manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: How to query for content with ACLs?
Date Fri, 13 Jun 2014 15:12:05 GMT
Hi Lalit,

I am not a Solr expert; Ahmet is a better resource for how to configure
Solr.  He has already furnished good advice on how to do that, and you have
at one point showed us queries that included the appropriate access tokens
in them so I know you had it working at one point.

This is not rocket science, and all the components seem to be working as
designed.  You will have to put in some care and time getting your
configuration right.  Retrace your steps or start fresh if you have to.  We
really can't give you any more advice from here; things seem to be working
and then not working and then working again, and I suspect that you are
basically hacking away at your configuration without understanding at all
what you are doing.  So slow down, keep more careful notes, and review
these emails.

Thanks,
Karl



On Fri, Jun 13, 2014 at 10:57 AM, lalit jangra <lalit.j.jangra@gmail.com>
wrote:

> Hi Karl,
>
> I have tried with /select, /query & /search but not getting appropriate
> results. Which query handler should i use here.
>
> I am also attaching solrconfig.xml.
>
> Regards.
>
>
> On Fri, Jun 13, 2014 at 3:26 PM, Karl Wright <daddywri@gmail.com> wrote:
>
>> Hi Lalit,
>>
>> You are going through the wrong query handler again:
>>
>>       "
>> http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>       "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>> Annoucements/DispForm.aspx?ID=1": "\n1.0 = (MATCH) MatchAllDocsQuery,
>> product of:\n  1.0 = queryNorm\n",
>>       "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>> Annoucements/DispForm.aspx?ID=2": "\n1.0 = (MATCH) MatchAllDocsQuery,
>> product of:\n  1.0 = queryNorm\n",
>>       "
>> http://testirishwaterportal/irish-water/DocumentLibrary/serverDetails.xlsx":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>       "
>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>       "
>> http://testirishwaterportal/irish-water/Shared%20Documents/alfresco_aiim_2006_05_16.ppt":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>       "
>> http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>       "
>> http://testirishwaterportal/irish-water/Lists/IW%20Annoucements/Attachments/2/spp.log":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>       "
>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/Alfresco-in-an-Hour%20-%20Copy.pdf":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>       "
>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/DevCon%20Revenue.pptx":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n"
>>
>>
>> The Solr plugin query modification is not happening; it doesn't seem to
>> be getting applied now.  It was earlier, you must have turned it off.
>>
>> Karl
>>
>>
>>
>> On Fri, Jun 13, 2014 at 9:56 AM, lalit jangra <lalit.j.jangra@gmail.com>
>> wrote:
>>
>>> Thanks Karl,
>>>
>>> After resetting everything again, now i could see content with ACL
>>> posted to solr as per your instructions. Thanks again for this.I am
>>> attaching solr.log.
>>>
>>> But still i am not able to see any content using /select query handler &
>>> attached Select.log for same.
>>>
>>> While using /query request handler, i can see results with ACL but
>>> whatever name i provide, it returns all results so effectively ACL not
>>> working, attached Query.log for same.
>>>
>>> Can you please guide.
>>>
>>> Regards.
>>>
>>>
>>> On Fri, Jun 13, 2014 at 1:37 PM, Karl Wright <daddywri@gmail.com> wrote:
>>>
>>>> I wonder if this is a Luke bug?
>>>> The access tokens might well have a form that Luke doesn't like to
>>>> display.  That is the only thing that's making any sense to me at the
>>>> moment.
>>>>
>>>> Karl
>>>>
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 8:29 AM, Karl Wright <daddywri@gmail.com>
>>>> wrote:
>>>>
>>>>>
>>>>> FWIW, your authority setup seems to be working properly, and the query
>>>>> generator is working properly too.  Only the acls are messed up.
>>>>>
>>>>> This is the interesting bit:
>>>>>
>>>>> "allow_token_document": [
>>>>>
>>>>>           "SP+KW:"]
>>>>>
>>>>>
>>>>> It looks like a blank access token is being fetched for this list
>>>>> item, which does not make any sense to me.  And yet we saw access tokens
>>>>> before, correct?
>>>>>
>>>>>
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <daddywri@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Lalit,
>>>>>>
>>>>>> It is clear that your access tokens have not been actually indexed.
>>>>>> But I remember seeing that they were correctly posted to Solr.  So
now I am
>>>>>> confused.
>>>>>>
>>>>>> Can you please do the following:
>>>>>> - Click the "reindex all documents" button in the MCF view page for
>>>>>> your output connection
>>>>>> - Start your job
>>>>>> - Send me the Solr info output about what has been posted
>>>>>>
>>>>>> When that is done, if what is posted looks correct, you SHOULD have
a
>>>>>> Solr index that has ACLs in it.
