Plugin: Access restriction to search results

Other versions of this plugin may exist. Please ensure you are viewing the documentation for the version that you are currently using. If you are not running the latest version of your plugin we recommend upgrading. See: list of all available versions of this plugin.

Purpose

This plugin can be used to restrict access to a search results. Access can be controlled via a configured token that must be provided each time as a request header. If the token from the request header doesn’t match configured one, the 401 (Unauthorized) response will be returned.

Usage

Enable the plugin

Enable the access-restriction-token-plugin plugin on your results page from the Extensions screen in the administration dashboard or add the following results page configuration to enable the plugin.

plugin.access-restriction-token-plugin.enabled=true
plugin.access-restriction-token-plugin.version=1.0.0
The plugin will take effect as soon as it is enabled.

Plugin configuration settings

The following options can be set in the results page configuration to configure the plugin:

  • plugin.access-restriction-token-plugin.config.header: (Required) Header name that will be expected in request

  • plugin.access-restriction-token-plugin.encrypted.token: (Required) Security token that will be provided in request as header value

To add encrypted 'token' via admin UI press Add New button and select plugin..encrypted. key. Fill Plugin ID with 'access-restriction-token-plugin' and Secret Key as 'token'.

Example

Access to the search endpoint for a particular results page will be granted when each request will be done with the request header

"X-FUNNELBACK-ACCESS-RESTRICTION: funnelbackSecretToken"

for the plugin configured with the below settings

plugin.access-restriction-token-plugin.config.header=X-FUNNELBACK-ACCESS-RESTRICTION
plugin.access-restriction-token-plugin.encrypted.token=ENCRYPTED:AQX7ZRgj4x0xVpOSA4kWIN9UR2tUFjnI8GMK6FfW6+kI/LyL9wRAX+gmVK6qqkGPKrKpRqU7
Funnelback will automatically encrypt provided plain token value (ie. funnelbackSecretToken) and replace it with encrypted value like ENCRYPTED:AQX7ZRgj4x0xVpOSA4kWIN9UR2tUFjnI8GMK6FfW6 in administration UI.

All versions of access-restriction-token