Project

General

Profile

Actions

Task #5822

closed

Feature #5810: Implement SOLR-based search

Enforce access control for SOLR-based search implementation

Added by Brendan Hahn almost 12 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
metacat
Target version:
Start date:
04/11/2013
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)

Description

Ensure that search results are filtered for clients access permissions.


Subtasks 2 (0 open2 closed)

Task #5904: Design mechanism to enforce access policyResolvedJing Tao04/11/2013

Actions
Task #5905: Implement access control filterResolvedJing Tao04/11/2013

Actions
Actions #1

Updated by Brendan Hahn almost 12 years ago

Identity token to be added to MetacatIndex query operation and used to filter at the solr interface.

What about non-system-metadata objects?

Enforcing access control may constrain deployment options, as "Solr does not concern itself with security either at the document level or the communication level". The standard solr setup would allow unfiltered access to the index.

Actions #2

Updated by ben leinfelder almost 12 years ago

My gut feeling is that simply augmenting the user-provided solr query with additional AND-clauses to constrain to their access level is too fragile. There seems to be way to augemnt the SolrRequestContext using a SolrDispatchFilter (http://wiki.apache.org/solr/SolrSecurity) and this sounds attractive.

It does sound like our SOLR implementation will have to be deployed within the Metacat context in order for us to guarantee that access policies are adhered to.

Can you outline a couple of options in this bug?

Actions #3

Updated by Redmine Admin over 11 years ago

Original Bugzilla ID was 5822

Actions #4

Updated by ben leinfelder over 11 years ago

  • Subject changed from Access control for SOLR/Lucene search interface to Enforce access control for SOLR-based search implementation
  • Assignee changed from Brendan Hahn to Jing Tao
Actions #5

Updated by ben leinfelder over 11 years ago

  • Parent task set to #5810
Actions #6

Updated by Jing Tao over 11 years ago

  • Status changed from New to Resolved
Actions

Also available in: Atom PDF