Hi Karl, Sure. I set up 2 auth connectors as JDBC. In my example, I am dummying up auth tokens for each, The user is coming from a live table:
AuthConn1 is defined as: User ID query: SELECT system_userid AS "$(IDCOLUMN)" FROM master.users WHERE userid = UPPER($(USERNAME)) Auth token query: SELECT 1 from dual; AuthConn2 is defined as: User ID query: SELECT system_userid AS "$(IDCOLUMN)" FROM master.users WHERE userid = UPPER($(USERNAME)) Auth token query: SELECT 2 from dual; Here is example output using the above setup: acalbaza@acalbaza-virtual-machine ~/src $ curl http://localhost:8345/mcf/UserACLs?username=THOLLY2 AUTHORIZED:authConn2 TOKEN:authGroup:1 AUTHORIZED:authConn1 TOKEN:authGroup:1 I would expect: AUTHORIZED:authConn2 TOKEN:authGroup:2 AUTHORIZED:authConn1 TOKEN:authGroup:1 Thanks, Alejandro On Thu, Nov 20, 2014 at 2:21 PM, Karl Wright <[email protected]> wrote: > Hi Alejandro, > > I'm having a bit of trouble from your email figuring out what your > authorities are each doing. > > Within an authority group, each authority is consulted, and the list of > tokens returned are added together. So, for instance, if your authority > group "mygroup" has two authorities in it A and B, both authorities are > called, and the results are aggregated. So if A returned tokens "A1" and > "A2", and B returned tokens "B1" and "B2, you should see: > > TOKEN:mygroup:A1 > TOKEN:mygroup:A2 > TOKEN:mygroup:B1 > TOKEN:mygroup:B2 > > The tokens returned are qualified with the authority group name, so there > should definitely be a difference if you put authorities in one group vs. > another. > > If I am not understanding the problem, please help by describing what the > individual authorities in your group are supposed to be returning. > > Thanks, > Karl > > > On Thu, Nov 20, 2014 at 2:09 PM, Alejandro Calbazana <[email protected] > > wrote: > >> Hi Karl, >> >> It looks like the Solr plugin is doing what it is supposed to. I had >> content that was not marked with any auth tokens. >> >> I do have a question about auth groups. I noticed something that I did >> not expect. I added mutiple auth connectors to an auth group. Each one >> has a different underlying query. The idea here is that each auth >> connector returns a different set of tokens depending on the query. What >> I'm seeing is that the results are duplicated across auth connectors in the >> group. Is this what should happen? >> >> Here is an example of what I'm getting back: >> >> AUTHORIZED:authConn1 >> TOKEN:authGroup:A127839-1411291 >> TOKEN:authGroup:A127839-1413366 >> TOKEN:authGroup:A127839-1413038 >> AUTHORIZED:authConn2 >> TOKEN:authGroup:A127839-1411291 >> TOKEN:authGroup:A127839-1413366 >> TOKEN:authGroup:A127839-1413038 >> >> What I expect: >> >> AUTHORIZED:authConn1 >> TOKEN:authGroup:A127839-1411291 >> AUTHORIZED:authConn2 >> TOKEN:authGroup:A127839-1411291 >> TOKEN:authGroup:A127839-1413366 >> TOKEN:authGroup:A127839-1413038 >> >> It doesn't even matter if the auth connectors are placed in separate >> groups. >> >> Thanks, >> >> Alejandro >> >> >> On Fri, Nov 7, 2014 at 12:43 PM, Karl Wright <[email protected]> wrote: >> >>> My suspicion, FWIW, is that you may either not have made all the solr >>> schema field additions required, or you need to reindex because you added >>> the security fields after running MCF. But first