manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lalit jangra <lalit.j.jan...@gmail.com>
Subject Re: Solr MCF ACL Plugin
Date Wed, 13 Aug 2014 10:53:48 GMT
Hi Karl,

I am testing updated ManifoldCFQParserPlugin.java and what i did in my
implementation is to update for handling Alfresco ACLs also,For same  i
need to do taks as below.
1. Update ManifoldCFQParserPlugin.java to accommodate multiple sources :
alfresco or sharepoint or both. As per source selected, i need to create
boolean queries after adding checks to see what type of source is passed.
2. I am adding multiple conditions as per content source passed. E.g. for
sharepoint, i need not to do anything and need to move it as per check.But
if alfresco is selected, i need to have a condition based on content source
as to which mechanism to use as sharepoint uses different acls method than
alfresco.
3. If both are selected, i need to handle it in different condition check.
Also i am passing content source to ManifoldCFQParserPlugin.java beforehand
to accomplish this.

Please suggest.

Regards.



On Tue, Aug 12, 2014 at 6:43 PM, lalit jangra <lalit.j.jangra@gmail.com>
wrote:

> Thanks a lot Karl,
>
> I will follow the steps and update you.
>
> Regards.
>
>
> On Tue, Aug 12, 2014 at 6:30 PM, Karl Wright <daddywri@gmail.com> wrote:
>
>> Directions for modifying the solr plugin:
>>
>> (1) Download the plugin source package from the mcf site
>> (2) Unpack
>> (3) In ManifoldCFQParserPlugin.java, go to line 276.  The query clause
>> that comes from ManifoldCF has been constructed by that point.  Instead of
>> returning that query, though, also construct your Alfresco clause based on
>> passed-in Alfresco access tokens.  You can access these tokens from the
>> incoming parameters using code like this:
>>
>> String[] alfrescoTokens = params.getParams("alfresco_tokens");
>>
>> You will need to form the alfresco tokens into a Query and merge that
>> Query with the one from ManifoldCF.
>>
>> Karl
>>
>>
>>
>> On Tue, Aug 12, 2014 at 8:07 AM, Karl Wright <daddywri@gmail.com> wrote:
>>
>>> I think that would fix the issue, yes.  Stop passing anything in "fq="
>>> and modify the plugin.
>>>
>>> Karl
>>>
>>>
>>> On Tue, Aug 12, 2014 at 7:42 AM, lalit jangra <lalit.j.jangra@gmail.com>
>>> wrote:
>>>
>>>> Thanks Karl,
>>>>
>>>> So it means to me that i need to update ManifoldCFQParserPlugin.java to
>>>> accommodate for alfresco also and as we are passing AuthenticateUserName
>>>> for SharePoint, we need to devise a meachanism to pass ACLs for alfresco as
>>>> well and modify parse() method to make combined query?
>>>>
>>>> This would be the fix for issue?
>>>>
>>>> Please suggest.
>>>>
>>>> Regards.
>>>>
>>>>
>>>> On Tue, Aug 12, 2014 at 5:05 PM, Karl Wright <daddywri@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> It occurs to me that even if you use the MCF search component, you
>>>>> will still need to make customizations, because otherwise only documents
>>>>> visible to the SharePoint user will be visible.
>>>>>
>>>>> I think that if you can pass the alfresco access tokens in via another
>>>>> argument (say, "alfresco="), then you can modify the query-parser plugin to
>>>>> do what you need.
>>>>>
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Aug 12, 2014 at 7:27 AM, Karl Wright <daddywri@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Lalit,
>>>>>>
>>>>>> The MCF query-parser plugin does have access to the incoming "fq"
>>>>>> parameter, but in order to do anything useful with it it would have to
>>>>>> parse it, and turn it into a Query.  In addition, you would need to decide
>>>>>> whether the passed-in fq argument should:
>>>>>>
>>>>>> -- RESTRICT the documents further that match the MCF authorization
>>>>>> criteria
>>>>>> -- ADD documents that do not match the MCF authorization criteria
>>>>>>
>>>>>> It can't be both, so I can't see making this a general feature.  For
>>>>>> these reasons I don't recommend this approach.  Instead, you should be able
>>>>>> to add the MCF search component to the standard query processing chain, and
>>>>>> that should always work.  The biggest question is just where in the chain
>>>>>> you put the plugin.
