manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lalit jangra <lalit.j.jan...@gmail.com>
Subject Re: Solr MCF ACL Plugin
Date Tue, 12 Aug 2014 13:13:39 GMT
Thanks a lot Karl,

I will follow the steps and update you.

Regards.


On Tue, Aug 12, 2014 at 6:30 PM, Karl Wright <daddywri@gmail.com> wrote:

> Directions for modifying the solr plugin:
>
> (1) Download the plugin source package from the mcf site
> (2) Unpack
> (3) In ManifoldCFQParserPlugin.java, go to line 276.  The query clause
> that comes from ManifoldCF has been constructed by that point.  Instead of
> returning that query, though, also construct your Alfresco clause based on
> passed-in Alfresco access tokens.  You can access these tokens from the
> incoming parameters using code like this:
>
> String[] alfrescoTokens = params.getParams("alfresco_tokens");
>
> You will need to form the alfresco tokens into a Query and merge that
> Query with the one from ManifoldCF.
>
> Karl
>
>
>
> On Tue, Aug 12, 2014 at 8:07 AM, Karl Wright <daddywri@gmail.com> wrote:
>
>> I think that would fix the issue, yes.  Stop passing anything in "fq="
>> and modify the plugin.
>>
>> Karl
>>
>>
>> On Tue, Aug 12, 2014 at 7:42 AM, lalit jangra <lalit.j.jangra@gmail.com>
>> wrote:
>>
>>> Thanks Karl,
>>>
>>> So it means to me that i need to update ManifoldCFQParserPlugin.java to
>>> accommodate for alfresco also and as we are passing AuthenticateUserName
>>> for SharePoint, we need to devise a meachanism to pass ACLs for alfresco as
>>> well and modify parse() method to make combined query?
>>>
>>> This would be the fix for issue?
>>>
>>> Please suggest.
>>>
>>> Regards.
>>>
>>>
>>> On Tue, Aug 12, 2014 at 5:05 PM, Karl Wright <daddywri@gmail.com> wrote:
>>>
>>>> Hi Lalit,
>>>>
>>>> It occurs to me that even if you use the MCF search component, you will
>>>> still need to make customizations, because otherwise only documents visible
>>>> to the SharePoint user will be visible.
>>>>
>>>> I think that if you can pass the alfresco access tokens in via another
>>>> argument (say, "alfresco="), then you can modify the query-parser plugin to
>>>> do what you need.
>>>>
>>>> Karl
>>>>
>>>>
>>>>
>>>> On Tue, Aug 12, 2014 at 7:27 AM, Karl Wright <daddywri@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> The MCF query-parser plugin does have access to the incoming "fq"
>>>>> parameter, but in order to do anything useful with it it would have to
>>>>> parse it, and turn it into a Query.  In addition, you would need to decide
>>>>> whether the passed-in fq argument should:
>>>>>
>>>>> -- RESTRICT the documents further that match the MCF authorization
>>>>> criteria
>>>>> -- ADD documents that do not match the MCF authorization criteria
>>>>>
>>>>> It can't be both, so I can't see making this a general feature.  For
>>>>> these reasons I don't recommend this approach.  Instead, you should be able
>>>>> to add the MCF search component to the standard query processing chain, and
>>>>> that should always work.  The biggest question is just where in the chain
>>>>> you put the plugin.
>>>>>
>>>>> Thanks,
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Aug 12, 2014 at 7:08 AM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>>> Thanks Karl,
>>>>>>
>>>>>> Does it mean that i need to update OOTB MCF-Solr component i.e.
>>>>>> ManifoldCFQParserPlugin.java and pass all my arguments there and update the
>>>>>> final query?
>>>>>>
>>>>>> Currently  i am using filter queries to maintain resultsets from
>>>>>> different sources : alfresco & sharepoint as index from alfresco &
>>>>>> sharepoint are stored into same solr collection.
