安全性(又名权限)和Lucene-如何?应该做吗? [英] Security (aka Permissions) and Lucene - How ? Should it be done?

问题描述

首先是我的问题的背景.

First some background to my question.

• 个人实体可以阅读权限.
• 如果用户未通过 read 权限检查，他们将看不到该实例.

• Individual entities can have read Permissions.
• If a user fails a read permission check they cant see that instance.

该探针与引入Lucene和执行搜索有关，该搜索仅返回匹配实体实例的列表.然后，我的代码将需要一个一个地过滤实体.这种方法效率极低，因为存在这样的情况，即用户可能只能看到一小部分人，而检查许多人返回一些人则不理想.

The probelm relates to introducing Lucene and performing a search which simply returns a list of matching entity instances. My code would then need to filter entities one by one. This approach is extremely inefficient as the situation exists that a user may only be able to see a small minority and checking many to return a few is less than ideal.

开发人员将如何解决此问题?请记住，索引和搜索是使用Lucene执行的?

What approaches or how would developers solve this problem - keeping in mind that indexing and searches are performed using Lucene ?

编辑

定义

• 一个用户可能属于多个组.
• 一个角色可能有多个组-这些组可以更改.
• 权限具有角色-(间接).
• X可以具有读取权限.
• 角色的定义可以随时更改.

索引

• 在索引时间添加一组组(扩展权限)可能会导致当角色的成员组列表发生更改时，定义变得不同步.
• 我希望每当权限/角色的定义发生更改时，就不必为X重新编制索引.

安全检查

• 要通过权限检查，用户必须属于属于给定权限的角色所属的一组组中的组.

推荐答案

这取决于与您的上下文相关的不同安全组的数量，以及该安全如何应用于索引数据.

It depends on the number of different security groups that are relevant in your context and how the security applies to your indexed data.

我们有一个类似的问题，我们可以通过以下方法解决:索引时，将允许的组添加到文档中；搜索时，我们添加一个布尔查询，其中包含用户所属的组.在我们的方案中，效果很好.

We had a similar issue which we solved the following way: When indexing we added the allowed groups to the document and when searching we added a boolean query with the groups the user was a member of. That performed well in our scenario.

这篇关于安全性(又名权限)和Lucene-如何?应该做吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！