Thanks Karl,

I will write code for sure but your advice is always precious.

Regards.


On Wed, Aug 13, 2014 at 4:41 PM, Karl Wright <daddywri@gmail.com> wrote:

Hi Lalit,

 

I’m afraid I cannot write your code for you.  All I can say is:

 

-- you will need to pass in sufficient information to construct your query using Solr parameters

-- Query building in Solr is pretty simple; you should need to use TermQuery, BooleanQuery, and ConstantScoreQuery only; there are many examples already in the plugin you can draw from

 

Here are some helpful links.

 

http://lucene.apache.org/core/4_7_0/core/org/apache/lucene/search/BooleanQuery.html

http://lucene.apache.org/core/4_7_0/core/org/apache/lucene/search/TermQuery.html

http://lucene.apache.org/core/4_7_0/core/org/apache/lucene/search/ConstantScoreQuery.html

 

Karl



On Wed, Aug 13, 2014 at 6:53 AM, lalit jangra <lalit.j.jangra@gmail.com> wrote:
Hi Karl,

I am testing updated ManifoldCFQParserPlugin.java and what i did in my implementation is to update for handling Alfresco ACLs also,For same  i need to do taks as below.
1. Update ManifoldCFQParserPlugin.java to accommodate multiple sources : alfresco or sharepoint or both. As per source selected, i need to create boolean queries after adding checks to see what type of source is passed.
2. I am adding multiple conditions as per content source passed. E.g. for sharepoint, i need not to do anything and need to move it as per check.But if alfresco is selected, i need to have a condition based on content source as to which mechanism to use as sharepoint uses different acls method than alfresco.
3. If both are selected, i need to handle it in different condition check. Also i am passing content source to ManifoldCFQParserPlugin.java beforehand to accomplish this.

Please suggest.

Regards.



On Tue, Aug 12, 2014 at 6:43 PM, lalit jangra <lalit.j.jangra@gmail.com> wrote:
Thanks a lot Karl,

I will follow the steps and update you.

Regards.


On Tue, Aug 12, 2014 at 6:30 PM, Karl Wright <daddywri@gmail.com> wrote:
Directions for modifying the solr plugin:

(1) Download the plugin source package from the mcf site
(2) Unpack
(3) In ManifoldCFQParserPlugin.java, go to line 276.  The query clause that comes from ManifoldCF has been constructed by that point.  Instead of returning that query, though, also construct your Alfresco clause based on passed-in Alfresco access tokens.  You can access these tokens from the incoming parameters using code like this:

String[] alfrescoTokens = params.getParams("alfresco_tokens");

You will need to form the alfresco tokens into a Query and merge that Query with the one from ManifoldCF.

Karl



On Tue, Aug 12, 2014 at 8:07 AM, Karl Wright <daddywri@gmail.com> wrote:
I think that would fix the issue, yes.  Stop passing anything in "fq=" and modify the plugin.

Karl


On Tue, Aug 12, 2014 at 7:42 AM, lalit jangra <lalit.j.jangra@gmail.com> wrote:
Thanks Karl,

So it means to me that i need to update ManifoldCFQParserPlugin.java to accommodate for alfresco also and as we are passing AuthenticateUserName for SharePoint, we need to devise a meachanism to pass ACLs for alfresco as well and modify parse() method to make combined query?

This would be the fix for issue?

Please suggest.

Regards.


On Tue, Aug 12, 2014 at 5:05 PM, Karl Wright <daddywri@gmail.com> wrote:
Hi Lalit,

It occurs to me that even if you use the MCF search component, you will still need to make customizations, because otherwise only documents visible to the SharePoint user will be visible.

I think that if you can pass the alfresco access tokens in via another argument (say, "alfresco="), then you can modify the query-parser plugin to do what you need.

