manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lalit jangra <lalit.j.jan...@gmail.com>
Subject Re: How to query for content with ACLs?
Date Fri, 13 Jun 2014 11:30:01 GMT
Thanks Karl,

As i could not see any document in solr query, i used Luke to open index
and i could see below values for all MCF plugin fields for all documents.
These are something different from previous values.

allow_token_document  = SP+KW:
allow_token_share = __nosecurity__
deny_token_document  = SP+KW:DEAD_AUTHORITY
allow_token_share = __nosecurity__

I think something or a lot of things missing here. I am attaching zip of
solr index(very small one with 10 documents from sharepoint) here. Please
guide.

Regards.



On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <daddywri@gmail.com> wrote:

> Hi Lalit,
>
> Can you show me somehow some of the the ACLs that have been indexed with
> your documents?  The only other potential issue might be that your
> repository connection(s) may not be part of the same authority groups as
> your authority connections.  In that case, the indexed authority tokens
> will have a different prefix (e.g. SP+KW in one case, something else in the
> other).
>
> Karl
>
>
>
>
> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <lalit.j.jangra@gmail.com>
> wrote:
>
>> Hi Again,
>>
>> As per Karl's suggestion, i am now converting user from water.com\ljangra
>> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>
>>
>> <http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@iwater.ie>
>> I can see below ACL.
>>
>> AUTHORIZED:SP+K+Conn
>>
>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>
>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>
>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>
>>
>> Still i am not able to see any results from query
>>
>>
>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>> <http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@iwater.ie>
>> . While debugging query i can see ACL doing fine. So i am confused why
>> its now working. Can you please help.
>>
>>
>> "parsed_filter_queries": [
>>
>>       "ConstantScore(+((+allow_token_share:__nosecurity__
>> +deny_token_share:__nosecurity__)
>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>> +((+allow_token_document:__nosecurity__
>> +deny_token_document:__nosecurity__)
>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>
>>     ],
>>
>>
>> Finally solr.log also seems to be fine.
>>
>>
>> INFO  - 2014-06-13 11:38:19.862;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>> to match docs for user '[:ljangra@water.com]'
>>
>> INFO  - 2014-06-13 11:38:19.909;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>> authority response AUTHORIZED:SP+K+Conn
>>
>> INFO  - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>> [collection1] webapp=/solr path=/select
>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>> ljangra@water.com} hits=0 status=0 QTime=47
>>
>>
>> Regards.
>>
>>
>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <iorixxx@yahoo.com> wrote:
>>
>>> Hi Lalit,
>>>
>>> It makes more sense to use appends section rather than defaults section
>>> when defining mcf query parser plugin in fq parameter.
>>>
>>> <lst name="appends">
>>>  <str name="fq">{!manifoldCFSecurity}</str>
>>> </lst>
>>>
>>>
>>>
>>>
>>>   On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>> lalit.j.jangra@gmail.com> wrote:
>>>
>>>
>>>  Hi Ahmet,
>>>
>>> I have configured solrconfig.xml as per your suggestion.
>>>
>>>  <requestHandler name="/select" class="solr.SearchHandler">
>>>     <!-- default values for query parameters can be specified, these
>>>          will be overridden by parameters in the request
>>>       -->
>>>      <lst name="defaults">
>>>        <str name="echoParams">explicit</str>
>>>        <int name="rows">1000</int>
>>>        <str name="df">text</str>
>>>        <str name="fq">{!manifoldCFSecurity}</str>
>>>      </lst>
>>> ....
>>> </requestHandler>
>>>
>>>
>>> Next i am running a job which indexes sharepoint content in solr but
>>> when i am searching in solr, i am getting not results & getting
>>> UNREACHABLEAUTHORITY message.
>>>
>>> INFO  - 2014-06-12 22:22:29.944;
>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>> commits: num=2
>>>
>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>
>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>> INFO  - 2014-06-12 22:22:29.944;
>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>> INFO  - 2014-06-12 22:22:29.960;
>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0 main
>>> INFO  - 2014-06-12 22:22:29.975;
>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>> INFO  - 2014-06-12 22:22:29.975;
>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>> requests to Searcher@5ac787b0
>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>> INFO  - 2014-06-12 22:22:29.975;
>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>> INFO  - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>> [collection1] Registered new searcher Searcher@5ac787b0
>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>> INFO  - 2014-06-12 22:22:29.975;
>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>> {commit=} 0 265
>>> INFO  - 2014-06-12 22:22:35.663;
>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>> QTime=0
>>> INFO  - 2014-06-12 22:22:35.741;
>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>> INFO  - 2014-06-12 22:22:36.960;
