Skip to content

security.earlybinding.user-to-key-mapper.groovy-class (collection.cfg setting)


This setting is used with early-binding security. It indicates the name of a Groovy script which should be used to map a given username into a list of keys which the user can use to unlock documents (usually group names). This setting is used in conjunction with security.earlybinding.user-to-key-mapper=Groovy. This is intended to be used when users permissions should be fetched from a repository that Funnelback doesn't know how to talk to.

The Groovy script should be a plain script and ends with a return statement:

  • If the value returned is null, the user won't have any keys
  • If the value returned is a String, this String will be taken as the user sole key
  • If the value returned is a List of Strings, each item in the list is a user key

Any other return value will cause an error.

The current search transaction object will be passed to the script in the variable transaction, as well as the collection to use to map users to keys, in the variable collection. This is required for meta collections where the main collection from the transaction will be the meta collection, but fetching the user keys should be done using the current component collection configuration.

The script should be placed under SEARCH_HOME/lib/java/groovy/, in an identical fashion of Groovy Filters.

In the following example the Groovy script fetches user keys from a database, getting the current user name by looking as the logged-in user details:

import groovy.sql.Sql
def userName =
def sql = Sql.newInstance("jdbc:mysql://", "user", "pwd", "com.mysql.jdbc.Driver")
def keys = []
sql.eachRow("select permission from PERMISSIONS where user_id=${userName}") {
    keys += it.permission
return keys

Default value



Use A custom Groovy script located in SEARCH_HOME/lib/java/groovy/com/company/MyClass.groovy:

See Also


Funnelback logo