Hi Alejandro, I'm having a bit of trouble from your email figuring out what your authorities are each doing.
Within an authority group, each authority is consulted, and the list of tokens returned are added together. So, for instance, if your authority group "mygroup" has two authorities in it A and B, both authorities are called, and the results are aggregated. So if A returned tokens "A1" and "A2", and B returned tokens "B1" and "B2, you should see: TOKEN:mygroup:A1 TOKEN:mygroup:A2 TOKEN:mygroup:B1 TOKEN:mygroup:B2 The tokens returned are qualified with the authority group name, so there should definitely be a difference if you put authorities in one group vs. another. If I am not understanding the problem, please help by describing what the individual authorities in your group are supposed to be returning. Thanks, Karl On Thu, Nov 20, 2014 at 2:09 PM, Alejandro Calbazana <[email protected]> wrote: > Hi Karl, > > It looks like the Solr plugin is doing what it is supposed to. I had > content that was not marked with any auth tokens. > > I do have a question about auth groups. I noticed something that I did > not expect. I added mutiple auth connectors to an auth group. Each one > has a different underlying query. The idea here is that each auth > connector returns a different set of tokens depending on the query. What > I'm seeing is that the results are duplicated across auth connectors in the > group. Is this what should happen? > > Here is an example of what I'm getting back: > > AUTHORIZED:authConn1 > TOKEN:authGroup:A127839-1411291 > TOKEN:authGroup:A127839-1413366 > TOKEN:authGroup:A127839-1413038 > AUTHORIZED:authConn2 > TOKEN:authGroup:A127839-1411291 > TOKEN:authGroup:A127839-1413366 > TOKEN:authGroup:A127839-1413038 > > What I expect: > > AUTHORIZED:authConn1 > TOKEN:authGroup:A127839-1411291 > AUTHORIZED:authConn2 > TOKEN:authGroup:A127839-1411291 > TOKEN:authGroup:A127839-1413366 > TOKEN:authGroup:A127839-1413038 > > It doesn't even matter if the auth connectors are placed in separate > groups. > > Thanks, > > Alejandro > > > On Fri, Nov 7, 2014 at 12:43 PM, Karl Wright <[email protected]> wrote: > >> My suspicion, FWIW, is that you may either not have made all the solr >> schema field additions required, or you need to reindex because you added >> the security fields after running MCF. But first let's be sure MCF is >> doing what you expect first. >> >> Karl >> >> >> On Fri, Nov 7, 2014 at 12:37 PM, Karl Wright <[email protected]> wrote: >> >>> Hi Alejandro, >>> >>> The best way to see if an authority is working as expected is to use >>> curl, as follows: >>> >>> curl http://localhost:8345/mcf-authority-service/UserACLs?user= >>> <username> >>> >>> Can you do that in your case and post the tokens? Thanks! >>> >>> Karl >>> >>> >>> On Fri, Nov 7, 2014 at 12:22 PM, Alejandro Calbazana < >>> [email protected]> wrote: >>> >>>> Hello, >>>> >>>> I've now have content indexed with auth tokens (thanks Karl). I'm >>>> working out the Solr plugin so that I can enforce security. It looks like >>>> I have things lined up properly on the Solr side as I can see that Solr >>>> calls out to MCF to get auth tokens for the authorized user on incoming >>>> queries. However, I also notice that I'm getting results back for >>>> unauthorized users. >>>> >>>> From the Solr side: >>>> >>>> >>>> 84665 [qtp2011579990-13] INFO >>>> org.apache.solr.mcf.ManifoldCFSearchComponent – Trying to match docs for >>>> user '[:ACALBAZA]' >>>> 84754 [qtp2011579990-13] INFO >>>> org.apache.solr.mcf.ManifoldCFSearchComponent – Saw authority response >>>> AUTHORIZED:authGroupConnector >>>> 84758 [qtp2011579990-13] INFO org.apache.solr.core.SolrCore – >>>> [collection1] webapp=/solr path=/custom >>>> params={q=DE&AuthenticatedUserName=ACALBAZA} hits=116 status=0 QTime=93 >>>> 84814 [qtp2011579990-11] INFO org.apache.solr.core.SolrCore – >>>> [collection1] webapp=/solr path=/admin/file >>>> params={file=/velocity/main.css&contentType=text/css} status=0 QTime=0 >>>> 84815 [qtp2011579990-14] INFO org.apache.solr.core.SolrCore – >>>> [collection1] webapp=/solr path=/admin/file >>>> params={file=/velocity/jquery.autocomplete.css&contentType=text/css} >>>> status=0 QTime=0 >>>> 84824 [qtp2011579990-13] INFO org.apache.solr.core.SolrCore – >>>> [collection1] webapp=/solr path=/admin/file >>>> params={file=/velocity/jquery.autocomplete.js&contentType=text/javascript} >>>> status=0 QTime=1 >>>> 87632 [qtp2011579990-11] INFO >>>> org.apache.solr.mcf.ManifoldCFSearchComponent – Trying to match docs for >>>> user '[:FOO]' >>>> 87636 [qtp2011579990-11] INFO >>>> org.apache.solr.mcf.ManifoldCFSearchComponent – Saw authority response >>>> USERNOTFOUND:authGroupConnector >>>> 87637 [qtp2011579990-11] INFO org.apache.solr.core.SolrCore – >>>> [collection1] webapp=/solr path=/custom >>>> params={q=DE&AuthenticatedUserName=FOO} hits=59 status=0 QTime=5 >>>> 87683 [qtp2011579990-14] INFO org.apache.solr.core.SolrCore – >>>> [collection1] webapp=/solr path=/admin/file >>>> params={file=/velocity/main.css&contentType=text/css} status=0 QTime=0 >>>> 87684 [qtp2011579990-13] INFO org.apache.solr.core.SolrCore – >>>> [collection1] webapp=/solr path=/admin/file >>>> params={file=/velocity/jquery.autocomplete.css&contentType=text/css} >>>> status=0 QTime=0 >>>> 87684 [qtp2011579990-11] INFO org.apache.solr.core.SolrCore – >>>> [collection1] webapp=/solr path=/admin/file >>>> params={file=/velocity/jquery.autocomplete.js&contentType=text/javascript} >>>> status=0 QTime=0 >>>> >>>> Any hints appreciated. >>>> >>>> Thanks, >>>> >>>> Alejandro >>>> >>>> >>> >> >