>>>>>> E.g. If i search for alfresco, it works fine but if i search for
>>>>>> sahrepoint using AuthenticatedUserName only without using filter to return
>>>>>> results from sharepoint, i get results from both alfresco(as open items
>>>>>> from MCF-Solr plugin) & sharepoint.
>>>>>>
>>>>>> Please suggest.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>> On Tue, Aug 12, 2014 at 3:44 PM, Karl Wright <daddywri@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Lalit,
>>>>>>>
>>>>>>> The ManifoldCF query parser plugin only has the option of generating
>>>>>>> a filter query from incoming arguments.  It does not have the option of
>>>>>>> replacing the incoming arguments:
>>>>>>>
>>>>>>> >>>>>>
>>>>>>>     public Query parse()
>>>>>>> <<<<<<
>>>>>>>
>>>>>>> It is Solr that decides whether an fq argument you pass overrides a
>>>>>>> queryparser's plugin output.  I can't change how that works.
>>>>>>>
>>>>>>> For what you are trying to do, you may do better by using the MCF
>>>>>>> search component instead, since that modifies the whole query, rather than
>>>>>>> just the fq field.
>>>>>>>
>>>>>>> Karl
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Aug 12, 2014 at 6:07 AM, lalit jangra <
>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>
>>>>>>>> Thanks Karl,
>>>>>>>>
>>>>>>>> It means that is seems to be clash between two fq or filter
>>>>>>>> queries. First fq is set by MCF-Solr plugin which return SharePoint user
>>>>>>>> tokens and then i am using another fq to create filter query based on
>>>>>>>> content_source etc. which overwrites previous one
>>>>>>>>
>>>>>>>> How can i consume incoming MCF-Solr plugin into second/other fq
>>>>>>>> here as i could not see any results coming from MCF-Solr plugin? Also as i
>>>>>>>> am passing AutheticatedUserName as raw query parameter, i was expecting
>>>>>>>> results to be replaced inline within query itself.
>>>>>>>>
>>>>>>>> Please suggest.
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Aug 12, 2014 at 3:20 PM, Karl Wright <daddywri@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi Lalit,
>>>>>>>>>
>>>>>>>>> Yes, it seems likely that the MCF solr plugin is setting fq to the
>>>>>>>>> right query expression, and then you are later setting fq to something else
>>>>>>>>> entirely with your own plugin.
>>>>>>>>>
>>>>>>>>> Your plugin must take the incoming fq field and include it in the
>>>>>>>>> final expression.
>>>>>>>>>
>>>>>>>>> Karl
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Tue, Aug 12, 2014 at 4:23 AM, lalit jangra <
>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Thanks Karl for promptness,
>>>>>>>>>>
>>>>>>>>>> Invoking http://
>>>>>>>>>> <your_mcf_instance/mcf-authority-service/UserACLs?username=
>>>>>>>>>> ljangra@iwater.ie gives me below ACLs which seem to be fine to
>>>>>>>>>> me.
>>>>>>>>>>
>>>>>>>>>> AUTHORIZED:SharePointAuthConnection
>>>>>>>>>>
>>>>>>>>>> TOKEN:SharepointAuthGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>
>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> TOKEN:SharepointAuthGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>
>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>
>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%28.s%7Ctrue
>>>>>>>>>>
>>>>>>>>>> I got it now, the missing part is absence of user tokens in solr
>>>>>>>>>> query as you mentioned.
>>>>>>>>>>
>>>>>>>>>> Please suggest.
>>>>>>>>>>
>>>>>>>>>> Regards.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Tue, Aug 12, 2014 at 12:32 PM, Karl Wright <daddywri@gmail.com
>>>>>>>>>> > wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>
>>>>>>>>>>> The MCF plugin does this:
>>>>>>>>>>> - Looks for the AuthenticatedUserName parameter
>>>>>>>>>>> - Sends the AuthenticatedUserName parameter to ManifoldCF's
>>>>>>>>>>> authority service, and gets back user tokens
>>>>>>>>>>> - Constructs a filter query (fq) expression from the user tokens
>>>>>>>>>>>
>>>>>>>>>>> It's very hard for me to guess which acls come from your
>>>>>>>>>>> SharePoint instance and which come from your Alfresco instance.  But this
>>>>>>>>>>> is almost certainly wrong:
>>>>>>>>>>>
>>>>>>>>>>> fq=content_source:SharePoint&version=2&AuthenticatedUserName=
>>>>>>>>>>> ljangra@iwater.ie
>>>>>>>>>>> ... because there are no access tokens whatsoever.
