manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: How to query for content with ACLs?
Date Sun, 15 Jun 2014 12:01:51 GMT
Hi Lalit,

I'm sorry, I was confused.

The document ingest you included had only ONE deny_token_document value:
literal.deny_token_document=SP%2BKW:DEAD_AUTHORITY .

So even though you see a deny_token_document clause in the Solr query
expression, it will not match *unless* your user has a DEAD_AUTHORITY
token.  So that is not the problem.

But what I do see is the following:

SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263

Note the prefix; the prefix when indexing is SP%2BKW, while the prefix when
searching is SP+KW.  I had discounted that because the [INFO] log from Solr
is logging a URL and it is therefore URL encoded -- but it is possible now
that since Solr no longer has Jetty involved, it may not be unencoding
SP%2BKW back to SP+KW properly.  What do you see for the ACL field values
in Luke?  Are they SP+KW?

Karl








On Sun, Jun 15, 2014 at 7:48 AM, Karl Wright <daddywri@gmail.com> wrote:

> Hi Lalit,
>
> Ok, I think that everything on your end is now set up correctly.
>
> You should be able to see Windows documents on your search, if I am
> correct.  Do you see any?
>
> As for SharePoint, when a user has a deny token in ManifoldCF it takes
> precedence over any allow tokens.  But SharePoint does not current generate
> *any* deny tokens; it doesn't have those in the model.  So I'm wondering
> where those are coming from, and if there's a bug of some kind.
>
> Let me do some research and get back to you.
>
> Karl
>
>
>
> On Sun, Jun 15, 2014 at 5:56 AM, lalit jangra <lalit.j.jangra@gmail.com>
> wrote:
>
>> Hi Karl,
>>
>> My sincere apologies for going out a context here as i was confused & my
>> limited knowledge of sharepoint and ACLs.
>>
>> After spending two more days and setting up everything from scratch
>> couple of times, i am back into square one. The only thing which i could
>> observe is that while indexing content into solr , i could see all ACL are
>> getting indexed correctly.
>>
>>
>> params={literal.content_name=/Alfresco-in-an-Hour.pdf&literal.deny_token_document=SP%2BKW:DEAD_AUTHORITY&literal.DocIcon=pdf&
>> resource.name
>> =Alfresco-in-an-Hour.pdf&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BVisitors&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BOwners&literal.allow_token_document=SP%2BKW:GRestricted%2BReaders&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BAdministrators&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BMembers&literal.allow_token_document=SP%2BKW:Uc%253A0%2528.s%257Ctrue&literal.allow_token_document=SP%2BKW:GHierarchy%2BManagers&literal.allow_token_document=SP%2BKW:GApprovers&literal.allow_token_document=SP%2BKW:GViewers&literal.allow_token_document=SP%2BKW:GDesigners&literal.content%3AmodifiedDate=2014-06-04T15:52:29.000Z&literal.FolderChildCount=0&version=2.2&literal.ItemChildCount=0&literal._dlc_DocId=N7JQZDZPVPT7-49-1&literal.content%3Alink=
>> http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.ParentVersionString=&literal.content_source=Sharepoint&literal._CopySource=&literal.content%3Aparent=testirishwaterportal/irish-water/Shared%2520Documents&literal.FileSizeDisplay=674383&literal._CheckinComment=&literal.Edit=0&literal.content%3AparentLink=http://testirishwaterportal/irish-water/Shared%2520Documents&literal.id=http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.LinkFilenameNoMenu=Alfresco-in-an-Hour.pdf&literal.Created=2014-06-04+16:52:29&literal._dlc_DocIdUrl=http://testirishwaterportal/irish-water/_layouts/DocIdRedir.aspx?ID%3DN7JQZDZPVPT7-49-1,+N7JQZDZPVPT7-49-1&literal.content%3Amimetype=application/pdf&literal._UIVersionString=1.0&wt=xml&literal.Title=&literal.Modified=2014-06-04+16:52:29&literal.FileLeafRef=Alfresco-in-an-Hour.pdf&literal.Author=Lalit+Jangra&literal.LinkFilename=Alfresco-in-an-Hour.pdf&literal.lcf_metadata_id=1&literal.Editor=Lalit+Jangra&literal.ParentLeafName=&literal.CheckoutUser=&literal.ContentType=Document}
>> {add=[
>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf
>> (1470968440371019776)]} 0 922
>>
>> INFO  - 2014-06-15 10:33:54.343;
>> org.apache.solr.update.DirectUpdateHandler2; start
>> commit{,optimize=false,openSearcher=true,waitSearcher=true,expungeDeletes=false,softCommit=false,prepareCommit=false}
>>
>>
>> While searching in solr using '/select' query handler after updating it
>> using fq={!manifoldCFSecurity}, i could not see any content while passing
>> correct value for AuthenticatedUserName but while debugging it using
>> '/select' query handler, i could see extra deny tokens attached,which i
>> doubt are the reason behind no results showing up.