let's be sure MCF is >>> doing what you expect first. >>> >>> Karl >>> >>> >>> On Fri, Nov 7, 2014 at 12:37 PM, Karl Wright <[email protected]> wrote: >>> >>>> Hi Alejandro, >>>> >>>> The best way to see if an authority is working as expected is to use >>>> curl, as follows: >>>> >>>> curl http://localhost:8345/mcf-authority-service/UserACLs?user= >>>> <username> >>>> >>>> Can you do that in your case and post the tokens? Thanks! >>>> >>>> Karl >>>> >>>> >>>> On Fri, Nov 7, 2014 at 12:22 PM, Alejandro Calbazana < >>>> [email protected]> wrote: >>>> >>>>> Hello, >>>>> >>>>> I've now have content indexed with auth tokens (thanks Karl). I'm >>>>> working out the Solr plugin so that I can enforce security. It looks like >>>>> I have things lined up properly on the Solr side as I can see that Solr >>>>> calls out to MCF to get auth tokens for the authorized user on incoming >>>>> queries. However, I also notice that I'm getting results back for >>>>> unauthorized users. >>>>> >>>>> From the Solr side: >>>>> >>>>> >>>>> 84665 [qtp2011579990-13] INFO >>>>> org.apache.solr.mcf.ManifoldCFSearchComponent – Trying to match docs for >>>>> user '[:ACALBAZA]' >>>>> 84754 [qtp2011579990-13] INFO >>>>> org.apache.solr.mcf.ManifoldCFSearchComponent – Saw authority response >>>>> AUTHORIZED:authGroupConnector >>>>> 84758 [qtp2011579990-13] INFO org.apache.solr.core.SolrCore – >>>>> [collection1] webapp=/solr path=/custom >>>>> params={q=DE&AuthenticatedUserName=ACALBAZA} hits=116 status=0 QTime=93 >>>>> 84814 [qtp2011579990-11] INFO org.apache.solr.core.SolrCore – >>>>> [collection1] webapp=/solr path=/admin/file >>>>> params={file=/velocity/main.css&contentType=text/css} status=0 QTime=0 >>>>> 84815 [qtp2011579990-14] INFO org.apache.solr.core.SolrCore – >>>>> [collection1] webapp=/solr path=/admin/file >>>>> params={file=/velocity/jquery.autocomplete.css&contentType=text/css} >>>>> status=0 QTime=0 >>>>> 84824 [qtp2011579990-13] INFO org.apache.solr.core.SolrCore – >>>>> [collection1] webapp=/solr path=/admin/file >>>>> params={file=/velocity/jquery.autocomplete.js&contentType=text/javascript} >>>>> status=0 QTime=1 >>>>> 87632 [qtp2011579990-11] INFO >>>>> org.apache.solr.mcf.ManifoldCFSearchComponent – Trying to match docs for >>>>> user '[:FOO]' >>>>> 87636 [qtp2011579990-11] INFO >>>>> org.apache.solr.mcf.ManifoldCFSearchComponent – Saw authority response >>>>> USERNOTFOUND:authGroupConnector >>>>> 87637 [qtp2011579990-11] INFO org.apache.solr.core.SolrCore – >>>>> [collection1] webapp=/solr path=/custom >>>>> params={q=DE&AuthenticatedUserName=FOO} hits=59 status=0 QTime=5 >>>>> 87683 [qtp2011579990-14] INFO org.apache.solr.core.SolrCore – >>>>> [collection1] webapp=/solr path=/admin/file >>>>> params={file=/velocity/main.css&contentType=text/css} status=0 QTime=0 >>>>> 87684 [qtp2011579990-13] INFO org.apache.solr.core.SolrCore – >>>>> [collection1] webapp=/solr path=/admin/file >>>>> params={file=/velocity/jquery.autocomplete.css&contentType=text/css} >>>>> status=0 QTime=0 >>>>> 87684 [qtp2011579990-11] INFO org.apache.solr.core.SolrCore – >>>>> [collection1] webapp=/solr path=/admin/file >>>>> params={file=/velocity/jquery.autocomplete.js&contentType=text/javascript} >>>>> status=0 QTime=0 >>>>> >>>>> Any hints appreciated. >>>>> >>>>> Thanks, >>>>> >>>>> Alejandro >>>>> >>>>> >>>> >>> >> >
