Important limitations and assumptions of the plugin:
The plugin is deployed as a .wsp file that gets deployed as a global farm solution. It implements the SharePoint BDC standard for custom connectors and gets executed from a SharePoint content source to extract the contents from STageR and hand them to SharePoint for indexing.
Security trimming is available within SharePoint 2013 itself. To make this work, a SecurityTrimmerPre interface must be created (see SharePoint 2013 Security Pre-Trimmer FAQ).
The ISecurityTrimmerPre interface adds claims to the query prior to the security trimming; so it executes “pre” (prior to) the security trimmer. With the exception of deny ACLs, the function of the ISecurityTrimmerPre module is to always add results to the result set, rather than to remove them. In this sense, it is the opposite of a security trimmer.
It is critical to understand that if the ISecurityTrimmerPre interface malfunctions, then you get no secure search results. (If it performed "classic" security trimming and malfunctioned, then you would get back extra unauthorized results.) On each search request, the Security Pre-Trimmer is invoked to enhance the search query with ACL information. This information is retrieved from an Aspire Group Expander (LDAP, Lotus Notes ...)