manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dominique Bejean <dominique.bej...@eolya.fr>
Subject Re: Solr and LCF security at query time
Date Tue, 20 Apr 2010 12:03:23 GMT
Karl,

Thank you for your reply.

I made some research today and I found this :
http://freesurf001.appspot.com/issues.apache.org/jira/browse/SOLR-1834
http://demo.findwise.se:8880/SolrSecurity/

Sorl security model have to be able to filter result list with items 
coming from various sources at the same time (livelink, documentum, file 
system, ...). Big subject :)

Dominique


Le 20/04/10 13:34, karl.wright@nokia.com a écrit :
> Hi Dominique,
> At the moment, in order to enforce the LCF security model within 
> Lucene/Solr, you will need to build this functionality into whatever 
> client you are using to display the Lucene search results.  
> Specifically, you would need to take the following steps:
> (1) Have your users access your search client through Apache.
> (2) Use the Apache module mod_auth_kerb, combined with LCF's 
> mod_authz_annotate, to cause authorization HTTP headers to be 
> transmitted to the client webapp.
> (3) Have your client webapp alter whatever queries it is doing, to add 
> an appropriate query clause for each of the access tokens transmitted 
> in the headers.
> (This is how it is done at MetaCarta.)
> Alternatively, you may find a way to do this completely with a web 
> application under a Java app server such as Tomcat.  I have not yet 
> done the research to find out whether this is a feasible alternative.  
> Effectively, what you need something like mod_auth_kerb to do is to 
> authenticate your user against Active Directory, or whomever the 
> authenticator ought to be.  JAAS may be helpful here.
> There are, of course, intentions to fill out the missing pieces more 
> completely and transparently via a Solr search plugin and/or filter.  
> What has been lacking is time.  If you are in a position to do 
> development in this area, we're happy to have any assistance you might 
> provide.
> Thanks,
> Karl
> ------------------------------------------------------------------------
> *From:* ext Dominique Bejean [mailto:dominique.bejean@eolya.fr]
> *Sent:* Tuesday, April 20, 2010 5:06 AM
> *To:* connectors-user@incubator.apache.org
> *Subject:* Solr and LCF security at query time
>
> Hi,
>
> I don't see in LCF wiki how Solr and LCF works together at query time 
> in order to remove from the result list the items the user is not 
> allowed to access.
>
> In 
> http://cwiki.apache.org/CONNECTORS/lucene-connectors-framework-concepts.html, 
> I just see these sentences :
>
> " Once all these documents and their access tokens are handed to the 
> search engine, it is the search engine's job to enforce security by 
> excluding inappropriate documents from the search results. For 
> *Lucene*, this infrastructure is expected to be built on top of 
> Lucene's generic metadata abilities, but has not been implemented at 
> this time."
>
> I am not sure to understand. Does this mean that for the moment, it is 
> not possible for Solr to apply security by using an Authority Connector ?
>
> Dominique

Mime
View raw message