Karl



On Tue, Aug 12, 2014 at 7:27 AM, Karl Wright <daddywri@gmail.com> wrote:
Hi Lalit,

The MCF query-parser plugin does have access to the incoming "fq" parameter, but in order to do anything useful with it it would have to parse it, and turn it into a Query.  In addition, you would need to decide whether the passed-in fq argument should:

-- RESTRICT the documents further that match the MCF authorization criteria
-- ADD documents that do not match the MCF authorization criteria

It can't be both, so I can't see making this a general feature.  For these reasons I don't recommend this approach.  Instead, you should be able to add the MCF search component to the standard query processing chain, and that should always work.  The biggest question is just where in the chain you put the plugin.

Thanks,
Karl



On Tue, Aug 12, 2014 at 7:08 AM, lalit jangra <lalit.j.jangra@gmail.com> wrote:
Thanks Karl,

Does it mean that i need to update OOTB MCF-Solr component i.e. ManifoldCFQParserPlugin.java and pass all my arguments there and update the final query?

Currently  i am using filter queries to maintain resultsets from different sources : alfresco & sharepoint as index from alfresco & sharepoint are stored into same solr collection.
E.g. If i search for alfresco, it works fine but if i search for sahrepoint using AuthenticatedUserName only without using filter to return results from sharepoint, i get results from both alfresco(as open items from MCF-Solr plugin) & sharepoint.

Please suggest.

Regards.


On Tue, Aug 12, 2014 at 3:44 PM, Karl Wright <daddywri@gmail.com> wrote:
Hi Lalit,

The ManifoldCF query parser plugin only has the option of generating a filter query from incoming arguments.  It does not have the option of replacing the incoming arguments:

>>>>>>
    public Query parse()
<<<<<<

It is Solr that decides whether an fq argument you pass overrides a queryparser's plugin output.  I can't change how that works.

For what you are trying to do, you may do better by using the MCF search component instead, since that modifies the whole query, rather than just the fq field.

Karl



On Tue, Aug 12, 2014 at 6:07 AM, lalit jangra <lalit.j.jangra@gmail.com> wrote:
Thanks Karl,

It means that is seems to be clash between two fq or filter queries. First fq is set by MCF-Solr plugin which return SharePoint user tokens and then i am using another fq to create filter query based on content_source etc. which overwrites previous one

How can i consume incoming MCF-Solr plugin into second/other fq here as i could not see any results coming from MCF-Solr plugin? Also as i am passing AutheticatedUserName as raw query parameter, i was expecting results to be replaced inline within query itself.

Please suggest.

Regards.


On Tue, Aug 12, 2014 at 3:20 PM, Karl Wright <daddywri@gmail.com> wrote:
Hi Lalit,

Yes, it seems likely that the MCF solr plugin is setting fq to the right query expression, and then you are later setting fq to something else entirely with your own plugin.

Your plugin must take the incoming fq field and include it in the final expression.

Karl



On Tue, Aug 12, 2014 at 4:23 AM, lalit jangra <lalit.j.jangra@gmail.com> wrote:
Thanks Karl for promptness,

Invoking http://<your_mcf_instance/mcf-authority-service/UserACLs?username=ljangra@iwater.ie gives me below ACLs which seem to be fine to me.

AUTHORIZED:SharePointAuthConnection

TOKEN:SharepointAuthGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-32-545

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813

TOKEN:SharepointAuthGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149

TOKEN:SharepointAuthGroup:Uc%3A0%21.s%7Cwindows

TOKEN:SharepointAuthGroup:Uc%3A0%28.s%7Ctrue


I got it now, the missing part is absence of user tokens in solr query as you mentioned.

Please suggest.

Regards.



On Tue, Aug 12, 2014 at 12:32 PM, Karl Wright <daddywri@gmail.com> wrote:
Hi Lalit,

The MCF plugin does this:
- Looks for the AuthenticatedUserName parameter
- Sends the AuthenticatedUserName parameter to ManifoldCF's authority service, and gets back user tokens
- Constructs a filter query (fq) expression from the user tokens

It's very hard for me to guess which acls come from your SharePoint instance and which come from your Alfresco instance.  But this is almost certainly wrong:

fq=content_source:SharePoint&version=2&AuthenticatedUserName=ljangra@iwater.ie
... because there are no access tokens whatsoever.

