Project

General

Profile

Task #5822

Feature #5810: Implement SOLR-based search

Enforce access control for SOLR-based search implementation

Added by Brendan Hahn over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
metacat
Target version:
Start date:
04/11/2013
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)

Description

Ensure that search results are filtered for clients access permissions.


Subtasks

Task #5904: Design mechanism to enforce access policyResolvedJing Tao

Task #5905: Implement access control filterResolvedJing Tao

History

#1 Updated by Brendan Hahn over 6 years ago

Identity token to be added to MetacatIndex query operation and used to filter at the solr interface.

What about non-system-metadata objects?

Enforcing access control may constrain deployment options, as "Solr does not concern itself with security either at the document level or the communication level". The standard solr setup would allow unfiltered access to the index.

#2 Updated by ben leinfelder over 6 years ago

My gut feeling is that simply augmenting the user-provided solr query with additional AND-clauses to constrain to their access level is too fragile. There seems to be way to augemnt the SolrRequestContext using a SolrDispatchFilter (http://wiki.apache.org/solr/SolrSecurity) and this sounds attractive.

It does sound like our SOLR implementation will have to be deployed within the Metacat context in order for us to guarantee that access policies are adhered to.

Can you outline a couple of options in this bug?

#3 Updated by Redmine Admin over 6 years ago

Original Bugzilla ID was 5822

#4 Updated by ben leinfelder over 6 years ago

  • Assignee changed from Brendan Hahn to Jing Tao
  • Subject changed from Access control for SOLR/Lucene search interface to Enforce access control for SOLR-based search implementation

#5 Updated by ben leinfelder over 6 years ago

  • Parent task set to #5810

#6 Updated by Jing Tao over 6 years ago

  • Status changed from New to Resolved

Also available in: Atom PDF