RE: User Authentication
We use CAS as well, and are also not using ZooKeeper/SolrCloud. We may move to SolrCloud after getting our current very-basic setup into production. We'll definitely take a look at the rule-based authorization plugin and see how we can leverage that. -Original Message- From: LeZotte, Tom [mailto:tom.lezo...@vanderbilt.edu] Sent: Monday, August 24, 2015 4:37 PM To: solr-user@lucene.apache.org Subject: Re: User Authentication Bosco, We use CAS for user authentication, not sure if we have Kerberos working anywhere. Also we are not using ZooKeeper, because we are only running one server currently. thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 On Aug 24, 2015, at 3:12 PM, Don Bosco Durai bo...@apache.orgmailto:bo...@apache.org wrote: Just curious, is Kerberos an option for you? If so, mostly all your 3 use cases will addressed. Bosco On 8/24/15, 12:18 PM, Steven White swhite4...@gmail.commailto:swhite4...@gmail.com wrote: Hi Noble, Is everything in the link you provided applicable to Solr 5.2.1? Thanks Steve On Mon, Aug 24, 2015 at 2:20 PM, Noble Paul noble.p...@gmail.commailto:noble.p...@gmail.com wrote: did you manage to look at the reference guide? https://cwiki.apache.org/confluence/display/solr/Securing+Solr On Mon, Aug 24, 2015 at 9:23 PM, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Alex I got a super secret release of Solr 5.3.1, wasn¹t suppose to say anything. Yes I¹m running 5.2.1, I will check out the release notes for 5.3. Was looking for three types of user authentication, I guess. 1. the Admin Console 2. User auth for each Core ( and select and update) on a server. 3. HTML interface access (example: ajax-solr https://github.com/evolvingweb/ajax-solr) Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 On Aug 24, 2015, at 10:05 AM, Alexandre Rafalovitch arafa...@gmail.commailto:arafa...@gmail.com mailto:arafa...@gmail.com wrote: Thanks for the email from the future. It is good to start to prepare for 5.3.1 now that 5.3 is nearly out. Joking aside (and assuming Solr 5.2.1), what exactly are you trying to achieve? Solr should not actually be exposed to the users directly. It should be hiding in a backend only visible to your middleware. If you are looking for a HTML interface that talks directly to Solr after authentication, that's not the right way to set it up. That said, some security features are being rolled out and you should definitely check the release notes for the 5.3. Regards, Alex. Solr Analyzers, Tokenizers, Filters, URPs and even a newsletter: http://www.solr-start.com/ On 24 August 2015 at 10:01, LeZotte, Tom tom.lezo...@vanderbilt.edumailto:tom.lezo...@vanderbilt.edu wrote: Hi Solr Community I have been trying to add user authentication to our Solr 5.3.1 RedHat install. I¹ve found some examples on user authentication on the Jetty side. But they have failed. Does any one have a step by step example on authentication for the admin screen? And a core? Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 -- - Noble Paul
Re: User Authentication
You might have to use 5.3 when it is publicly available. It supports Basic Auth. But based on my understanding for the authentication/authorization framework implemented in 5.2, you need to use Solr Cloud/Zookeeper for configuring the plugins. Noble, Anshum or Ishan can confirm it. They are original authors for these features. Thanks Bosco On 8/24/15, 2:30 PM, Steven White swhite4...@gmail.com wrote: For my project, Keberos is not a requirement. What I need is: 1) Basic Auth to Solr server (at all access levels) 2) SSL support My setup is not using ZK, it's a single core. Steve On Mon, Aug 24, 2015 at 4:12 PM, Don Bosco Durai bo...@apache.org wrote: Just curious, is Kerberos an option for you? If so, mostly all your 3 use cases will addressed. Bosco On 8/24/15, 12:18 PM, Steven White swhite4...@gmail.com wrote: Hi Noble, Is everything in the link you provided applicable to Solr 5.2.1? Thanks Steve On Mon, Aug 24, 2015 at 2:20 PM, Noble Paul noble.p...@gmail.com wrote: did you manage to look at the reference guide? https://cwiki.apache.org/confluence/display/solr/Securing+Solr On Mon, Aug 24, 2015 at 9:23 PM, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Alex I got a super secret release of Solr 5.3.1, wasn¹t suppose to say anything. Yes I¹m running 5.2.1, I will check out the release notes for 5.3. Was looking for three types of user authentication, I guess. 