manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Rhodes <motley.crue....@gmail.com>
Subject Re: ManifoldCF + Alfresco + Solr security filtering problem
Date Sat, 02 Dec 2017 10:09:45 GMT
FWIW, I only have one repository connection defined, and only one
authority group.


Phil

This message optimized for indexing by NSA PRISM


On Sat, Dec 2, 2017 at 4:55 AM, Karl Wright <daddywri@gmail.com> wrote:
> Hi Phil,
>
> If you are using a different repository connection for the second Alfresco
> crawl, is it possible you may have misconfigured the connection to refer to
> the wrong authority group, or none at all?  All connections that you need to
> be authorized together need to be part of the same group.
>
> Karl
>
>
> On Sat, Dec 2, 2017 at 4:32 AM, Phillip Rhodes <motley.crue.fan@gmail.com>
> wrote:
>>
>> Hello all, I thought I had this all figured out, but I built a new
>> environment and it's not behaving as expected.  Not sure if I changed
>> something I shouldn't have or if it was never really working, but
>> here's the situation:
>>
>> 1. I have an Alfresco server storing documents.   There are 65 docs in
>> the built in "sample" space, which defaults to allowing access to
>> everyone.
>> 2. With the MCF SearchComponent installed into Solr, if I pass the
>> AuthenticatedUserName parameter with any value, I get back all 65
>> documents as expected.
>> 3. I added another space in Alfresco that only allows access for 4
>> specific users... testuser1, testuser2, testuser3, and testuser4. If I
>> log into Alfresco as any of those users I can view and/or upload
>> content to the space.
>> 4. I put 7 documents in that space, and re-indexed with MCF.
>> 5. Solr now shows a total of 72 documents for the core in question.
>> 6. But, if I pass AuthenticatedUserName=testuser1 with my query, I
>> still only see the 65 docs from the other space.
>> 7. If I temporarily turn off the MCF SearchComponent in Solr, I can
>> see the docs from the "locked down" space.
>>
>> I set the various token fields to stored="true" so I can see what is
>> getting stored, and here's what I see for one sample document (one
>> that isn't being returned with the SearchComponent enabled, but which
>> should be).
>>
>> "allow_token_document":["Alfresco:testuser1", "Alfresco:testuser2",
>> "Alfresco:testuser3", "Alfresco:testuser4"],
>> "deny_token_document":["__nosecurity__"],
>> "deny_token_parent":["__nosecurity__"],
>> "allow_token_share":["__nosecurity__"],
>> "allow_token_parent":["__nosecurity__"],
>> "deny_token_share":["__nosecurity__"],
>>
>> Two things jump out to me:
>>
>> 1. I don't have entries for those users in allow_token_share and
>> allow_token_parent (and I'm not sure why not.  This part seems to be a
>> black box from the perspective of configuring MCF to crawl Alfresco)
>>
>> 2. The "domain" part in the entries in allow_token_document is coming
>> up as "Alfresco".  I tried adding AuthenticatedUserDomain=Alfresco to
>> my queries, but that didn't make any difference.
>>
>> Can anybody see what is is that I'm missing here?  Is there maybe
>> something I need to do either in MCF or in Alfresco to make sure those
>> allow_token_share and allow_token_parent entries get populated, or is
>> it something else?
>>
>> Any thoughts / suggestions are greatly appreciated.
>>
>>
>> Phil
>>
>>
>>
>> This message optimized for indexing by NSA PRISM
>
>

Mime
View raw message