Task #5822
closed
Feature #5810: Implement SOLR-based search
Enforce access control for SOLR-based search implementation
Added by Brendan Hahn almost 12 years ago.
Updated over 11 years ago.
Estimated time:
(Total: 0.00 h)
Description
Ensure that search results are filtered for clients access permissions.
Identity token to be added to MetacatIndex query operation and used to filter at the solr interface.
What about non-system-metadata objects?
Enforcing access control may constrain deployment options, as "Solr does not concern itself with security either at the document level or the communication level". The standard solr setup would allow unfiltered access to the index.
My gut feeling is that simply augmenting the user-provided solr query with additional AND-clauses to constrain to their access level is too fragile. There seems to be way to augemnt the SolrRequestContext using a SolrDispatchFilter (http://wiki.apache.org/solr/SolrSecurity) and this sounds attractive.
It does sound like our SOLR implementation will have to be deployed within the Metacat context in order for us to guarantee that access policies are adhered to.
Can you outline a couple of options in this bug?
Original Bugzilla ID was 5822
- Subject changed from Access control for SOLR/Lucene search interface to Enforce access control for SOLR-based search implementation
- Assignee changed from Brendan Hahn to Jing Tao
- Status changed from New to Resolved
Also available in: Atom
PDF