This too has no ACLs:
fq=content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie


This has access tokens, but they seem to all be from Alfresco:
fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+content_source:SharePoint&AuthenticatedUserName=ljangra@iwater.ie

So frankly I see no evidence that you are including any SharePoint access tokens in your query at all.  Could you do the following:

curl "http://<your_mcf_instance/mcf-authority-service/UserACLs?username=ljangra@iwater.ie"

... and send me what you get back?  If that looks good, I suggest that you are probably overwriting the mcf plugin's fq entirely, and not including it in your expression.

Thanks,
Karl




On Tue, Aug 12, 2014 at 2:38 AM, lalit jangra <lalit.j.jangra@gmail.com> wrote:
Thanks Karl,

I am working with filter queries here and initially i tried to put filter queries as below but it did not work and i got only alfresco content.

(alfresco_expression AND is_alfresco) OR (sharepoint_expression AND is_sharepoint)

Here is query from solr logs for same.

588159410 [http-bio-8080-exec-330] INFO  org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response (open documents only)

588547075 [http-bio-8080-exec-260] INFO  org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie)} hits=4404 status=0 QTime=96


Here i get only 4404 results which i get if i select only alfresco as source without selecting sharepoint.

588159410 [http-bio-8080-exec-330] INFO  org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response (open documents only)

588159479 [http-bio-8080-exec-330] INFO  org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(content_source:SharePoint+AND+uthenticatedUserName%3Dljangra@iwater.ie)} hits=4404 status=0 QTime=70



Then i moved to below structure where i need to pass sharepoint_expression as raw query parameters for filter queries.

(alfresco_expression) OR (is_sharepoint) & sharepoint_expression

This way i got results from both alfresco and sharepoint. Here i get 5425 results including alfresco as well as sharepoint.

588799237 [http-bio-8080-exec-331] INFO  org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for user '[:ljangra@iwater.ie]'

588799238 [http-bio-8080-exec-331] INFO  org.apache.http.impl.client.DefaultHttpClient  ? I/O exception (org.apache.http.NoHttpResponseException) caught when processing request: The target server failed to respond

588799239 [http-bio-8080-exec-331] INFO  org.apache.http.impl.client.DefaultHttpClient  ? Retrying request

588799330 [http-bio-8080-exec-331] INFO  org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response AUTHORIZED:SharePointAuthConnection

588799338 [http-bio-8080-exec-331] INFO  org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+content_source:SharePoint&AuthenticatedUserName=ljangra@iwater.ie} hits=5245 status=0 QTime=103


Also for sharepoint only queries, if i try filter queries as below, i got no results.

(sharepoint_expression AND is_sharepoint)


587320867 [http-bio-8080-exec-325] INFO  org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for user '[:ljangra@iwater.ie]'

587320868 [http-bio-8080-exec-325] INFO  org.apache.http.impl.client.DefaultHttpClient  ? I/O exception (org.apache.http.NoHttpResponseException) caught when processing request: The target server failed to respond

587320869 [http-bio-8080-exec-325] INFO  org.apache.http.impl.client.DefaultHttpClient  ? Retrying request

587324291 [http-bio-8080-exec-325] INFO  org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response AUTHORIZED:SharePointAuthConnection

587324292 [http-bio-8080-exec-325] INFO  org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select params={indent=true&q=*:*&_=1407823092895&wt=json&fq=content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie&AuthenticatedUserName=ljangra@iwater.ie} hits=0 status=0 QTime=3426

587338061 [http-bio-8080-exec-325] INFO  org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response (open documents only)

587338061 [http-bio-8080-exec-325] INFO  org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select params={indent=true&q=*:*&_=1407823109996&wt=json&fq=content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie} hits=0 status=0 QTime=1


But if i use sharepoint_expression as below , get results for sahrepoint only.


fq=content_source:SharePoint&version=2&AuthenticatedUserName=ljangra@iwater.ie

589523637 [http-bio-8080-exec-260] INFO  org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for user '[:ljangra@iwater.ie]'