>>>>>>>>>>>
>>>>>>>>>>> This too has no ACLs:
>>>>>>>>>>> fq=
>>>>>>>>>>> content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> This has access tokens, but they seem to all be from Alfresco:
>>>>>>>>>>>
>>>>>>>>>>> fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+content_source:SharePoint&AuthenticatedUserName=
>>>>>>>>>>> ljangra@iwater.ie
>>>>>>>>>>>
>>>>>>>>>>> So frankly I see no evidence that you are including any
>>>>>>>>>>> SharePoint access tokens in your query at all.  Could you do the following:
>>>>>>>>>>>
>>>>>>>>>>> curl "http://
>>>>>>>>>>> <your_mcf_instance/mcf-authority-service/UserACLs?username=
>>>>>>>>>>> ljangra@iwater.ie"
>>>>>>>>>>>
>>>>>>>>>>> ... and send me what you get back?  If that looks good, I
>>>>>>>>>>> suggest that you are probably overwriting the mcf plugin's fq entirely, and
>>>>>>>>>>> not including it in your expression.
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Karl
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Tue, Aug 12, 2014 at 2:38 AM, lalit jangra <
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>>
>>>>>>>>>>>> I am working with filter queries here and initially i tried to
>>>>>>>>>>>> put filter queries as below but it did not work and i got only alfresco
>>>>>>>>>>>> content.
>>>>>>>>>>>>
>>>>>>>>>>>> (alfresco_expression AND is_alfresco) OR (sharepoint_expression
>>>>>>>>>>>> AND is_sharepoint)
>>>>>>>>>>>>
>>>>>>>>>>>> Here is query from solr logs for same.
>>>>>>>>>>>>
>>>>>>>>>>>> 588159410 [http-bio-8080-exec-330] INFO
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response
>>>>>>>>>>>> (open documents only)
>>>>>>>>>>>>
>>>>>>>>>>>> 588547075 [http-bio-8080-exec-260] INFO
>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>> params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(
>>>>>>>>>>>> content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie)}
>>>>>>>>>>>> hits=4404 status=0 QTime=96
>>>>>>>>>>>>
>>>>>>>>>>>> Here i get only 4404 results which i get if i select only
>>>>>>>>>>>> alfresco as source without selecting sharepoint.
>>>>>>>>>>>>
>>>>>>>>>>>> 588159410 [http-bio-8080-exec-330] INFO
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response
>>>>>>>>>>>> (open documents only)
>>>>>>>>>>>>
>>>>>>>>>>>> 588159479 [http-bio-8080-exec-330] INFO
>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>> params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(
>>>>>>>>>>>> content_source:SharePoint+AND+uthenticatedUserName%3Dljangra@iwater.ie)}
>>>>>>>>>>>> hits=4404 status=0 QTime=70
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Then i moved to below structure where i need to pass
>>>>>>>>>>>> sharepoint_expression as raw query parameters for filter queries.
>>>>>>>>>>>>
>>>>>>>>>>>> (alfresco_expression) OR (is_sharepoint) & sharepoint_expression
>>>>>>>>>>>>
>>>>>>>>>>>> This way i got results from both alfresco and sharepoint. Here
>>>>>>>>>>>> i get 5425 results including alfresco as well as sharepoint.
