manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ahmet Arslan <iori...@yahoo.com>
Subject Re: How to query for content with ACLs?
Date Fri, 13 Jun 2014 11:54:54 GMT
Hi  Lalit,

regarding "As i could not see any document in solr query,"

Here is the best practise that I use :

I configure /select request handler (RH) with mcfQParser, intended to use in production, default
RH.

I also use /query RH without mcfQParser, for debugging purposes.  
http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*


Ahmet


On Friday, June 13, 2014 2:30 PM, lalit jangra <lalit.j.jangra@gmail.com> wrote:
 


Thanks Karl,

As i could not see any document in solr query, i used Luke to open index and i could see below
values for all MCF plugin fields for all documents. These are something different from previous
values.

allow_token_document  = SP+KW:
allow_token_share = __nosecurity__
deny_token_document  = SP+KW:DEAD_AUTHORITY
allow_token_share = __nosecurity__

I think something or a lot of things missing here. I am attaching zip of solr index(very small
one with 10 documents from sharepoint) here. Please guide.

Regards.





On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <daddywri@gmail.com> wrote:

Hi Lalit,
>
>Can you show me somehow some of the the ACLs that have been indexed with your documents? 
The only other potential issue might be that your repository connection(s) may not be part
of the same authority groups as your authority connections.  In that case, the indexed authority
tokens will have a different prefix (e.g. SP+KW in one case, something else in the other).
>
>Karl
>
>
>
>
>
>
>
>On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <lalit.j.jangra@gmail.com> wrote:
>
>Hi Again,
>>
>>As per Karl's suggestion, i am now converting user from water.com\ljangra to ljangra@water.com.
Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com

