[
https://issues.apache.org/jira/browse/SOLR-7576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14660288#comment-14660288
]
Upayavira commented on SOLR-7576:
---------------------------------
We've had JS, we've had XSLT, etc, in our config directory for a long time.
What is different about this new approach that it demands a more secure
approach in all situations?
Please understand - I'm really keen on this feature, and am supportive of the
auth/signing functionality.
I teach Solr a lot, and I know that a lot of normal users will find the .system
and the HTTP post part hard to understand when first getting started, hence
wanting to make it really simple to do the simplest things, and possible to do
the powerful things.
> Implement RequestHandler in Javascript
> --------------------------------------
>
> Key: SOLR-7576
> URL: https://issues.apache.org/jira/browse/SOLR-7576
> Project: Solr
> Issue Type: New Feature
> Reporter: Noble Paul
> Attachments: SOLR-7576.patch, SOLR-7576.patch
>
>
> Solr now support dynamic loading (SOLR-7073) of components and it is secured
> in SOLR-7126
> We can extend the same functionality with JS as well
> the handler {{/js}} is implicitly registered
> To make this work
> * Solr should be started with {{-Denable.js.loading=true}}
> * The javascript must be loaded to the {{.system}} collection using the blob
> store API
> * Sign the javascript and pass the signature in a param called {{_sig}}
> The {{JSRequestHandler}} is implicitly defined and it can be accessed by
> hitting {{/js/<jsname>/<version>}}
> Steps for developing scripts
> # start the cluster with the {{enable.js.loading}} . If you are starting
> using our script it would be {{bin/solr start -e cloud -a
> "-Denable.js.loading=true"}} . You would not need security during development
> , so don't add the private keys to Solr
> # create {{.system}} collection {{bin/solr create -c .system}}
> # Write your javascript code . (say {{test.js}} )
> # post it to {{.system}} collection . {{curl -X POST -H 'Content-Type:
> application/octet-stream' --data-binary @test.js
> http://localhost:8983/solr/.system/blob/test}}
> # run your script {{http://host:8983/solr/gettingstarted/js/test/1}}
> # Edit your script and repeat from step #4 . Keep in mind that the version
> would be bumped up every time you post a new script . So, the second time the
> url would be {{http://host:8983/solr/gettingstarted/js/test/2}} . So on and
> so forth
> sample programs
> 1) writes a val to output
> {code:javascript}
> //empty line
> $.response().add('testkey','Test Val');
> {code}
> 2) manipulate the output to add an extra field to each doc
> {code}
> //empty line
> var l = [];
> $.query({
> q: '*:*',
> qt: '/select',
> start:0,
> }).forEach('response', function(doc) {
> doc.put('script', 'Added this
> value');
> l.push(doc);
> });
> $.response().add('alldocs', l);
> {code}
> 3) stream through all the docs
> {code:Javascript}
> //empty line
> $.query({
> q: '*:*',
> qt: '/select',
> start:0,
> distrib:'false'
> }).pipe('response', 'docs', function(doc) { // the pipe function is
> executed right before the response writer and right after the transformers
> if('IT'== doc.get('genre_s')) return
> null;
> doc.put('script', 'Added this
> value');
> return doc;
> });
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