>>>>>>>>>>>>
>>>>>>>>>>>> 588799237 [http-bio-8080-exec-331] INFO
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for
>>>>>>>>>>>> user '[:ljangra@iwater.ie]'
>>>>>>>>>>>>
>>>>>>>>>>>> 588799238 [http-bio-8080-exec-331] INFO
>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient  ? I/O exception
>>>>>>>>>>>> (org.apache.http.NoHttpResponseException) caught when processing request:
>>>>>>>>>>>> The target server failed to respond
>>>>>>>>>>>>
>>>>>>>>>>>> 588799239 [http-bio-8080-exec-331] INFO
>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient  ? Retrying request
>>>>>>>>>>>>
>>>>>>>>>>>> 588799330 [http-bio-8080-exec-331] INFO
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response
>>>>>>>>>>>> AUTHORIZED:SharePointAuthConnection
>>>>>>>>>>>>
>>>>>>>>>>>> 588799338 [http-bio-8080-exec-331] INFO
>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>> params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+content_source:SharePoint&AuthenticatedUserName=
>>>>>>>>>>>> ljangra@iwater.ie} hits=5245 status=0 QTime=103
>>>>>>>>>>>>
>>>>>>>>>>>> Also for sharepoint only queries, if i try filter queries as
>>>>>>>>>>>> below, i got no results.
>>>>>>>>>>>>
>>>>>>>>>>>> (sharepoint_expression AND is_sharepoint)
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 587320867 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for
>>>>>>>>>>>> user '[:ljangra@iwater.ie]'
>>>>>>>>>>>>
>>>>>>>>>>>> 587320868 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient  ? I/O exception
>>>>>>>>>>>> (org.apache.http.NoHttpResponseException) caught when processing request:
>>>>>>>>>>>> The target server failed to respond
>>>>>>>>>>>>
>>>>>>>>>>>> 587320869 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient  ? Retrying request
>>>>>>>>>>>>
>>>>>>>>>>>> 587324291 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response
>>>>>>>>>>>> AUTHORIZED:SharePointAuthConnection
>>>>>>>>>>>>
>>>>>>>>>>>> 587324292 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>> params={indent=true&q=*:*&_=1407823092895&wt=json&fq=
>>>>>>>>>>>> content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie
>>>>>>>>>>>> &AuthenticatedUserName=ljangra@iwater.ie} hits=0 status=0
>>>>>>>>>>>> QTime=3426
>>>>>>>>>>>>
>>>>>>>>>>>> 587338061 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response
>>>>>>>>>>>> (open documents only)
>>>>>>>>>>>>
>>>>>>>>>>>> 587338061 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>> params={indent=true&q=*:*&_=1407823109996&wt=json&fq=
>>>>>>>>>>>> content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie}
>>>>>>>>>>>> hits=0 status=0 QTime=1
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> But if i use sharepoint_expression as below , get results for
>>>>>>>>>>>> sahrepoint only.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> fq=content_source:SharePoint&version=2&AuthenticatedUserName=
>>>>>>>>>>>> ljangra@iwater.ie
>>>>>>>>>>>>
>>>>>>>>>>>>  589523637 [http-bio-8080-exec-260] INFO
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for
>>>>>>>>>>>> user '[:ljangra@iwater.ie]'
>>>>>>>>>>>>
>>>>>>>>>>>> 589523639 [http-bio-8080-exec-260] INFO
>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient  ? I/O exception
>>>>>>>>>>>> (org.apache.http.NoHttpResponseException) caught when processing request:
>>>>>>>>>>>> The target server failed to respond
>>>>>>>>>>>>
>>>>>>>>>>>> 589523639 [http-bio-8080-exec-260] INFO
>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient  ? Retrying request
>>>>>>>>>>>>
>>>>>>>>>>>> 589523698 [http-bio-8080-exec-260] INFO
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response
>>>>>>>>>>>> AUTHORIZED:SharePointAuthConnection
>>>>>>>>>>>>
>>>>>>>>>>>> 589523699 [http-bio-8080-exec-260] INFO
>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>> params={sort=score+desc&df=text&q="lalit"&q.op=OR&wt=javabin&qt=/select&fq=content_source:SharePoint&version=2&AuthenticatedUserName=
>>>>>>>>>>>> ljangra@iwater.ie} hits=35 status=0 QTime=62
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> What i assume is whatever is passed with AuthenticatedUserName
>>>>>>>>>>>> variable, it is compared with stored ACLs in index and accordingly results
>>>>>>>>>>>> are displayed.
