Karen Loughran wrote:
Hi all,
Is there any interest/activity for SOLR to provide a restricted view of an
index, making only certain fields available/public, depending on the identity
of the requesting client ? Certain information in our index is confidential
and should only be accessible to certain individuals/groups,
The standard solr server relies on your servlet container for
authentication/authorization. Using off the shelf stuff, you can use
the 'invariants' param to limit what fields are available for a given
handler. And then register different handlers to various paths with
path based authentication. Does this make sense?
You could also inject your authentication logic into custom
RequestHandlers, UpdateProcessors, and/or SearchComponents
ryan
