Hi Again, As per Karl's suggestion, i am now converting user from water.com\ljangra to [email protected]. Also referring to http://localhost:8345/mcf-authority-service/[email protected]
<http://localhost:8345/mcf-authority-service/[email protected]> I can see below ACL. AUTHORIZED:SP+K+Conn TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545 TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263 TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513 TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472 TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182 TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619 TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813 TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149 TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows Still i am not able to see any results from query http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&[email protected] <http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&[email protected]> . While debugging query i can see ACL doing fine. So i am confused why its now working. Can you please help. "parsed_filter_queries": [ "ConstantScore(+((+allow_token_share:__nosecurity__ +deny_token_share:__nosecurity__) allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545 -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545 allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263 -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263 allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513 -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513 allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472 -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472 allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182 -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182 allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619 -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619 allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813 -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813 allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149 -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149 allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows) +((+allow_token_document:__nosecurity__ +deny_token_document:__nosecurity__) allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545 -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545 allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263 -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263 allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513 -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513 allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472 -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472 allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182 -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182 allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619 -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619 allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813 -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813 allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149 -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149 allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))" ], Finally solr.log also seems to be fine. INFO - 2014-06-13 11:38:19.862; org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying to match docs for user '[:[email protected]]' INFO - 2014-06-13 11:38:19.909; org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw authority response AUTHORIZED:SP+K+Conn INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore; [collection1] webapp=/solr path=/select params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName= [email protected]} hits=0 status=0 QTime=47 Regards. On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <[email protected]> wrote: > Hi Lalit, > > It makes more sense to use appends section rather than defaults section > when defining mcf query parser plugin in fq parameter. > > <lst name="appends"> > <str name="fq">{!manifoldCFSecurity}</str> > </lst> > > > > > On Friday, June 13, 2014 12:51 AM, lalit jangra < > [email protected]> wrote: > > > Hi Ahmet, > > I have configured solrconfig.xml as per your suggestion. > > <requestHandler name="/select" class="solr.SearchHandler"> > <!-- default values for query parameters can be specified, these > will be overridden by parameters in the request > --> > <lst name="defaults"> > <str name="echoParams">explicit</str> > <int name="rows">1000</int> > <str name="df">text</str> > <str name="fq">{!manifoldCFSecurity}</str> > </lst> > .... > </requestHandler> > > > Next i am running a job which indexes sharepoint content in solr but when > i am searching in solr, i am getting not results & getting > UNREACHABLEAUTHORITY message. > > INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy; > SolrDeletionPolicy.onCommit: commits: num=2 > > commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index > lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846; > maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1} > > commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index > lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846; > maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2} > INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy; > newest commit generation = 2 > INFO - 2014-06-12 22:22:29.960; org.apache.solr.search.SolrIndexSearcher; > Opening Searcher@5ac787b0 main > INFO - 2014-06-12 22:22:29.975; > org.apache.solr.update.DirectUpdateHandler2; end_commit_flush > INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener; > QuerySenderListener sending requests to Searcher@5ac787b0 > main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)} > INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener; > QuerySenderListener done. > INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore; > [collection1] Registered