In fess make Apache Solr based search server-part role-based search
This page is generated by Machine Translation from Japanese.
Introduction
The last timeMobile EditionOr how to build mobile device-friendly search system using fess was introduced. Introduces role-based search feature is also distinctive features of fess one thing in this article.
In this article, explains fess 8.2.0. About how to build a fess Introduction chapterPlease see the.
Intended audience
- More authentication such as portal sites like seen in search system building 
- Want to build an environment to search for viewing permissions each 
Required environment
Regarding the content of this article in the following environment and behavior verification.
- CentOS 5.5 
- JDK 1.6.0_22 
Role-based search
Is divided out search results user and role-based search of the fess , authenticated in any authentication system authentication information to the original function. For example, search for technical personnel b sales reps A sales division role shows a sales division role information in search results, sales of rolls does not appear it. By using this feature, user login in the portal and single sign-on environment belongs to you can enable search, sector or job title.
In fess role-based search to retrieve role information from the following places can be.
- Request parameter 
- Request header 
- Cookies 
- J2EE authentication information 
Role information to pass to the fess , usages, in the Portal Server and agent-based single sign-on system authentication when running fess ‘s domain and path to save authentication information in cookies. By reverse proxy type single sign-on system access to fess to add authentication information request headers and request parameters can retrieve role information in fess . You can thus various authentication systems and working with the search results to put out separate.
To cope with that to provide a class to implement the jp.sf.fess.helper.RoleQueryHelper interface if you are running your own authentication system. The class ‘webapps/fess/WEB-INF/classes‘ As in, have put in place through the classpath “webapps/fess/WEB-INF/classes/fess.dicon“In the given on behalf of the jp.sf.fess.helper.impl.RoleQueryHelperImpl.
To use role-based search settings
By installing a fess 8.2.0. If you have not installed yet,Introduction chapterPlease install, refer to.
Describes the role-based search using the credentials of the J2EE (Tomcat authentication) provides the fess existing login screen using various authentication systems but without building a separate authentication systems in fess Tomcat authentication environment, so use this in this article.
Add a user to the Tomcat
First of all, search results separate out, to show to Tomcat users. This time, create sales ( sales ) and engineering (eng) two rolls. And the user adds taro and hanako users belong to the eng role belongs to the sales role. User information below to seeconf/Tomcat-users.XML”To write.
contents of Tomcat-users.XML
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="fess"></role>
  <role rolename="solr"></role>
  <role rolename="manager"></role>
  <role rolename="sales"></role><!-- 追加 -->
  <role rolename="eng"></role><!-- 追加 -->
  <user username="admin" password="admin" roles="fess"></user>
  <user username="solradmin" password="solradmin" roles="solr"></user>
  <user username="manager" password="manager" roles="manager"></user>
  <user username="taro" password="taropass" roles="sales"></user><!-- 追加 -->
  <user username="hanako" password="hanakopass" roles="eng"></user><!-- 追加 -->
</tomcat-users>
This setting is not required if the use of an existing authentication system.
fess .dicon settings
Here’s the settings for the fess . First of all, ‘webapps/fess/WEB-INF/classes/fess.dicon”The roleQueryHelper sets how to retrieve the default roles and authentication information. By using the J2EE authentication information, so seefess .dicon”The roleQueryHelper will set like the following.
contents of fess .dicon
:
<component name="roleQueryHelper" class="jp.sf.fess.helper.impl.RoleQueryHelperImpl">
    <property name="defaultRoleList">
        {"guest"}
    </property>
</component>
:
Set the default role as above. Treated as the role search to locate the default roles are not logged in. All search results are displayed on the status not logged in and you do not specify a default search.
About the J2EE authentication information not available if worth mentioning here. If the authentication information from the request parameter set follows.
contents of fess .dicon
: <component name="roleQueryHelper" class="jp.sf.fess.helper.impl.RoleQueryHelperImpl"> <property name="parameterKey">"fessRoles"</property>,<property name="encryptedParameterValue">false</property> <property name="defaultRoleList"> {guest}</property>
</component> :
Key request parameter specifying where fessRoles can pass the role information in the comma-separated values. For example, the URL to locate the user with the sales and admin roles ‘http: //hostname/fess/search?‘ The so will be added fessRoles. You can pass here encryptedParameterValue is set to false, this value to true and encrypt, Blowfish or AES in the value part of the fessRoles. You need to set if you encrypt the value to be fess Cipher components, so that you can decrypt.
