thanks karl I re-ingest all associated documents with AcytiveDirectory authority.Now, field allow_token_share contains : "Authority:SID"
regards 2013/11/6 Karl Wright <[email protected]> > Hi Nicolas, > > The authority name should be there - in fact, this is critical for security > reasons. The reason your documents' access tokens don't have the authority > name is because you need to select the name of the authority when you > define you repository connection, and you apparently neglected to do that. > But you can go back and edit your repository connection to select > "*ActiveDirectory*" as your authority, and then rerun the appropriate job, > and all will be fixed. > > Karl > > > > On Wed, Nov 6, 2013 at 3:29 AM, nicolas lavoillotte < > [email protected]> wrote: > > > MCF 1.4 > > manifoldcf-integration-solr4 > > mcf-jcfis-conector > > > > Hello, > > > > I am currently working on a Windows disk indexing. Files are scanned and > > ntfs rights (SID) are added to the collection in the fields: > > > > allow_token_share,deny_token_share, > > allow_token_document,deny_token_document. > > > > When I query solr for a particular user, ManifoldCFQParserPlugin filter > ( > > project manifoldcf-integration-solr4) > > queries the service with the following url : > > mcf-authority-service/[email protected] > > > > In return: > > > > AUTHORIZED:ActiveDirectory > > TOKEN:*ActiveDirectory*:S-1-5-32-545 > > TOKEN:*ActiveDirectory*:S-1-5-21-322155083-2847805960-3427142238-21973 > > TOKEN:*ActiveDirectory*:S-1-5-21-322155083-2847805960-3427142238-38051 > > TOKEN:*ActiveDirectory*:S-1-5-21-322155083-2847805960-3427142238-16808 > > > > In my collection, field allow_token_document contains only SID.So, my > query > > is empty because the filter built his request with incorrect tokens: > > > > +((+allow_token_share:__nosecurity__ +deny_token_share:__nosecurity__) > > allow_token_share:*ActiveDirectory*:S-1-5-32-545 > > -deny_token_share:*ActiveDirectory*:S-1-5-32-545 > > allow_token_share:*ActiveDirectory* > > :S-1-5-21-322155083-2847805960-3427142238-21973 > > > > > -deny_token_share:*ActiveDirectory*:S-1-5-21-322155083-2847805960-3427142238-38051 > > > > > > > allow_token_share:*ActiveDirectory*:S-1-5-21-322155083-2847805960-3427142238-1680 > > ..... > > > > I have to change the ManifoldCFQParserPlugin plugin to remove the name of > > the authoritie of each token as follow : > > > > /** Get access tokens given a username */ > > protected List<String> getAccessTokens(String authenticatedUserName) > > throws IOException > > { > > // We can make this more complicated later, with support for https > > etc., but this is enough to demonstrate how it all should work. > > String theURL = authorityBaseURL + > > "/UserACLs?username="+URLEncoder.encode(authenticatedUserName,"utf-8"); > > > > HttpGet method = new HttpGet(theURL); > > try > > { > > HttpResponse httpResponse = client.execute(method); > > int rval = httpResponse.getStatusLine().getStatusCode(); > > if (rval != 200) > > { > > String response = > > EntityUtils.toString(httpResponse.getEntity(),"utf-8"); > > throw new > > SolrException(SolrException.ErrorCode.SERVER_ERROR,"Couldn't fetch user's > > access tokens from ManifoldCF authority service: > > "+Integer.toString(rval)+"; "+response); > > } > > InputStream is = httpResponse.getEntity().getContent(); > > try > > { > > String charSet = > > EntityUtils.getContentCharSet(httpResponse.getEntity()); > > if (charSet == null) > > charSet = "utf-8"; > > Reader r = new InputStreamReader(is,charSet); > > try > > { > > BufferedReader br = new BufferedReader(r); > > // > > // NJL > > String authorized=null; > > // LJN > > // > > try > > { > > // Read the tokens, one line at a time. If any authorities > are > > down, we have no current way to note that, but someday we will. > > List<String> tokenList = new ArrayList<String>(); > > while (true) > > { > > String line = br.readLine(); > > if (line == null) > > break; > > // > > // NJL > > if (line.startsWith("AUTHORIZED:")) > > authorized=line.substring("AUTHORIZED:".length())+":"; > > // LJN > > // > > if (line.startsWith("TOKEN:")) > > { > > // > > // NJL > > String token=line.substring("TOKEN:".length()); > > if (authorized!=null && token.startsWith(authorized)) > > token=token.substring(authorized.length()); > > tokenList.add(token); > > // LJN > > // > > } > > ...... > > } > > > > > > regards > > >