>>>>>>
>>>>>> Thanks,
>>>>>> Karl
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Aug 12, 2014 at 7:08 AM, lalit jangra <
>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>
>>>>>>> Thanks Karl,
>>>>>>>
>>>>>>> Does it mean that i need to update OOTB MCF-Solr component i.e.
>>>>>>> ManifoldCFQParserPlugin.java and pass all my arguments there and update the
>>>>>>> final query?
>>>>>>>
>>>>>>> Currently  i am using filter queries to maintain resultsets from
>>>>>>> different sources : alfresco & sharepoint as index from alfresco &
>>>>>>> sharepoint are stored into same solr collection.
>>>>>>> E.g. If i search for alfresco, it works fine but if i search for
>>>>>>> sahrepoint using AuthenticatedUserName only without using filter to return
>>>>>>> results from sharepoint, i get results from both alfresco(as open items
>>>>>>> from MCF-Solr plugin) & sharepoint.
>>>>>>>
>>>>>>> Please suggest.
>>>>>>>
>>>>>>> Regards.
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Aug 12, 2014 at 3:44 PM, Karl Wright <daddywri@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Lalit,
>>>>>>>>
>>>>>>>> The ManifoldCF query parser plugin only has the option of
>>>>>>>> generating a filter query from incoming arguments.  It does not have the
>>>>>>>> option of replacing the incoming arguments:
>>>>>>>>
>>>>>>>> >>>>>>
>>>>>>>>     public Query parse()
>>>>>>>> <<<<<<
>>>>>>>>
>>>>>>>> It is Solr that decides whether an fq argument you pass overrides a
>>>>>>>> queryparser's plugin output.  I can't change how that works.
>>>>>>>>
>>>>>>>> For what you are trying to do, you may do better by using the MCF
>>>>>>>> search component instead, since that modifies the whole query, rather than
>>>>>>>> just the fq field.
>>>>>>>>
>>>>>>>> Karl
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Aug 12, 2014 at 6:07 AM, lalit jangra <
>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Thanks Karl,
>>>>>>>>>
>>>>>>>>> It means that is seems to be clash between two fq or filter
>>>>>>>>> queries. First fq is set by MCF-Solr plugin which return SharePoint user
>>>>>>>>> tokens and then i am using another fq to create filter query based on
>>>>>>>>> content_source etc. which overwrites previous one
>>>>>>>>>
>>>>>>>>> How can i consume incoming MCF-Solr plugin into second/other fq
>>>>>>>>> here as i could not see any results coming from MCF-Solr plugin? Also as i
>>>>>>>>> am passing AutheticatedUserName as raw query parameter, i was expecting
>>>>>>>>> results to be replaced inline within query itself.
>>>>>>>>>
>>>>>>>>> Please suggest.
>>>>>>>>>
>>>>>>>>> Regards.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Tue, Aug 12, 2014 at 3:20 PM, Karl Wright <daddywri@gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Lalit,
>>>>>>>>>>
>>>>>>>>>> Yes, it seems likely that the MCF solr plugin is setting fq to
>>>>>>>>>> the right query expression, and then you are later setting fq to something
>>>>>>>>>> else entirely with your own plugin.
>>>>>>>>>>
>>>>>>>>>> Your plugin must take the incoming fq field and include it in the
>>>>>>>>>> final expression.
>>>>>>>>>>
>>>>>>>>>> Karl
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Tue, Aug 12, 2014 at 4:23 AM, lalit jangra <
>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Thanks Karl for promptness,
>>>>>>>>>>>
>>>>>>>>>>> Invoking http://
>>>>>>>>>>> <your_mcf_instance/mcf-authority-service/UserACLs?username=
>>>>>>>>>>> ljangra@iwater.ie gives me below ACLs which seem to be fine to
>>>>>>>>>>> me.
>>>>>>>>>>>
>>>>>>>>>>> AUTHORIZED:SharePointAuthConnection
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SharepointAuthGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SharepointAuthGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%28.s%7Ctrue
>>>>>>>>>>>
>>>>>>>>>>> I got it now, the missing part is absence of user tokens in solr
>>>>>>>>>>> query as you mentioned.
