incubator-connectors-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kwri...@apache.org
Subject svn commit: r1175924 - in /incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf: CHANGES.txt README.txt src/test-files/solr/conf/solrconfig-auth-qparser.xml src/test/org/apache/solr/mcf/ManifoldCFQParserPluginTest.java
Date Mon, 26 Sep 2011 16:04:05 GMT
Author: kwright
Date: Mon Sep 26 16:04:04 2011
New Revision: 1175924

URL: http://svn.apache.org/viewvc?rev=1175924&view=rev
Log:
Update documentation and tests

Added:
    incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/solrconfig-auth-qparser.xml
  (with props)
    incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test/org/apache/solr/mcf/ManifoldCFQParserPluginTest.java
  (with props)
Modified:
    incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/CHANGES.txt
    incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt

Modified: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/CHANGES.txt
URL: http://svn.apache.org/viewvc/incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/CHANGES.txt?rev=1175924&r1=1175923&r2=1175924&view=diff
==============================================================================
--- incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/CHANGES.txt (original)
+++ incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/CHANGES.txt Mon Sep 26 16:04:04
2011
@@ -1,13 +1,14 @@
-Apache Solr ManifoldCFSecurityFilter Library
+Apache Solr ManifoldCF security Library
 		Release Notes
 
-This file describes changes to the Solr ManifoldCFSecurityFilter (contrib/auth) module. See
SOLR-1895 for details.
+This file describes changes to the Solr ManifoldCF security package (contrib/auth) module.
See SOLR-1895 for details.
 
 Introduction
 ------------
 This module is intended to be used to restrict queries based on a user's authorization information.
-It includes a SearchComponent class org.apache.solr.auth.ManifoldCFSecurityFilter.  This
search
-component requires the argument "AuthorityServiceBaseURL", which describes the URL needed
to reach
+It includes a SearchComponent class org.apache.solr.mcf.ManifoldCFSearchComponent.  It also
includes
+a Query Parser plugin class org.apache.solr.mcf.ManifoldCFQParserPlugin.  Both components
+require the argument "AuthorityServiceBaseURL", which describes the URL needed to reach
 the ManifoldCF Authority Service.  Other optional parameters are:
 
 AllowAttributePrefix - the first part of the 'allow' family of fields, e.g. "allow_token_document"
or

Modified: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt
URL: http://svn.apache.org/viewvc/incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt?rev=1175924&r1=1175923&r2=1175924&view=diff
==============================================================================
--- incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt (original)
+++ incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt Mon Sep 26 16:04:04
2011
@@ -1,7 +1,9 @@
 Getting Started
 ---------------
-To start using Solr ManifoldCFSecurityFilter, you first need ManifoldCF installed and running.
 See:
-http://incubator.apache.org/incubator/connectors/how-to-build-and-deploy.html.
+
+There are two ways to hook up security to Solr in this package.  The first is using a Query
Parser plugin.
+The second is using a Search Component.  In both cases, the first step is to have ManifoldCF
installed and running.  See:
+http://incubator.apache.org/incubator/connectors/how-to-build-and-deploy.html
 
 Then, you will need to add fields to your Solr schema.xml file that can be used to contain
document
 authorization information.  There will need to be four of these fields, an 'allow' field
for both
@@ -12,11 +14,35 @@ documents and shares, and a 'deny' field
   <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true"
required="false" default="__nosecurity__"/>
   <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true"
required="false" default="__nosecurity__"/>
 
-Next, modify your solrconfig.xml to add the search component:
+Using the Query Parser Plugin
+----------------------------
+
+To set up the query parser plugin, modify your solrconfig.xml to add the query parser:
+
+  <!-- ManifoldCF document security enforcement component -->
+  <queryParser name="manifoldCFSecurity"
+    class="org.apache.solr.mcf.ManifoldCFQParserPlugin">
+    <str name="AuthorityServiceBaseURL">http://localhost:8345/mcf-authority-service</str>
+  </queryParser>
+
+Hook up the search component in the solrconfig.xml file wherever you want it, e.g.:
+
+<requestHandler name="search" class="solr.SearchHandler" default="true">
+  <lst name="appends">
+    <str name="fq">{!manifoldCFSecurity}</str>
+  </lst>
+  ...
+</requestHandler>
+
+
+Using the Search Component
+----------------------------
+
+To set up the search component, modify your solrconfig.xml to add the search component:
 
   <!-- ManifoldCF document security enforcement component -->
   <searchComponent name="manifoldCFSecurity"
-    class="org.apache.solr.auth.ManifoldCFSecurityFilter">
+    class="org.apache.solr.mcf.ManifoldCFSearchComponent">
     <str name="AuthorityServiceBaseURL">http://localhost:8345/mcf-authority-service</str>
   </searchComponent>
 

