I always go for SolrJ as the intermediate layer, usually in a Spring app.
I have sometimes proxied directly to Solr itself, but since we use a lot of Ajax, I'm not comfortable with exposing the Solr URIs directly, even if controlled via a proxy.
Having it go through a webapp gives me a layer I can use to validate input; if ever the situation warranted, I could use a filter to check for anything malicious. I can also layer security on top as well.
Cheers, Lajos On 22/01/2014 06:45, Alexandre Rafalovitch wrote:
So, everybody so far is exposing Solr directly to the web, but with proxy/rewriting. Which means the html/JS libraries are Solr query-format aware as well? Is anybody using Solr clients (SolrNet, SolrJ) as a base? Regards, Alex. Personal website: http://www.outerthoughts.com/ LinkedIn: http://www.linkedin.com/in/alexandrerafalovitch - Time is the quality of nature that keeps events from happening all at once. Lately, it doesn't seem to be working. (Anonymous - via GTD book) On Tue, Jan 21, 2014 at 9:05 PM, Artem Karpenko <gooy...@gmail.com> wrote:Hello. Not really middle-ware but might be of interest concerning possible ways implementing security. We use custom built Solr with web.xml including Spring Security filter and appropriate infrastructure classes for authentication added as a dependency into project. We pass token from frontend in each request. If it's accepted in security filter then later user role (identified from token) is used in custom request handler that modifies query according to role permissions. Regards, Artem. 21.01.2014 15:08, Markus Jelsma пишет:Hi - We use Nginx to expose the index to the internet. It comes down to putting some limitations on input parameters and on-the-fly rewrite of queries using embedded Perl scripting. Limitations and rewrites are usually just a bunch of regular expressions, so it is not that hard. Cheers Markus -----Original message-----From:Alexandre Rafalovitch <arafa...@gmail.com> Sent: Tuesday 21st January 2014 14:01 To: solr-user@lucene.apache.org Subject: Solr middle-ware? Hello, All the Solr documents talk about not running Solr directly to the cloud. But I see people keep asking for a thin secure layer in front of Solr they can talk from JavaScript to, perhaps with some basic extension options. Has anybody actually written one? Open source or in a community part of larger project? I would love to be able to point people at something. Is there something particularly difficult about writing one? Does anybody has a story of aborted attempt or mid-point reversal? I would like to know. Regards, Alex. P.s. Personal context: I am thinking of doing a series of lightweight examples of how to use Solr. Like I did for a book, but with a bit more depth and something that can actually be exposed to the live web with live data. I don't want to reinvent the wheel of the thin Solr middleware. P.p.s. Though I keep thinking that Dart could make an interesting option for the middleware as it could have the same codebase on the server and in the client. Like NodeJS, but with saner syntax..... Personal website: http://www.outerthoughts.com/ LinkedIn: http://www.linkedin.com/in/alexandrerafalovitch - Time is the quality of nature that keeps events from happening all at once. Lately, it doesn't seem to be working. (Anonymous - via GTD book)