>>
>>
>> Highlight from solr.log, its fine as i can see which are fine and user
>> passing authority test.
>>
>>
>> INFO  - 2014-06-15 10:42:15.446;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>> to match docs for user '[:ljangra@iwater.ie]'
>>
>> INFO  - 2014-06-15 10:42:15.649;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>> authority response AUTHORIZED:SP+K+Conn
>>
>> INFO  - 2014-06-15 10:42:15.649; org.apache.solr.core.SolrCore;
>> [collection1] webapp=/solr path=/select
>> params={debugQuery=true&indent=true&q=*:*&_=1402825335417&wt=json&AuthenticatedUserName=
>> ljangra@iwater.ie} hits=0 status=0 QTime=203
>>
>>
>> Debugging results for '/select' search query handler.
>>
>> "parsed_filter_queries": [
>>       "ConstantScore(+((+allow_token_share:__nosecurity__
>> +deny_token_share:__nosecurity__)
>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>> +((+allow_token_document:__nosecurity__
>> +deny_token_document:__nosecurity__)
>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>
>> E.g. Here you can see allow token as
>> "allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
>> but at the same time there is additional dent token
>> "-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
>> which has minus sign prefixed to it. Here i assume that these are
>> cancelling each other that is why i can not see any results returned. Else
>> i could not find any discrepancy anywhere.
>>
>> While i am working on this, your valuable guidance will prove to be light
>> at the end of tunnel.
>>
>> Waiting for reply.
>>
>> My Sincere Regards.
>>
>>
>> On Fri, Jun 13, 2014 at 4:12 PM, Karl Wright <daddywri@gmail.com> wrote:
>>
>>> Hi Lalit,
>>>
>>> I am not a Solr expert; Ahmet is a better resource for how to configure
>>> Solr.  He has already furnished good advice on how to do that, and you have
>>> at one point showed us queries that included the appropriate access tokens
>>> in them so I know you had it working at one point.
>>>
>>> This is not rocket science, and all the components seem to be working as
>>> designed.  You will have to put in some care and time getting your
>>> configuration right.  Retrace your steps or start fresh if you have to.  We
>>> really can't give you any more advice from here; things seem to be working
>>> and then not working and then working again, and I suspect that you are
>>> basically hacking away at your configuration without understanding at all
>>> what you are doing.  So slow down, keep more careful notes, and review
>>> these emails.
>>>
>>> Thanks,
>>> Karl
>>>
>>>
>>>
>>> On Fri, Jun 13, 2014 at 10:57 AM, lalit jangra <lalit.j.jangra@gmail.com
>>> > wrote:
>>>
>>>> Hi Karl,
>>>>
>>>> I have tried with /select, /query & /search but not getting appropriate
>>>> results. Which query handler should i use here.
>>>>
>>>> I am also attaching solrconfig.xml.
>>>>
>>>> Regards.
