Task #5822
closedFeature #5810: Implement SOLR-based search
Enforce access control for SOLR-based search implementation
Description
Ensure that search results are filtered for clients access permissions.
Updated by Brendan Hahn almost 12 years ago
Identity token to be added to MetacatIndex query operation and used to filter at the solr interface.
What about non-system-metadata objects?
Enforcing access control may constrain deployment options, as "Solr does not concern itself with security either at the document level or the communication level". The standard solr setup would allow unfiltered access to the index.
Updated by ben leinfelder over 11 years ago
My gut feeling is that simply augmenting the user-provided solr query with additional AND-clauses to constrain to their access level is too fragile. There seems to be way to augemnt the SolrRequestContext using a SolrDispatchFilter (http://wiki.apache.org/solr/SolrSecurity) and this sounds attractive.
It does sound like our SOLR implementation will have to be deployed within the Metacat context in order for us to guarantee that access policies are adhered to.
Can you outline a couple of options in this bug?
Updated by ben leinfelder over 11 years ago
- Subject changed from Access control for SOLR/Lucene search interface to Enforce access control for SOLR-based search implementation
- Assignee changed from Brendan Hahn to Jing Tao