On Wed, 24 Jun 2009 23:20:26 -0700 (PDT)
pof <melbournebeerba...@gmail.com> wrote:
>
> Hi, I am wanting to add document-level security that works as following: An
> external process makes a query to the index, depending on their security
> allowences based of a login id a list of hits are returned minus any the
> user are meant to know even exist. I was thinking maybe a custom filter with
> a JDBC connection to check security of the user vs. the document. I'm not
> sure how I would add the filter or how to write the filter or how to get the
> login id from a GET parameter. Any suggestions, comments etc.?
Hi Brett,
(keeping in mind that i've been away from SOLR for 8 months, but i
dont think this was added of late)
standard approach is to manage security @ your
application layer, not @ SOLR. ie, search, return documents (which should
contain some kind of data to identify their ACL ) and then you can decide
whether to show it or not.
HIH
_________________________
{Beto|Norberto|Numard} Meijome
"They never open their mouths without subtracting from the sum of human
knowledge." Thomas Brackett Reed
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
