Correction, my token queries look like the following: SELECT 1 AS "$(TOKENCOLUMN)" FROM dual
and SELECT 2 AS "$(TOKENCOLUMN)" FROM dual respectively. Thanks, Alejandro On Thu, Nov 20, 2014 at 2:37 PM, Alejandro Calbazana <[email protected]> wrote: > Hi Karl, > > Sure. I set up 2 auth connectors as JDBC. In my example, I am dummying > up auth tokens for each, The user is coming from a live table: > > AuthConn1 is defined as: > > User ID query: SELECT system_userid AS "$(IDCOLUMN)" FROM master.users > WHERE userid = UPPER($(USERNAME)) > Auth token query: SELECT 1 from dual; > > AuthConn2 is defined as: > User ID query: SELECT system_userid AS "$(IDCOLUMN)" FROM master.users > WHERE userid = UPPER($(USERNAME)) > Auth token query: SELECT 2 from dual; > > Here is example output using the above setup: > > acalbaza@acalbaza-virtual-machine ~/src $ curl > http://localhost:8345/mcf/UserACLs?username=THOLLY2 > AUTHORIZED:authConn2 > TOKEN:authGroup:1 > AUTHORIZED:authConn1 > TOKEN:authGroup:1 > > I would expect: > > AUTHORIZED:authConn2 > TOKEN:authGroup:2 > AUTHORIZED:authConn1 > TOKEN:authGroup:1 > > Thanks, > > Alejandro > > > On Thu, Nov 20, 2014 at 2:21 PM, Karl Wright <[email protected]> wrote: > >> Hi Alejandro, >> >> I'm having a bit of trouble from your email figuring out what your >> authorities are each doing. >> >> Within an authority group, each authority is consulted, and the list of >> tokens returned are added together. So, for instance, if your authority >> group "mygroup" has two authorities in it A and B, both authorities are >> called, and the results are aggregated. So if A returned tokens "A1" and >> "A2", and B returned tokens "B1" and "B2, you should see: >> >> TOKEN:mygroup:A1 >> TOKEN:mygroup:A2 >> TOKEN:mygroup:B1 >> TOKEN:mygroup:B2 >> >> The tokens returned are qualified with the authority group name, so there >> should definitely be a difference if you put authorities in one group vs. >> another. >> >> If I am not understanding the problem, please help by describing what the >> individual authorities in your group are supposed to be returning. >> >> Thanks, >> Karl >> >> >> On Thu, Nov 20, 2014 at 2:09 PM, Alejandro Calbazana < >> [email protected]> wrote: >> >>> Hi Karl, >>> >>> It looks like the Solr plugin is doing what it is supposed to. I had >>> content that was not marked with any auth tokens. >>> >>> I do have a question about auth groups. I noticed something that I did >>> not expect. I added mutiple auth connectors to an auth group. Each one >>> has a different underlying query. The idea here is that each auth >>> connector returns a different set of tokens depending on the query. What >>> I'm seeing is that the results are duplicated across auth connectors in the >>> group. Is this what should happen? >>> >>> Here is an example of what I'm getting back: >>> >>> AUTHORIZED:authConn1 >>> TOKEN:authGroup:A127839-1411291 >>> TOKEN:authGroup:A127839-1413366 >>> TOKEN:authGroup:A127839-1413038 >>> AUTHORIZED:authConn2 >>> TOKEN:authGroup:A127839-1411291 >>> TOKEN:authGroup:A127839-1413366 >>> TOKEN:authGroup:A127839-1413038 >>> >>> What I expect: >>> >>> AUTHORIZED:authConn1 >>> TOKEN:authGroup:A127839-1411291 >>> AUTHORIZED:authConn2 >>> TOKEN:authGroup:A127839-1411291 >>> TOKEN:authGroup:A127839-1413366 >>> TOKEN:authGroup:A127839-1413038 >>> >>> It doesn't even matter if the auth connectors are placed in separate >>> groups. >>> >>> Thanks, >>> >>> Alejandro >>> >>> >>> On Fri, Nov 7, 2014 at 12:43 PM, Karl Wright <[email protected]> wrote: >>> >>>> My suspicion, FWIW, is that you may either not have made all the solr >>>> schema field additions required, or you need to reindex because you added >>>> the security fields after running MCF. But first let's be sure MCF is >>>> doing what you expect first. >>>> >>>> Karl >>>> >>>> >>>> On Fri, Nov 7, 2014 at 12:37 PM, Karl Wright <[email protected]> >>>> wrote: >>>> >>>>> Hi Alejandro, >>>>> >>>>> The best way to see if an authority is working as expected is to use >>>>> curl, as follows: >>>>> >>>>> curl http://localhost:8345/mcf-authority-service/UserACLs?user= >>>>> <username> >>>>> >>>>> Can you do that in your case and post the tokens? Thanks! >>>>> >>>>> Karl >>>>> >>>>> >>>>> On Fri, Nov 7, 2014 at 12:22 PM, Alejandro Calbazana < >>>>> [email protected]> wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> I've now have content indexed with auth tokens (thanks Karl). I'm >>>>>> working out the Solr plugin so that I can enforce security. It looks >>>>>> like >>>>>> I have things lined up properly on the Solr side as I can see that Solr >>>>>> calls out to MCF to get auth tokens for the authorized user on incoming >>>>>> queries. However, I also notice that I'm getting results back for >>>>>> unauthorized users. >>>>>> >>>>>> From the Solr side: >>>>>> >>>>>> >>>>>> 84665 [qtp2011579990-13] INFO >>>>>> org.apache.solr.mcf.ManifoldCFSearchComponent – Trying to match docs for >>>>>> user '[:ACALBAZA]' >>>>>> 84754 [qtp2011579990-13] INFO >>>>>> org.apache.solr.mcf.ManifoldCFSearchComponent – Saw authority response >>>>>> AUTHORIZED:authGroupConnector >>>>>> 84758 [qtp2011579990-13] INFO org.apache.solr.core.SolrCore – >>>>>> [collection1] webapp=/solr path=/custom >>>>>> params={q=DE&AuthenticatedUserName=ACALBAZA} hits=116 status=0 QTime=93 >>>>>> 84814 [qtp2011579990-11] INFO org.apache.solr.core.SolrCore – >>>>>> [collection1] webapp=/solr path=/admin/file >>>>>> params={file=/velocity/main.css&contentType=text/css} status=0 QTime=0 >>>>>> 84815 [qtp2011579990-14] INFO org.apache.solr.core.SolrCore – >>>>>> [collection1] webapp=/solr path=/admin/file >>>>>> params={file=/velocity/jquery.autocomplete.css&contentType=text/css} >>>>>> status=0 QTime=0 >>>>>> 84824 [qtp2011579990-13] INFO org.apache.solr.core.SolrCore – >>>>>> [collection1] webapp=/solr path=/admin/file >>>>>> params={file=/velocity/jquery.autocomplete.js&contentType=text/javascript} >>>>>> status=0 QTime=1 >>>>>> 87632 [qtp2011579990-11] INFO >>>>>> org.apache.solr.mcf.ManifoldCFSearchComponent – Trying to match docs for >>>>>> user '[:FOO]' >>>>>> 87636 [qtp2011579990-11] INFO >>>>>> org.apache.solr.mcf.ManifoldCFSearchComponent – Saw authority response >>>>>> USERNOTFOUND:authGroupConnector >>>>>> 87637 [qtp2011579990-11] INFO org.apache.solr.core.SolrCore – >>>>>> [collection1] webapp=/solr path=/custom >>>>>> params={q=DE&AuthenticatedUserName=FOO} hits=59 status=0 QTime=5 >>>>>> 87683 [qtp2011579990-14] INFO org.apache.solr.core.SolrCore – >>>>>> [collection1] webapp=/solr path=/admin/file >>>>>> params={file=/velocity/main.css&contentType=text/css} status=0 QTime=0 >>>>>> 87684 [qtp2011579990-13] INFO org.apache.solr.core.SolrCore – >>>>>> [collection1] webapp=/solr path=/admin/file >>>>>> params={file=/velocity/jquery.autocomplete.css&contentType=text/css} >>>>>> status=0 QTime=0 >>>>>> 87684 [qtp2011579990-11] INFO org.apache.solr.core.SolrCore – >>>>>> [collection1] webapp=/solr path=/admin/file >>>>>> params={file=/velocity/jquery.autocomplete.js&contentType=text/javascript} >>>>>> status=0 QTime=0 >>>>>> >>>>>> Any hints appreciated. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Alejandro >>>>>> >>>>>> >>>>> >>>> >>> >> >
