I definitely second the idea that you don't want to expose your Solr instance directly to the world -- it only takes one bored vandal to wipe your Solr index. We have a Java servlet sitting between our AJAX calls and Solr. In the typical case, it just builds the Solr base URL (picking the right core, ensuring that all requests go to a /select handler) and passes the rest of the URL parameters straight to Solr.
Of course, once you have the middleware in place, it's easy to add in extra stuff like transforming the results into other formats, doing more fine-grained access control (we check IP addresses and automatically add filter queries to restrict search results to the items available to the user's IP), etc.
-Esme
--
Esme Cowles <[log in to unmask]>
"Men feared witches and burnt women."
-- Louis Brandeis, Whitney v. California, concurring
On Feb 28, 2011, at 5:53 PM, Jonathan Rochkind wrote:
> In general, you don't make your Solr interface itself accessible to the
> world, you protect it behind a firewall.
>
> So if you do that, you won't have javascript talking directly to Solr.
> It'll be talking to some middleware application that talks to Solr.
>
> Although interestingly, that URL you mention DOES have the JS talking to
> Solr "directly", so I guess that's an option too. But note that package
> even warns: "The manager takes as a parameter either solrUrl – if
> talking to Solr directly – or proxyUrl – if talking to Solr through a
> proxy. (Usually, you want to talk to the instance through a proxy, for
> security. We will go over writing proxies for AJAX Solr in another
> tutorial. Here, we communicate with the instance directly.)" So even
> that one isn't recommending _really_ exposing your Solr to the world,
> but instead proxying it, presumably because the proxy would allow
> requests to only certain parts of Solr, I dunno.
>
> But I dunno, I guess it could work. Personally I generally don't like
> writing interfaces that _only_ work via javascript, which is what that
> approach would result in. I prefer writing an interface that works with
> plain HTML, with some AJAX on top, but degrading fine if there is no JS.
> But that's not the approach you are talking about taking, and apparently
> you are not alone!
>
> On 2/27/2011 10:34 PM, Yitzchak Schaffer wrote:
>> Hello all,
>>
>> We are working on creating a public-facing biographical index. We're planning on using Solr with faceting, and building an AJAXy search frontend. We have experience with symfony for overall framework, so we have begun the project using that.
>>
>> The only robust-looking material I was able to find on Solr with AJAX tonight was
>>
>> https://github.com/evolvingweb/ajax-solr/wiki
>>
>> Can anyone offer any alternate projects or approaches? I'm just getting my feet wet in both advanced JS/frontend dev techniques, and Solr.
>>
>> Thanks!
>>
>> --
>> Yitzchak Schaffer
>> Systems Manager
>> Touro College Libraries
>> 212.742.8770 ext. 2432
>> http://www.tourolib.org/
>>
|