[
https://issues.apache.org/jira/browse/SOLR-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13109301#comment-13109301
]
Erik Hatcher commented on SOLR-1895:
------------------------------------
bq. The purpose of a QueryParser is to parse the query... but this does not
require any parsing.
Ryan - how about the term query parser? While not strictly taking a free form
query string and "parsing" it into a Query, the general QParserPlugin is about
being a Query "factory" taking whatever inputs it needs to construct that;
"parser" is a bit of a misnomer with what the abstraction really defines. [I
didn't understand the comment about MatchAllDocsQuery earlier either, as that
doesn't seem necessary here]
bq. I think the bigger question is do we want any security scaffolding in solr,
or is this something that should always be delegated elsewhere
In this case, it really boils down to generating a handful of wildcard queries,
it looks like, but in an MCF-specific way. I'm not sure this is, yet, a
pressing need to generalize a security framework within Solr, as it's _just_ a
Query generator.
Regarding the location of this capability - a Solr contrib works for me. It's
tricky business deciding where to put glue code between two projects (e.g. MCF
contains a Solr indexer, using this same logic, though, why shouldn't it also
be in a Solr contrib/mcf too?). Perhaps the real deciding factor is a
practical choice of where the maintainers of this best can work on it - and in
this case it'd be MCF so that that community can maintain it directly rather
than through JIRA patches and committers that aren't using MCF. But again
though, in this case I'm fine with it living in Solr contrib/mcf.
> ManifoldCF SearchComponent plugin for enforcing ManifoldCF security at search
> time
> ----------------------------------------------------------------------------------
>
> Key: SOLR-1895
> URL: https://issues.apache.org/jira/browse/SOLR-1895
> Project: Solr
> Issue Type: New Feature
> Components: SearchComponents - other
> Reporter: Karl Wright
> Labels: document, security, solr
> Fix For: 3.5, 4.0
>
> Attachments: LCFSecurityFilter.java, LCFSecurityFilter.java,
> LCFSecurityFilter.java, LCFSecurityFilter.java,
> SOLR-1895-service-plugin.patch, SOLR-1895-service-plugin.patch,
> SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch,
> SOLR-1895.patch, SOLR-1895.patch
>
>
> I've written an LCF SearchComponent which filters returned results based on
> access tokens provided by LCF's authority service. The component requires
> you to configure the appropriate authority service URL base, e.g.:
> <!-- LCF document security enforcement component -->
> <searchComponent name="lcfSecurity" class="LCFSecurityFilter">
> <str
> name="AuthorityServiceBaseURL">http://localhost:8080/lcf-authority-service</str>
> </searchComponent>
> Also required are the following schema.xml additions:
> <!-- Security fields -->
> <field name="allow_token_document" type="string" indexed="true"
> stored="false" multiValued="true"/>
> <field name="deny_token_document" type="string" indexed="true"
> stored="false" multiValued="true"/>
> <field name="allow_token_share" type="string" indexed="true"
> stored="false" multiValued="true"/>
> <field name="deny_token_share" type="string" indexed="true" stored="false"
> multiValued="true"/>
> Finally, to tie it into the standard request handler, it seems to need to run
> last:
> <requestHandler name="standard" class="solr.SearchHandler" default="true">
> <arr name="last-components">
> <str>lcfSecurity</str>
> </arr>
> ...
> I have not set a package for this code. Nor have I been able to get it
> reviewed by someone as conversant with Solr as I would prefer. It is my
> hope, however, that this module will become part of the standard Solr 1.5
> suite of search components, since that would tie it in with LCF nicely.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