>>>>>> If it does not look correct, we will have to go back and look at
your
>>>>>> connections etc. to see why the acls are not being fetched.
>>>>>>
>>>>>> Thanks,
>>>>>> Karl
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <
>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>
>>>>>>> Hi Again,
>>>>>>>
>>>>>>> I used /query for debugging & using
>>>>>>>
>>>>>>>
>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>>>>>>> <http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@iwater.ie>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@iwater.ie>I
>>>>>>> could see below results without much information about ACLs.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>         "deny_token_document": [
>>>>>>>
>>>>>>>           "SP+KW:DEAD_AUTHORITY"
>>>>>>>
>>>>>>>         ],
>>>>>>>
>>>>>>>         "id": "
>>>>>>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>>>>>>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>>>>>>> ",
>>>>>>>
>>>>>>>         "allow_token_document": [
>>>>>>>
>>>>>>>           "SP+KW:"
>>>>>>>
>>>>>>>         ],
>>>>>>>
>>>>>>>         "content": [
>>>>>>>
>>>>>>>           " \n \n  \n  \n  \n  \n  \n  \n  \n \n   "
>>>>>>>
>>>>>>>         ],
>>>>>>>
>>>>>>>         "_version_": 1470790301540941800,
>>>>>>>
>>>>>>>         "allow_token_share": [
>>>>>>>
>>>>>>>           "__nosecurity__"
>>>>>>>
>>>>>>>         ],
>>>>>>>
>>>>>>>         "deny_token_share": [
>>>>>>>
>>>>>>>           "__nosecurity__"
>>>>>>>
>>>>>>>         ]
>>>>>>>       }
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <iorixxx@yahoo.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi  Lalit,
>>>>>>>>
>>>>>>>> regarding "As i could not see any document in solr query,"
>>>>>>>>
>>>>>>>> Here is the best practise that I use :
>>>>>>>>
>>>>>>>> I configure /select request handler (RH) with mcfQParser,
intended
>>>>>>>> to use in production, default RH.
>>>>>>>>
>>>>>>>> I also use /query RH without mcfQParser, for debugging purposes.
>>>>>>>>
>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>>>>>>
>>>>>>>> Ahmet
>>>>>>>>
>>>>>>>>
>>>>>>>>   On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>  Thanks Karl,
>>>>>>>>
>>>>>>>> As i could not see any document in solr query, i used Luke
to open
>>>>>>>> index and i could see below values for all MCF plugin fields
for all
>>>>>>>> documents. These are something different from previous values.
>>>>>>>>
>>>>>>>> allow_token_document  = SP+KW:
>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>> deny_token_document  = SP+KW:DEAD_AUTHORITY
>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>
>>>>>>>> I think something or a lot of things missing here. I am attaching
>>>>>>>> zip of solr index(very small one with 10 documents from sharepoint)
here.
>>>>>>>> Please guide.
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <daddywri@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi Lalit,
>>>>>>>>
>>>>>>>> Can you show me somehow some of the the ACLs that have been
indexed
>>>>>>>> with your documents?  The only other potential issue might
be that your
>>>>>>>> repository connection(s) may not be part of the same authority
groups as
>>>>>>>> your authority connections.  In that case, the indexed authority
tokens
>>>>>>>> will have a different prefix (e.g. SP+KW in one case, something
else in the
>>>>>>>> other).
>>>>>>>>
>>>>>>>> Karl
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <
>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>
>>>>>>>> Hi Again,
>>>>>>>>
>>>>>>>> As per Karl's suggestion, i am now converting user from water.com\ljangra
>>>>>>>> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>>>>>>
>>>>>>>>
>>>>>>>> <http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@iwater.ie>
>>>>>>>> I can see below ACL.
>>>>>>>> AUTHORIZED:SP+K+Conn
>>>>>>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>
>>>>>>>> Still i am not able to see any results from query
>>>>>>>>
>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>> <http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@iwater.ie>
>>>>>>>> . While debugging query i can see ACL doing fine. So i am
confused
>>>>>>>> why its now working. Can you please help.
>>>>>>>>
>>>>>>>> "parsed_filter_queries": [
>>>>>>>>       "ConstantScore(+((+allow_token_share:__nosecurity__
>>>>>>>> +deny_token_share:__nosecurity__)
>>>>>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>>>>>> +((+allow_token_document:__nosecurity__
>>>>>>>> +deny_token_document:__nosecurity__)
>>>>>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>>>>>     ],
>>>>>>>>
>>>>>>>> Finally solr.log also seems to be fine.