1. the Admin Console 2. User auth for each Core ( and select and update) on a server. 3. HTML interface access (example: ajax-solr https://github.com/evolvingweb/ajax-solr) Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 On Aug 24, 2015, at 10:05 AM, Alexandre Rafalovitch arafa...@gmail.com mailto:arafa...@gmail.com wrote: Thanks for the email from the future. It is good to start to prepare for 5.3.1 now that 5.3 is nearly out. Joking aside (and assuming Solr 5.2.1), what exactly are you trying to achieve? Solr should not actually be exposed to the users directly. It should be hiding in a backend only visible to your middleware. If you are looking for a HTML interface that talks directly to Solr after authentication, that's not the right way to set it up. That said, some security features are being rolled out and you should definitely check the release notes for the 5.3. Regards, Alex. Solr Analyzers, Tokenizers, Filters, URPs and even a newsletter: http://www.solr-start.com/ On 24 August 2015 at 10:01, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Hi Solr Community I have been trying to add user authentication to our Solr 5.3.1 RedHat install. I¹ve found some examples on user authentication on the Jetty side. But they have failed. Does any one have a step by step example on authentication for the admin screen? And a core? Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 -- - Noble Paul
User Authentication
Hi Solr Community I have been trying to add user authentication to our Solr 5.3.1 RedHat install. I’ve found some examples on user authentication on the Jetty side. But they have failed. Does any one have a step by step example on authentication for the admin screen? And a core? Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830
Re: User Authentication
Thanks for the email from the future. It is good to start to prepare for 5.3.1 now that 5.3 is nearly out. Joking aside (and assuming Solr 5.2.1), what exactly are you trying to achieve? Solr should not actually be exposed to the users directly. It should be hiding in a backend only visible to your middleware. If you are looking for a HTML interface that talks directly to Solr after authentication, that's not the right way to set it up. That said, some security features are being rolled out and you should definitely check the release notes for the 5.3. Regards, Alex. Solr Analyzers, Tokenizers, Filters, URPs and even a newsletter: http://www.solr-start.com/ On 24 August 2015 at 10:01, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Hi Solr Community I have been trying to add user authentication to our Solr 5.3.1 RedHat install. I’ve found some examples on user authentication on the Jetty side. But they have failed. Does any one have a step by step example on authentication for the admin screen? And a core? Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830
Re: User Authentication
Alex I got a super secret release of Solr 5.3.1, wasn’t suppose to say anything. Yes I’m running 5.2.1, I will check out the release notes for 5.3. Was looking for three types of user authentication, I guess. 1. the Admin Console 2. User auth for each Core ( and select and update) on a server. 3. HTML interface access (example: ajax-solrhttps://github.com/evolvingweb/ajax-solr) Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 On Aug 24, 2015, at 10:05 AM, Alexandre Rafalovitch arafa...@gmail.commailto:arafa...@gmail.com wrote: Thanks for the email from the future. It is good to start to prepare for 5.3.1 now that 5.3 is nearly out. Joking aside (and assuming Solr 5.2.1), what exactly are you trying to achieve? Solr should not actually be exposed to the users directly. It should be hiding in a backend only visible to your middleware. If you are looking for a HTML interface that talks directly to Solr after authentication, that's not the right way to set it up. That said, some security features are being rolled out and you should definitely check the release notes for the 5.3. Regards, Alex. Solr Analyzers, Tokenizers, Filters, URPs and even a newsletter: http://www.solr-start.com/ On 24 August 2015 at 10:01, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Hi Solr Community I have been trying to add user authentication to our Solr 5.3.1 RedHat install. I’ve found some examples on user authentication on the Jetty side. But they have failed. Does any one have a step by step example on authentication for the admin screen? And a core? Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830