>>>>>>>>>>>
>>>>>>>>>>> Please suggest.
>>>>>>>>>>>
>>>>>>>>>>> Regards.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Tue, Aug 12, 2014 at 12:32 PM, Karl Wright <
>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>
>>>>>>>>>>>> The MCF plugin does this:
>>>>>>>>>>>> - Looks for the AuthenticatedUserName parameter
>>>>>>>>>>>> - Sends the AuthenticatedUserName parameter to ManifoldCF's
>>>>>>>>>>>> authority service, and gets back user tokens
>>>>>>>>>>>> - Constructs a filter query (fq) expression from the user tokens
>>>>>>>>>>>>
>>>>>>>>>>>> It's very hard for me to guess which acls come from your
>>>>>>>>>>>> SharePoint instance and which come from your Alfresco instance.  But this
>>>>>>>>>>>> is almost certainly wrong:
>>>>>>>>>>>>
>>>>>>>>>>>> fq=content_source:SharePoint&version=2&AuthenticatedUserName=
>>>>>>>>>>>> ljangra@iwater.ie
>>>>>>>>>>>> ... because there are no access tokens whatsoever.
>>>>>>>>>>>>
>>>>>>>>>>>> This too has no ACLs:
>>>>>>>>>>>> fq=
>>>>>>>>>>>> content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> This has access tokens, but they seem to all be from Alfresco:
>>>>>>>>>>>>
>>>>>>>>>>>> fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+content_source:SharePoint&AuthenticatedUserName=
>>>>>>>>>>>> ljangra@iwater.ie
>>>>>>>>>>>>
>>>>>>>>>>>> So frankly I see no evidence that you are including any
>>>>>>>>>>>> SharePoint access tokens in your query at all.  Could you do the following:
>>>>>>>>>>>>
>>>>>>>>>>>> curl "http://
>>>>>>>>>>>> <your_mcf_instance/mcf-authority-service/UserACLs?username=
>>>>>>>>>>>> ljangra@iwater.ie"
>>>>>>>>>>>>
>>>>>>>>>>>> ... and send me what you get back?  If that looks good, I
>>>>>>>>>>>> suggest that you are probably overwriting the mcf plugin's fq entirely, and
>>>>>>>>>>>> not including it in your expression.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>> Karl
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Tue, Aug 12, 2014 at 2:38 AM, lalit jangra <
>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I am working with filter queries here and initially i tried to
>>>>>>>>>>>>> put filter queries as below but it did not work and i got only alfresco
>>>>>>>>>>>>> content.
>>>>>>>>>>>>>
>>>>>>>>>>>>> (alfresco_expression AND is_alfresco) OR
>>>>>>>>>>>>> (sharepoint_expression AND is_sharepoint)
>>>>>>>>>>>>>
>>>>>>>>>>>>> Here is query from solr logs for same.
>>>>>>>>>>>>>
>>>>>>>>>>>>> 588159410 [http-bio-8080-exec-330] INFO
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response
>>>>>>>>>>>>> (open documents only)
>>>>>>>>>>>>>
>>>>>>>>>>>>> 588547075 [http-bio-8080-exec-260] INFO
>>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>>> params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(
>>>>>>>>>>>>> content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie)}
>>>>>>>>>>>>> hits=4404 status=0 QTime=96
>>>>>>>>>>>>>
>>>>>>>>>>>>> Here i get only 4404 results which i get if i select only
>>>>>>>>>>>>> alfresco as source without selecting sharepoint.
>>>>>>>>>>>>>
>>>>>>>>>>>>> 588159410 [http-bio-8080-exec-330] INFO
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response
>>>>>>>>>>>>> (open documents only)
>>>>>>>>>>>>>
>>>>>>>>>>>>> 588159479 [http-bio-8080-exec-330] INFO
>>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>>> params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(
>>>>>>>>>>>>> content_source:SharePoint+AND+uthenticatedUserName%3Dljangra@iwater.ie)}
>>>>>>>>>>>>> hits=4404 status=0 QTime=70
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Then i moved to below structure where i need to pass
>>>>>>>>>>>>> sharepoint_expression as raw query parameters for filter queries.
