(from github.com/con-jr)
Is there a way to restrict the user from directly visiting the JSON link? or For example authenticate the user before returning the JSON response? Thanks
(from github.com/marevol)
Fess controls search results for users with Role/Group.
If you want to restrict a response, it is better to put Apache/nginx before Fess.