manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lalit jangra <lalit.j.jan...@gmail.com>
Subject Re: Solr MCF ACL Plugin
Date Tue, 12 Aug 2014 06:38:45 GMT
Thanks Karl,

I am working with filter queries here and initially i tried to put filter
queries as below but it did not work and i got only alfresco content.

(alfresco_expression AND is_alfresco) OR (sharepoint_expression AND
is_sharepoint)

Here is query from solr logs for same.

588159410 [http-bio-8080-exec-330] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response
(open documents only)

588547075 [http-bio-8080-exec-260] INFO  org.apache.solr.core.SolrCore  ?
[collection1] webapp=/solr path=/select
params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(
content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie)}
hits=4404 status=0 QTime=96

Here i get only 4404 results which i get if i select only alfresco as
source without selecting sharepoint.

588159410 [http-bio-8080-exec-330] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response
(open documents only)

588159479 [http-bio-8080-exec-330] INFO  org.apache.solr.core.SolrCore  ?
[collection1] webapp=/solr path=/select
params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(
content_source:SharePoint+AND+uthenticatedUserName%3Dljangra@iwater.ie)}
hits=4404 status=0 QTime=70


Then i moved to below structure where i need to pass sharepoint_expression
as raw query parameters for filter queries.

(alfresco_expression) OR (is_sharepoint) & sharepoint_expression

This way i got results from both alfresco and sharepoint. Here i get 5425
results including alfresco as well as sharepoint.

588799237 [http-bio-8080-exec-331] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for
user '[:ljangra@iwater.ie]'

588799238 [http-bio-8080-exec-331] INFO
org.apache.http.impl.client.DefaultHttpClient  ? I/O exception
(org.apache.http.NoHttpResponseException) caught when processing request:
The target server failed to respond

588799239 [http-bio-8080-exec-331] INFO
org.apache.http.impl.client.DefaultHttpClient  ? Retrying request

588799330 [http-bio-8080-exec-331] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response
AUTHORIZED:SharePointAuthConnection

588799338 [http-bio-8080-exec-331] INFO  org.apache.solr.core.SolrCore  ?
[collection1] webapp=/solr path=/select
params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+content_source:SharePoint&AuthenticatedUserName=
ljangra@iwater.ie} hits=5245 status=0 QTime=103

Also for sharepoint only queries, if i try filter queries as below, i got
no results.

(sharepoint_expression AND is_sharepoint)


587320867 [http-bio-8080-exec-325] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for
user '[:ljangra@iwater.ie]'

587320868 [http-bio-8080-exec-325] INFO
org.apache.http.impl.client.DefaultHttpClient  ? I/O exception
(org.apache.http.NoHttpResponseException) caught when processing request:
The target server failed to respond

587320869 [http-bio-8080-exec-325] INFO
org.apache.http.impl.client.DefaultHttpClient  ? Retrying request

587324291 [http-bio-8080-exec-325] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response
AUTHORIZED:SharePointAuthConnection

587324292 [http-bio-8080-exec-325] INFO  org.apache.solr.core.SolrCore  ?
[collection1] webapp=/solr path=/select
params={indent=true&q=*:*&_=1407823092895&wt=json&fq=
content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie
&AuthenticatedUserName=ljangra@iwater.ie} hits=0 status=0 QTime=3426

587338061 [http-bio-8080-exec-325] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response
(open documents only)

587338061 [http-bio-8080-exec-325] INFO  org.apache.solr.core.SolrCore  ?
[collection1] webapp=/solr path=/select
params={indent=true&q=*:*&_=1407823109996&wt=json&fq=
content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie}
hits=0 status=0 QTime=1


But if i use sharepoint_expression as below , get results for sahrepoint
only.


fq=content_source:SharePoint&version=2&AuthenticatedUserName=
ljangra@iwater.ie

589523637 [http-bio-8080-exec-260] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for
user '[:ljangra@iwater.ie]'

