We're using Apache with mod_auth_sspi, mod_rewrite and mod_proxy to handle authentication and (limited) parameter validation. On the inside, we have a wrapper process that builds filters for document-level security based on the user's identity/identities and groups, does some more parameter validation and adds filters for content that we may have temporarily blocked (typically, because somebody has found content with incorrect permissions).
Our proxy also runs an (optional) XSLT transformation of the result, typically to give an HTML fragment that can be grafted onto the search page. The XSLT transformations assume that the result is in the FAST ESP XML format, so we also run the SOLR XML result through an XSLT transormation that gives us a fair approximation of the FAST ESP result format first - that way, we can reuse our existing result transformations. On Tue, Jan 21, 2014 at 2:12 PM, Alexandre Rafalovitch <arafa...@gmail.com>wrote: > Hi Markus, > > Thanks for quick reply. I dare to differ that anything with 'embedded > Perl scripting' is an easy suggestion for a random new/intermediate > Solr developer to handle. http://xkcd.com/1171/ and all that ;-) > > Still, I appreciate you sharing your approach, as at least it shows > one possible path. > > Regards, > Alex. > Personal website: http://www.outerthoughts.com/ > LinkedIn: http://www.linkedin.com/in/alexandrerafalovitch > - Time is the quality of nature that keeps events from happening all > at once. Lately, it doesn't seem to be working. (Anonymous - via GTD > book) > > > On Tue, Jan 21, 2014 at 8:08 PM, Markus Jelsma > <markus.jel...@openindex.io> wrote: > > Hi - We use Nginx to expose the index to the internet. It comes down to > putting some limitations on input parameters and on-the-fly rewrite of > queries using embedded Perl scripting. Limitations and rewrites are usually > just a bunch of regular expressions, so it is not that hard. > > > > Cheers > > Markus > > > > > > -----Original message----- > >> From:Alexandre Rafalovitch <arafa...@gmail.com> > >> Sent: Tuesday 21st January 2014 14:01 > >> To: solr-user@lucene.apache.org > >> Subject: Solr middle-ware? > >> > >> Hello, > >> > >> All the Solr documents talk about not running Solr directly to the > >> cloud. But I see people keep asking for a thin secure layer in front > >> of Solr they can talk from JavaScript to, perhaps with some basic > >> extension options. > >> > >> Has anybody actually written one? Open source or in a community part > >> of larger project? I would love to be able to point people at > >> something. > >> > >> Is there something particularly difficult about writing one? Does > >> anybody has a story of aborted attempt or mid-point reversal? I would > >> like to know. > >> > >> Regards, > >> Alex. > >> P.s. Personal context: I am thinking of doing a series of lightweight > >> examples of how to use Solr. Like I did for a book, but with a bit > >> more depth and something that can actually be exposed to the live web > >> with live data. I don't want to reinvent the wheel of the thin Solr > >> middleware. > >> P.p.s. Though I keep thinking that Dart could make an interesting > >> option for the middleware as it could have the same codebase on the > >> server and in the client. Like NodeJS, but with saner syntax..... > >> > >> Personal website: http://www.outerthoughts.com/ > >> LinkedIn: http://www.linkedin.com/in/alexandrerafalovitch > >> - Time is the quality of nature that keeps events from happening all > >> at once. Lately, it doesn't seem to be working. (Anonymous - via GTD > >> book) > >> >