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 3:26 PM, Karl Wright <daddywri@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> You are going through the wrong query handler again:
>>>>>
>>>>>       "
>>>>> http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>       "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>>>> Annoucements/DispForm.aspx?ID=1": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>>>> product of:\n  1.0 = queryNorm\n",
>>>>>       "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>>>> Annoucements/DispForm.aspx?ID=2": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>>>> product of:\n  1.0 = queryNorm\n",
>>>>>       "
>>>>> http://testirishwaterportal/irish-water/DocumentLibrary/serverDetails.xlsx":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>       "
>>>>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>       "
>>>>> http://testirishwaterportal/irish-water/Shared%20Documents/alfresco_aiim_2006_05_16.ppt":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>       "
>>>>> http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>       "
>>>>> http://testirishwaterportal/irish-water/Lists/IW%20Annoucements/Attachments/2/spp.log":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>       "
>>>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/Alfresco-in-an-Hour%20-%20Copy.pdf":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n",
>>>>>       "
>>>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/DevCon%20Revenue.pptx":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n  1.0 = queryNorm\n"
>>>>>
>>>>>
>>>>> The Solr plugin query modification is not happening; it doesn't seem
>>>>> to be getting applied now.  It was earlier, you must have turned it off.
>>>>>
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 9:56 AM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>>> Thanks Karl,
>>>>>>
>>>>>> After resetting everything again, now i could see content with ACL
>>>>>> posted to solr as per your instructions. Thanks again for this.I am
>>>>>> attaching solr.log.
>>>>>>
>>>>>> But still i am not able to see any content using /select query
>>>>>> handler & attached Select.log for same.
>>>>>>
>>>>>> While using /query request handler, i can see results with ACL but
>>>>>> whatever name i provide, it returns all results so effectively ACL not
>>>>>> working, attached Query.log for same.
>>>>>>
>>>>>> Can you please guide.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 13, 2014 at 1:37 PM, Karl Wright <daddywri@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> I wonder if this is a Luke bug?
>>>>>>> The access tokens might well have a form that Luke doesn't like to
>>>>>>> display.  That is the only thing that's making any sense to me at the
>>>>>>> moment.
>>>>>>>
>>>>>>> Karl
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jun 13, 2014 at 8:29 AM, Karl Wright <daddywri@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> FWIW, your authority setup seems to be working properly, and the
>>>>>>>> query generator is working properly too.  Only the acls are messed up.
>>>>>>>>
>>>>>>>> This is the interesting bit:
>>>>>>>>
>>>>>>>> "allow_token_document": [
>>>>>>>>
>>>>>>>>           "SP+KW:"]
>>>>>>>>
>>>>>>>>
>>>>>>>> It looks like a blank access token is being fetched for this list
>>>>>>>> item, which does not make any sense to me.  And yet we saw access tokens
>>>>>>>> before, correct?
>>>>>>>>
>>>>>>>>
>>>>>>>> Karl
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <daddywri@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi Lalit,
>>>>>>>>>
>>>>>>>>> It is clear that your access tokens have not been actually
>>>>>>>>> indexed.  But I remember seeing that they were correctly posted to Solr.
>>>>>>>>> So now I am confused.
>>>>>>>>>
>>>>>>>>> Can you please do the following:
>>>>>>>>> - Click the "reindex all documents" button in the MCF view page
>>>>>>>>> for your output connection
>>>>>>>>> - Start your job
>>>>>>>>> - Send me the Solr info output about what has been posted
>>>>>>>>>
>>>>>>>>> When that is done, if what is posted looks correct, you SHOULD
>>>>>>>>> have a Solr index that has ACLs in it.
