Hi Nicolas, The authority name should be there - in fact, this is critical for security reasons. The reason your documents' access tokens don't have the authority name is because you need to select the name of the authority when you define you repository connection, and you apparently neglected to do that. But you can go back and edit your repository connection to select "*ActiveDirectory*" as your authority, and then rerun the appropriate job, and all will be fixed.
Karl On Wed, Nov 6, 2013 at 3:29 AM, nicolas lavoillotte < [email protected]> wrote: > MCF 1.4 > manifoldcf-integration-solr4 > mcf-jcfis-conector > > Hello, > > I am currently working on a Windows disk indexing. Files are scanned and > ntfs rights (SID) are added to the collection in the fields: > > allow_token_share,deny_token_share, > allow_token_document,deny_token_document. > > When I query solr for a particular user, ManifoldCFQParserPlugin filter ( > project manifoldcf-integration-solr4) > queries the service with the following url : > mcf-authority-service/[email protected] > > In return: > > AUTHORIZED:ActiveDirectory > TOKEN:*ActiveDirectory*:S-1-5-32-545 > TOKEN:*ActiveDirectory*:S-1-5-21-322155083-2847805960-3427142238-21973 > TOKEN:*ActiveDirectory*:S-1-5-21-322155083-2847805960-3427142238-38051 > TOKEN:*ActiveDirectory*:S-1-5-21-322155083-2847805960-3427142238-16808 > > In my collection, field allow_token_document contains only SID.So, my query > is empty because the filter built his request with incorrect tokens: > > +((+allow_token_share:__nosecurity__ +deny_token_share:__nosecurity__) > allow_token_share:*ActiveDirectory*:S-1-5-32-545 > -deny_token_share:*ActiveDirectory*:S-1-5-32-545 > allow_token_share:*ActiveDirectory* > :S-1-5-21-322155083-2847805960-3427142238-21973 > > -deny_token_share:*ActiveDirectory*:S-1-5-21-322155083-2847805960-3427142238-38051 > > > allow_token_share:*ActiveDirectory*:S-1-5-21-322155083-2847805960-3427142238-1680 > ..... > > I have to change the ManifoldCFQParserPlugin plugin to remove the name of > the authoritie of each token as follow : > > /** Get access tokens given a username */ > protected List<String> getAccessTokens(String authenticatedUserName) > throws IOException > { > // We can make this more complicated later, with support for https > etc., but this is enough to demonstrate how it all should work. > String theURL = authorityBaseURL + > "/UserACLs?username="+URLEncoder.encode(authenticatedUserName,"utf-8"); > > HttpGet method = new HttpGet(theURL); > try > { > HttpResponse httpResponse = client.execute(method); > int rval = httpResponse.getStatusLine().getStatusCode(); > if (rval != 200) > { > String response = > EntityUtils.toString(httpResponse.getEntity(),"utf-8"); > throw new > SolrException(SolrException.ErrorCode.SERVER_ERROR,"Couldn't fetch user's > access tokens from ManifoldCF authority service: > "+Integer.toString(rval)+"; "+response); > } > InputStream is = httpResponse.getEntity().getContent(); > try > { > String charSet = > EntityUtils.getContentCharSet(httpResponse.getEntity()); > if (charSet == null) > charSet = "utf-8"; > Reader r = new InputStreamReader(is,charSet); > try > { > BufferedReader br = new BufferedReader(r); > // > // NJL > String authorized=null; > // LJN > // > try > { > // Read the tokens, one line at a time. If any authorities are > down, we have no current way to note that, but someday we will. > List<String> tokenList = new ArrayList<String>(); > while (true) > { > String line = br.readLine(); > if (line == null) > break; > // > // NJL > if (line.startsWith("AUTHORIZED:")) > authorized=line.substring("AUTHORIZED:".length())+":"; > // LJN > // > if (line.startsWith("TOKEN:")) > { > // > // NJL > String token=line.substring("TOKEN:".length()); > if (authorized!=null && token.startsWith(authorized)) > token=token.substring(authorized.length()); > tokenList.add(token); > // LJN > // > } > ...... > } > > > regards >