>>>>>>>>>>>>>
>>>>>>>>>>>>> (alfresco_expression) OR (is_sharepoint) &
>>>>>>>>>>>>> sharepoint_expression
>>>>>>>>>>>>>
>>>>>>>>>>>>> This way i got results from both alfresco and sharepoint. Here
>>>>>>>>>>>>> i get 5425 results including alfresco as well as sharepoint.
>>>>>>>>>>>>>
>>>>>>>>>>>>> 588799237 [http-bio-8080-exec-331] INFO
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for
>>>>>>>>>>>>> user '[:ljangra@iwater.ie]'
>>>>>>>>>>>>>
>>>>>>>>>>>>> 588799238 [http-bio-8080-exec-331] INFO
>>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient  ? I/O exception
>>>>>>>>>>>>> (org.apache.http.NoHttpResponseException) caught when processing request:
>>>>>>>>>>>>> The target server failed to respond
>>>>>>>>>>>>>
>>>>>>>>>>>>> 588799239 [http-bio-8080-exec-331] INFO
>>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient  ? Retrying request
>>>>>>>>>>>>>
>>>>>>>>>>>>> 588799330 [http-bio-8080-exec-331] INFO
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response
>>>>>>>>>>>>> AUTHORIZED:SharePointAuthConnection
>>>>>>>>>>>>>
>>>>>>>>>>>>> 588799338 [http-bio-8080-exec-331] INFO
>>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>>> params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+content_source:SharePoint&AuthenticatedUserName=
>>>>>>>>>>>>> ljangra@iwater.ie} hits=5245 status=0 QTime=103
>>>>>>>>>>>>>
>>>>>>>>>>>>> Also for sharepoint only queries, if i try filter queries as
>>>>>>>>>>>>> below, i got no results.
>>>>>>>>>>>>>
>>>>>>>>>>>>> (sharepoint_expression AND is_sharepoint)
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> 587320867 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for
>>>>>>>>>>>>> user '[:ljangra@iwater.ie]'
>>>>>>>>>>>>>
>>>>>>>>>>>>> 587320868 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient  ? I/O exception
>>>>>>>>>>>>> (org.apache.http.NoHttpResponseException) caught when processing request:
>>>>>>>>>>>>> The target server failed to respond
>>>>>>>>>>>>>
>>>>>>>>>>>>> 587320869 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient  ? Retrying request
>>>>>>>>>>>>>
>>>>>>>>>>>>> 587324291 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response
>>>>>>>>>>>>> AUTHORIZED:SharePointAuthConnection
>>>>>>>>>>>>>
>>>>>>>>>>>>> 587324292 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>>> params={indent=true&q=*:*&_=1407823092895&wt=json&fq=
>>>>>>>>>>>>> content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie
>>>>>>>>>>>>> &AuthenticatedUserName=ljangra@iwater.ie} hits=0 status=0
>>>>>>>>>>>>> QTime=3426
>>>>>>>>>>>>>
>>>>>>>>>>>>> 587338061 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response
>>>>>>>>>>>>> (open documents only)
>>>>>>>>>>>>>
>>>>>>>>>>>>> 587338061 [http-bio-8080-exec-325] INFO
>>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>>> params={indent=true&q=*:*&_=1407823109996&wt=json&fq=
>>>>>>>>>>>>> content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie}
>>>>>>>>>>>>> hits=0 status=0 QTime=1
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> But if i use sharepoint_expression as below , get results for
>>>>>>>>>>>>> sahrepoint only.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> fq=content_source:SharePoint&version=2&AuthenticatedUserName=
>>>>>>>>>>>>> ljangra@iwater.ie
>>>>>>>>>>>>>
>>>>>>>>>>>>>  589523637 [http-bio-8080-exec-260] INFO
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for
>>>>>>>>>>>>> user '[:ljangra@iwater.ie]'
>>>>>>>>>>>>>
>>>>>>>>>>>>> 589523639 [http-bio-8080-exec-260] INFO
>>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient  ? I/O exception
>>>>>>>>>>>>> (org.apache.http.NoHttpResponseException) caught when processing request:
>>>>>>>>>>>>> The target server failed to respond
>>>>>>>>>>>>>
>>>>>>>>>>>>> 589523639 [http-bio-8080-exec-260] INFO
>>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient  ? Retrying request
>>>>>>>>>>>>>
>>>>>>>>>>>>> 589523698 [http-bio-8080-exec-260] INFO
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response
>>>>>>>>>>>>> AUTHORIZED:SharePointAuthConnection
>>>>>>>>>>>>>
>>>>>>>>>>>>> 589523699 [http-bio-8080-exec-260] INFO
>>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>>> params={sort=score+desc&df=text&q="lalit"&q.op=OR&wt=javabin&qt=/select&fq=content_source:SharePoint&version=2&AuthenticatedUserName=
>>>>>>>>>>>>> ljangra@iwater.ie} hits=35 status=0 QTime=62
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> What i assume is whatever is passed with AuthenticatedUserName
>>>>>>>>>>>>> variable, it is compared with stored ACLs in index and accordingly results
>>>>>>>>>>>>> are displayed.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Please suggest.
