Hi Rüdiger, Ok, I misunderstood -- I thought that Solr could not talk to the MCF authority service. Instead you are saying that one particular authority may be down.
If this is your situation, please note that the behavior of the individual authority connector has been carefully considered. Specifically, depending on the particular authorization model used by the repository in question (e.g. whether deny authorization is possible), the authority may choose to interpret inability to contact the repository in either one of two ways: (1) responding with an "unauthorized", which basically shuts down any results back from solr, or "incomplete", which basically allows results to be returned but includes only open documents from that repository. Doing anything else constitutes a security hole, I'm afraid. What's confusing to me is that in *either* situation, the results that Solr returns should be filtered accordingly, and a 503 should not be returned. If you are claiming that the call to the authority service simply takes too long in the case where 503 is returned, most authorities *do* support a timeout value that can be adjusted, and you would simply want to reduce that value for the authority in question. But I need to emphasize that it really is up to the individual authority to determine if authorization for that authority is allowed, and we cannot institute any blanket policy for that reason. Can you tell me which authority is taking a long time? Karl On Thu, Jun 11, 2015 at 10:39 AM, <[email protected]> wrote: > Hi Karl, > > as any time... thanks for the quick reply. > > The drawback of this solution is that the search will run in a > "non-authorised" mode: If one of the authority connections does not work, > we will have anonymous access only ... > > The prefered solution would support authorised search for all authority > connections except the one that is not working. > > kind regards > -Rüdiger > > Zitat von Karl Wright <[email protected]>: > > > I believe you can set the socket timeout for the Solr plugin via plugin >> parameters. I suggest you try that to limit the damage you'd get if the >> request could not be completed. >> >> Thanks, >> Karl >> >> >> On Thu, Jun 11, 2015 at 9:13 AM, <[email protected]> wrote: >> >> >>> Hi there, >>> >>> we have the following situation ... >>> >>> When one of the configured authority connections does not get a response >>> from its service URL, the search results in a response with an error >>> (status 503). >>> >>> What's hppening in the background: >>> The service URL is not reachable, being blocked by a firewall. At client >>> side: The Solr-XHR request is pending for long time and finally results >>> in >>> a 503. >>> >>> The expected behavior would be, that the search is still working and does >>> not show results that are protected by this authority connection but >>> anything else. >>> >>> Currently we are starting our analysis. So far I'm interessted if this >>> situation is known by anybody out there and or if there are any hints or >>> ideas to keep the serach alive even an authority connection is not >>> available at search execution time. >>> >>> Thanks in advance >>> -Rüdiger >>> >>> >>> > > >