>>>>>>>>> If it does not look correct, we will have to go back and look at
>>>>>>>>> your connections etc. to see why the acls are not being fetched.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Karl
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <
>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Again,
>>>>>>>>>>
>>>>>>>>>> I used /query for debugging & using
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>>>> <http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@iwater.ie>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> <http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@iwater.ie>I
>>>>>>>>>> could see below results without much information about ACLs.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>
>>>>>>>>>>           "SP+KW:DEAD_AUTHORITY"
>>>>>>>>>>
>>>>>>>>>>         ],
>>>>>>>>>>
>>>>>>>>>>         "id": "
>>>>>>>>>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>>>>>>>>>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>>>>>>>>>> ",
>>>>>>>>>>
>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>
>>>>>>>>>>           "SP+KW:"
>>>>>>>>>>
>>>>>>>>>>         ],
>>>>>>>>>>
>>>>>>>>>>         "content": [
>>>>>>>>>>
>>>>>>>>>>           " \n \n  \n  \n  \n  \n  \n  \n  \n \n   "
>>>>>>>>>>
>>>>>>>>>>         ],
>>>>>>>>>>
>>>>>>>>>>         "_version_": 1470790301540941800,
>>>>>>>>>>
>>>>>>>>>>         "allow_token_share": [
>>>>>>>>>>
>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>
>>>>>>>>>>         ],
>>>>>>>>>>
>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>
>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>
>>>>>>>>>>         ]
>>>>>>>>>>       }
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <iorixxx@yahoo.com
>>>>>>>>>> > wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi  Lalit,
>>>>>>>>>>>
>>>>>>>>>>> regarding "As i could not see any document in solr query,"
>>>>>>>>>>>
>>>>>>>>>>> Here is the best practise that I use :
>>>>>>>>>>>
>>>>>>>>>>> I configure /select request handler (RH) with mcfQParser,
>>>>>>>>>>> intended to use in production, default RH.
>>>>>>>>>>>
>>>>>>>>>>> I also use /query RH without mcfQParser, for debugging purposes.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>>>>>>>>>
>>>>>>>>>>> Ahmet
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>   On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>  Thanks Karl,
>>>>>>>>>>>
>>>>>>>>>>> As i could not see any document in solr query, i used Luke to
>>>>>>>>>>> open index and i could see below values for all MCF plugin fields for all
>>>>>>>>>>> documents. These are something different from previous values.
>>>>>>>>>>>
>>>>>>>>>>> allow_token_document  = SP+KW:
>>>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>>>> deny_token_document  = SP+KW:DEAD_AUTHORITY
>>>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>>>>
>>>>>>>>>>> I think something or a lot of things missing here. I am
>>>>>>>>>>> attaching zip of solr index(very small one with 10 documents from
>>>>>>>>>>> sharepoint) here. Please guide.
>>>>>>>>>>>
>>>>>>>>>>> Regards.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <
>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>
>>>>>>>>>>> Can you show me somehow some of the the ACLs that have been
>>>>>>>>>>> indexed with your documents?  The only other potential issue might be that
>>>>>>>>>>> your repository connection(s) may not be part of the same authority groups
>>>>>>>>>>> as your authority connections.  In that case, the indexed authority tokens
>>>>>>>>>>> will have a different prefix (e.g. SP+KW in one case, something else in the
>>>>>>>>>>> other).
>>>>>>>>>>>
>>>>>>>>>>> Karl
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi Again,
>>>>>>>>>>>
>>>>>>>>>>> As per Karl's suggestion, i am now converting user from
>>>>>>>>>>> water.com\ljangra to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> <http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@iwater.ie>
>>>>>>>>>>> I can see below ACL.
>>>>>>>>>>> AUTHORIZED:SP+K+Conn
>>>>>>>>>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>>
>>>>>>>>>>> Still i am not able to see any results from query
>>>>>>>>>>>
>>>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>>>>> <http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@iwater.ie>
>>>>>>>>>>> . While debugging query i can see ACL doing fine. So i am
>>>>>>>>>>> confused why its now working. Can you please help.
>>>>>>>>>>>
>>>>>>>>>>> "parsed_filter_queries": [
>>>>>>>>>>>       "ConstantScore(+((+allow_token_share:__nosecurity__
>>>>>>>>>>> +deny_token_share:__nosecurity__)
>>>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>>>>>>>>> +((+allow_token_document:__nosecurity__
>>>>>>>>>>> +deny_token_document:__nosecurity__)
>>>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>>>>>>>>     ],
>>>>>>>>>>>
>>>>>>>>>>> Finally solr.log also seems to be fine.
>>>>>>>>>>>
>>>>>>>>>>> INFO  - 2014-06-13 11:38:19.862;
>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>>>> INFO  - 2014-06-13 11:38:19.909;
>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>>>> authority response AUTHORIZED:SP+K+Conn
>>>>>>>>>>> INFO  - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>>>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>>>>>>>>>
>>>>>>>>>>> Regards.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <
>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>
>>>>>>>>>>> It makes more sense to use appends section rather than defaults
>>>>>>>>>>> section when defining mcf query parser plugin in fq parameter.