>>>>>>>>>>>>>
>>>>>>>>>>>>> regards.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 10:59 PM, Karl Wright <
>>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> First, if both Alfresco and SharePoint documents are indexed
>>>>>>>>>>>>>> with the same MCF instance, then you do
>>>>>>>>>>>>>> not need to play games like this.  You only need the one
>>>>>>>>>>>>>> query that the MCF solr plugin generates.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> If that's not the case, then what you want are two separate
>>>>>>>>>>>>>> clauses where one matches Alfresco documents and one clause that matches
>>>>>>>>>>>>>> SharePoint documents.  The expression therefore would look like this:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> (alfresco_expression AND is_alfresco) OR
>>>>>>>>>>>>>> (sharepoint_expression AND is_sharepoint)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> It cannot look like this and work:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> (alfresco_expression OR sharepoint_expression) OR
>>>>>>>>>>>>>> is_sharepoint
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> That is nonsensical.
>>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 1:22 PM, lalit jangra <
>>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> In this query i am searching for results in both alfresco
>>>>>>>>>>>>>>> and SharePoint. So before OR i am checking for alfresco ACLs and post OR i
>>>>>>>>>>>>>>> am checking for SharePoint ACLs by supplying authenticatedusername .Hence
>>>>>>>>>>>>>>> OR facilitates here for both options.
>>>>>>>>>>>>>>>  On Aug 11, 2014 10:44 PM, "Karl Wright" <daddywri@gmail.com>
>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Have a look at this query:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 522471481 [http-bio-8080-exec-238] INFO
>>>>>>>>>>>>>>>> org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select
>>>>>>>>>>>>>>>> params={sort=score+desc&df=text&q="blue"&q.op=OR&wt=javabin&qt=/select&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EMAIL_CONTRIBUTORS%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_ExtendedWriters3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-CTX-IWDesktop%2BOR%2BGROUP_GLS-IW-CTX-IWStandardUsers%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteManager%2BOR%2BGROUP_site_asset-investment%2BOR%2BGROUP_site_asset-investment_SiteManager%2BOR%2BGROUP_site_asset-management%2BOR%2BGROUP_site_asset-management_SiteConsumer%2BOR%2BGROUP_site_asset-programmes%2BOR%2BGROUP_site_asset-programmes_SiteCollaborator%2BOR%2BGROUP_site_asset-programmes_SiteManager%2BOR%2BGROUP_site_asset-strategy%2BOR%2BGROUP_site_asset-strategy_SiteManager%2BOR%2BGROUP_site_capa%2BOR%2BGROUP_site_capa_SiteManager%2BOR%2BGROUP_site_capital-delivery%2BOR%2BGROUP_site_capital-delivery_SiteConsumer%2BOR%2BGROUP_site_communications%2BOR%2BGROUP_site_communications_SiteManager%2BOR%2BGROUP_site_customer-contacts%2BOR%2BGROUP_site