manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lalit jangra <lalit.j.jan...@gmail.com>
Subject Re: How to query for content with ACLs?
Date Fri, 13 Jun 2014 12:10:04 GMT
Hi Ahmet,

Sorry for my misinterpretation but do you want to replace original
'/select' request handler with mcf one and use '/query' request handler as
it is?

Regards.


On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <iorixxx@yahoo.com> wrote:

> Hi  Lalit,
>
> regarding "As i could not see any document in solr query,"
>
> Here is the best practise that I use :
>
> I configure /select request handler (RH) with mcfQParser, intended to use
> in production, default RH.
>
> I also use /query RH without mcfQParser, for debugging purposes.
>
> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>
> Ahmet
>
>
>   On Friday, June 13, 2014 2:30 PM, lalit jangra <lalit.j.jangra@gmail.com>
> wrote:
>
>
> Thanks Karl,
>
> As i could not see any document in solr query, i used Luke to open index
> and i could see below values for all MCF plugin fields for all documents.
> These are something different from previous values.
>
> allow_token_document  = SP+KW:
> allow_token_share = __nosecurity__
> deny_token_document  = SP+KW:DEAD_AUTHORITY
> allow_token_share = __nosecurity__
>
> I think something or a lot of things missing here. I am attaching zip of
> solr index(very small one with 10 documents from sharepoint) here. Please
> guide.
>
> Regards.
>
>
>
> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <daddywri@gmail.com> wrote:
>
> Hi Lalit,
>
> Can you show me somehow some of the the ACLs that have been indexed with
> your documents?  The only other potential issue might be that your
> repository connection(s) may not be part of the same authority groups as
> your authority connections.  In that case, the indexed authority tokens
> will have a different prefix (e.g. SP+KW in one case, something else in the
> other).
>
> Karl
>
>
>
>
> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <lalit.j.jangra@gmail.com>
> wrote:
>
> Hi Again,
>
> As per Karl's suggestion, i am now converting user from water.com\ljangra
> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>
>
> <http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@iwater.ie>
> I can see below ACL.
> AUTHORIZED:SP+K+Conn
> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>
> Still i am not able to see any results from query
>
> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
> <http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@iwater.ie>
> . While debugging query i can see ACL doing fine. So i am confused why
> its now working. Can you please help.
>
> "parsed_filter_queries": [
>       "ConstantScore(+((+allow_token_share:__nosecurity__
> +deny_token_share:__nosecurity__)
> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
> +((+allow_token_document:__nosecurity__
> +deny_token_document:__nosecurity__)
> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>     ],
>
> Finally solr.log also seems to be fine.
>
> INFO  - 2014-06-13 11:38:19.862;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
> to match docs for user '[:ljangra@water.com]'
> INFO  - 2014-06-13 11:38:19.909;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
> authority response AUTHORIZED:SP+K+Conn
> INFO  - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
> ljangra@water.com} hits=0 status=0 QTime=47
>
> Regards.
>
>
> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <iorixxx@yahoo.com> wrote:
>
> Hi Lalit,
>
> It makes more sense to use appends section rather than defaults section
> when defining mcf query parser plugin in fq parameter.
>
> <lst name="appends">
>  <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
>
>
>
>
>   On Friday, June 13, 2014 12:51 AM, lalit jangra <
> lalit.j.jangra@gmail.com> wrote:
>
>
>  Hi Ahmet,
>
> I have configured solrconfig.xml as per your suggestion.
>
>  <requestHandler name="/select" class="solr.SearchHandler">
>     <!-- default values for query parameters can be specified, these
>          will be overridden by parameters in the request
>       -->
>      <lst name="defaults">
>        <str name="echoParams">explicit</str>
>        <int name="rows">1000</int>
>        <str name="df">text</str>
>        <str name="fq">{!manifoldCFSecurity}</str>
>      </lst>
> ....
> </requestHandler>
>
>
> Next i am running a job which indexes sharepoint content in solr but when
> i am searching in solr, i am getting not results & getting
> UNREACHABLEAUTHORITY message.
>
> INFO  - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
> SolrDeletionPolicy.onCommit: commits: num=2
>     commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>     commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
> INFO  - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
> newest commit generation = 2
> INFO  - 2014-06-12 22:22:29.960; org.apache.solr.search.SolrIndexSearcher;
> Opening Searcher@5ac787b0 main
> INFO  - 2014-06-12 22:22:29.975;
> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
> INFO  - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener;
> QuerySenderListener sending requests to Searcher@5ac787b0
> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
> INFO  - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener;
> QuerySenderListener done.
> INFO  - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