>>>>>>>>>>>>
>>>>>>>>>>>> Please suggest.
>>>>>>>>>>>>
>>>>>>>>>>>> regards.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Mon, Aug 11, 2014 at 10:59 PM, Karl Wright <
>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>
>>>>>>>>>>>>> First, if both Alfresco and SharePoint documents are indexed
>>>>>>>>>>>>> with the same MCF instance, then you do
>>>>>>>>>>>>> not need to play games like this.  You only need the one query
>>>>>>>>>>>>> that the MCF solr plugin generates.
>>>>>>>>>>>>>
>>>>>>>>>>>>> If that's not the case, then what you want are two separate
>>>>>>>>>>>>> clauses where one matches Alfresco documents and one clause that matches
>>>>>>>>>>>>> SharePoint documents.  The expression therefore would look like this:
>>>>>>>>>>>>>
>>>>>>>>>>>>> (alfresco_expression AND is_alfresco) OR
>>>>>>>>>>>>> (sharepoint_expression AND is_sharepoint)
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> It cannot look like this and work:
>>>>>>>>>>>>>
>>>>>>>>>>>>> (alfresco_expression OR sharepoint_expression) OR is_sharepoint
>>>>>>>>>>>>>
>>>>>>>>>>>>> That is nonsensical.
>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 1:22 PM, lalit jangra <
>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> In this query i am searching for results in both alfresco and
>>>>>>>>>>>>>> SharePoint. So before OR i am checking for alfresco ACLs and post OR i am
>>>>>>>>>>>>>> checking for SharePoint ACLs by supplying authenticatedusername .Hence OR
>>>>>>>>>>>>>> facilitates here for both options.
>>>>>>>>>>>>>>  On Aug 11, 2014 10:44 PM, "Karl Wright" <daddywri@gmail.com>
>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Have a look at this query:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 522471481 [http-bio-8080-exec-238] INFO
>>>>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>>>>> params={sort=score+desc&df=text&q="blue"&q.op=OR&wt=javabin&qt=/select&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EMAIL_CONTRIBUTORS%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_ExtendedWriters3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-CTX-IWDesktop%2BOR%2BGROUP_GLS-IW-CTX-IWStandardUsers%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteManager%2BOR%2BGROUP_site_asset-investment%2BOR%2BGROUP_site_asset-investment_SiteManager%2BOR%2BGROUP_site_asset-management%2BOR%2BGROUP_site_asset-management_SiteConsumer%2BOR%2BGROUP_site_asset-programmes%2BOR%2BGROUP_site_asset-programmes_SiteCollaborator%2BOR%2BGROUP_site_asset-programmes_SiteManager%2BOR%2BGROUP_site_asset-strategy%2BOR%2BGROUP_site_asset-strategy_SiteManager%2BOR%2BGROUP_site_capa%2BOR%2BGROUP_site_capa_SiteManager%2BOR%2BGROUP_site_capital-delivery%2BOR%2BGROUP_site_capital-delivery_SiteConsumer%2BOR%2BGROUP_site_communications%2BOR%2BGROUP_site_communications_SiteManager%2BOR%2BGROUP_site_customer-contacts%2BOR%2BGROUP_site_customer-contacts_SiteManager%2BOR%2BGROUP_site_hazcon%2BOR%2BGROUP_site_hazcon_SiteManager%2BOR%2BGROUP_site_human-resources%2BOR%2BGROUP_site_human-resources_SiteCollaborator%2BOR%2BGROUP_site_incident-management%2BOR%2BGROUP_site_incident-management_SiteManager%2BOR%2BGROUP_site_invoices%2BOR%2BGROUP_site_invoices_SiteManager%2BOR%2BGROUP_site_iwcontracts%2BOR%2BGROUP_site_iwcontracts_SiteManager%2BOR%2BGROUP_site_iwproject%2BOR%2BGROUP_site_iwproject_SiteManager%2BOR%2BGROUP_site_iwprojects%2BOR%2BGROUP_site_iwprojects_SiteManager%2BOR%2BGROUP_site_operations-and-maintenance%2BOR%2BGROUP_site_operations-and-maintenance_SiteManager%2BOR%2BGROUP_site_region-connaught-and-ulster%2BOR%2BGROUP_site_region-connaught-and-ulster_SiteCollaborator%2BOR%2BGROUP_site_region-east-and-midlands%2BOR%2BGROUP_site_region-east-and-midlands_SiteCollaborator%2BOR%2BGROUP_site_region-south-la-file-share%2BOR%2BGROUP_site_region-south-la-file-share_SiteCollaborator%2BOR%2BGROUP_site_rm%2BOR%2BGROUP_site_rm_SiteManager%2BOR%2BGROUP_site_site-water-investment-approvals-committee%2BOR%2BGROUP_site_site-water-investment-approvals-committee_SiteCollaborator%2BOR%2BGROUP_site_test-public%2BOR%2BGROUP_site_test-public_SiteManager%2BOR%2BGROUP_site_testing-private%2BOR%2BGROUP_site_testing-private_SiteManager%2529)+OR+content_source:SharePoint&version=2&AuthenticatedUserName=
>>>>>>>>>>>>>>> vchauhan@iwater.ie} hits=11 status=0 QTime=10
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Note the following at the very end of the fq field:
>>>>>>>>>>>>>>> "+OR+content_source:SharePoint".  That will basically disable the entire
>>>>>>>>>>>>>>> rest of the filter and permit ALL documents through that were indexed by
>>>>>>>>>>>>>>> SharePoint.  It should be "+AND+content_source:SharePoint".
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 1:05 PM, lalit jangra <
>>>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Sure Karl,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Can you let me know what type of logs you need?I am
>>>>>>>>>>>>>>>> attaching part of solr.log for your reference.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>>>> On Aug 11, 2014 9:42 PM, "Karl Wright" <daddywri@gmail.com>
>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Are you sure you are using the standard select query
>>>>>>>>>>>>>>>>> handler?  In order to convince me, you will need to enable appropriate Solr
>>>>>>>>>>>>>>>>> logging so I can see how a request is processed and whether the MCF solr
>>>>>>>>>>>>>>>>> plugin is being called.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 11:59 AM, lalit jangra <
>>>>>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Below are my comments.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> 1. Your Solr query is in fact not hooked up to use the
>>>>>>>>>>>>>>>>>> appropriate MCF Solr plugin, in which case no security whatsoever is being
>>>>>>>>>>>>>>>>>> applied.