>>>>>>>>>>>
>>>>>>>>>>> <lst name="appends">
>>>>>>>>>>>  <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>> </lst>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>   On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>  Hi Ahmet,
>>>>>>>>>>>
>>>>>>>>>>> I have configured solrconfig.xml as per your suggestion.
>>>>>>>>>>>
>>>>>>>>>>>  <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>>>>     <!-- default values for query parameters can be specified,
>>>>>>>>>>> these
>>>>>>>>>>>          will be overridden by parameters in the request
>>>>>>>>>>>       -->
>>>>>>>>>>>      <lst name="defaults">
>>>>>>>>>>>        <str name="echoParams">explicit</str>
>>>>>>>>>>>        <int name="rows">1000</int>
>>>>>>>>>>>        <str name="df">text</str>
>>>>>>>>>>>        <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>>      </lst>
>>>>>>>>>>> ....
>>>>>>>>>>> </requestHandler>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Next i am running a job which indexes sharepoint content in solr
>>>>>>>>>>> but when i am searching in solr, i am getting not results & getting
>>>>>>>>>>> UNREACHABLEAUTHORITY message.
>>>>>>>>>>>
>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.944;
>>>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>>>>>>>>>> commits: num=2
>>>>>>>>>>>
>>>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>>>>>>>>>
>>>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.944;
>>>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.960;
>>>>>>>>>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0
>>>>>>>>>>> main
>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.975;
>>>>>>>>>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.975;
>>>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>>>>>>>>>> requests to Searcher@5ac787b0
>>>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.975;
>>>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>>>>>>>>>> [collection1] Registered new searcher Searcher@5ac787b0
>>>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>>>> INFO  - 2014-06-12 22:22:29.975;
>>>>>>>>>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>>>>>>>>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>>>>>>>>>> {commit=} 0 265
>>>>>>>>>>> INFO  - 2014-06-12 22:22:35.663;
>>>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>>>>>>>>>> QTime=0
>>>>>>>>>>> INFO  - 2014-06-12 22:22:35.741;
>>>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>>>>>>>>>> INFO  - 2014-06-12 22:22:36.960;
>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>>>>>>>>>> no-user response (open documents only)
>>>>>>>>>>> INFO  - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>>>>>>>>>> INFO  - 2014-06-12 22:22:40.569;
>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>>>> INFO  - 2014-06-12 22:22:40.726;
>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>>>>>>>>> INFO  - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>>>>>>>>>
>>>>>>>>>>> UNREACHABLEAUTHORITY means name of an authority that was found
>>>>>>>>>>> to be unreachable or unusable but i am having same authority working fine
>>>>>>>>>>> in MCF.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Please help.
>>>>>>>>>>>
>>>>>>>>>>> Regards.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <iorixxx@yahoo.com
>>>>>>>>>>> > wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi Karl,
>>>>>>>>>>>
>>>>>>>>>>> May be we should use
>>>>>>>>>>>
>>>>>>>>>>>  <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>>>>
>>>>>>>>>>> in
>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>>>
>>>>>>>>>>> To avoid confusion?
>>>>>>>>>>>
>>>>>>>>>>> What do you think?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>   On Thursday, June 12, 2014 11:12 PM, Karl Wright <
>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> What does your solrconfig.xml file look like?
>>>>>>>>>>> Karl
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi Ahmet,
>>>>>>>>>>>
>>>>>>>>>>> I tried the way you suggested but its not working. My solr query
>>>>>>>>>>> is as below.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>>>>>>>
>>>>>>>>>>> Whatever name i am passing as AuthenticatedUserName, it
>>>>>>>>>>> returning all results.
>>>>>>>>>>>
>>>>>>>>>>> I have indexed my documents using mcf-solr plugin using
>>>>>>>>>>> instructions @
>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>>>>>>>>>> Below are some of ACL stored in solr. Am i missing something?
