manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konstantin Avdeev (JIRA)" <>
Subject [jira] [Commented] (CONNECTORS-1286) Solr Plugin: Add support for User Principal
Date Mon, 04 Apr 2016 15:13:25 GMT


Konstantin Avdeev commented on CONNECTORS-1286:

If the patch gets simplified as follows:
    if (rb.req.getUserPrincipal() != null) {
                domainMap.put("", rb.req.getUserPrincipal().getName();
then the solr/jetty login parameter will NOT supercede all of the formal authenticated user
parameters/domains passed into the component, but it will be simply added to the {{domainMap}},
if exist. And we would not need a new config parameter like {{AuthDomain}}, since any modifications
of the user name (e.g. {{DOMAIN\USER}} -> {{}}) can be achieved by the MCF

So, users, starting from Solr 5.3, would be able to configure a secure search out of the box
then :)
What do you think? Thanks!

> Solr Plugin: Add support for User Principal
> -------------------------------------------
>                 Key: CONNECTORS-1286
>                 URL:
>             Project: ManifoldCF
>          Issue Type: Improvement
>          Components: Solr-5.x component
>    Affects Versions: ManifoldCF 2.3
>            Reporter: Konrad Holl
>            Assignee: Karl Wright
>            Priority: Minor
>             Fix For: ManifoldCF 2.4
> I’m using ManifoldCF 2.3 with Solr 5.4.1 and the Velocity templating engine. I needed
to do searches with ACLs enabled and installed the plugin. Unfortunately it is not possible
to use the login information provided by Jetty in the Solr plugin.
> As of Solr 5.3 it is possible to extract the authenticated user from the SolrQueryRequest
I added these lines to the code in org.apache.solr.mcf.ManifoldCFSearchComponent before the
evaluation of parameters for authenticated user name:
> {code}
>     String authDomain = (String)args.get("AuthDomain");
>     if (rb.req.getUserPrincipal() != null) {
>                 domainMap.put("", rb.req.getUserPrincipal().getName() + ((authDomain
== null) ? "" : "@" + authDomain));
>     }
>     else {
>       // Get the authenticated user name from the parameters
> {code}
> I also needed an additional setting “authDomain” in the search component configuration
(solrconfig.xml). Now I can use Velocity even for documents with ACLs :o)

This message was sent by Atlassian JIRA

View raw message