>>I can see below ACL.
>>
>>AUTHORIZED:SP+K+Conn
>>TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>
>>
>>Still i am not able to see any results from query 
>>http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
. While debugging query i can see ACL doing fine. So i am confused why its now working. Can
you please help.
>>
>>
>>
>>"parsed_filter_queries":
[
>>     
"ConstantScore(+((+allow_token_share:__nosecurity__
+deny_token_share:__nosecurity__)
allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
-deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
-deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
+((+allow_token_document:__nosecurity__ +deny_token_document:__nosecurity__)
allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
-deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
-deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
-deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>   
],
>>
>>
>>Finally solr.log also seems to be fine.
>>
>>
>>INFO 
- 2014-06-13 11:38:19.862;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying to
match docs for user '[:ljangra@water.com]'
>>INFO  -
2014-06-13 11:38:19.909;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
authority response AUTHORIZED:SP+K+Conn
>>INFO 
- 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore; [collection1]
webapp=/solr path=/select params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=ljangra@water.com}
hits=0 status=0 QTime=47
>>Regards.
>>
>>
>>
>>On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <iorixxx@yahoo.com> wrote:
>>
>>Hi Lalit,
>>>
>>>
>>>It makes more sense to use appends section rather than defaults section when defining
mcf query parser plugin in fq parameter.
>>>
>>>
>>><lst name="appends">
>>><str name="fq">{!manifoldCFSecurity}</str>
>>></lst>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>On Friday, June 13, 2014 12:51 AM, lalit jangra <lalit.j.jangra@gmail.com>
wrote:
>>> 
>>>
>>>
>>>Hi Ahmet,
>>>
>>>I have configured solrconfig.xml as per your suggestion.
>>>
>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>    <!-- default values for query parameters can be specified, these
>>>         will be overridden by parameters in the request
>>>      -->
>>>     <lst name="defaults">
>>>       <str name="echoParams">explicit</str>
>>>       <int name="rows">1000</int>
>>>       <str name="df">text</str>
>>>       <str name="fq">{!manifoldCFSecurity}</str>
>>>     </lst>
>>>....
>>></requestHandler>
>>>
>>>
>>>Next i am running a job which indexes sharepoint content in solr but when i am
searching in solr, i am getting not results & getting UNREACHABLEAUTHORITY message.
>>>
>>>INFO  - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
commits: num=2
>>>    commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846; maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>    commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846; maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>INFO  - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy; newest
commit generation = 2
>>>INFO  - 2014-06-12 22:22:29.960; org.apache.solr.search.SolrIndexSearcher; Opening
Searcher@5ac787b0 main
>>>INFO  - 2014-06-12 22:22:29.975; org.apache.solr.update.DirectUpdateHandler2;
end_commit_flush
>>>INFO  - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener; QuerySenderListener
sending requests to Searcher@5ac787b0 main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>INFO  - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener; QuerySenderListener
done.
>>>INFO  - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore; [collection1]
Registered new searcher Searcher@5ac787b0 main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>INFO  - 2014-06-12 22:22:29.975; org.apache.solr.update.processor.LogUpdateProcessor;
[collection1] webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
{commit=} 0 265
>>>INFO  - 2014-06-12 22:22:35.663; org.apache.solr.servlet.SolrDispatchFilter;
[admin] webapp=null path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json}
status=0 QTime=0 
>>>INFO  - 2014-06-12 22:22:35.741; org.apache.solr.servlet.SolrDispatchFilter;
[admin] webapp=null path=/admin/info/system params={_=1402608155681&wt=json} status=0
QTime=15 
>>>INFO  - 2014-06-12 22:22:36.960; org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser;
Default no-user response (open documents only)
>>>INFO  - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore; [collection1]
webapp=/solr path=/select params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0
status=0 QTime=16 
>>>INFO  - 2014-06-12 22:22:40.569; org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser;
Trying to match docs for user '[:ljangra@water.com]'
>>>INFO  - 2014-06-12 22:22:40.726; org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser;
Saw authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>INFO  - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore; [collection1]
webapp=/solr path=/select params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=ljangra@water.com}
hits=0 status=0 QTime=157 
>>>
>>>UNREACHABLEAUTHORITY means name of an authority that was found to be unreachable
or unusable but i am having same authority working fine in MCF.
>>>
>>>
>>>Please help.
>>>
>>>Regards.
>>>
>>>
>>>
>>>
>>>
>>>
>>>On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <iorixxx@yahoo.com> wrote:
