You can implement a security filter, kind of like what the book Lucene in Action describes. It is a class that extends org.apache.lucene.search.Filter; you're required to implement the following method: public BitSet bits(IndexReader reader) In it, you can decide whether a particular document may be viewed by the user. The way I do it is I associate an instance of the Filter class with my searcher before I execute a search for a particular user: Hits hits = is.search(executableQuery, (Filter) filter, getSort()); The Filter has a condition interface registered with it which knows how to check whether the user in question has specific access rights. This condition is checked at runtime when I get to read from IndexReader in the bits(IndexReader reader) method. This way, the BitSet returned by the Filter only contains the items viewable by the user in question. I think this is much better than indexing your access control lists along with the document data. Any access changes may sometimes cause a significant amount of reindexing, as you pointed out. The only thing to watch out for is to make sure that your authorization checking mechanism is optimized enough performance-wise so as not to clog up the results filtering process... Hope this helps, - Dmitry
________________________________ From: Murali [mailto:[EMAIL PROTECTED] Sent: Wed 12/21/2005 9:32 AM To: java-user@lucene.apache.org Subject: searching portions of an index Hi, I am new to lucene. We need to provide search to several users of a system. Each user has access to a (different)set of documents. The same document might be accessible by different users. I want to implement this without indexing a document multiple times. The approach I thought of was to use a field that is indexed, as well as stored in the index, which contains the ids of all the users that can access the document. I could then use boolean queries to search for documents accessible by a particular user. I figured that I would have to delete and add the whole document again into the system if a new user is to be given access to an already indexed document(and I figure that this will happen frequently in the system). Is there a better approach that I can take? Thanks, Murali
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
