On Mon, Jan 12, 2009 at 9:31 PM, Manupriya <manupriya.si...@gmail.com> wrote: > > Thanks Chris, > > I agree with your approach. I also dont want to add anything at the > application level. I want authentication to be handled internally at the > Solr level itself.
The application layer needs to be involved somehow, right, because I assume the application level is the code that knows what the current user id is. I'm not clear exactly what you want to keep out of the application level. In any case, if you don't like the idea of the application layer adding a filter query, I think I'll defer to people with more expertise on what your options are. > Can you please explain me little more about how to add a "role" field to > each object at indexing time? Is there any resource/example available > explaining this? You mentioned you're using the DataImportHandler. If your data source is a single SQL table, the easiest approach might be to add a "role" column to that table, and populate it appropriately for each object. (How to do this of course depends on your application.) If your data import code joins multiple tables, you'd need to think about which table would be most appropriate for storing the role data. Or perhaps your select statement could fill out a role based on testing values of other fields; in SQL Server anyway you can write something that looks more or less like this (the real syntax is slightly different): SELECT OrderID, Date, Company, CASE Company = 'CIA' THEN 'admin' ELSE 'user' END CASE as Role (The idea here is to require admin access to view orders from the CIA.) > > Thank, > Manu > > > ryguasu wrote: >> >> Hi Manu, >> >> I haven't made a custom request handler in a while, but I want to >> clarify that, if you trust your application code, you don't actually >> need a custom request handler to do this sort of authentication >> filtering. At indexing time, you can add a "role" field to each object >> that you index, as described in the thread. At query time, you could >> simply have your application code add an appropriate filter query to >> each Solr request. So, if you're using the standard XML query >> interface, instead of sending URLs like >> >> http://.../solr/select?q=foo... >> >> you can have your application code send URLs like >> >> http://.../solr/select?q=foo&fq=role:admin... >> >> If I understand the custom request handler approach, then it basically >> amounts to the same thing as the above; the only difference is that >> the filter query gets added internally by Solr, rather than at the >> application level. >> >> Sorry if you already understand all this; I'm throwing these comments >> out just in case. >> >> Cheers, >> Chris >> >> On Mon, Jan 12, 2009 at 1:54 AM, Manupriya <manupriya.si...@gmail.com> >> wrote: >>> >>> Hi, >>> >>> I am using DIH feature of Solr for indexing a database. I am using Solr >>> server and it is independent of my web application. I send a http request >>> for searching and then process the returned result. >>> >>> Now we have a requirement that we have to filter the results further >>> based >>> on security level restrictions? For example, user id abc should not be >>> allowed to see a particular result. How could we achieve that? >>> >>> I >>> followed,http://www.nabble.com/Restricted-views-of-an-index-td15088750.html#a15090791 >>> It suggests something like - >>> "Add a role or access class to each indexed item, then use that in the >>> queries, probably in a filter specified in a request handler. That keeps >>> the definition of the filter within Solr. >>> For example, you can create a request handler named "admin", a field >>> named >>> "role", and add a filter of "role:admin". " >>> >>> I could not follow this solution. Is there any example or resource that >>> explains how to use custom request handler with filtering? >>> >>> Thanks, >>> Manu
