manifoldcf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kwri...@apache.org
Subject svn commit: r1175819 - in /incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf: README.txt src/java/org/apache/solr/mcf/ManifoldCFSecurityFilter.java src/test-files/solr/conf/schema-auth.xml
Date Mon, 26 Sep 2011 12:19:46 GMT
Author: kwright
Date: Mon Sep 26 12:19:45 2011
New Revision: 1175819

URL: http://svn.apache.org/viewvc?rev=1175819&view=rev
Log:
Switch to token-based model, using schema to enforce null field contents

Modified:
    incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt
    incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/java/org/apache/solr/mcf/ManifoldCFSecurityFilter.java
    incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/schema-auth.xml

Modified: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt
URL: http://svn.apache.org/viewvc/incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt?rev=1175819&r1=1175818&r2=1175819&view=diff
==============================================================================
--- incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt (original)
+++ incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt Mon Sep 26 12:19:45
2011
@@ -7,10 +7,10 @@ Then, you will need to add fields to you
 authorization information.  There will need to be four of these fields, an 'allow' field
for both
 documents and shares, and a 'deny' field for both documents and shares.  For example:
 
-  <field name="allow_token_document" type="string" indexed="true" stored="false" multiValued="true"
required="false"/>
-  <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true"
required="false"/>
-  <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true"
required="false"/>
-  <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true"
required="false"/>
+  <field name="allow_token_document" type="string" indexed="true" stored="false" multiValued="true"
required="false" default="__nosecurity__"/>
+  <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true"
required="false" default="__nosecurity__"/>
+  <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true"
required="false" default="__nosecurity__"/>
+  <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true"
required="false" default="__nosecurity__"/>
 
 Next, modify your solrconfig.xml to add the search component:
 

Modified: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/java/org/apache/solr/mcf/ManifoldCFSecurityFilter.java
URL: http://svn.apache.org/viewvc/incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/java/org/apache/solr/mcf/ManifoldCFSecurityFilter.java?rev=1175819&r1=1175818&r2=1175819&view=diff
==============================================================================
--- incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/java/org/apache/solr/mcf/ManifoldCFSecurityFilter.java
(original)
+++ incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/java/org/apache/solr/mcf/ManifoldCFSecurityFilter.java
Mon Sep 26 12:19:45 2011
@@ -49,6 +49,9 @@ public class ManifoldCFSecurityFilter ex
    * running under Apache */
   static final public String USER_TOKENS = "UserTokens";
   
+  /** Special token for null security fields */
+  static final public String NOSECURITY_TOKEN = "__nosecurity__";
+  
   /** The queries that we will not attempt to interfere with */
   static final private String[] globalAllowed = { "solrpingquery" };
   
@@ -153,10 +156,10 @@ public class ManifoldCFSecurityFilter ex
     BooleanQuery bq = new BooleanQuery();
     //bf.setMaxClauseCount(100000);
     
-    Query allowShareOpen = new WildcardQuery(new Term(fieldAllowShare,"*"));
-    Query denyShareOpen = new WildcardQuery(new Term(fieldDenyShare,"*"));
-    Query allowDocumentOpen = new WildcardQuery(new Term(fieldAllowDocument,"*"));
-    Query denyDocumentOpen = new WildcardQuery(new Term(fieldDenyDocument,"*"));
+    Query allowShareOpen = new TermQuery(new Term(fieldAllowShare,NOSECURITY_TOKEN));
+    Query denyShareOpen = new WildcardQuery(new Term(fieldDenyShare,NOSECURITY_TOKEN));
+    Query allowDocumentOpen = new WildcardQuery(new Term(fieldAllowDocument,NOSECURITY_TOKEN));
+    Query denyDocumentOpen = new WildcardQuery(new Term(fieldDenyDocument,NOSECURITY_TOKEN));
     
     if (userAccessTokens.size() == 0)
     {
@@ -165,11 +168,10 @@ public class ManifoldCFSecurityFilter ex
       // (fieldAllowShare is empty AND fieldDenyShare is empty AND fieldAllowDocument is
empty AND fieldDenyDocument is empty)
       // We're trying to map to:  -(fieldAllowShare:*) , which should be pretty efficient
in Solr because it is negated.  If this turns out not to be so, then we should
       // have the SolrConnector inject a special token into these fields when they otherwise
would be empty, and we can trivially match on that token.
-      bq.add(new MatchAllDocsQuery(),BooleanClause.Occur.SHOULD);
-      bq.add(allowShareOpen,BooleanClause.Occur.MUST_NOT);
-      bq.add(denyShareOpen,BooleanClause.Occur.MUST_NOT);
-      bq.add(allowDocumentOpen,BooleanClause.Occur.MUST_NOT);
-      bq.add(denyDocumentOpen,BooleanClause.Occur.MUST_NOT);
+      bq.add(allowShareOpen,BooleanClause.Occur.MUST);
+      bq.add(denyShareOpen,BooleanClause.Occur.MUST);
+      bq.add(allowDocumentOpen,BooleanClause.Occur.MUST);
+      bq.add(denyDocumentOpen,BooleanClause.Occur.MUST);
     }
     else
     {
@@ -208,8 +210,8 @@ public class ManifoldCFSecurityFilter ex
     // Add the empty-acl case
     BooleanQuery subUnprotectedClause = new BooleanQuery();
     subUnprotectedClause.add(new MatchAllDocsQuery(),BooleanClause.Occur.SHOULD);
-    subUnprotectedClause.add(allowOpen,BooleanClause.Occur.MUST_NOT);
-    subUnprotectedClause.add(denyOpen,BooleanClause.Occur.MUST_NOT);
+    subUnprotectedClause.add(allowOpen,BooleanClause.Occur.MUST);
+    subUnprotectedClause.add(denyOpen,BooleanClause.Occur.MUST);
     bq.add(subUnprotectedClause,BooleanClause.Occur.SHOULD);
     for (String accessToken : userAccessTokens)
     {

Modified: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/schema-auth.xml
URL: http://svn.apache.org/viewvc/incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/schema-auth.xml?rev=1175819&r1=1175818&r2=1175819&view=diff
==============================================================================
--- incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/schema-auth.xml
(original)
+++ incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/schema-auth.xml
Mon Sep 26 12:19:45 2011
@@ -22,10 +22,10 @@
  <fields>
   <field name="id" type="string" indexed="true" stored="true" required="true"/>
   <!-- MCF Security fields -->
-  <field name="allow_token_document" type="string" indexed="true" stored="false" multiValued="true"/>
-  <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true"/>
-  <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
-  <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
+  <field name="allow_token_document" type="string" indexed="true" stored="false" multiValued="true"
default="__nosecurity__"/>
+  <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true"
default="__nosecurity__"/>
+  <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true"
default="__nosecurity__"/>
+  <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true"
default="__nosecurity__"/>
  </fields>
  <defaultSearchField>id</defaultSearchField>
  <uniqueKey>id</uniqueKey>



Mime
View raw message