Hello. Not really middle-ware but might be of interest concerning
possible ways implementing security.
We use custom built Solr with web.xml including Spring Security filter
and appropriate infrastructure classes for authentication added as a
dependency into project. We pass token from frontend in each request. If
it's accepted in security filter then later user role (identified from
token) is used in custom request handler that modifies query according
to role permissions.
Regards,
Artem.
21.01.2014 15:08, Markus Jelsma пишет:
Hi - We use Nginx to expose the index to the internet. It comes down to putting
some limitations on input parameters and on-the-fly rewrite of queries using
embedded Perl scripting. Limitations and rewrites are usually just a bunch of
regular expressions, so it is not that hard.
Cheers
Markus
-----Original message-----
From:Alexandre Rafalovitch <arafa...@gmail.com>
Sent: Tuesday 21st January 2014 14:01
To: solr-user@lucene.apache.org
Subject: Solr middle-ware?
Hello,
All the Solr documents talk about not running Solr directly to the
cloud. But I see people keep asking for a thin secure layer in front
of Solr they can talk from JavaScript to, perhaps with some basic
extension options.
Has anybody actually written one? Open source or in a community part
of larger project? I would love to be able to point people at
something.
Is there something particularly difficult about writing one? Does
anybody has a story of aborted attempt or mid-point reversal? I would
like to know.
Regards,
Alex.
P.s. Personal context: I am thinking of doing a series of lightweight
examples of how to use Solr. Like I did for a book, but with a bit
more depth and something that can actually be exposed to the live web
with live data. I don't want to reinvent the wheel of the thin Solr
middleware.
P.p.s. Though I keep thinking that Dart could make an interesting
option for the middleware as it could have the same codebase on the
server and in the client. Like NodeJS, but with saner syntax.....
Personal website: http://www.outerthoughts.com/
LinkedIn: http://www.linkedin.com/in/alexandrerafalovitch
- Time is the quality of nature that keeps events from happening all
at once. Lately, it doesn't seem to be working. (Anonymous - via GTD
book)