Added: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/solrconfig-auth-qparser.xml
URL: http://svn.apache.org/viewvc/incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/solrconfig-auth-qparser.xml?rev=1175924&view=auto
==============================================================================
--- incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/solrconfig-auth-qparser.xml
(added)
+++ incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/solrconfig-auth-qparser.xml
Mon Sep 26 16:04:04 2011
@@ -0,0 +1,66 @@
+<?xml version="1.0" ?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- $Id$
+     $Source$
+     $Name$
+  -->
+
+<config>
+
+  <luceneMatchVersion>${tests.luceneMatchVersion:LUCENE_CURRENT}</luceneMatchVersion>
+  <jmx />
+
+  <dataDir>${solr.data.dir:}</dataDir>
+
+  <directoryFactory name="DirectoryFactory" class="${solr.directoryFactory:solr.RAMDirectoryFactory}"/>
+
+  <updateHandler class="solr.DirectUpdateHandler2">
+  </updateHandler>
+
+  <requestHandler name="/update"     class="solr.XmlUpdateRequestHandler" />
+
+  <!-- test MCF Security Filter settings -->
+  <queryParser name="mcf-security_param" class="org.apache.solr.mcf.ManifoldCFQParserPlugin"
>
+    <str name="AuthorityServiceBaseURL">http://localhost:8347/mcf-as</str>
+    <int name="SocketTimeOut">3000</int>
+    <str name="AllowAttributePrefix">aap-</str>
+    <str name="DenyAttributePrefix">dap-</str>
+  </queryParser>
+
+  <queryParser name="mcf_security" class="org.apache.solr.mcf.ManifoldCFQParserPlugin"
>
+    <str name="AuthorityServiceBaseURL">http://localhost:8347/mcf-as</str>
+  </queryParser>
+
+  <requestHandler name="/mcf" class="solr.SearchHandler" startup="lazy">
+    <lst name="invariants">
+      <bool name="mcf">true</bool>
+    </lst>
+    <lst name="defaults">
+      <str name="echoParams">all</str>
+    </lst>
+    <lst name="appends">
+      <str name="fq">{!mcf_security}</str>
+    </lst>
+    <arr name="components">
+      <str>query</str>
+    </arr>
+  </requestHandler>
+
+</config>

Propchange: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/solrconfig-auth-qparser.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/solrconfig-auth-qparser.xml
------------------------------------------------------------------------------
    svn:keywords = Id