Re: User Authentication
did you manage to look at the reference guide? https://cwiki.apache.org/confluence/display/solr/Securing+Solr On Mon, Aug 24, 2015 at 9:23 PM, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Alex I got a super secret release of Solr 5.3.1, wasn’t suppose to say anything. Yes I’m running 5.2.1, I will check out the release notes for 5.3. Was looking for three types of user authentication, I guess. 1. the Admin Console 2. User auth for each Core ( and select and update) on a server. 3. HTML interface access (example: ajax-solrhttps://github.com/evolvingweb/ajax-solr) Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 On Aug 24, 2015, at 10:05 AM, Alexandre Rafalovitch arafa...@gmail.commailto:arafa...@gmail.com wrote: Thanks for the email from the future. It is good to start to prepare for 5.3.1 now that 5.3 is nearly out. Joking aside (and assuming Solr 5.2.1), what exactly are you trying to achieve? Solr should not actually be exposed to the users directly. It should be hiding in a backend only visible to your middleware. If you are looking for a HTML interface that talks directly to Solr after authentication, that's not the right way to set it up. That said, some security features are being rolled out and you should definitely check the release notes for the 5.3. Regards, Alex. Solr Analyzers, Tokenizers, Filters, URPs and even a newsletter: http://www.solr-start.com/ On 24 August 2015 at 10:01, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Hi Solr Community I have been trying to add user authentication to our Solr 5.3.1 RedHat install. I’ve found some examples on user authentication on the Jetty side. But they have failed. Does any one have a step by step example on authentication for the admin screen? And a core? Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 -- - Noble Paul
Re: User Authentication
Hi Noble, Is everything in the link you provided applicable to Solr 5.2.1? Thanks Steve On Mon, Aug 24, 2015 at 2:20 PM, Noble Paul noble.p...@gmail.com wrote: did you manage to look at the reference guide? https://cwiki.apache.org/confluence/display/solr/Securing+Solr On Mon, Aug 24, 2015 at 9:23 PM, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Alex I got a super secret release of Solr 5.3.1, wasn’t suppose to say anything. Yes I’m running 5.2.1, I will check out the release notes for 5.3. Was looking for three types of user authentication, I guess. 1. the Admin Console 2. User auth for each Core ( and select and update) on a server. 3. HTML interface access (example: ajax-solr https://github.com/evolvingweb/ajax-solr) Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 On Aug 24, 2015, at 10:05 AM, Alexandre Rafalovitch arafa...@gmail.com mailto:arafa...@gmail.com wrote: Thanks for the email from the future. It is good to start to prepare for 5.3.1 now that 5.3 is nearly out. Joking aside (and assuming Solr 5.2.1), what exactly are you trying to achieve? Solr should not actually be exposed to the users directly. It should be hiding in a backend only visible to your middleware. If you are looking for a HTML interface that talks directly to Solr after authentication, that's not the right way to set it up. That said, some security features are being rolled out and you should definitely check the release notes for the 5.3. Regards, Alex. Solr Analyzers, Tokenizers, Filters, URPs and even a newsletter: http://www.solr-start.com/ On 24 August 2015 at 10:01, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Hi Solr Community I have been trying to add user authentication to our Solr 5.3.1 RedHat install. I’ve found some examples on user authentication on the Jetty side. But they have failed. Does any one have a step by step example on authentication for the admin screen? And a core? Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 -- - Noble Paul
