Tell me

Describing Query Time Authorization Plug-in

previous|next

Query time authorization can be implemented by allowing the admin to associate a Java class that is called at run time to validate each document that is returned as a result of a user query. The current request information is passed to the Java class and it is free to use any mechanism to validate the document for the user.

It is important to note that query time authorization can be applied to any data source, and can be used as a post filter as well. For instance, the data source itself might be stamped with a more generic ACL (e.g. ST-users) while query time authorization can be used to fine-tune the results.

Since the browse mechanism also comes through the same query interface, the user cannot see any unprivileged document through the browse interface as well.

In this module, we will look at the steps to build a Query Time Authorization plug-in and the class structure to implement the plug-in API interfaces to build the plug-in Java classes.