589523639 [http-bio-8080-exec-260] INFO
org.apache.http.impl.client.DefaultHttpClient  ? I/O exception
(org.apache.http.NoHttpResponseException) caught when processing request:
The target server failed to respond

589523639 [http-bio-8080-exec-260] INFO
org.apache.http.impl.client.DefaultHttpClient  ? Retrying request

589523698 [http-bio-8080-exec-260] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response
AUTHORIZED:SharePointAuthConnection

589523699 [http-bio-8080-exec-260] INFO  org.apache.solr.core.SolrCore  ?
[collection1] webapp=/solr path=/select
params={sort=score+desc&df=text&q="lalit"&q.op=OR&wt=javabin&qt=/select&fq=content_source:SharePoint&version=2&AuthenticatedUserName=
ljangra@iwater.ie} hits=35 status=0 QTime=62


What i assume is whatever is passed with AuthenticatedUserName variable, it
is compared with stored ACLs in index and accordingly results are displayed.

Please suggest.

regards.


On Mon, Aug 11, 2014 at 10:59 PM, Karl Wright <daddywri@gmail.com> wrote:

> Hi Lalit,
>
> First, if both Alfresco and SharePoint documents are indexed with the same
> MCF instance, then you do
> not need to play games like this.  You only need the one query that the
> MCF solr plugin generates.
>
> If that's not the case, then what you want are two separate clauses where
> one matches Alfresco documents and one clause that matches SharePoint
> documents.  The expression therefore would look like this:
>
> (alfresco_expression AND is_alfresco) OR (sharepoint_expression AND
> is_sharepoint)
>
>
> It cannot look like this and work:
>
> (alfresco_expression OR sharepoint_expression) OR is_sharepoint
>
> That is nonsensical.
> Karl
>
>
>
> On Mon, Aug 11, 2014 at 1:22 PM, lalit jangra <lalit.j.jangra@gmail.com>
> wrote:
>
>> Thanks Karl,
>>
>> In this query i am searching for results in both alfresco and SharePoint.
>> So before OR i am checking for alfresco ACLs and post OR i am checking for
>> SharePoint ACLs by supplying authenticatedusername .Hence OR facilitates
>> here for both options.
>>  On Aug 11, 2014 10:44 PM, "Karl Wright" <daddywri@gmail.com> wrote:
>>
>>> Hi Lalit,
>>>
>>> Have a look at this query:
>>>
>>> 522471481 [http-bio-8080-exec-238] INFO  org.apache.solr.core.SolrCore
>>> ? [collection1] webapp=/solr path=/select
>>> params={sort=score+desc&df=text&q="blue"&q.op=OR&wt=javabin&qt=/select&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EMAIL_CONTRIBUTORS%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_ExtendedWriters3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-CTX-IWDesktop%2BOR%2BGROUP_GLS-IW-CTX-IWStandardUsers%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteManager%2BOR%2BGROUP_site_asset-investment%2BOR%2BGROUP_site_asset-investment_SiteManager%2BOR%2BGROUP_site_asset-management%2BOR%2BGROUP_site_asset-management_SiteConsumer%2BOR%2BGROUP_site_asset-programmes%2BOR%2BGROUP_site_asset-programmes_SiteCollaborator%2BOR%2BGROUP_site_asset-programmes_SiteManager%2BOR%2BGROUP_site_asset-strategy%2BOR%2BGROUP_site_asset-strategy_SiteManager%2BOR%2BGROUP_site_capa%2BOR%2BGROUP_site_capa_SiteManager%2BOR%2BGROUP_site_capital-delivery%2BOR%2BGROUP_site_capital-delivery_SiteConsumer%2BOR%2BGROUP_site_communications%2BOR%2BGROUP_site_communications_SiteManager%2BOR%2BGROUP_site_customer-contacts%2BOR%2BGROUP_site_customer-contacts_SiteManager%2BOR%2BGROUP_site_hazcon%2BOR%2BGROUP_site_hazcon_SiteManager%2BOR%2BGROUP_site_human-resources%2BOR%2BGROUP_site_human-resources_SiteCollaborator%2BOR%2BGROUP_site_incident-management%2BOR%2BGROUP_site_incident-management_SiteManager%2BOR%2BGROUP_site_invoices%2BOR%2BGROUP_site_invoices_SiteManager%2BOR%2BGROUP_site_iwcontracts%2BOR%2BGROUP_site_iwcontracts_SiteManager%2BOR%2BGROUP_site_iwproject%2BOR%2BGROUP_site_iwproject_SiteManager%2BOR%2BGROUP_site_iwprojects%2BOR%2BGROUP_site_iwprojects_SiteManager%2BOR%2BGROUP_site_operations-and-maintenance%2BOR%2BGROUP_site_operations-and-maintenance_SiteManager%2BOR%2BGROUP_site_region-connaught-and-ulster%2BOR%2BGROUP_site_region-connaught-and-ulster_SiteCollaborator%2BOR%2BGROUP_site_region-east-and-midlands%2BOR%2BGROUP_site_region-east-and-midlands_SiteCollaborator%2BOR%2BGROUP_site_region-south-la-file-share%2BOR%2BGROUP_site_region-south-la-file-share_SiteCollaborator%2BOR%2BGROUP_site_rm%2BOR%2BGROUP_site_rm_SiteManager%2BOR%2BGROUP_site_site-water-investment-approvals-committee%2BOR%2BGROUP_site_site-water-investment-approvals-committee_SiteCollaborator%2BOR%2BGROUP_site_test-public%2BOR%2BGROUP_site_test-public_SiteManager%2BOR%2BGROUP_site_testing-private%2BOR%2BGROUP_site_testing-private_SiteManager%2529)+OR+content_source:SharePoint&version=2&AuthenticatedUserName=
>>> vchauhan@iwater.ie} hits=11 status=0 QTime=10
>>>
>>>
>>> Note the following at the very end of the fq field:
>>> "+OR+content_source:SharePoint".  That will basically disable the entire
>>> rest of the filter and permit ALL documents through that were indexed by
>>> SharePoint.  It should be "+AND+content_source:SharePoint".
>>>
>>> Karl
>>>
>>>
>>>
>>> On Mon, Aug 11, 2014 at 1:05 PM, lalit jangra <lalit.j.jangra@gmail.com>
>>> wrote:
>>>
>>>> Sure Karl,
>>>>
>>>> Can you let me know what type of logs you need?I am attaching part of
>>>> solr.log for your reference.
>>>>
>>>> Regards.
>>>> On Aug 11, 2014 9:42 PM, "Karl Wright" <daddywri@gmail.com> wrote:
>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> Are you sure you are using the standard select query handler?  In
>>>>> order to convince me, you will need to enable appropriate Solr logging
so I
>>>>> can see how a request is processed and whether the MCF solr plugin is
being
>>>>> called.
>>>>>
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Aug 11, 2014 at 11:59 AM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>>> Thanks Karl,
>>>>>>
>>>>>> Below are my comments.
>>>>>>
>>>>>> 1. Your Solr query is in fact not hooked up to use the appropriate
>>>>>> MCF Solr plugin, in which case no security whatsoever is being applied.
>>>>>> --- Below is snippet from solrconfig.xml from one of servers with
MCF
>>>>>> Solr plugin included and enabled with /select query handler which
i am
>>>>>> using for search. I assume i need not to provide full server name
for AuthorityServiceBaseURL
>>>>>> & instead localhost will work fine.
>>>>>>
>>>>>>
>>>>>> <!-- ManifoldCF document security enforcement component -->
>>>>>>
>>>>>>   <queryParser name="manifoldCFSecurity"
>>>>>>
>>>>>>     class="org.apache.solr.mcf.ManifoldCFQParserPlugin">
>>>>>>
>>>>>>     <str name="AuthorityServiceBaseURL">
>>>>>> http://localhost:80/mcf-authority-service</str>
>>>>>>
>>>>>>     <int name="ConnectionPoolSize">50</int>
>>>>>>
>>>>>>   </queryParser>
>>>>>>
>>>>>>
>>>>>>
>>>>>>    <!-- ManifoldCF document security enforcement component -->
>>>>>>
>>>>>>   <searchComponent name="manifoldCFSecurity"
>>>>>>
>>>>>>     class="org.apache.solr.mcf.ManifoldCFSearchComponent">
>>>>>>
>>>>>>     <str name="AuthorityServiceBaseURL">
