security.earlybinding.user-to-key-mapper.groovy-class

Background

This setting is used with early-binding security. It indicates the name of a Groovy script which should be used to map a given username into a list of keys which the user can use to unlock documents (usually group names). This setting is used in conjunction with security.earlybinding.user-to-key-mapper=Groovy. This is intended to be used when users permissions should be fetched from a repository that Funnelback doesn’t know how to talk to.

The Groovy script should be a plain script and ends with a return statement:

  • If the value returned is null, the user won’t have any keys

  • If the value returned is a String, this String will be taken as the user sole key

  • If the value returned is a List of Strings, each item in the list is a user key

Any other return value will cause an error.

The current search transaction object will be passed to the script in the variable transaction, as well as the data source to use to map users to keys, in the variable collection. This is required for search packages where the collection from the transaction will be the search package, but fetching the user keys should be done using the component data source configuration.

The script should be placed under SEARCH_HOME/lib/java/groovy/, in an identical fashion of Groovy Filters.

In the following example the Groovy script fetches user keys from a database, getting the current username by looking as the logged-in user details:

import groovy.sql.Sql

def userName = transaction.question.principal.name
def sql = Sql.newInstance("jdbc:mysql://db-server.company.com:3306/userdb", "user", "pwd", "com.mysql.jdbc.Driver")

def keys = []
sql.eachRow("select permission from PERMISSIONS where user_id=${userName}") {
    keys += it.permission
}

return keys

Setting the key

Set this configuration key in the search package or data source configuration.

Use the configuration key editor to add or edit the security.earlybinding.user-to-key-mapper.groovy-class key, and set the value. This can be set to any valid String value.

Default value

(None)

Examples

Use a custom Groovy script located in SEARCH_HOME/lib/java/groovy/com/company/MyClass.groovy:

security.earlybinding.user-to-key-mapper.groovy-class=com.company.MyClass