>>>>>>>>>>>>>>>>>> --- Below is snippet from solrconfig.xml from one of
>>>>>>>>>>>>>>>>>> servers with MCF Solr plugin included and enabled with /select query
>>>>>>>>>>>>>>>>>> handler which i am using for search. I assume i need not to provide full
>>>>>>>>>>>>>>>>>> server name for AuthorityServiceBaseURL & instead
>>>>>>>>>>>>>>>>>> localhost will work fine.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> <!-- ManifoldCF document security enforcement component
>>>>>>>>>>>>>>>>>> -->
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>   <queryParser name="manifoldCFSecurity"
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>     class="org.apache.solr.mcf.ManifoldCFQParserPlugin">
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>     <str name="AuthorityServiceBaseURL">
>>>>>>>>>>>>>>>>>> http://localhost:80/mcf-authority-service</str>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>     <int name="ConnectionPoolSize">50</int>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>   </queryParser>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>    <!-- ManifoldCF document security enforcement
>>>>>>>>>>>>>>>>>> component -->
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>   <searchComponent name="manifoldCFSecurity"
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>     class="org.apache.solr.mcf.ManifoldCFSearchComponent">
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>     <str name="AuthorityServiceBaseURL">
>>>>>>>>>>>>>>>>>> http://localhost:80/mcf-authority-service</str>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>     <int name="ConnectionPoolSize">50</int>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>   </searchComponent>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>   <requestHandler name="/select"
>>>>>>>>>>>>>>>>>> class="solr.SearchHandler">
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>      <lst name="defaults">
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>        <str name="echoParams">explicit</str>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>        <int name="rows">10000</int>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>        <str name="df">text</str>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>      </lst>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>          <lst name="appends">
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>                 <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>          </lst>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>   </requestHandler>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Below is one of queries built for same using
>>>>>>>>>>>>>>>>>> AuthenticatedUserName
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> q=%22blue%22&q.op=OR&df=text&qt=%2Fselect&sort=score+desc&fq=content_source%3ASharePoint&AuthenticatedUserName=ljangra%
>>>>>>>>>>>>>>>>>> 40iwater.ie
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> 2. You are supposed to be able to see the documents, but
>>>>>>>>>>>>>>>>>> the URL ManifoldCF is generating does not permit you to log into SharePoint
>>>>>>>>>>>>>>>>>> for some reason.
>>>>>>>>>>>>>>>>>> -- If i go to the location of the search result, i am not
>>>>>>>>>>>>>>>>>> able to see any document available there for me as per my permissions.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> 3. You indexed the documents with security "off", and so
>>>>>>>>>>>>>>>>>> no security information was attached to the documents in Solr.
>>>>>>>>>>>>>>>>>> --- I have enabled security before starting the job as
>>>>>>>>>>>>>>>>>> below.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Please suggest.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 5:17 PM, Karl Wright <
>>>>>>>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> There are a number of possibilities.  You will need to
>>>>>>>>>>>>>>>>>>> do some investigation to figure out which one it is.  Here are the
>>>>>>>>>>>>>>>>>>> possibilities I see:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> (1) Your Solr query is in fact not hooked up to use the
>>>>>>>>>>>>>>>>>>> appropriate MCF Solr plugin, in which case no security whatsoever is being
>>>>>>>>>>>>>>>>>>> applied.
>>>>>>>>>>>>>>>>>>> (2) You are supposed to be able to see the documents,
>>>>>>>>>>>>>>>>>>> but the URL ManifoldCF is generating does not permit you to log into
>>>>>>>>>>>>>>>>>>> SharePoint for some reason.
>>>>>>>>>>>>>>>>>>> (3) You indexed the documents with security "off", and
>>>>>>>>>>>>>>>>>>> so no security information was attached to the documents in Solr.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 7:30 AM, lalit jangra <
>>>>>>>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> I am using MCF 1.5.1 and crawling SharePoint 2010 list
>>>>>>>>>>>>>>>>>>>> items. I have also placed MCF solr ACL plugin into solr instances and
>>>>>>>>>>>>>>>>>>>> updated solrconfig.xml for same. I created a job to connect to SharePoint
>>>>>>>>>>>>>>>>>>>> and indexed list items in solr.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Next i am searching for content items from index and
>>>>>>>>>>>>>>>>>>>> what i could see is that i am able to see search results for content on
>>>>>>>>>>>>>>>>>>>> which i do not have any access. I can see these content into search results
>>>>>>>>>>>>>>>>>>>> but when i am trying to aceess these content , i can getting SharePoint
>>>>>>>>>>>>>>>>>>>> access denied error. Ideally if a user has no access to a content, he
>>>>>>>>>>>>>>>>>>>> should not be see these content.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Am i missing anything here?
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>>>>>>>> Lalit.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>>>>>> Lalit.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Lalit.
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Regards,
>>>>>>>>>> Lalit.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Lalit.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Lalit.
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit.
>>>
>>
>>
>


-- 
Regards,
Lalit.

Mime
View raw message