>>>>>> http://localhost:80/mcf-authority-service</str>
>>>>>>
>>>>>>     <int name="ConnectionPoolSize">50</int>
>>>>>>
>>>>>>   </searchComponent>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>   <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>
>>>>>>      <lst name="defaults">
>>>>>>
>>>>>>        <str name="echoParams">explicit</str>
>>>>>>
>>>>>>        <int name="rows">10000</int>
>>>>>>
>>>>>>        <str name="df">text</str>
>>>>>>
>>>>>>      </lst>
>>>>>>
>>>>>>          <lst name="appends">
>>>>>>
>>>>>>                 <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>
>>>>>>          </lst>
>>>>>>
>>>>>>   </requestHandler>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Below is one of queries built for same using AuthenticatedUserName
>>>>>>
>>>>>>
>>>>>>
>>>>>> q=%22blue%22&q.op=OR&df=text&qt=%2Fselect&sort=score+desc&fq=content_source%3ASharePoint&AuthenticatedUserName=ljangra%
>>>>>> 40iwater.ie
>>>>>>
>>>>>>
>>>>>> 2. You are supposed to be able to see the documents, but the URL
>>>>>> ManifoldCF is generating does not permit you to log into SharePoint
for
>>>>>> some reason.
>>>>>> -- If i go to the location of the search result, i am not able to
see
>>>>>> any document available there for me as per my permissions.
>>>>>>
>>>>>> 3. You indexed the documents with security "off", and so no security
>>>>>> information was attached to the documents in Solr.
>>>>>> --- I have enabled security before starting the job as below.
>>>>>>
>>>>>>
>>>>>> Please suggest.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>> On Mon, Aug 11, 2014 at 5:17 PM, Karl Wright <daddywri@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Lalit,
>>>>>>>
>>>>>>> There are a number of possibilities.  You will need to do some
>>>>>>> investigation to figure out which one it is.  Here are the possibilities
I
>>>>>>> see:
>>>>>>>
>>>>>>> (1) Your Solr query is in fact not hooked up to use the appropriate
>>>>>>> MCF Solr plugin, in which case no security whatsoever is being
applied.
>>>>>>> (2) You are supposed to be able to see the documents, but the
URL
>>>>>>> ManifoldCF is generating does not permit you to log into SharePoint
for
>>>>>>> some reason.
>>>>>>> (3) You indexed the documents with security "off", and so no
>>>>>>> security information was attached to the documents in Solr.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Karl
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Aug 11, 2014 at 7:30 AM, lalit jangra <
>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I am using MCF 1.5.1 and crawling SharePoint 2010 list items.
I
>>>>>>>> have also placed MCF solr ACL plugin into solr instances
and updated
>>>>>>>> solrconfig.xml for same. I created a job to connect to SharePoint
and
>>>>>>>> indexed list items in solr.
>>>>>>>>
>>>>>>>> Next i am searching for content items from index and what
i could
>>>>>>>> see is that i am able to see search results for content on
which i do not
>>>>>>>> have any access. I can see these content into search results
but when i am
>>>>>>>> trying to aceess these content , i can getting SharePoint
access denied
>>>>>>>> error. Ideally if a user has no access to a content, he should
not be see
>>>>>>>> these content.
>>>>>>>>
>>>>>>>> Am i missing anything here?
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Lalit.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Lalit.
>>>>>>
>>>>>
>>>>>
>>>
>


-- 
Regards,
Lalit.

Mime
View raw message