Sample plug-in for post-filtering search results

package sample.plugin;

import com.ibm.es.security.plugin.NameValuePair;
import com.ibm.es.security.plugin.SecurityPostFilterIdentity;
import com.ibm.es.security.plugin.SecurityPostFilterPlugin;
import com.ibm.es.security.plugin.SecurityPostFilterPluginException;
import com.ibm.es.security.plugin.SecurityPostFilterResult;
import com.ibm.es.security.plugin.SecurityPostFilterUserContext;

/**
 * The sample SecurityPostFilterPlugin class.
 */
public class SampleSecurityPostFilterPlugin implements SecurityPostFilterPlugin {
   
   /**
    * We should reuse the context for a bunch of results.
    */
   private SecurityPostFilterUserContext context = null;
	
	/**
	 * Default constructor.
	 * The <code>SecurityPostFilterPlugin</code> implementation is initialized 
   * using this constructor.
	 */
	public SampleSecurityPostFilterPlugin() {
		// Initialize resources required for the entire this instance. 
   //  For example, logging.
	}

	/* (non-Javadoc)
	 * @see com.ibm.es.security.plugin.SecurityPostFilterPlugin#init
   * (com.ibm.es.security.plugin.SecurityPostFilterUserContext)
	 */
	public void init(SecurityPostFilterUserContext context) 
  throws SecurityPostFilterPluginException {
		// Initialize resources for the bunch of results. 
	   // i.e. for results from a query.
		this.context = context;
	}

	/* (non-Javadoc)
	 * @see com.ibm.es.security.plugin.SecurityPostFilterPlugin#term()
	 */
	public void term() throws SecurityPostFilterPluginException {
		// finalize plugin here after verifying access to documents
		// i.e deallocate system resources, close remote 
   //  datasource connections...
	}

	/* (non-Javadoc)
	 * @see com.ibm.es.security.plugin.SecurityPostFilterPlugin#verifyUserAccess
   * (com.ibm.es.security.plugin.SecurityPostFilterResult)
	 */
	public boolean verifyUserAccess(SecurityPostFilterResult result) 
  throws SecurityPostFilterPluginException {
	   
		if(false) {
		   return false; // If you don't want to return this result to user, 
    //return false.
		}
		
		// We can refer to a result's information
		String domain = result.getDomain();
		String source = result.getDocumentSource();
		NameValuePair[] fields = result.getFields();
		
		SecurityPostFilterIdentity id = null;
		
		// If domain and source information is associated to a result, 
   //  we can utilize them.
		if(domain != null && source != null) {
		   // We can validate current credential here in case that domain is 
      //  assigned to the result.
         // But usually in such cases, we can ask the system defined post-filtering.
		   id = this.context.getIdentity(domain, source);
		} else {
		   // We should walk through identities specified to the query in case 
       // we can't retrieve domain information from a result.
         SecurityPostFilterIdentity[] identities = this.context.getIdentities();
         // EXAMPLE: we choose the first identity
         id = identities[0];
		}
		
		// EXAMPLE :
		// verify access to documents from a document source "MyDocs"
		// only users in group "OmniFind" are allowed to see documents 
   //  from "MyDocs".
		if ("OmniFindDocs".equals(source)) {
			// obtain a list of user groups from the identity
			String[] groups = null;
			if (id != null) {
				groups = id.getGroups();
			}
			
			for (int i = 0; groups != null && i < groups.length; i++) {
				// this user belongs to "OmniFind" group, 
       // therefore has access to the document.
				if ("OmniFind".equals(groups[i])) {
					return true;
				}
			}
			return false;
		}
		
		// EXAMPLE :
		// always allow access to documents from other sources 
   // (winfs, notes, quickplace...).
		return true;
	}

}