_customer-contacts_SiteManager%2BOR%2BGROUP_site_hazcon%2BOR%2BGROUP_site_hazcon_SiteManager%2BOR%2BGROUP_site_human-resources%2BOR%2BGROUP_site_human-resources_SiteCollaborator%2BOR%2BGROUP_site_incident-management%2BOR%2BGROUP_site_incident-management_SiteManager%2BOR%2BGROUP_site_invoices%2BOR%2BGROUP_site_invoices_SiteManager%2BOR%2BGROUP_site_iwcontracts%2BOR%2BGROUP_site_iwcontracts_SiteManager%2BOR%2BGROUP_site_iwproject%2BOR%2BGROUP_site_iwproject_SiteManager%2BOR%2BGROUP_site_iwprojects%2BOR%2BGROUP_site_iwprojects_SiteManager%2BOR%2BGROUP_site_operations-and-maintenance%2BOR%2BGROUP_site_operations-and-maintenance_SiteManager%2BOR%2BGROUP_site_region-connaught-and-ulster%2BOR%2BGROUP_site_region-connaught-and-ulster_SiteCollaborator%2BOR%2BGROUP_site_region-east-and-midlands%2BOR%2BGROUP_site_region-east-and-midlands_SiteCollaborator%2BOR%2BGROUP_site_region-south-la-file-share%2BOR%2BGROUP_site_region-south-la-file-share_SiteCollaborator%2BOR%2BGROUP_site_rm%2BOR%2BGROUP_site_rm_SiteManager%2BOR%2BGROUP_site_site-water-investment-approvals-committee%2BOR%2BGROUP_site_site-water-investment-approvals-committee_SiteCollaborator%2BOR%2BGROUP_site_test-public%2BOR%2BGROUP_site_test-public_SiteManager%2BOR%2BGROUP_site_testing-private%2BOR%2BGROUP_site_testing-private_SiteManager%2529)+OR+content_source:SharePoint&version=2&AuthenticatedUserName=
>>>>>>>>>>>>>>>> vchauhan@iwater.ie} hits=11 status=0 QTime=10
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Note the following at the very end of the fq field:
>>>>>>>>>>>>>>>> "+OR+content_source:SharePoint".  That will basically disable the entire
>>>>>>>>>>>>>>>> rest of the filter and permit ALL documents through that were indexed by
>>>>>>>>>>>>>>>> SharePoint.  It should be "+AND+content_source:SharePoint".
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 1:05 PM, lalit jangra <
>>>>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Sure Karl,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Can you let me know what type of logs you need?I am
>>>>>>>>>>>>>>>>> attaching part of solr.log for your reference.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>>>>> On Aug 11, 2014 9:42 PM, "Karl Wright" <daddywri@gmail.com>
>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Are you sure you are using the standard select query
>>>>>>>>>>>>>>>>>> handler?  In order to convince me, you will need to enable appropriate Solr
>>>>>>>>>>>>>>>>>> logging so I can see how a request is processed and whether the MCF solr
>>>>>>>>>>>>>>>>>> plugin is being called.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 11:59 AM, lalit jangra <
>>>>>>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Below are my comments.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 1. Your Solr query is in fact not hooked up to use the
>>>>>>>>>>>>>>>>>>> appropriate MCF Solr plugin, in which case no security whatsoever is being
>>>>>>>>>>>>>>>>>>> applied.
