문제
We created an OpenGrok server and indexed our sources. The problem is that the SCM we use (here, Perforce, but I guess this does not apply to Perforce only as permission at file/folder level is widely used) restrains access per file or folder, and OpenGrok doesn't !
So today, any user performing a search with OpenGrok will retrieve all files, even the ones for which he/she should not have access to ! Which is, in my opinion, a blocker: we will never release such a security breach in production.
Do you know any setup/workaround to implement such a security ?
EDIT : this OpenGrok should be used by anyone, I could of course retrieve Perforce sources with my permissions (so I would only get the files I have permissions for) to perform searches but this would not answer this requirement of widespread audience.
해결책 3
Well, I finally found a workaround:
add the following markup in Server > Service > Engine > Host:
< Valve allow="< list of IPs allowed>" className="org.apache.catalina.valves.RemoteAddrValve" deny="" />
I have a daily script that generates this list of IPs from the workstations allowed and updates this file accordingly. This list is like "1.2.3.4|5.6.7.8|6.2.5.3".
다른 팁
https://github.com/OpenGrok/OpenGrok/issues/503 feel free to join debate there(or in similar requests), ev. send patches
Did you consider creating a different p4 user for just syncing your source code for OpenGrok indexing? That user can have limited access based on the entries in protections table of P4. That way you can sync the code at folder level while hiding the sub folders based on protections table permissions.
I have done a similar setup for my opengrok instance :)
https://stackoverflow.com/questions/23649702
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian