We created an OpenGrok server and indexed our sources. The problem is that the SCM we use (here, Perforce, but I guess this does not apply to Perforce only as permission at file/folder level is widely used) restrains access per file or folder, and OpenGrok doesn't !
So today, any user performing a search with OpenGrok will retrieve all files, even the ones for which he/she should not have access to ! Which is, in my opinion, a blocker: we will never release such a security breach in production.
Do you know any setup/workaround to implement such a security ?
EDIT : this OpenGrok should be used by anyone, I could of course retrieve Perforce sources with my permissions (so I would only get the files I have permissions for) to perform searches but this would not answer this requirement of widespread audience.
Well, I finally found a workaround:
add the following markup in Server > Service > Engine > Host:
< Valve allow="< list of IPs allowed>" className="org.apache.catalina.valves.RemoteAddrValve" deny="" />
I have a daily script that generates this list of IPs from the workstations allowed and updates this file accordingly. This list is like "1.2.3.4|5.6.7.8|6.2.5.3".