Hi we are extending SearchHandler to provide a custom search request handler. Basically we've added NamedLists called allowed , whiteList, maxMinList etc.
These look like the default, append and invariant namedLists in the standard search handler config. In handleRequestBody we then remove params not listed in the allowed named list, white list values as per the white list and so on. The idea is to have a "safe" request handler which the big bad world could be exposed to. I'm worried. What have we missed that a front end app could give us ? Also removing params in SolrParams is a bit clunky. We are basically converting SolrParams into NamedList processing a new NamedList from this and then .setParams(SolrParams.toSolrParams(nlNew)) Is their a better way? In particular namedLists are not set up for key look ups... Anyway basically is having a custom request handler doing the above the way to go ? Cheers
