Introduction

The Solr Security Filter is a custom search component that can be install in Solr, to perform security filtering. The main purpose of this plug-in is to allow Aspire to be part of the security filtering of documents indexed in Solr.

To do this, first it is going to cache all of the existing ACL's and have them available for later. Then, when a search query is executed in Solr, the plug-in is going to call the available Group Expansion Manager (Servlet) to get the user and the groups it belongs to. With the indexed ACL's and the user groups is going to filter the documents that the user is allowed to see.

Although this plug-in was developed to work with Aspire, there is the possibility to use with any other application that publishes group membership information in the correct XML format as a web service.

Installation

1- Download the source code.  On the root folder containing pom.xml, compile the project executing: 

mvn clean install

2- Place the resulting solr-security-plugin-.* jar file located in the /target folder into /dist on solr's root folder.

3- Edit solrconfig.xml. In the example program the location is example/solr/collection1/conf:

•   Add the new library definition

<lib dir="../../dist/" regex="solr-security-plugin-.*\.jar" />

•   Declare the search component

 
<searchComponent name="aclFilter" class="com.searchtechnologies.security.SecurityFilterComponent">
	<str name="groupExpansionUrl">http://localhost:50505/groupExpansion?username=%s</str>
	<str name="aclFieldName">acl_txt</str>	
</searchComponent>

Note: the aclFieldName must match solr's schema field name where acl's are indexed.

•   Add the component to the Search Handler of your choice

 <requestHandler name="/select" class="solr.SearchHandler">
    <lst name="defaults">
      <str name="echoParams">explicit</str>
      <int name="rows">10</int>
      <str name="df">text</str>
    </lst>
    <arr name="last-components">
      <str>aclFilter</str>
    </arr>
</requestHandler>

4- Test the plug-in adding the 'userName=' parameter to the query, followed by the username to filter by.

Note: if you have problems try to:

1-Place your JAR in a lib directory in the instanceDir of your SolrCore. In the example program, the location is example/solr/lib. 
  This directory does not exist in the distribution, so you would need to do mkdir for the first time.

2-Change the reference to:

  <lib dir="../../lib/" regex="solr-security-plugin-.*\.jar" />