>>>>>>>>>>>
>>>>>>>>>>> "_version_": 1470562493875093500,
>>>>>>>>>>>         "allow_token_share": [
>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>         ],
>>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>         ]
>>>>>>>>>>>       },
>>>>>>>>>>>       {
>>>>>>>>>>>         "content_name": "Alfresco-in-an-Hour.pdf"
>>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>>           "SP+Group:DEAD_AUTHORITY"
>>>>>>>>>>>         ],
>>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>>           "SP+Group:GTest+lalit+Portal+Visitors",
>>>>>>>>>>>           "SP+Group:GTest+lalit+Portal+Owners",
>>>>>>>>>>>           "SP+Group:GRestricted+Readers",
>>>>>>>>>>>           "SP+Group:GTest+lalit+Administrators",
>>>>>>>>>>>           "SP+Group:GTest+lalit+Portal+Members",
>>>>>>>>>>>           "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>>>>>>>           "SP+Group:GHierarchy+Managers",
>>>>>>>>>>>           "SP+Group:GApprovers",
>>>>>>>>>>>           "SP+Group:GViewers",
>>>>>>>>>>>           "SP+Group:GDesigners"
>>>>>>>>>>>         ],
>>>>>>>>>>>         "content_modified_date": "2014-06-04T00:00:00Z",
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                   SDD
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                    "_version_": 1470564182244982800
>>>>>>>>>>>       },
>>>>>>>>>>>       {
>>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>>           "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>>         ],
>>>>>>>>>>>         "content_name": "hekko.txt",
>>>>>>>>>>>         "content_modifier": "iwater.ie\\ljangra",
>>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>>           "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>>         ],
>>>>>>>>>>>                "id": "
>>>>>>>>>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt
>>>>>>>>>>> ",
>>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>>           "AD+Group:S-1-5-18",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>>>>>>>           "AD+Group:S-1-5-32-544"
>>>>>>>>>>>         ],
>>>>>>>>>>>
>>>>>>>>>>>         "allow_token_share": [
>>>>>>>>>>>           "AD+Group:S-1-1-0",
>>>>>>>>>>>           "AD+Group:S-1-5-32-544"
>>>>>>>>>>>         ],
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                 CMIS
>>>>>>>>>>>
>>>>>>>>>>>                 "allow_token_share": [
>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>         ],
>>>>>>>>>>>         "deny_token_document": [
>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>         ],
>>>>>>>>>>>         "deny_token_share": [
>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>         ],
>>>>>>>>>>>         "allow_token_document": [
>>>>>>>>>>>           "__nosecurity__"
>>>>>>>>>>>         ]
>>>>>>>>>>>
>>>>>>>>>>> Regards.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <iorixxx@yahoo.com
>>>>>>>>>>> > wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> As documented here
>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>>>
>>>>>>>>>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> This is a URL parameter, just like Solr params. Here is an
>>>>>>>>>>> example.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>>>>>>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>   On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>  Hi All,
>>>>>>>>>>>
>>>>>>>>>>> As continuing from
>>>>>>>>>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>>>>>>>>>> as per Ahmet's suggestion.
>>>>>>>>>>>
>>>>>>>>>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs
>>>>>>>>>>> indexed into solr indexes.
>>>>>>>>>>>
>>>>>>>>>>> Now i want to write Solr query to put a user's permission
>>>>>>>>>>> details into in it which can be compared to ACL stored in solr and only
>>>>>>>>>>> those results will be returned to user on which he has been assigned ACL.
>>>>>>>>>>>
>>>>>>>>>>> How can i do this?  Can i use MCF filter  below here or do i
>>>>>>>>>>> need to write custom query for my need?
>>>>>>>>>>>
>>>>>>>>>>> <requestHandler name="search" class="solr.SearchHandler"
>>>>>>>>>>> default="true">
>>>>>>>>>>>   <lst name="appends">
>>>>>>>>>>>     <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>>   </lst>
>>>>>>>>>>> </requestHandler>
>>>>>>>>>>>
>>>>>>>>>>> Please help.
>>>>>>>>>>>
>>>>>>>>>>> Regards,
>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Regards,
>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Regards,
>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Regards,
>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Regards,
>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Regards,
>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Lalit Jangra.
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Lalit Jangra.
>>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>
>

Mime
View raw message