new searcher Searcher@5ac787b0 > main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)} > INFO - 2014-06-12 22:22:29.975; > org.apache.solr.update.processor.LogUpdateProcessor; [collection1] > webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2} > {commit=} 0 265 > INFO - 2014-06-12 22:22:35.663; > org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null > path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0 > QTime=0 > INFO - 2014-06-12 22:22:35.741; > org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null > path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15 > INFO - 2014-06-12 22:22:36.960; > org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default > no-user response (open documents only) > INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore; > [collection1] webapp=/solr path=/select > params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16 > INFO - 2014-06-12 22:22:40.569; > org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying > to match docs for user '[:[email protected]]' > INFO - 2014-06-12 22:22:40.726; > org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw > authority response UNREACHABLEAUTHORITY:SsharepointAuthority > INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore; > [collection1] webapp=/solr path=/select > params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName= > [email protected]} hits=0 status=0 QTime=157 > > UNREACHABLEAUTHORITY means name of an authority that was found to be > unreachable or unusable but i am having same authority working fine in MCF. > > > Please help. > > Regards. > > > > On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <[email protected]> wrote: > > Hi Karl, > > May be we should use > > <requestHandler name="/select" class="solr.SearchHandler"> > > in > https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt > > To avoid confusion? > > What do you think? > > > On Thursday, June 12, 2014 11:12 PM, Karl Wright <[email protected]> > wrote: > > > What does your solrconfig.xml file look like? > Karl > > > On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <[email protected]> > wrote: > > Hi Ahmet, > > I tried the way you suggested but its not working. My solr query is as > below. > > > http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&[email protected] > > Whatever name i am passing as AuthenticatedUserName, it returning all > results. > > I have indexed my documents using mcf-solr plugin using instructions @ > https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt. > Below are some of ACL stored in solr. Am i missing something? > > "_version_": 1470562493875093500, > "allow_token_share": [ > "__nosecurity__" > ], > "deny_token_share": [ > "__nosecurity__" > ] > }, > { > "content_name": "Alfresco-in-an-Hour.pdf" > "deny_token_document": [ > "SP+Group:DEAD_AUTHORITY" > ], > "allow_token_document": [ > "SP+Group:GTest+lalit+Portal+Visitors", > "SP+Group:GTest+lalit+Portal+Owners", > "SP+Group:GRestricted+Readers", > "SP+Group:GTest+lalit+Administrators", > "SP+Group:GTest+lalit+Portal+Members", > "SP+Group:Uc%3A0%28.s%7Ctrue", > "SP+Group:GHierarchy+Managers", > "SP+Group:GApprovers", > "SP+Group:GViewers", > "SP+Group:GDesigners" > ], > "content_modified_date": "2014-06-04T00:00:00Z", > > > > SDD > > > "_version_": 1470564182244982800 > }, > { > "deny_token_share": [ > "AD+Group:DEAD_AUTHORITY" > ], > "content_name": "hekko.txt", > "content_modifier": "iwater.ie\\ljangra", > "deny_token_document": [ > "AD+Group:DEAD_AUTHORITY" > ], > "id": " > file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt", > "allow_token_document": [ > "AD+Group:S-1-5-18", > "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088", > "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147", > "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148", > "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149", > "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150", > "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217", > "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154", > "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005", > "AD+Group:S-1-5-32-544" > ], > > "allow_token_share": [ > "AD+Group:S-1-1-0", > "AD+Group:S-1-5-32-544" > ], > > > CMIS > > "allow_token_share": [ > "__nosecurity__" > ], > "deny_token_document": [ > "__nosecurity__" > ], > "deny_token_share": [ > "__nosecurity__" > ], > "allow_token_document": [ > "__nosecurity__" > ] > > Regards. > > > > On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <[email protected]> wrote: > > Hi, > > As documented here > https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt > > "At a minimum, AuthenticatedUserName must be present in order" > > > This is a URL parameter, just like Solr params. Here is an example. > > > http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&[email protected]&facet=on&facet.field=Content-Type > <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&[email protected]&facet=on&facet.field=Content-Type> > > > On Thursday, June 12, 2014 4:28 PM, lalit jangra < > [email protected]> wrote: > > > Hi All, > > As continuing from > http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html > as per Ahmet's suggestion. > > I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed > into solr indexes. > > Now i want to write Solr query to put a user's permission details into in > it which can be compared to ACL stored in solr and only those results will > be returned to user on which he has been assigned ACL. > > How can i do this? Can i use MCF filter below here or do i need to write > custom query for my need? > > <requestHandler name="search" class="solr.SearchHandler" default="true"> > <lst name="appends"> > <str name="fq">{!manifoldCFSecurity}</str> > </lst> > </requestHandler> > > Please help. > > Regards, > Lalit Jangra. > > > > > > -- > Regards, > Lalit Jangra. > > > > > > > > -- > Regards, > Lalit Jangra. > > > -- Regards, Lalit Jangra.