>>>>>>>>
>>>>>>>> INFO  - 2014-06-13 11:38:19.862;
>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser;
Trying
>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>> INFO  - 2014-06-13 11:38:19.909;
>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser;
Saw
>>>>>>>> authority response AUTHORIZED:SP+K+Conn
>>>>>>>> INFO  - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <iorixxx@yahoo.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi Lalit,
>>>>>>>>
>>>>>>>> It makes more sense to use appends section rather than defaults
>>>>>>>> section when defining mcf query parser plugin in fq parameter.
>>>>>>>>
>>>>>>>> <lst name="appends">
>>>>>>>>  <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>> </lst>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>   On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>  Hi Ahmet,
>>>>>>>>
>>>>>>>> I have configured solrconfig.xml as per your suggestion.
>>>>>>>>
>>>>>>>>  <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>     <!-- default values for query parameters can be specified,
these
>>>>>>>>          will be overridden by parameters in the request
>>>>>>>>       -->
>>>>>>>>      <lst name="defaults">
>>>>>>>>        <str name="echoParams">explicit</str>
>>>>>>>>        <int name="rows">1000</int>
>>>>>>>>        <str name="df">text</str>
>>>>>>>>        <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>      </lst>
>>>>>>>> ....
>>>>>>>> </requestHandler>
>>>>>>>>
>>>>>>>>
>>>>>>>> Next i am running a job which indexes sharepoint content
in solr
>>>>>>>> but when i am searching in solr, i am getting not results
& getting
>>>>>>>> UNREACHABLEAUTHORITY message.
>>>>>>>>
>>>>>>>> INFO  - 2014-06-12 22:22:29.944;
>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>>>>>>> commits: num=2
>>>>>>>>
>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>>>>>>
>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>>>>>> INFO  - 2014-06-12 22:22:29.944;
>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation
= 2
>>>>>>>> INFO  - 2014-06-12 22:22:29.960;
>>>>>>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0
>>>>>>>> main
>>>>>>>> INFO  - 2014-06-12 22:22:29.975;
>>>>>>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>>>>>> INFO  - 2014-06-12 22:22:29.975;
>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener
sending
>>>>>>>> requests to Searcher@5ac787b0
>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>> INFO  - 2014-06-12 22:22:29.975;
>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener
done.
>>>>>>>> INFO  - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>>>>>>> [collection1] Registered new searcher Searcher@5ac787b0
>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>> INFO  - 2014-06-12 22:22:29.975;
>>>>>>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>>>>>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>>>>>>> {commit=} 0 265
>>>>>>>> INFO  - 2014-06-12 22:22:35.663;
>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json}
status=0
>>>>>>>> QTime=0
>>>>>>>> INFO  - 2014-06-12 22:22:35.741;
>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>> path=/admin/info/system params={_=1402608155681&wt=json}
status=0 QTime=15
>>>>>>>> INFO  - 2014-06-12 22:22:36.960;
>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser;
Default
>>>>>>>> no-user response (open documents only)
>>>>>>>> INFO  - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>> params={indent=true&q=*:*&_=1402608156947&wt=json}
hits=0 status=0 QTime=16
>>>>>>>> INFO  - 2014-06-12 22:22:40.569;
>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser;
Trying
>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>> INFO  - 2014-06-12 22:22:40.726;
>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser;
Saw
>>>>>>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>>>>>> INFO  - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>>>>>>
>>>>>>>> UNREACHABLEAUTHORITY means name of an authority that was
found to
>>>>>>>> be unreachable or unusable but i am having same authority
working fine in
>>>>>>>> MCF.
>>>>>>>>
>>>>>>>>
>>>>>>>> Please help.
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <iorixxx@yahoo.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi Karl,
>>>>>>>>
>>>>>>>> May be we should use
>>>>>>>>
>>>>>>>>  <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>
>>>>>>>> in
>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>
>>>>>>>> To avoid confusion?
>>>>>>>>
>>>>>>>> What do you think?
>>>>>>>>
>>>>>>>>
>>>>>>>>   On Thursday, June 12, 2014 11:12 PM, Karl Wright <
>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> What does your solrconfig.xml file look like?
>>>>>>>> Karl
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <
>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>
>>>>>>>> Hi Ahmet,
>>>>>>>>
>>>>>>>> I tried the way you suggested but its not working. My solr
query is
>>>>>>>> as below.
>>>>>>>>
>>>>>>>>
>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>>>>
>>>>>>>> Whatever name i am passing as AuthenticatedUserName, it returning
>>>>>>>> all results.
>>>>>>>>
>>>>>>>> I have indexed my documents using mcf-solr plugin using
>>>>>>>> instructions @
>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>>>>>>> Below are some of ACL stored in solr. Am i missing something?
