Just to follow up on this: if I hand craft a query to the MCF authority service that looks like this:
http://manifoldcf.aws:8345/mcf-authority-service/UserACLs?username=Fred I get back AUTHORIZED:Null+authority+connection+for+testing TOKEN:Null:Fred which looks right to me, given what I know about this so far. And "Null:Fred" matches what is getting put into the Solr documents. Thanks, Phil This message optimized for indexing by NSA PRISM On Sat, Oct 28, 2017 at 8:36 PM, Phillip Rhodes <[email protected]> wrote: > MCF Gang: > > I've followed the instructions in the "ManifoldCF in Action" docs to > setup security integration between ManifoldCF and Solr. I've added > the ManifoldCF SearchComponent to Solr, and I see that my indexed > documents are getting allow_token_share, allow_token_parent, > allow_token_share, etc. tokens added. > > But when I query with the MCF plugin added and the > AuthenticatedUserName parameter added, I never get any results. > > I tried just with with username "Fred" and I see this in the solr logs: > > 2017-10-29 00:18:51.527 INFO (qtp834133664-16) [ ] > o.a.s.c.TransientSolrCoreCacheDefault Allocating transient cache for > 2147483647\ > transient cores > 2017-10-29 00:18:52.742 INFO (qtp834133664-15) [ ] > o.a.s.s.HttpSolrCall [admin] webapp=null path=/admin/cores > params={indexInfo=fa\ > lse&wt=json&_=1509236332203} status=0 QTime=6 > 2017-10-29 00:18:53.009 INFO (qtp834133664-11) [ ] > o.a.s.s.HttpSolrCall [admin] webapp=null path=/admin/info/system > params={wt=jso\ > n&_=1509236332206} status=0 QTime=201 > 2017-10-29 00:19:14.349 INFO (qtp834133664-16) [ x:gettingstarted] > o.a.s.m.ManifoldCFSearchComponent Trying to match docs for user\ > '[:Fred]' > 2017-10-29 00:19:14.476 INFO (qtp834133664-16) [ x:gettingstarted] > o.a.s.m.ManifoldCFSearchComponent Saw authority response AUTHOR\ > IZED:Null+authority+connection+for+testing > 2017-10-29 00:19:14.529 INFO (qtp834133664-16) [ x:gettingstarted] > o.a.s.c.S.Request [gettingstarted] webapp=/solr path=/select p\ > arams={q=*:*&AuthenticatedUserName=Fred&indent=on&wt=xml&_=1509236332558} > hits=0 status=0 QTime=228 > > I can tell Solr is talking to the MCF authority service, because > "Null+authority+connection+for+testing" is the description I used on > the Manifold side. > > There are documents in the index that include fields like this: > > <doc> <arr name="allow_token_document"> <str>Null:Fred</str> </arr> > <arr name="title"> <str/> </arr> <str > name="id">http://rss.cnn.com/~r/rss/cnn_world/~3/iTYAcfUavzM/orig-burger-king-bullying.cnn</str> > <arr name="deny_token_document"> <str>Null:DEAD_AUTHORITY</str> </arr> > <str name="stream_content_type">text/html; charset=utf-8</str> <str > name="keywords">world, Burger King stands up to bullying - CNN > Video</str> <str name="description">Burger King creates a PSA that > asks their customers to take a closer look at bullying. </str> <str > name="stream_name">docname</str> <str name="dc_title">Burger King > stands up to bullying - CNN Video</str> <arr name="content_type"> > <str>text/html; charset=UTF-8</str> </arr> <long > name="stream_size">489145</long> <str > name="x_parsed_by">org.apache.tika.parser.DefaultParser > org.apache.tika.parser.html.HtmlParser</str> <str > name="stream_source_info">docname</str> <str > name="resourcename">docname</str> <str > name="fb_app_id">80401312489</str> <arr name="deny_token_parent"> > <str>__no_security__</str> </arr> <arr name="allow_token_share"> > <str>__no_security__</str> </arr> <arr name="deny_token_share"> > <str>__no_security__</str> </arr> <arr name="allow_token_parent"> > <str>__no_security__</str> </arr> > ... > ... > </doc> > > > But nonetheless, no results are returned. I'm sure I'm missing > something obvious here, but whatever it is is defeating me at the > moment. > > The only thing I see that looks a little dodgy is this "Trying to > match docs for user '[:Fred]'" given that the tokens look like > "Null:Fred". > > > Any ideas what the problem could be? > > > > > Thanks, > > > Phil