Re: User Authentication
For my project, Keberos is not a requirement. What I need is: 1) Basic Auth to Solr server (at all access levels) 2) SSL support My setup is not using ZK, it's a single core. Steve On Mon, Aug 24, 2015 at 4:12 PM, Don Bosco Durai bo...@apache.org wrote: Just curious, is Kerberos an option for you? If so, mostly all your 3 use cases will addressed. Bosco On 8/24/15, 12:18 PM, Steven White swhite4...@gmail.com wrote: Hi Noble, Is everything in the link you provided applicable to Solr 5.2.1? Thanks Steve On Mon, Aug 24, 2015 at 2:20 PM, Noble Paul noble.p...@gmail.com wrote: did you manage to look at the reference guide? https://cwiki.apache.org/confluence/display/solr/Securing+Solr On Mon, Aug 24, 2015 at 9:23 PM, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Alex I got a super secret release of Solr 5.3.1, wasn¹t suppose to say anything. Yes I¹m running 5.2.1, I will check out the release notes for 5.3. Was looking for three types of user authentication, I guess. 1. the Admin Console 2. User auth for each Core ( and select and update) on a server. 3. HTML interface access (example: ajax-solr https://github.com/evolvingweb/ajax-solr) Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 On Aug 24, 2015, at 10:05 AM, Alexandre Rafalovitch arafa...@gmail.com mailto:arafa...@gmail.com wrote: Thanks for the email from the future. It is good to start to prepare for 5.3.1 now that 5.3 is nearly out. Joking aside (and assuming Solr 5.2.1), what exactly are you trying to achieve? Solr should not actually be exposed to the users directly. It should be hiding in a backend only visible to your middleware. If you are looking for a HTML interface that talks directly to Solr after authentication, that's not the right way to set it up. That said, some security features are being rolled out and you should definitely check the release notes for the 5.3. Regards, Alex. Solr Analyzers, Tokenizers, Filters, URPs and even a newsletter: http://www.solr-start.com/ On 24 August 2015 at 10:01, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Hi Solr Community I have been trying to add user authentication to our Solr 5.3.1 RedHat install. I¹ve found some examples on user authentication on the Jetty side. But they have failed. Does any one have a step by step example on authentication for the admin screen? And a core? Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 -- - Noble Paul
Re: User Authentication
Just curious, is Kerberos an option for you? If so, mostly all your 3 use cases will addressed. Bosco On 8/24/15, 12:18 PM, Steven White swhite4...@gmail.com wrote: Hi Noble, Is everything in the link you provided applicable to Solr 5.2.1? Thanks Steve On Mon, Aug 24, 2015 at 2:20 PM, Noble Paul noble.p...@gmail.com wrote: did you manage to look at the reference guide? https://cwiki.apache.org/confluence/display/solr/Securing+Solr On Mon, Aug 24, 2015 at 9:23 PM, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Alex I got a super secret release of Solr 5.3.1, wasn¹t suppose to say anything. Yes I¹m running 5.2.1, I will check out the release notes for 5.3. Was looking for three types of user authentication, I guess. 1. the Admin Console 2. User auth for each Core ( and select and update) on a server. 3. HTML interface access (example: ajax-solr https://github.com/evolvingweb/ajax-solr) Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 On Aug 24, 2015, at 10:05 AM, Alexandre Rafalovitch arafa...@gmail.com mailto:arafa...@gmail.com wrote: Thanks for the email from the future. It is good to start to prepare for 5.3.1 now that 5.3 is nearly out. Joking aside (and assuming Solr 5.2.1), what exactly are you trying to achieve? Solr should not actually be exposed to the users directly. It should be hiding in a backend only visible to your middleware. If you are looking for a HTML interface that talks directly to Solr after authentication, that's not the right way to set it up. That said, some security features are being rolled out and you should definitely check the release notes for the 5.3. Regards, Alex. Solr Analyzers, Tokenizers, Filters, URPs and even a newsletter: http://www.solr-start.com/ On 24 August 2015 at 10:01, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Hi Solr Community I have been trying to add user authentication to our Solr 5.3.1 RedHat install. I¹ve found some examples on user authentication on the Jetty side. But they have failed. Does any one have a step by step example on authentication for the admin screen? And a core? Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 -- - Noble Paul
