SOLR and secure content
Hi, We are currently investigating how to setup a correct solr server for our goals. The problem i'm running into is how to design the solr setup so that we can check if a user is authenticated for viewing the document. Let me explain the situation. We have a website with some pages and documents which are accesible by everyone (Public). We also have some sort of extranet, thse pages and documents are not accesible for everyone. In this extranet we have different user groups. Acces is defined by the user group. What i'm looking for is some sort of best practices to design/configure solr setup for this situation. I searched the internet but could find any examples or documentation for this situation. Maybe i'm not looking for the right documentation, that why i post this message. Can someone give me some information for this. Regards, Jos -- View this message in context: http://lucene.472066.n3.nabble.com/SOLR-and-secure-content-tp1945028p1945028.html Sent from the Solr - User mailing list archive at Nabble.com.
Re: SOLR and secure content
Hi, We plan to make an application layer in PHP which will communicate to the solr server. Direct calls will only be made for administration purposes only. regards, jos -- View this message in context: http://lucene.472066.n3.nabble.com/SOLR-and-secure-content-tp1945028p1947970.html Sent from the Solr - User mailing list archive at Nabble.com.
Re: SOLR and secure content
Hi everyone, This is how we think we should set it up. Situation: - Multiple websites indexed on 1 solr server - Results should be seperated for each website - Search results should be filtered on group access Solution i think is possible with solr: - Solr server should only be accesed through API which we will write in PHP. - Solr server authentication wil be defined through IP adres on server side and username and password will be send through API for each different website. - Extra document fields in Solr server will contain: 1. Website Hash to identify and filter results fo each different website (Website authentication) 2. list of groups who can access the document (Group authentication) When making a query these fields should be required. Is it possible to configure handlers on the solr server so that these field are required whith each type of query? So for adding documents, deleting and querying? Am i correct? Any further advice is welcome. regard, Jos -- View this message in context: http://lucene.472066.n3.nabble.com/SOLR-and-secure-content-tp1945028p1953071.html Sent from the Solr - User mailing list archive at Nabble.com.
Re: SOLR and secure content
The setup of multiple cores is a good option, thanks for the advice. I agree the "required" field should be in the application layer, but i also think some "error" handling should come from the Solr server to prevent incorrect usage. If i only knew how to do this for each request. Regards, Jos -- View this message in context: http://lucene.472066.n3.nabble.com/SOLR-and-secure-content-tp1945028p1953726.html Sent from the Solr - User mailing list archive at Nabble.com.
Re: SOLR and secure content
Dennis, We will we serving the content to de indexed websites. As i wrote we will be looking into setting up different cores, 1 core for each website. This wil make sure the content is sperated for each individual indexed website. The so called "error" handling is only needed, in case of bad programming on the client side, to make sure the response/result won't contain content that should not be returned with those parameters. i hope this clarifies my goal. regards, jos -- View this message in context: http://lucene.472066.n3.nabble.com/SOLR-and-secure-content-tp1945028p1956807.html Sent from the Solr - User mailing list archive at Nabble.com.
