manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Rhodes <>
Subject Problem with Solr/ManifoldCF security filtering
Date Sun, 29 Oct 2017 00:36:42 GMT
MCF Gang:

I've followed the instructions in the "ManifoldCF in Action" docs to
setup security integration between ManifoldCF and Solr.  I've added
the ManifoldCF SearchComponent to Solr, and I see that my indexed
documents are getting allow_token_share, allow_token_parent,
allow_token_share, etc. tokens added.

But when I query with the MCF plugin added and the
AuthenticatedUserName parameter added, I never get any results.

I tried just with with username "Fred" and I see this in the solr logs:

2017-10-29 00:18:51.527 INFO  (qtp834133664-16) [   ]
o.a.s.c.TransientSolrCoreCacheDefault Allocating transient cache for
 transient cores
2017-10-29 00:18:52.742 INFO  (qtp834133664-15) [   ]
o.a.s.s.HttpSolrCall [admin] webapp=null path=/admin/cores
lse&wt=json&_=1509236332203} status=0 QTime=6
2017-10-29 00:18:53.009 INFO  (qtp834133664-11) [   ]
o.a.s.s.HttpSolrCall [admin] webapp=null path=/admin/info/system
n&_=1509236332206} status=0 QTime=201
2017-10-29 00:19:14.349 INFO  (qtp834133664-16) [   x:gettingstarted]
o.a.s.m.ManifoldCFSearchComponent Trying to match docs for user\
2017-10-29 00:19:14.476 INFO  (qtp834133664-16) [   x:gettingstarted]
o.a.s.m.ManifoldCFSearchComponent Saw authority response AUTHOR\
2017-10-29 00:19:14.529 INFO  (qtp834133664-16) [   x:gettingstarted]
o.a.s.c.S.Request [gettingstarted]  webapp=/solr path=/select p\
hits=0 status=0 QTime=228

I can tell Solr is talking to the MCF authority service, because
"Null+authority+connection+for+testing" is the description I used on
the Manifold side.

There are documents in the index that include fields like this:

<doc> <arr name="allow_token_document"> <str>Null:Fred</str> </arr>
<arr name="title"> <str/> </arr> <str
<arr name="deny_token_document"> <str>Null:DEAD_AUTHORITY</str> </arr>
<str name="stream_content_type">text/html; charset=utf-8</str> <str
name="keywords">world, Burger King stands up to bullying - CNN
Video</str> <str name="description">Burger King creates a PSA that
asks their customers to take a closer look at bullying. </str> <str
name="stream_name">docname</str> <str name="dc_title">Burger King
stands up to bullying - CNN Video</str> <arr name="content_type">
<str>text/html; charset=UTF-8</str> </arr> <long
name="stream_size">489145</long> <str
org.apache.tika.parser.html.HtmlParser</str> <str
name="stream_source_info">docname</str> <str
name="resourcename">docname</str> <str
name="fb_app_id">80401312489</str> <arr name="deny_token_parent">
<str>__no_security__</str> </arr> <arr name="allow_token_share">
<str>__no_security__</str> </arr> <arr name="deny_token_share">
<str>__no_security__</str> </arr> <arr name="allow_token_parent">
<str>__no_security__</str> </arr>

But nonetheless, no results are returned.   I'm sure I'm missing
something obvious here, but whatever it is is defeating me at the

The only thing I see that looks a little dodgy is this  "Trying to
match docs for user '[:Fred]'"  given that the tokens look like

Any ideas what the problem could be?



View raw message