Re: User Authentication
Bosco, We use CAS for user authentication, not sure if we have Kerberos working anywhere. Also we are not using ZooKeeper, because we are only running one server currently. thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 On Aug 24, 2015, at 3:12 PM, Don Bosco Durai bo...@apache.orgmailto:bo...@apache.org wrote: Just curious, is Kerberos an option for you? If so, mostly all your 3 use cases will addressed. Bosco On 8/24/15, 12:18 PM, Steven White swhite4...@gmail.commailto:swhite4...@gmail.com wrote: Hi Noble, Is everything in the link you provided applicable to Solr 5.2.1? Thanks Steve On Mon, Aug 24, 2015 at 2:20 PM, Noble Paul noble.p...@gmail.commailto:noble.p...@gmail.com wrote: did you manage to look at the reference guide? https://cwiki.apache.org/confluence/display/solr/Securing+Solr On Mon, Aug 24, 2015 at 9:23 PM, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Alex I got a super secret release of Solr 5.3.1, wasn¹t suppose to say anything. Yes I¹m running 5.2.1, I will check out the release notes for 5.3. Was looking for three types of user authentication, I guess. 1. the Admin Console 2. User auth for each Core ( and select and update) on a server. 3. HTML interface access (example: ajax-solr https://github.com/evolvingweb/ajax-solr) Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 On Aug 24, 2015, at 10:05 AM, Alexandre Rafalovitch arafa...@gmail.commailto:arafa...@gmail.com mailto:arafa...@gmail.com wrote: Thanks for the email from the future. It is good to start to prepare for 5.3.1 now that 5.3 is nearly out. Joking aside (and assuming Solr 5.2.1), what exactly are you trying to achieve? Solr should not actually be exposed to the users directly. It should be hiding in a backend only visible to your middleware. If you are looking for a HTML interface that talks directly to Solr after authentication, that's not the right way to set it up. That said, some security features are being rolled out and you should definitely check the release notes for the 5.3. Regards, Alex. Solr Analyzers, Tokenizers, Filters, URPs and even a newsletter: http://www.solr-start.com/ On 24 August 2015 at 10:01, LeZotte, Tom tom.lezo...@vanderbilt.edumailto:tom.lezo...@vanderbilt.edu wrote: Hi Solr Community I have been trying to add user authentication to our Solr 5.3.1 RedHat install. I¹ve found some examples on user authentication on the Jetty side. But they have failed. Does any one have a step by step example on authentication for the admin screen? And a core? Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 -- - Noble Paul
Re: User Authentication
no. Most of it is in Solr 5.3 On Tue, Aug 25, 2015 at 12:48 AM, Steven White swhite4...@gmail.com wrote: Hi Noble, Is everything in the link you provided applicable to Solr 5.2.1? Thanks Steve On Mon, Aug 24, 2015 at 2:20 PM, Noble Paul noble.p...@gmail.com wrote: did you manage to look at the reference guide? https://cwiki.apache.org/confluence/display/solr/Securing+Solr On Mon, Aug 24, 2015 at 9:23 PM, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Alex I got a super secret release of Solr 5.3.1, wasn’t suppose to say anything. Yes I’m running 5.2.1, I will check out the release notes for 5.3. Was looking for three types of user authentication, I guess. 1. the Admin Console 2. User auth for each Core ( and select and update) on a server. 3. HTML interface access (example: ajax-solr https://github.com/evolvingweb/ajax-solr) Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 On Aug 24, 2015, at 10:05 AM, Alexandre Rafalovitch arafa...@gmail.com mailto:arafa...