>>>>>>>>
>>>>>>>> "_version_": 1470562493875093500,
>>>>>>>>         "allow_token_share": [
>>>>>>>>           "__nosecurity__"
>>>>>>>>         ],
>>>>>>>>         "deny_token_share": [
>>>>>>>>           "__nosecurity__"
>>>>>>>>         ]
>>>>>>>>       },
>>>>>>>>       {
>>>>>>>>         "content_name": "Alfresco-in-an-Hour.pdf"
>>>>>>>>         "deny_token_document": [
>>>>>>>>           "SP+Group:DEAD_AUTHORITY"
>>>>>>>>         ],
>>>>>>>>         "allow_token_document": [
>>>>>>>>           "SP+Group:GTest+lalit+Portal+Visitors",
>>>>>>>>           "SP+Group:GTest+lalit+Portal+Owners",
>>>>>>>>           "SP+Group:GRestricted+Readers",
>>>>>>>>           "SP+Group:GTest+lalit+Administrators",
>>>>>>>>           "SP+Group:GTest+lalit+Portal+Members",
>>>>>>>>           "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>>>>           "SP+Group:GHierarchy+Managers",
>>>>>>>>           "SP+Group:GApprovers",
>>>>>>>>           "SP+Group:GViewers",
>>>>>>>>           "SP+Group:GDesigners"
>>>>>>>>         ],
>>>>>>>>         "content_modified_date": "2014-06-04T00:00:00Z",
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                   SDD
>>>>>>>>
>>>>>>>>
>>>>>>>>                    "_version_": 1470564182244982800
>>>>>>>>       },
>>>>>>>>       {
>>>>>>>>         "deny_token_share": [
>>>>>>>>           "AD+Group:DEAD_AUTHORITY"
>>>>>>>>         ],
>>>>>>>>         "content_name": "hekko.txt",
>>>>>>>>         "content_modifier": "iwater.ie\\ljangra",
>>>>>>>>         "deny_token_document": [
>>>>>>>>           "AD+Group:DEAD_AUTHORITY"
>>>>>>>>         ],
>>>>>>>>                "id": "
>>>>>>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>>>>>>>         "allow_token_document": [
>>>>>>>>           "AD+Group:S-1-5-18",
>>>>>>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>>>>           "AD+Group:S-1-5-32-544"
>>>>>>>>         ],
>>>>>>>>
>>>>>>>>         "allow_token_share": [
>>>>>>>>           "AD+Group:S-1-1-0",
>>>>>>>>           "AD+Group:S-1-5-32-544"
>>>>>>>>         ],
>>>>>>>>
>>>>>>>>
>>>>>>>>                 CMIS
>>>>>>>>
>>>>>>>>                 "allow_token_share": [
>>>>>>>>           "__nosecurity__"
>>>>>>>>         ],
>>>>>>>>         "deny_token_document": [
>>>>>>>>           "__nosecurity__"
>>>>>>>>         ],
>>>>>>>>         "deny_token_share": [
>>>>>>>>           "__nosecurity__"
>>>>>>>>         ],
>>>>>>>>         "allow_token_document": [
>>>>>>>>           "__nosecurity__"
>>>>>>>>         ]
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <iorixxx@yahoo.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> As documented here
>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>
>>>>>>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>>>>>>
>>>>>>>>
>>>>>>>> This is a URL parameter, just like Solr params. Here is an
example.
>>>>>>>>
>>>>>>>>
>>>>>>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>>>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>>>>>>
>>>>>>>>
>>>>>>>>   On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>  Hi All,
>>>>>>>>
>>>>>>>> As continuing from
>>>>>>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>>>>>>> as per Ahmet's suggestion.
>>>>>>>>
>>>>>>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see
ACLs
>>>>>>>> indexed into solr indexes.
>>>>>>>>
>>>>>>>> Now i want to write Solr query to put a user's permission
details
>>>>>>>> into in it which can be compared to ACL stored in solr and
only those
>>>>>>>> results will be returned to user on which he has been assigned
ACL.
>>>>>>>>
>>>>>>>> How can i do this?  Can i use MCF filter  below here or do
i need
>>>>>>>> to write custom query for my need?
>>>>>>>>
>>>>>>>> <requestHandler name="search" class="solr.SearchHandler"
>>>>>>>> default="true">
>>>>>>>>   <lst name="appends">
>>>>>>>>     <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>   </lst>
>>>>>>>> </requestHandler>
>>>>>>>>
>>>>>>>> Please help.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Lalit Jangra.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Lalit Jangra.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Lalit Jangra.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Lalit Jangra.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Lalit Jangra.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>> Lalit Jangra.
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>
>>
>
>
> --
> Regards,
> Lalit Jangra.
>

Mime
View raw message