manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CONNECTORS-1286) Solr Plugin: Add support for User Principal
Date Wed, 09 Mar 2016 17:52:40 GMT

    [ https://issues.apache.org/jira/browse/CONNECTORS-1286?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15187511#comment-15187511
] 

Karl Wright commented on CONNECTORS-1286:
-----------------------------------------

This patch means that any solr login parameters will supercede all of the formal authenticated
user parameters/domains passed into the component.  I don't think that's a good idea, especially
since it is not backwards compatible.

In order to go ahead with this, it will be necessary to make this feature be enabled conditionally,
based on another configuration flag.  If you would like to update your patch accordingly,
that would be great.  Updating the README.txt for this component would also be a good idea.

Can you give us a sense of when formal login first appeared in Solr?  Is it a 5.x feature,
or did it appear also in 4.x?


> Solr Plugin: Add support for User Principal
> -------------------------------------------
>
>                 Key: CONNECTORS-1286
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1286
>             Project: ManifoldCF
>          Issue Type: Improvement
>          Components: Solr-5.x component
>    Affects Versions: ManifoldCF 2.3
>            Reporter: Konrad Holl
>            Assignee: Karl Wright
>            Priority: Minor
>
> I’m using ManifoldCF 2.3 with Solr 5.4.1 and the Velocity templating engine. I needed
to do searches with ACLs enabled and installed the plugin. Unfortunately it is not possible
to use the login information provided by Jetty in the Solr plugin.
> As of Solr 5.3 it is possible to extract the authenticated user from the SolrQueryRequest
object: http://lucene.apache.org/solr/5_3_0/solr-core/org/apache/solr/request/SolrQueryRequest.html#getUserPrincipal().
I added these lines to the code in org.apache.solr.mcf.ManifoldCFSearchComponent before the
evaluation of parameters for authenticated user name:
> {code}
>     String authDomain = (String)args.get("AuthDomain");
>     if (rb.req.getUserPrincipal() != null) {
>                 domainMap.put("", rb.req.getUserPrincipal().getName() + ((authDomain
== null) ? "" : "@" + authDomain));
>     }
>     else {
>       // Get the authenticated user name from the parameters
> {code}
> I also needed an additional setting “authDomain” in the search component configuration
(solrconfig.xml). Now I can use Velocity even for documents with ACLs :o)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message