@gmail.com wrote: Thanks for the email from the future. It is good to start to prepare for 5.3.1 now that 5.3 is nearly out. Joking aside (and assuming Solr 5.2.1), what exactly are you trying to achieve? Solr should not actually be exposed to the users directly. It should be hiding in a backend only visible to your middleware. If you are looking for a HTML interface that talks directly to Solr after authentication, that's not the right way to set it up. That said, some security features are being rolled out and you should definitely check the release notes for the 5.3. Regards, Alex. Solr Analyzers, Tokenizers, Filters, URPs and even a newsletter: http://www.solr-start.com/ On 24 August 2015 at 10:01, LeZotte, Tom tom.lezo...@vanderbilt.edu wrote: Hi Solr Community I have been trying to add user authentication to our Solr 5.3.1 RedHat install. I’ve found some examples on user authentication on the Jetty side. But they have failed. Does any one have a step by step example on authentication for the admin screen? And a core? Thanks Tom LeZotte Health I.T. - Senior Product Developer (p) 615-875-8830 -- - Noble Paul -- - Noble Paul
Restricting results based on user authentication
Hi, I am using DIH feature of Solr for indexing a database. I am using Solr server and it is independent of my web application. I send a http request for searching and then process the returned result. Now we have a requirement that we have to filter the results further based on security level restrictions? For example, user id abc should not be allowed to see a particular result. How could we achieve that? I followed,http://www.nabble.com/Restricted-views-of-an-index-td15088750.html#a15090791 It suggests something like - Add a role or access class to each indexed item, then use that in the queries, probably in a filter specified in a request handler. That keeps the definition of the filter within Solr. For example, you can create a request handler named admin, a field named role, and add a filter of role:admin. I could not follow this solution. Is there any example or resource that explains how to use custom request handler with filtering? Thanks, Manu -- View this message in context: http://www.nabble.com/Restricting-results-based-on-user-authentication-tp21411449p21411449.html Sent from the Solr - User mailing list archive at Nabble.com.
Re: Restricting results based on user authentication
Hi Manu, I haven't made a custom request handler in a while, but I want to clarify that, if you trust your application code, you don't actually need a custom request handler to do this sort of authentication filtering. At indexing time, you can add a role field to each object that you index, as described in the thread. At query time, you could simply have your application code add an appropriate filter query to each Solr request. So, if you're using the standard XML query interface, instead of sending URLs like http://.../solr/select?q=foo... you can have your application code send URLs like http://.../solr/select?q=foofq=role:admin... If I understand the custom request handler approach, then it basically amounts to the same thing as the above; the only difference is that the filter query gets added internally by Solr, rather than at the application level. Sorry if you already understand all this; I'm throwing these comments out just in case. Cheers, Chris On Mon, Jan 12, 2009 at 1:54 AM, Manupriya manupriya.si...@gmail.com wrote: Hi, I am using DIH feature of Solr for indexing a database. I am using Solr server and it is independent of my web application. I send a http request for searching and then process the returned result. Now we have a requirement that we have to filter the results further based on security level restrictions? For example, user id abc should not be allowed to see a particular result. How could we achieve that? I followed,http://www.nabble.com/Restricted-views-of-an-index-td15088750.html#a15090791 It suggests something like - Add a role or access class to each indexed item, then use that in the queries, probably in a filter specified in a request handler. That keeps the definition of the filter within Solr. For example, you can create a request handler named admin, a field named role, and add a filter of role:admin. I could not follow this solution. Is there any example or resource that explains how to use custom request handler with filtering? Thanks, Manu -- View this message in context: http://www.nabble.com/Restricting-results-based-on-user-authentication-tp21411449p21411449.html Sent from the Solr - User mailing list archive at Nabble.com.