>>>>>>>>>>>>>>>>>>> --- Below is snippet from solrconfig.xml from one of
>>>>>>>>>>>>>>>>>>> servers with MCF Solr plugin included and enabled with /select query
>>>>>>>>>>>>>>>>>>> handler which i am using for search. I assume i need not to provide full
>>>>>>>>>>>>>>>>>>> server name for AuthorityServiceBaseURL & instead
>>>>>>>>>>>>>>>>>>> localhost will work fine.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> <!-- ManifoldCF document security enforcement component
>>>>>>>>>>>>>>>>>>> -->
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>   <queryParser name="manifoldCFSecurity"
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>     class="org.apache.solr.mcf.ManifoldCFQParserPlugin">
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>     <str name="AuthorityServiceBaseURL">
>>>>>>>>>>>>>>>>>>> http://localhost:80/mcf-authority-service</str>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>     <int name="ConnectionPoolSize">50</int>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>   </queryParser>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>    <!-- ManifoldCF document security enforcement
>>>>>>>>>>>>>>>>>>> component -->
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>   <searchComponent name="manifoldCFSecurity"
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> class="org.apache.solr.mcf.ManifoldCFSearchComponent">
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>     <str name="AuthorityServiceBaseURL">
>>>>>>>>>>>>>>>>>>> http://localhost:80/mcf-authority-service</str>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>     <int name="ConnectionPoolSize">50</int>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>   </searchComponent>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>   <requestHandler name="/select"
>>>>>>>>>>>>>>>>>>> class="solr.SearchHandler">
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>      <lst name="defaults">
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>        <str name="echoParams">explicit</str>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>        <int name="rows">10000</int>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>        <str name="df">text</str>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>      </lst>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>          <lst name="appends">
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>                 <str
>>>>>>>>>>>>>>>>>>> name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>          </lst>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>   </requestHandler>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Below is one of queries built for same using
>>>>>>>>>>>>>>>>>>> AuthenticatedUserName
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> q=%22blue%22&q.op=OR&df=text&qt=%2Fselect&sort=score+desc&fq=content_source%3ASharePoint&AuthenticatedUserName=ljangra%
>>>>>>>>>>>>>>>>>>> 40iwater.ie
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 2. You are supposed to be able to see the documents, but
>>>>>>>>>>>>>>>>>>> the URL ManifoldCF is generating does not permit you to log into SharePoint
>>>>>>>>>>>>>>>>>>> for some reason.
>>>>>>>>>>>>>>>>>>> -- If i go to the location of the search result, i am
>>>>>>>>>>>>>>>>>>> not able to see any document available there for me as per my permissions.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 3. You indexed the documents with security "off", and so
>>>>>>>>>>>>>>>>>>> no security information was attached to the documents in Solr.
>>>>>>>>>>>>>>>>>>> --- I have enabled security before starting the job as
>>>>>>>>>>>>>>>>>>> below.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Please suggest.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 5:17 PM, Karl Wright <
>>>>>>>>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> There are a number of possibilities.  You will need to
>>>>>>>>>>>>>>>>>>>> do some investigation to figure out which one it is.  Here are the
>>>>>>>>>>>>>>>>>>>> possibilities I see:
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> (1) Your Solr query is in fact not hooked up to use the
>>>>>>>>>>>>>>>>>>>> appropriate MCF Solr plugin, in which case no security whatsoever is being
>>>>>>>>>>>>>>>>>>>> applied.
>>>>>>>>>>>>>>>>>>>> (2) You are supposed to be able to see the documents,
>>>>>>>>>>>>>>>>>>>> but the URL ManifoldCF is generating does not permit you to log into
>>>>>>>>>>>>>>>>>>>> SharePoint for some reason.
>>>>>>>>>>>>>>>>>>>> (3) You indexed the documents with security "off", and
>>>>>>>>>>>>>>>>>>>> so no security information was attached to the documents in Solr.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 7:30 AM, lalit jangra <
>>>>>>>>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> I am using MCF 1.5.1 and crawling SharePoint 2010 list
>>>>>>>>>>>>>>>>>>>>> items. I have also placed MCF solr ACL plugin into solr instances and
>>>>>>>>>>>>>>>>>>>>> updated solrconfig.xml for same. I created a job to connect to SharePoint
>>>>>>>>>>>>>>>>>>>>> and indexed list items in solr.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Next i am searching for content items from index and
>>>>>>>>>>>>>>>>>>>>> what i could see is that i am able to see search results for content on
>>>>>>>>>>>>>>>>>>>>> which i do not have any access. I can see these content into search results
>>>>>>>>>>>>>>>>>>>>> but when i am trying to aceess these content , i can getting SharePoint
>>>>>>>>>>>>>>>>>>>>> access denied error. Ideally if a user has no access to a content, he
>>>>>>>>>>>>>>>>>>>>> should not be see these content.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Am i missing anything here?
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>>>>>>>>> Lalit.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>>>>>>> Lalit.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Lalit.
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Regards,
>>>>>>>>>>> Lalit.
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Regards,
>>>>>>>>> Lalit.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>> Lalit.
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Lalit.
>>>>
>>>
>>>
>>
>
>
> --
> Regards,
> Lalit.
>



-- 
Regards,
Lalit.

Mime
View raw message