Thanks Chris, I agree with your approach. I also dont want to add anything at the application level. I want authentication to be handled internally at the Solr level itself.
Can you please explain me little more about how to add a "role" field to each object at indexing time? Is there any resource/example available explaining this? Thank, Manu ryguasu wrote: > > Hi Manu, > > I haven't made a custom request handler in a while, but I want to > clarify that, if you trust your application code, you don't actually > need a custom request handler to do this sort of authentication > filtering. At indexing time, you can add a "role" field to each object > that you index, as described in the thread. At query time, you could > simply have your application code add an appropriate filter query to > each Solr request. So, if you're using the standard XML query > interface, instead of sending URLs like > > http://.../solr/select?q=foo... > > you can have your application code send URLs like > > http://.../solr/select?q=foo&fq=role:admin... > > If I understand the custom request handler approach, then it basically > amounts to the same thing as the above; the only difference is that > the filter query gets added internally by Solr, rather than at the > application level. > > Sorry if you already understand all this; I'm throwing these comments > out just in case. > > Cheers, > Chris > > On Mon, Jan 12, 2009 at 1:54 AM, Manupriya <manupriya.si...@gmail.com> > wrote: >> >> Hi, >> >> I am using DIH feature of Solr for indexing a database. I am using Solr >> server and it is independent of my web application. I send a http request >> for searching and then process the returned result. >> >> Now we have a requirement that we have to filter the results further >> based >> on security level restrictions? For example, user id abc should not be >> allowed to see a particular result. How could we achieve that? >> >> I >> followed,http://www.nabble.com/Restricted-views-of-an-index-td15088750.html#a15090791 >> It suggests something like - >> "Add a role or access class to each indexed item, then use that in the >> queries, probably in a filter specified in a request handler. That keeps >> the definition of the filter within Solr. >> For example, you can create a request handler named "admin", a field >> named >> "role", and add a filter of "role:admin". " >> >> I could not follow this solution. Is there any example or resource that >> explains how to use custom request handler with filtering? >> >> Thanks, >> Manu >> >> >> >> -- >> View this message in context: >> http://www.nabble.com/Restricting-results-based-on-user-authentication-tp21411449p21411449.html >> Sent from the Solr - User mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://www.nabble.com/Restricting-results-based-on-user-authentication-tp21411449p21429723.html Sent from the Solr - User mailing list archive at Nabble.com.
