Karl,
Thank you for your reply.
I made some research today and I found this :
http://freesurf001.appspot.com/issues.apache.org/jira/browse/SOLR-1834
http://demo.findwise.se:8880/SolrSecurity/
Sorl security model have to be able to filter result list with items
coming from various sources at the same time (livelink, documentum, file
system, ...). Big subject :)
Dominique
Le 20/04/10 13:34, [email protected] a écrit :
Hi Dominique,
At the moment, in order to enforce the LCF security model within
Lucene/Solr, you will need to build this functionality into whatever
client you are using to display the Lucene search results.
Specifically, you would need to take the following steps:
(1) Have your users access your search client through Apache.
(2) Use the Apache module mod_auth_kerb, combined with LCF's
mod_authz_annotate, to cause authorization HTTP headers to be
transmitted to the client webapp.
(3) Have your client webapp alter whatever queries it is doing, to add
an appropriate query clause for each of the access tokens transmitted
in the headers.
(This is how it is done at MetaCarta.)
Alternatively, you may find a way to do this completely with a web
application under a Java app server such as Tomcat. I have not yet
done the research to find out whether this is a feasible alternative.
Effectively, what you need something like mod_auth_kerb to do is to
authenticate your user against Active Directory, or whomever the
authenticator ought to be. JAAS may be helpful here.
There are, of course, intentions to fill out the missing pieces more
completely and transparently via a Solr search plugin and/or filter.
What has been lacking is time. If you are in a position to do
development in this area, we're happy to have any assistance you might
provide.
Thanks,
Karl
------------------------------------------------------------------------
*From:* ext Dominique Bejean [mailto:[email protected]]
*Sent:* Tuesday, April 20, 2010 5:06 AM
*To:* [email protected]
*Subject:* Solr and LCF security at query time
Hi,
I don't see in LCF wiki how Solr and LCF works together at query time
in order to remove from the result list the items the user is not
allowed to access.
In
http://cwiki.apache.org/CONNECTORS/lucene-connectors-framework-concepts.html,
I just see these sentences :
" Once all these documents and their access tokens are handed to the
search engine, it is the search engine's job to enforce security by
excluding inappropriate documents from the search results. For
*Lucene*, this infrastructure is expected to be built on top of
Lucene's generic metadata abilities, but has not been implemented at
this time."
I am not sure to understand. Does this mean that for the moment, it is
not possible for Solr to apply security by using an Authority Connector ?
Dominique
