From 7ec7341f60b97eebc2d9e6df586b9220da3850cb Mon Sep 17 00:00:00 2001
From: Michael Peter Christen <mc@yacy.net>
Date: Mon, 23 Jul 2012 21:43:14 +0200
Subject: [PATCH] added user-authentication protection to solr search (same as
 implemented for yacysearch)

---
 htroot/solr/select.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/htroot/solr/select.java b/htroot/solr/select.java
index 772a038d7..cbe6cd790 100644
--- a/htroot/solr/select.java
+++ b/htroot/solr/select.java
@@ -45,6 +45,12 @@ public class select {
 
         // this uses the methods in the jetty servlet environment and can be removed if jetty in implemented
         Switchboard sb = (Switchboard) env;
+
+        // check if user is allowed to search (can be switched in /ConfigPortal.html)
+        final boolean searchAllowed = sb.getConfigBool("publicSearchpage", true) || sb.verifyAuthentication(header);
+        if (!searchAllowed) return null;
+
+        // get the embedded connector
         EmbeddedSolrConnector connector = (EmbeddedSolrConnector) sb.index.getLocalSolr();
         if (connector == null) return null;
         if (post == null) return null;