Added: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test/org/apache/solr/mcf/ManifoldCFQParserPluginTest.java
URL: http://svn.apache.org/viewvc/incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test/org/apache/solr/mcf/ManifoldCFQParserPluginTest.java?rev=1175924&view=auto
==============================================================================
--- incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test/org/apache/solr/mcf/ManifoldCFQParserPluginTest.java
(added)
+++ incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test/org/apache/solr/mcf/ManifoldCFQParserPluginTest.java
Mon Sep 26 16:04:04 2011
@@ -0,0 +1,178 @@
+/**
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package org.apache.solr.mcf;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.solr.SolrTestCaseJ4;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.mortbay.jetty.Server;
+import org.mortbay.jetty.servlet.Context;
+import org.mortbay.jetty.servlet.ServletHolder;
+
+public class ManifoldCFQParserPluginTest extends SolrTestCaseJ4 {
+  
+  static MockMCFAuthorityService service;
+
+  @BeforeClass
+  public static void beforeClass() throws Exception {
+    initCore("solrconfig-auth-qparser.xml","schema-auth.xml");
+    service = new MockMCFAuthorityService();
+    service.start();
+
+    //             |     share    |   document
+    //             |--------------|--------------
+    //             | allow | deny | allow | deny
+    // ------------+-------+------+-------+------
+    // da12        |       |      | 1, 2  |
+    // ------------+-------+------+-------+------
+    // da13-dd3    |       |      | 1,3   | 3
+    // ------------+-------+------+-------+------
+    // sa123-sd13  | 1,2,3 | 1, 3 |       |
+    // ------------+-------+------+-------+------
+    // sa3-sd1-da23| 3     | 1    | 2,3   |
+    // ------------+-------+------+-------+------
+    // notoken     |       |      |       |
+    // ------------+-------+------+-------+------
+    //
+    assertU(adoc("id", "da12", "allow_token_document", "token1", "allow_token_document",
"token2"));
+    assertU(adoc("id", "da13-dd3", "allow_token_document", "token1", "allow_token_document",
"token3", "deny_token_document", "token3"));
+    assertU(adoc("id", "sa123-sd13", "allow_token_share", "token1", "allow_token_share",
"token2", "allow_token_share", "token3", "deny_token_share", "token1", "deny_token_share",
"token3"));
+    assertU(adoc("id", "sa3-sd1-da23", "allow_token_document", "token2", "allow_token_document",
"token3", "allow_token_share", "token3", "deny_token_share", "token1"));
+    assertU(adoc("id", "notoken"));
+    assertU(commit());
+  }
+
+  @AfterClass
+  public static void afterClass() throws Exception {
+    service.stop();
+  }
+  
+  @Test
+  public void testNullUsers() throws Exception {
+    assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id"),
+        "//*[@numFound='1']",
+        "//result/doc[1]/str[@name='id'][.='notoken']");
+    assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "anonymous"),
+        "//*[@numFound='1']",
+        "//result/doc[1]/str[@name='id'][.='notoken']");
+  }
+
+  // da12
+  // da13-dd3
+  // sa123-sd13
+  // sa3-sd1-da23
+  // notoken
+  @Test
+  public void testAuthUsers() throws Exception {
+    assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "user1"),
+        "//*[@numFound='3']",
+        "//result/doc[1]/str[@name='id'][.='da12']",
+        "//result/doc[2]/str[@name='id'][.='da13-dd3']",
+        "//result/doc[3]/str[@name='id'][.='notoken']");
+
+    assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "user2"),
+        "//*[@numFound='3']",
+        "//result/doc[1]/str[@name='id'][.='da12']",
+        "//result/doc[2]/str[@name='id'][.='da13-dd3']",
+        "//result/doc[3]/str[@name='id'][.='notoken']");
+
+    assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "user3"),
+        "//*[@numFound='2']",
+        "//result/doc[1]/str[@name='id'][.='da12']",
+        "//result/doc[2]/str[@name='id'][.='notoken']");
+  }
+
+  // da12
+  // da13-dd3
+  // sa123-sd13
+  // sa3-sd1-da23
+  // notoken
+  @Test
+  public void testUserTokens() throws Exception {
+
+    assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "UserTokens", "token1"),
+        "//*[@numFound='3']",
+        "//result/doc[1]/str[@name='id'][.='da12']",
+        "//result/doc[2]/str[@name='id'][.='da13-dd3']",
+        "//result/doc[3]/str[@name='id'][.='notoken']");
+
+    assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "UserTokens", "token2"),
+        "//*[@numFound='3']",
+        "//result/doc[1]/str[@name='id'][.='da12']",
+        "//result/doc[2]/str[@name='id'][.='sa123-sd13']",
+        "//result/doc[3]/str[@name='id'][.='notoken']");
+
+    assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "UserTokens", "token3"),
+        "//*[@numFound='2']",
+        "//result/doc[1]/str[@name='id'][.='sa3-sd1-da23']",
+        "//result/doc[2]/str[@name='id'][.='notoken']");
+
+    assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "UserTokens", "token2", "UserTokens",
"token3"),
+        "//*[@numFound='3']",
+        "//result/doc[1]/str[@name='id'][.='da12']",
+        "//result/doc[2]/str[@name='id'][.='sa3-sd1-da23']",
+        "//result/doc[3]/str[@name='id'][.='notoken']");
+  }
+  
+  static class MockMCFAuthorityService {
+    
+    Server server;
+    
+    public MockMCFAuthorityService() {
+      server = new Server(8347);
+      Context asContext = new Context(server,"/mcf-as",Context.SESSIONS);
+      asContext.addServlet(new ServletHolder(new UserACLServlet()), "/UserACLs");
+    }
+    
+    public void start() throws Exception {
+      server.start();
+    }
+    
+    public void stop() throws Exception {
+      server.stop();
+    }
+
+    // username | tokens rewarded
+    // ---------+-------------------------------
+    // null     | (no tokens)
+    // user1    | token1
+    // user2    | token1, token2
+    // user3    | token1, token2, token3
+    public static class UserACLServlet extends HttpServlet {
+      @Override
+      public void service(HttpServletRequest req, HttpServletResponse res)
+          throws IOException {
+        String user = req.getParameter("username");
+        res.setStatus(HttpServletResponse.SC_OK);
+        if(user.equals("user1") || user.equals("user2") || user.equals("user3"))
+          res.getWriter().printf("TOKEN:token1\n");
+        if(user.equals("user2") || user.equals("user3"))
+          res.getWriter().printf("TOKEN:token2\n");
+        if(user.equals("user3"))
+          res.getWriter().printf("TOKEN:token3\n");
+      }
+    }
+  }
+}

Propchange: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test/org/apache/solr/mcf/ManifoldCFQParserPluginTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test/org/apache/solr/mcf/ManifoldCFQParserPluginTest.java
------------------------------------------------------------------------------
    svn:keywords = Id



Mime
View raw message