> [collection1] Registered new searcher Searcher@5ac787b0
> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
> INFO  - 2014-06-12 22:22:29.975;
> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
> {commit=} 0 265
> INFO  - 2014-06-12 22:22:35.663;
> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
> QTime=0
> INFO  - 2014-06-12 22:22:35.741;
> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
> INFO  - 2014-06-12 22:22:36.960;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
> no-user response (open documents only)
> INFO  - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
> INFO  - 2014-06-12 22:22:40.569;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
> to match docs for user '[:ljangra@water.com]'
> INFO  - 2014-06-12 22:22:40.726;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
> INFO  - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
> ljangra@water.com} hits=0 status=0 QTime=157
>
> UNREACHABLEAUTHORITY means name of an authority that was found to be
> unreachable or unusable but i am having same authority working fine in MCF.
>
>
> Please help.
>
> Regards.
>
>
>
> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <iorixxx@yahoo.com> wrote:
>
> Hi Karl,
>
> May be we should use
>
>  <requestHandler name="/select" class="solr.SearchHandler">
>
> in
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>
> To avoid confusion?
>
> What do you think?
>
>
>   On Thursday, June 12, 2014 11:12 PM, Karl Wright <daddywri@gmail.com>
> wrote:
>
>
> What does your solrconfig.xml file look like?
> Karl
>
>
> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <lalit.j.jangra@gmail.com>
> wrote:
>
> Hi Ahmet,
>
> I tried the way you suggested but its not working. My solr query is as
> below.
>
>
> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>
> Whatever name i am passing as AuthenticatedUserName, it returning all
> results.
>
> I have indexed my documents using mcf-solr plugin using instructions @
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
> Below are some of ACL stored in solr. Am i missing something?
>
> "_version_": 1470562493875093500,
>         "allow_token_share": [
>           "__nosecurity__"
>         ],
>         "deny_token_share": [
>           "__nosecurity__"
>         ]
>       },
>       {
>         "content_name": "Alfresco-in-an-Hour.pdf"
>         "deny_token_document": [
>           "SP+Group:DEAD_AUTHORITY"
>         ],
>         "allow_token_document": [
>           "SP+Group:GTest+lalit+Portal+Visitors",
>           "SP+Group:GTest+lalit+Portal+Owners",
>           "SP+Group:GRestricted+Readers",
>           "SP+Group:GTest+lalit+Administrators",
>           "SP+Group:GTest+lalit+Portal+Members",
>           "SP+Group:Uc%3A0%28.s%7Ctrue",
>           "SP+Group:GHierarchy+Managers",
>           "SP+Group:GApprovers",
>           "SP+Group:GViewers",
>           "SP+Group:GDesigners"
>         ],
>         "content_modified_date": "2014-06-04T00:00:00Z",
>
>
>
>                   SDD
>
>
>                    "_version_": 1470564182244982800
>       },
>       {
>         "deny_token_share": [
>           "AD+Group:DEAD_AUTHORITY"
>         ],
>         "content_name": "hekko.txt",
>         "content_modifier": "iwater.ie\\ljangra",
>         "deny_token_document": [
>           "AD+Group:DEAD_AUTHORITY"
>         ],
>                "id": "
> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>         "allow_token_document": [
>           "AD+Group:S-1-5-18",
>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>           "AD+Group:S-1-5-32-544"
>         ],
>
>         "allow_token_share": [
>           "AD+Group:S-1-1-0",
>           "AD+Group:S-1-5-32-544"
>         ],
>
>
>                 CMIS
>
>                 "allow_token_share": [
>           "__nosecurity__"
>         ],
>         "deny_token_document": [
>           "__nosecurity__"
>         ],
>         "deny_token_share": [
>           "__nosecurity__"
>         ],
>         "allow_token_document": [
>           "__nosecurity__"
>         ]
>
> Regards.
>
>
>
> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <iorixxx@yahoo.com> wrote:
>
> Hi,
>
> As documented here
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>
> "At a minimum, AuthenticatedUserName must be present in order"
>
>
> This is a URL parameter, just like Solr params. Here is an example.
>
>
> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>
>
>   On Thursday, June 12, 2014 4:28 PM, lalit jangra <
> lalit.j.jangra@gmail.com> wrote:
>
>
>  Hi All,
>
> As continuing from
> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
> as per Ahmet's suggestion.
>
> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
> into solr indexes.
>
> Now i want to write Solr query to put a user's permission details into in
> it which can be compared to ACL stored in solr and only those results will
> be returned to user on which he has been assigned ACL.
>
> How can i do this?  Can i use MCF filter  below here or do i need to write
> custom query for my need?
>
> <requestHandler name="search" class="solr.SearchHandler" default="true">
>   <lst name="appends">
>     <str name="fq">{!manifoldCFSecurity}</str>
>   </lst>
> </requestHandler>
>
> Please help.
>
> Regards,
> Lalit Jangra.
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>


-- 
Regards,
Lalit Jangra.

Mime
View raw message