安全性(又名权限)和Lucene-如何?应该做吗? [英] Security (aka Permissions) and Lucene - How ? Should it be done?
问题描述
首先是我的问题的背景.
First some background to my question.
- 个人实体可以阅读权限.
- 如果用户未通过 read 权限检查,他们将看不到该实例.
- Individual entities can have read Permissions.
- If a user fails a read permission check they cant see that instance.
该探针与引入Lucene和执行搜索有关,该搜索仅返回匹配实体实例的列表.然后,我的代码将需要一个一个地过滤实体.这种方法效率极低,因为存在这样的情况,即用户可能只能看到一小部分人,而检查许多人返回一些人则不理想.
The probelm relates to introducing Lucene and performing a search which simply returns a list of matching entity instances. My code would then need to filter entities one by one. This approach is extremely inefficient as the situation exists that a user may only be able to see a small minority and checking many to return a few is less than ideal.
开发人员将如何解决此问题?请记住,索引和搜索是使用Lucene执行的?
What approaches or how would developers solve this problem - keeping in mind that indexing and searches are performed using Lucene ?
编辑
定义
- 一个用户可能属于多个组.
- 一个角色可能有多个组-这些组可以更改.
- 权限具有角色-(间接).
- X可以具有读取权限.
- 角色的定义可以随时更改.
索引
- 在索引时间添加一组组(扩展权限)可能会导致当角色的成员组列表发生更改时,定义变得不同步.
- 我希望每当权限/角色的定义发生更改时,就不必为X重新编制索引.
安全检查
- 要通过权限检查,用户必须属于属于给定权限的角色所属的一组组中的组.
推荐答案
这取决于与您的上下文相关的不同安全组的数量,以及该安全如何应用于索引数据.
It depends on the number of different security groups that are relevant in your context and how the security applies to your indexed data.
我们有一个类似的问题,我们可以通过以下方法解决:索引时,将允许的组添加到文档中;搜索时,我们添加一个布尔查询,其中包含用户所属的组.在我们的方案中,效果很好.
We had a similar issue which we solved the following way: When indexing we added the allowed groups to the document and when searching we added a boolean query with the groups the user was a member of. That performed well in our scenario.
这篇关于安全性(又名权限)和Lucene-如何?应该做吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!