If the authentication information from the request header set shown below.
contents of fess .dicon
: <component name="roleQueryHelper" class="jp.sf.fess.helper.impl.RoleQueryHelperImpl"> <property name="headerKey">"fessRoles"</property>,<property name="encryptedParameterValue">false</property> <property name="defaultRoleList"> {guest}</property>
</component> :
You can specify fessRoles in the request header key, role information to pass in comma-separated values.
If the authentication information from the cookie set shown below.
contents of fess .dicon
: <component name="roleQueryHelper" class="jp.sf.fess.helper.impl.RoleQueryHelperImpl"> <property name="cookieKey">"fessRoles"</property>,<property name="encryptedParameterValue">false</property> <property name="defaultRoleList"> {guest}</property>
</component> :
You can specify fessRoles to the name of the cookie, as well as the request parameter, pass the role information in the comma-separated values.
Web.xml settings
「fess .dicon”And to ensure you can log in as”webapps/fess/WEB-INF/web.xml“The change security-related settings. The following settings.
the content of
: <security-constraint> <web-resource-collection> <web-resource-name> |fess| Authentication</web-resource-name><url-pattern>/login/login</url-pattern>
  </web-resource-collection><auth-constraint><role-name>fess</role-name><role-name>sales</role-name><role-name>eng</role-name>
  </auth-constraint>
</security-constraint> : <security-role><role-name>fess</role-name>
</security-role><security-role><role-name>sales</role-name>
</security-role><security-role><role-name>eng</role-name>
</security-role>
This setting is required if you are using authentication, such as a request parameter.
Perform role-based search
Complete Setup so please start fess .
Confirmation of registered users
Has been turned by this admin, taro, and hanako 3 user fess to log. Verify that you can log in to./ http://localhost:8080/ |fess| /AdminTo access the login in the admin user and as usual management screen appears. Then logged out admin user, again/ http://localhost:8080/ |fess| /AdminTo access, please login with taro and hanako users. After a successful login, and/ http://localhost:8080/ |fess|The search screen is displayed. When you log out/ http://localhost:8080/ |fess| /AdminTo access, click the logout button.
Logout screen 
Create a role
logged in as admin user and lists the role role in the left menu to click. We create three roles.
| Role name | Value | 
| By default | default | 
| Sales Department | sales | 
| Technology Department | Eng | 
Add a crawl settings
Create a crawl. This time the users in the sales department rolehttp://www.n9sm.NET/Only, you can search for users of the technology of rollhttps://fess.codelibs.org/Just so that you can find. In order to crawl settings, click on the left menu [Web], lists the Web crawl settings. Click the [create new], please create a Web crawl settings. First of all, sales for thehttps://www.n2sm.NET/To the Sales Department, select [role] item as the crawl settings, create. In the followinghttps://fess.codelibs.org/The create a role Select technology, in the crawl settings.
Web crawl settings roll items 
Crawl started
Registration after the crawl settings, click System settings on the left menu, click the Start button in the system settings screen, starts to crawl. While wait for crawl to complete.
Search
After crawling,/ http://localhost:8080/ |fess|To make sure that search word, such as “fess” access, not logged in, search results are displayed. Then logged in taro, as well as search. for taro user has a sales rolehttp://www.n9sm.NET/The only search results are displayed.
Search screen in the sales role 
Taro user logout, please login with hanako users. Destination and so have eng role hanako users as well as search andhttps://fess.codelibs.org/The only search results are displayed.
in the Eng role search screen 
Summary
I introduced about the security features of the fess in role-based search. I think various authentication systems to accommodate because mainly covers the J2EE authentication information by using role-based search, but the passing of authentication information to the fess general implementation. It is possible to realize systems so each attribute in the user search results out into the corporate portal site or shared folder browsing permissions per search is required.
Next offers fess of Ajax functions are introduced here.