Skip to main content
Jump to: navigation, search



This is a sample ProcessingService that converts security annotations into

  • attributes with literals to allow indexing in Lucene
  • a filter annotation used in a query to restrict the results to the users that have READ access

The service has an optional reference to a, which is used to resolve groups and user names. If no SecurityResolver is available the configuration options are ignored an the security annotations are just converted into attribute values, keeping the original values without any modifications.


The SampleSecurityConverter uses the Annotation on records to decide how to handle a record. It supports the following required named values.

Name Value Description
executionMode INDEX or SEARCH INDEX - the service is used for indexing security annotations, SEARCH - the service is used during search for filtering with security annotations


Property Type Description
readUsersAttributeName String the name of the attribute to store the users with READ access rights in. This attribute can then be indexed by Lucene.
resolveGroups Boolean a boolean flag if to resolve groups to their user principals (true) or not (false)
resolveUserNames Boolean a boolean flag if to resolve user names and replace them with the value described by resolvedUserNamePropertyName (true) or not (false)
resolvedUserNamePropertyName String the name of an LDAP property to use instead of the user/group principal (e.g. a display name). Only used if resolveUserNames is true


PipeletConfiguration for SampleSecurityConverter

<PipeletConfiguration xmlns="">
	<Property name="readUsersAttributeName" type="java.lang.String">
	<Property name="resolveGroups" type="java.lang.Boolean">
	<Property name="resolveUserNames" type="java.lang.Boolean">
	<Property name="resolvedUserNamePropertyName" type="java.lang.String">

Back to the top