----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/42612/#review119348 -----------------------------------------------------------
sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java (line 107) <https://reviews.apache.org/r/42612/#comment180665> If user is super user, does not need to add filter? Could you add comments here? sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java (line 117) <https://reviews.apache.org/r/42612/#comment180661> Could you add more comments on this method? It is very long. sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java (line 118) <https://reviews.apache.org/r/42612/#comment180667> How about superusers case in prepare, since there is no adding of AddDocIdReturnFields if are superusers there? sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java (line 142) <https://reviews.apache.org/r/42612/#comment180664> Check for null pointer here? sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java (line 165) <https://reviews.apache.org/r/42612/#comment180659> Spaces. sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java (line 38) <https://reviews.apache.org/r/42612/#comment180663> Could you explain why this is the case? sentry-tests/sentry-tests-solr/src/test/resources/solr/collection1/conf/solrconfig-doclevel.xml (line 1364) <https://reviews.apache.org/r/42612/#comment180660> Remove extra spaces. Same as other places. - Hao Hao On Jan. 21, 2016, 8:02 p.m., Gregory Chanan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/42612/ > ----------------------------------------------------------- > > (Updated Jan. 21, 2016, 8:02 p.m.) > > > Review request for sentry, Hao Hao and Vamsee Yarlagadda. > > > Repository: sentry > > > Description > ------- > > RealTimeGet just ignores filter queries currently in Solr (see SOLR-8436) > which is how document level security is implemented, so if you can guess the > document ids, you can access them. > > Since we probably don't want to wait for a solr version with SOLR-8436 to be > released, this is a "temporary" workaround and some necessary testing. > > At a high level this works as follows: > - Run the normal RealTimeGet component > - Filter the responses from the component through the Filter generated from > the doc-level component > > Most of this is low-level solr/lucene code; most of the meat is in the > testing (TestRealTimeGet.java). > > > Diffs > ----- > > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/SecureRealTimeGetHandler.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java > 371787df69cfe8ef891eb1760b32f93f0a1110ec > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/SecureRealTimeGetComponent.java > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java > 2495a9eecc00e8de4b297022625b33a98ad7323a > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/DocLevelGenerator.java > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java > ff508e12898ab0bf9e79f0cc8e1108e4a5ef82ad > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestRealTimeGet.java > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/resources/solr/collection1/conf/schema.xml > 66449ffe59b459352f8a735a208f020e48f0d9b4 > > sentry-tests/sentry-tests-solr/src/test/resources/solr/collection1/conf/solrconfig-doclevel.xml > 4459c0d04c62aa39c096da0faba7ff04fc2bf21b > > sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini > bccc63eeeab503f7e5d3655771eb0c7bef926bba > > Diff: https://reviews.apache.org/r/42612/diff/ > > > Testing > ------- > > Ran the unit tests. > > > Thanks, > > Gregory Chanan > >
