently and I am
looking for a way to have solr either reference the database or reference
session variables. Any proper way to set up security in solr to say work
with my PHP/JSP web application would be helpful. The project supervisor
doesn't really want to have to edit configuration files every time the
user database changes so I am looking for a dynamic solution. The project
has to be open to external users as well and we don't want to use IP
restrictions unless it is a last resort.

Thanks for your time,


>     [
> ]
> Anders Rask commented on SOLR-1834:
> -----------------------------------
> Hi Andreas,
> Sorry for my late reply.
> I haven't looked in to the difference between using the
> ResponseBuilder#getFilters and using filter's in a normal query. Are there
> any functional differences between the two ways other than that one of
> them utilizes Solr's filterCache and the other doesn't?
>> Document level security
>> -----------------------
>>                 Key: SOLR-1834
>>                 URL:
>>             Project: Solr
>>          Issue Type: New Feature
>>          Components: SearchComponents - other
>>    Affects Versions: 1.4
>>            Reporter: Anders Rask
>>         Attachments: html.rar, SOLR-1834.patch
>> Attached to this issue is a patch that includes a framework for enabling
>> document level security in Solr as a search component. I did this as a
>> Master thesis project at Findwise in Stockholm and Findwise has now
>> decided to contribute it back to the community. The component was
>> developed in spring 2009 and has been in use at a customer since autumn
>> the same year.
>> There is a simple demo application up at
>> which also explains more
>> about the component and how to set it up.
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message