lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Norberto Meijome <>
Subject Re: Solr document security
Date Thu, 25 Jun 2009 11:43:39 GMT
On Wed, 24 Jun 2009 23:20:26 -0700 (PDT)
pof <> wrote:

> Hi, I am wanting to add document-level security that works as following: An
> external process makes a query to the index, depending on their security
> allowences based of a login id a list of hits are returned minus any the
> user are meant to know even exist. I was thinking maybe a custom filter with
> a JDBC connection to check security of the user vs. the document. I'm not
> sure how I would add the filter or how to write the filter or how to get the
> login id from a GET parameter. Any suggestions, comments etc.?

Hi Brett,
(keeping in mind that i've been away from SOLR for 8 months, but i
dont think this was added of late)

standard approach is to manage security @ your
application layer, not @ SOLR. ie, search, return documents (which should
contain some kind of data to identify their ACL ) and then you can decide
whether to show it or not. 

{Beto|Norberto|Numard} Meijome

"They never open their mouths without subtracting from the sum of human
knowledge." Thomas Brackett Reed

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been

View raw message