i want (at the end) limit the fields which are returned in a search
response for security purposes (so this should be enforced on the server
side).
My first idea to archieve this is to hook into the search request (with a
plugin) and modifiy the request and add some "fields" : ["allowedfield1",
"allowedfield2"]
But i have problems to find the right point to "hook in". Maybe this
approach is not really possible? Maybe then an alternative is to implement
my own endpoint ("_limitedsearch" for example) and borrow some code
from org.elasticsearch.rest.action.search.RestSearchAction
Another interesting option is the SearchServiceListener, but here i ca only
modify the result which is harder and maybe has a performance drawback.
i want (at the end) limit the fields which are returned in a search
response for security purposes (so this should be enforced on the server
side).
My first idea to archieve this is to hook into the search request (with a
plugin) and modifiy the request and add some "fields" : ["allowedfield1",
"allowedfield2"]
But i have problems to find the right point to "hook in". Maybe this
approach is not really possible? Maybe then an alternative is to implement
my own endpoint ("_limitedsearch" for example) and borrow some code
from org.elasticsearch.rest.action.search.RestSearchAction
Another interesting option is the SearchServiceListener, but here i ca
only modify the result which is harder and maybe has a performance drawback.
i want (at the end) limit the fields which are returned in a search
response for security purposes (so this should be enforced on the server
side).
My first idea to archieve this is to hook into the search request (with a
plugin) and modifiy the request and add some "fields" : ["allowedfield1",
"allowedfield2"]
But i have problems to find the right point to "hook in". Maybe this
approach is not really possible? Maybe then an alternative is to implement
my own endpoint ("_limitedsearch" for example) and borrow some code
from org.elasticsearch.rest.action.search.RestSearchAction
Another interesting option is the SearchServiceListener, but here i ca
only modify the result which is harder and maybe has a performance drawback.
If not, I'd be interested what kind of functionality you are missing.
--Alex
On Fri, Oct 18, 2013 at 8:19 AM, Lukáš Vlček <lukas...@gmail.com<javascript:>
wrote:
You can do it on proxy. Ie. after you get the final response from ES and
before you hand it to the client. That is very clean solution IMO.
Regards,
Lukáš
Dne 17.10.2013 23:39 "Hendrik" <h.j....@googlemail.com <javascript:>>
napsal(a):
Hi,
i want (at the end) limit the fields which are returned in a search
response for security purposes (so this should be enforced on the server
side).
My first idea to archieve this is to hook into the search request (with
a plugin) and modifiy the request and add some "fields" : [
"allowedfield1", "allowedfield2"]
But i have problems to find the right point to "hook in". Maybe this
approach is not really possible? Maybe then an alternative is to implement
my own endpoint ("_limitedsearch" for example) and borrow some code
from org.elasticsearch.rest.action.search.RestSearchAction
Another interesting option is the SearchServiceListener, but here i ca
only modify the result which is harder and maybe has a performance drawback.
Any clues?
Thanks
Hendrik
--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com <javascript:>.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
For more options, visit https://groups.google.com/groups/opt_out.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.