Re: Restricting results based on user authentication
Thanks Chris, I agree with your approach. I also dont want to add anything at the application level. I want authentication to be handled internally at the Solr level itself. Can you please explain me little more about how to add a role field to each object at indexing time? Is there any resource/example available explaining this? Thank, Manu ryguasu wrote: Hi Manu, I haven't made a custom request handler in a while, but I want to clarify that, if you trust your application code, you don't actually need a custom request handler to do this sort of authentication filtering. At indexing time, you can add a role field to each object that you index, as described in the thread. At query time, you could simply have your application code add an appropriate filter query to each Solr request. So, if you're using the standard XML query interface, instead of sending URLs like http://.../solr/select?q=foo... you can have your application code send URLs like http://.../solr/select?q=foofq=role:admin... If I understand the custom request handler approach, then it basically amounts to the same thing as the above; the only difference is that the filter query gets added internally by Solr, rather than at the application level. Sorry if you already understand all this; I'm throwing these comments out just in case. Cheers, Chris On Mon, Jan 12, 2009 at 1:54 AM, Manupriya manupriya.si...@gmail.com wrote: Hi, I am using DIH feature of Solr for indexing a database. I am using Solr server and it is independent of my web application. I send a http request for searching and then process the returned result. Now we have a requirement that we have to filter the results further based on security level restrictions? For example, user id abc should not be allowed to see a particular result. How could we achieve that? I followed,http://www.nabble.com/Restricted-views-of-an-index-td15088750.html#a15090791 It suggests something like - Add a role or access class to each indexed item, then use that in the queries, probably in a filter specified in a request handler. That keeps the definition of the filter within Solr. For example, you can create a request handler named admin, a field named role, and add a filter of role:admin. I could not follow this solution. Is there any example or resource that explains how to use custom request handler with filtering? Thanks, Manu -- View this message in context: http://www.nabble.com/Restricting-results-based-on-user-authentication-tp21411449p21411449.html Sent from the Solr - User mailing list archive at Nabble.com. -- View this message in context: http://www.nabble.com/Restricting-results-based-on-user-authentication-tp21411449p21429723.html Sent from the Solr - User mailing list archive at Nabble.com.
Re: Restricting results based on user authentication
On Mon, Jan 12, 2009 at 9:31 PM, Manupriya manupriya.si...@gmail.com wrote: Thanks Chris, I agree with your approach. I also dont want to add anything at the application level. I want authentication to be handled internally at the Solr level itself. The application layer needs to be involved somehow, right, because I assume the application level is the code that knows what the current user id is. I'm not clear exactly what you want to keep out of the application level. In any case, if you don't like the idea of the application layer adding a filter query, I think I'll defer to people with more expertise on what your options are. Can you please explain me little more about how to add a role field to each object at indexing time? Is there any resource/example available explaining this? You mentioned you're using the DataImportHandler. If your data source is a single SQL table, the easiest approach might be to add a role column to that table, and populate it appropriately for each object. (How to do this of course depends on your application.) If your data import code joins multiple tables, you'd need to think about which table would be most appropriate for storing the role data. Or perhaps your select statement could fill out a role based on testing values of other fields; in SQL Server anyway you can write something that looks more or less like this (the real syntax is slightly different): SELECT OrderID, Date, Company, CASE Company = 'CIA' THEN 'admin' ELSE 'user' END CASE as Role (The idea here is to require admin access to view orders from the CIA.) Thank, Manu ryguasu wrote: Hi Manu, I haven't made a custom request handler in a while, but I want to clarify that, if you trust your application code, you don't actually need a custom request handler to do this sort of authentication filtering. At indexing time, you can add a role field to each object that you index, as described in the thread. At query time, you could simply have your application code add an appropriate filter query to each Solr request. So, if you're using the standard XML query interface, instead of sending URLs like http://.../solr/select?q=foo... you can have your application code send URLs like http://.../solr/select?q=foofq=role:admin... If I understand the custom request handler approach, then it basically amounts to the same thing as the above; the only difference is that the filter query gets added internally by Solr, rather than at the application level. Sorry if you already understand all this; I'm throwing these comments out just in case. Cheers, Chris On Mon, Jan 12, 2009 at 1:54 AM, Manupriya manupriya.si...@gmail.com wrote: Hi, I am using DIH feature of Solr for indexing a database. I am using Solr server and it is independent of my web application. I send a http request for searching and then process the returned result. Now we have a requirement that we have to filter the results further based on security level restrictions? For example, user id abc should not be allowed to see a particular result. How could we achieve that? I followed,http://www.nabble.com/Restricted-views-of-an-index-td15088750.html#a15090791 It suggests something like - Add a role or access class to each indexed item, then use that in the queries, probably in a filter specified in a request handler. That keeps the definition of the filter within Solr. For example, you can create a request handler named admin, a field named role, and add a filter of role:admin. I could not follow this solution. Is there any example or resource that explains how to use custom request handler with filtering? Thanks, Manu