>>>
>>>Hi Karl,
>>>>
>>>>
>>>>May be we should use  
>>>>
>>>>
>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>
>>>>
>>>>
>>>>in https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>
>>>>
>>>>To avoid confusion?
>>>>
>>>>
>>>>What do you think?
>>>>
>>>>
>>>>
>>>>On Thursday, June 12, 2014 11:12 PM, Karl Wright <daddywri@gmail.com>
wrote:
>>>> 
>>>>
>>>>
>>>>What does your solrconfig.xml file look like?
>>>>Karl
>>>>
>>>>
>>>>
>>>>
>>>>On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <lalit.j.jangra@gmail.com>
wrote:
>>>>
>>>>Hi Ahmet,
>>>>>
>>>>>I tried the way you suggested but its not working. My solr query is as
below.
>>>>>
>>>>>http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>
>>>>>Whatever name i am passing as AuthenticatedUserName, it returning all
results. 
>>>>>
>>>>>I have indexed my documents using mcf-solr plugin using instructions @
https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt. Below are
some of ACL stored in solr. Am i missing something?
>>>>>
>>>>>
>>>>>"_version_":
1470562493875093500,
>>>>>       
"allow_token_share": [
>>>>>         
"__nosecurity__"
>>>>>       
],
>>>>>       
"deny_token_share": [
>>>>>         
"__nosecurity__"
>>>>>       
]
>>>>>     
},
>>>>>     
{
>>>>>       
"content_name": "Alfresco-in-an-Hour.pdf"
>>>>>       
"deny_token_document": [
>>>>>         
"SP+Group:DEAD_AUTHORITY"
>>>>>       
],
>>>>>       
"allow_token_document": [
>>>>>         
"SP+Group:GTest+lalit+Portal+Visitors",
>>>>>         
"SP+Group:GTest+lalit+Portal+Owners",
>>>>>         
"SP+Group:GRestricted+Readers",
>>>>>         
"SP+Group:GTest+lalit+Administrators",
>>>>>         
"SP+Group:GTest+lalit+Portal+Members",
>>>>>         
"SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>         
"SP+Group:GHierarchy+Managers",
>>>>>         
"SP+Group:GApprovers",
>>>>>         
"SP+Group:GViewers",
>>>>>         
"SP+Group:GDesigners"
>>>>>       
],
>>>>>       
"content_modified_date": "2014-06-04T00:00:00Z",
>>>>> 
>>>>> 
>>>>> 
>>>>>               
  SDD
>>>>> 
>>>>> 
>>>>>               
   "_version_": 1470564182244982800
>>>>>     
},
>>>>>     
{
>>>>>       
"deny_token_share": [
>>>>>         
"AD+Group:DEAD_AUTHORITY"
>>>>>       
],
>>>>>       
"content_name": "hekko.txt",
>>>>>       
"content_modifier": "iwater.ie\\ljangra",
>>>>>       
"deny_token_document": [
>>>>>         
"AD+Group:DEAD_AUTHORITY"
>>>>>       
],
>>>>>              
"id": "file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>>>>       
"allow_token_document": [
>>>>>         
"AD+Group:S-1-5-18",
>>>>>         
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>         
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>         
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>         
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>         
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>         
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>         
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>         
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>         
"AD+Group:S-1-5-32-544"
>>>>>       
],
>>>>>       
>>>>>        "allow_token_share":
[
>>>>>         
"AD+Group:S-1-1-0",
>>>>>         
"AD+Group:S-1-5-32-544"
>>>>>       
],
>>>>> 
>>>>> 
>>>>>               
CMIS 
>>>>> 
>>>>>               
"allow_token_share": [
>>>>>         
"__nosecurity__"
>>>>>       
],
>>>>>       
"deny_token_document": [
>>>>>         
"__nosecurity__"
>>>>>       
],
>>>>>       
"deny_token_share": [
>>>>>         
"__nosecurity__"
>>>>>       
],
>>>>>       
"allow_token_document": [
>>>>>         
"__nosecurity__"
>>>>>       
]
>>>>>Regards.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <iorixxx@yahoo.com>
wrote:
>>>>>
>>>>>Hi,
>>>>>>
>>>>>>
>>>>>>As documented here https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>
>>>>>>
>>>>>>"At a minimum, AuthenticatedUserName must be present in order" 
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>This is a URL parameter, just like Solr params. Here is an example.
>>>>>>
>>>>>>
>>>>>>http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>On Thursday, June 12, 2014 4:28 PM, lalit jangra <lalit.j.jangra@gmail.com>
wrote:
>>>>>> 
>>>>>>
>>>>>>
>>>>>>Hi All,
>>>>>>
>>>>>>As continuing from http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
as per Ahmet's suggestion.
>>>>>>
>>>>>>I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
into solr indexes. 
>>>>>>
>>>>>>Now i want to write Solr query to put a user's permission details
into in it which can be compared to ACL stored in solr and only those results will be returned
to user on which he has been assigned ACL.
>>>>>>
>>>>>>How can i do this?  Can i use MCF filter  below here or do i need
to write custom query for my need?
>>>>>>
>>>>>><requestHandler name="search" class="solr.SearchHandler" default="true">
>>>>>>  <lst name="appends">
>>>>>>    <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>  </lst>
>>>>>></requestHandler>
>>>>>>
>>>>>>Please help.
>>>>>>
>>>>>>
>>>>>>Regards,
>>>>>>Lalit Jangra. 
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>-- 
>>>>>Regards,
>>>>>Lalit Jangra. 
>>>>
>>>>
>>>>
>>>
>>>
>>>-- 
>>>Regards,
>>>Lalit Jangra. 
>>>
>>>
>>
>>
>>-- 
>>Regards,
>>Lalit Jangra. 
>


-- 
Regards,
Lalit Jangra. 
Mime
View raw message