>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>> no-user response (open documents only)
>>> INFO  - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>> [collection1] webapp=/solr path=/select
>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0
QTime=16
>>> INFO  - 2014-06-12 22:22:40.569;
>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>> to match docs for user '[:ljangra@water.com]'
>>> INFO  - 2014-06-12 22:22:40.726;
>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>> INFO  - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>> [collection1] webapp=/solr path=/select
>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>
>>> UNREACHABLEAUTHORITY means name of an authority that was found to be
>>> unreachable or unusable but i am having same authority working fine in MCF.
>>>
>>>
>>> Please help.
>>>
>>> Regards.
>>>
>>>
>>>
>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <iorixxx@yahoo.com> wrote:
>>>
>>> Hi Karl,
>>>
>>> May be we should use
>>>
>>>  <requestHandler name="/select" class="solr.SearchHandler">
>>>
>>> in
>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>
>>> To avoid confusion?
>>>
>>> What do you think?
>>>
>>>
>>>   On Thursday, June 12, 2014 11:12 PM, Karl Wright <daddywri@gmail.com>
>>> wrote:
>>>
>>>
>>> What does your solrconfig.xml file look like?
>>> Karl
>>>
>>>
>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <lalit.j.jangra@gmail.com>
>>> wrote:
>>>
>>> Hi Ahmet,
>>>
>>> I tried the way you suggested but its not working. My solr query is as
>>> below.
>>>
>>>
>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>
>>> Whatever name i am passing as AuthenticatedUserName, it returning all
>>> results.
>>>
>>> I have indexed my documents using mcf-solr plugin using instructions @
>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>> Below are some of ACL stored in solr. Am i missing something?
>>>
>>> "_version_": 1470562493875093500,
>>>         "allow_token_share": [
>>>           "__nosecurity__"
>>>         ],
>>>         "deny_token_share": [
>>>           "__nosecurity__"
>>>         ]
>>>       },
>>>       {
>>>         "content_name": "Alfresco-in-an-Hour.pdf"
>>>         "deny_token_document": [
>>>           "SP+Group:DEAD_AUTHORITY"
>>>         ],
>>>         "allow_token_document": [
>>>           "SP+Group:GTest+lalit+Portal+Visitors",
>>>           "SP+Group:GTest+lalit+Portal+Owners",
>>>           "SP+Group:GRestricted+Readers",
>>>           "SP+Group:GTest+lalit+Administrators",
>>>           "SP+Group:GTest+lalit+Portal+Members",
>>>           "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>           "SP+Group:GHierarchy+Managers",
>>>           "SP+Group:GApprovers",
>>>           "SP+Group:GViewers",
>>>           "SP+Group:GDesigners"
>>>         ],
>>>         "content_modified_date": "2014-06-04T00:00:00Z",
>>>
>>>
>>>
>>>                   SDD
>>>
>>>
>>>                    "_version_": 1470564182244982800
>>>       },
>>>       {
>>>         "deny_token_share": [
>>>           "AD+Group:DEAD_AUTHORITY"
>>>         ],
>>>         "content_name": "hekko.txt",
>>>         "content_modifier": "iwater.ie\\ljangra",
>>>         "deny_token_document": [
>>>           "AD+Group:DEAD_AUTHORITY"
>>>         ],
>>>                "id": "
>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>>         "allow_token_document": [
>>>           "AD+Group:S-1-5-18",
>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>           "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>           "AD+Group:S-1-5-32-544"
>>>         ],
>>>
>>>         "allow_token_share": [
>>>           "AD+Group:S-1-1-0",
>>>           "AD+Group:S-1-5-32-544"
>>>         ],
>>>
>>>
>>>                 CMIS
>>>
>>>                 "allow_token_share": [
>>>           "__nosecurity__"
>>>         ],
>>>         "deny_token_document": [
>>>           "__nosecurity__"
>>>         ],
>>>         "deny_token_share": [
>>>           "__nosecurity__"
>>>         ],
>>>         "allow_token_document": [
>>>           "__nosecurity__"
>>>         ]
>>>
>>> Regards.
>>>
>>>
>>>
>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <iorixxx@yahoo.com> wrote:
>>>
>>> Hi,
>>>
>>> As documented here
>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>
>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>
>>>
>>> This is a URL parameter, just like Solr params. Here is an example.
>>>
>>>
>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>
>>>
>>>   On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>> lalit.j.jangra@gmail.com> wrote:
>>>
>>>
>>>  Hi All,
>>>
>>> As continuing from
>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>> as per Ahmet's suggestion.
>>>
>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
>>> into solr indexes.
>>>
>>> Now i want to write Solr query to put a user's permission details into
>>> in it which can be compared to ACL stored in solr and only those results
>>> will be returned to user on which he has been assigned ACL.
>>>
>>> How can i do this?  Can i use MCF filter  below here or do i need to
>>> write custom query for my need?
>>>
>>> <requestHandler name="search" class="solr.SearchHandler" default="true">
>>>   <lst name="appends">
>>>     <str name="fq">{!manifoldCFSecurity}</str>
>>>   </lst>
>>> </requestHandler>
>>>
>>> Please help.
>>>
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>
>


-- 
Regards,
Lalit Jangra.

Mime
View raw message