security.earlybinding.user-to-key-mapper.groovy-class
Background
This setting is used with early-binding security. It indicates the name of a Groovy script which should
be used to map a given username into a list of keys which the user can use to unlock documents (usually
group names). This setting is used in conjunction with security.earlybinding.user-to-key-mapper=Groovy
.
This is intended to be used when users permissions should be fetched from a repository that Funnelback
doesn’t know how to talk to.
The Groovy script should be a plain script and ends with a return
statement:
-
If the value returned is
null
, the user won’t have any keys -
If the value returned is a String, this String will be taken as the user sole key
-
If the value returned is a List of Strings, each item in the list is a user key
Any other return value will cause an error.
The current search transaction object will be passed to the script in the variable transaction
, as
well as the data source to use to map users to keys, in the variable collection
. This is required for
search packages where the collection
from the transaction
will be the search package, but fetching
the user keys should be done using the component data source configuration.
The script should be placed under SEARCH_HOME/lib/java/groovy/
, in an identical fashion of Groovy
Filters.
In the following example the Groovy script fetches user keys from a database, getting the current username by looking as the logged-in user details:
import groovy.sql.Sql
def userName = transaction.question.principal.name
def sql = Sql.newInstance("jdbc:mysql://db-server.company.com:3306/userdb", "user", "pwd", "com.mysql.jdbc.Driver")
def keys = []
sql.eachRow("select permission from PERMISSIONS where user_id=${userName}") {
keys += it.permission
}
return keys