Sample plug-in for post-filtering search results
The SampleSecurityPostFilterPlugin.java sample crawler plug-in shows how you can apply your own security logic for post-filtering search results.
package sample.plugin;
import com.ibm.es.security.plugin.NameValuePair;
import com.ibm.es.security.plugin.SecurityPostFilterIdentity;
import com.ibm.es.security.plugin.SecurityPostFilterPlugin;
import com.ibm.es.security.plugin.SecurityPostFilterPluginException;
import com.ibm.es.security.plugin.SecurityPostFilterResult;
import com.ibm.es.security.plugin.SecurityPostFilterUserContext;
/**
* The sample SecurityPostFilterPlugin class.
*/
public class SampleSecurityPostFilterPlugin implements SecurityPostFilterPlugin {
/**
* We should reuse the context for a bunch of results.
*/
private SecurityPostFilterUserContext context = null;
/**
* Default constructor.
* The <code>SecurityPostFilterPlugin</code> implementation is initialized
* using this constructor.
*/
public SampleSecurityPostFilterPlugin() {
// Initialize resources required for the entire this instance.
// For example, logging.
}
/* (non-Javadoc)
* @see com.ibm.es.security.plugin.SecurityPostFilterPlugin#init
* (com.ibm.es.security.plugin.SecurityPostFilterUserContext)
*/
public void init(SecurityPostFilterUserContext context)
throws SecurityPostFilterPluginException {
// Initialize resources for the bunch of results.
// i.e. for results from a query.
this.context = context;
}
/* (non-Javadoc)
* @see com.ibm.es.security.plugin.SecurityPostFilterPlugin#term()
*/
public void term() throws SecurityPostFilterPluginException {
// finalize plugin here after verifying access to documents
// i.e deallocate system resources, close remote
// datasource connections...
}
/* (non-Javadoc)
* @see com.ibm.es.security.plugin.SecurityPostFilterPlugin#verifyUserAccess
* (com.ibm.es.security.plugin.SecurityPostFilterResult)
*/
public boolean verifyUserAccess(SecurityPostFilterResult result)
throws SecurityPostFilterPluginException {
if(false) {
return false; // If you don't want to return this result to user,
//return false.
}
// We can refer to a result's information
String domain = result.getDomain();
String source = result.getDocumentSource();
NameValuePair[] fields = result.getFields();
SecurityPostFilterIdentity id = null;
// If domain and source information is associated to a result,
// we can utilize them.
if(domain != null && source != null) {
// We can validate current credential here in case that domain is
// assigned to the result.
// But usually in such cases, we can ask the system defined post-filtering.
id = this.context.getIdentity(domain, source);
} else {
// We should walk through identities specified to the query in case
// we can't retrieve domain information from a result.
SecurityPostFilterIdentity[] identities = this.context.getIdentities();
// EXAMPLE: we choose the first identity
id = identities[0];
}
// EXAMPLE :
// verify access to documents from a document source "MyDocs"
// only users in group "OmniFind" are allowed to see documents
// from "MyDocs".
if ("OmniFindDocs".equals(source)) {
// obtain a list of user groups from the identity
String[] groups = null;
if (id != null) {
groups = id.getGroups();
}
for (int i = 0; groups != null && i < groups.length; i++) {
// this user belongs to "OmniFind" group,
// therefore has access to the document.
if ("OmniFind".equals(groups[i])) {
return true;
}
}
return false;
}
// EXAMPLE :
// always allow access to documents from other sources
// (winfs, notes, quickplace...).
return true;
}
}