Hello developers, Two weeks ago I created a JIRA issue ( https://issues.apache.org/jira/browse/SOLR-1834) involving document level security in Apache Solr and submitted a patch containing a search component that can be seen as a starting point for making Solr handle document level security. I believe that document security is an essential part of an enterprise search engine and I hope that this contribution can start a discussion about how this should be handled in Solr (possibly in conjunction with the Lucene Connector Framework).
As this contribution shows I would like to help to develop the security capabilities of Solr together with the community because I believe that it will improve Solr’s appeal to large enterprises. Moreover I think that most of us believe that a transparent security system will in the end give rise to the best security. I hope some of you can take the time to look at the patch, try it out and think about: 1) 1. Should this be a contrib module in Solr? (And if so, what needs to be done to contribute it?) 2) 2. Should document level security be a core feature in Solr? (And if so, what is the best way to integrate it into Solr?) 3) 3. How can this integrate with connectors like the Lucene Connector Framework? I.e. how do you create a uniform way to talk about Access Control Lists (http://en.wikipedia.org/wiki/Access_control_list). P.s (for the nerdy) I have some ideas about putting the security deeper into Solr, perhaps by creating a secure SolrIndexReader and a secure SolrIndexSearcher that are fed user credentials from a search component. What do you think about this? As I understand it, currently it’s possible to declare your own SolrIndexReader but not your own SolrIndexSearcher. Best regards, Anders Rask anders.r...@findwise.se
