All geek questions in one place

How to combine Hibernate Search (Lucene) with paging and ACL

I am using Spring Security with ACLs to protect documents in my application. On the other hand, I use Hibernate Search (on top of lucene) to search for documents. This search also supports swap. (Documents are only metadata of documents stored in the database.)

FullTextEntityManager fullTextEntityManager = Search.getFullTextEntityManager(entityManager); QueryBuilder queryBuilder = fullTextEntityManager.getSearchFactory().buildQueryBuilder().forEntity(Document.class).get(); Query query = queryBuilder.keyword().onFields(fieldNames.toArray(new String[0])).matching(searchQuery) .createQuery(); FullTextQuery fullTextQuery = fullTextEntityManager.createFullTextQuery(query, Document.class); fullTextQuery.setFirstResult(pageable.getFirstItem()); fullTextQuery.setMaxResults(pageable.getPageSize());

Now I need to combine the paging with the ACL. The only idea that I have at the moment is to remove the FullTextQuery paging form, read all the documents with the search results, filter their ACLs there, and then manually download them. But I don’t like this solution because it downloads all the documents, not just one for the page.

Does anyone have a better idea?

+4
source share
3 answers

I got into the same problem too, and I don't think there is a simple answer.

I think there are only two solutions. The one you proposed that has the performance problems that you described, since you need to download documents and enable ACLs for each result, and then do your own paging. An alternative is to push this work on the index side and index your ACL in Lucene. This gives you search results, hiding results that the user cannot see, adding filtering conditions based on the current user / group / permissions / roles, but by maintaining an index with ACL information. If your ACL is simple, this might be an option. If your ACL is hierarchical, then it is still an option, but more complex. It’s also hard to keep your index up to date with ACLs.

The fact that you are starting to learn this functionality may indicate that you are starting to stretch the Database / Hibernate / Lucene solution. Maybe a content repository like Jackrabbit might be a better fit? I guess this is probably too far away, but it might be worth a look at how he does it. Alternatively, take a look at SOLR, in particular issue , which describes what a thorny problem is.

+2
source

If your ACL is not too complicated, that is, you have a small finite number of levels, then I suggest using Filter and Bitset to implement it.

And here you will find additional ACL implementation examples with filters http://java.dzone.com/articles/how-implement-row-level-access

Here you will find the implementation of a cached bit filter that has been released for at least 5 years (this is my open source webapp for finding a parallel text body)

Look for the addSourceFilter method http://code.google.com/p/hunglish-webapp/source/browse/trunk/src/main/java/hu/mokk/hunglish/lucene/LuceneQueryBuilder.java

+4
source

Here is my ACL implementation with a complex hierarchical user / group / role ACL using pure Lucene queries (at the top of Hibernate Search).

0
source

Source: https://habr.com/ru/post/1381655/

More articles:


All Articles