589523639 [http-bio-8080-exec-260] INFO  org.apache.http.impl.client.DefaultHttpClient  ? I/O exception (org.apache.http.NoHttpResponseException) caught when processing request: The target server failed to respond

589523639 [http-bio-8080-exec-260] INFO  org.apache.http.impl.client.DefaultHttpClient  ? Retrying request

589523698 [http-bio-8080-exec-260] INFO  org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response AUTHORIZED:SharePointAuthConnection

589523699 [http-bio-8080-exec-260] INFO  org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select params={sort=score+desc&df=text&q="lalit"&q.op=OR&wt=javabin&qt=/select&fq=content_source:SharePoint&version=2&AuthenticatedUserName=ljangra@iwater.ie} hits=35 status=0 QTime=62


What i assume is whatever is passed with AuthenticatedUserName variable, it is compared with stored ACLs in index and accordingly results are displayed.

Please suggest.

regards.


On Mon, Aug 11, 2014 at 10:59 PM, Karl Wright <daddywri@gmail.com> wrote:
Hi Lalit,

First, if both Alfresco and SharePoint documents are indexed with the same MCF instance, then you do
not need to play games like this.  You only need the one query that the MCF solr plugin generates.

If that's not the case, then what you want are two separate clauses where one matches Alfresco documents and one clause that matches SharePoint documents.  The expression therefore would look like this:

(alfresco_expression AND is_alfresco) OR (sharepoint_expression AND is_sharepoint)


It cannot look like this and work:

(alfresco_expression OR sharepoint_expression) OR is_sharepoint

That is nonsensical.
Karl



On Mon, Aug 11, 2014 at 1:22 PM, lalit jangra <lalit.j.jangra@gmail.com> wrote:

Thanks Karl,

In this query i am searching for results in both alfresco and SharePoint. So before OR i am checking for alfresco ACLs and post OR i am checking for SharePoint ACLs by supplying authenticatedusername .Hence OR facilitates here for both options.

On Aug 11, 2014 10:44 PM, "Karl Wright" <daddywri@gmail.com> wrote:
Hi Lalit,

Have a look at this query:

522471481 [http-bio-8080-exec-238] INFO  org.apache.solr.core.SolrCore  ? [collection1] webapp=/solr path=/select params={sort=score+desc&df=text&q="blue"&q.op=OR&wt=javabin&qt=/select&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EMAIL_CONTRIBUTORS%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_ExtendedWriters3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-CTX-IWDesktop%2BOR%2BGROUP_GLS-IW-CTX-IWStandardUsers%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteManager%2BOR%2BGROUP_site_asset-investment%2BOR%2BGROUP_site_asset-investment_SiteManager%2BOR%2BGROUP_site_asset-management%2BOR%2BGROUP_site_asset-management_SiteConsumer%2BOR%2BGROUP_site_asset-programmes%2BOR%2BGROUP_site_asset-programmes_SiteCollaborator%2BOR%2BGROUP_site_asset-programmes_SiteManager%2BOR%2BGROUP_site_asset-strategy%2BOR%2BGROUP_site_asset-strategy_SiteManager%2BOR%2BGROUP_site_capa%2BOR%2BGROUP_site_capa_SiteManager%2BOR%2BGROUP_site_capital-delivery%2BOR%2BGROUP_site_capital-delivery_SiteConsumer%2BOR%2BGROUP_site_communications%2BOR%2BGROUP_site_communications_SiteManager%2BOR%2BGROUP_site_customer-contacts%2BOR%2BGROUP_site_customer-contacts_SiteManager%2BOR%2BGROUP_site_hazcon%2BOR%2BGROUP_site_hazcon_SiteManager%2BOR%2BGROUP_site_human-resources%2BOR%2BGROUP_site_human-resources_SiteCollaborator%2BOR%2BGROUP_site_incident-management%2BOR%2BGROUP_site_incident-management_SiteManager%2BOR%2BGROUP_site_invoices%2BOR%2BGROUP_site_invoices_SiteManager%2BOR%2BGROUP_site_iwcontracts%2BOR%2BGROUP_site_iwcontracts_SiteManager%2BOR%2BGROUP_site_iwproject%2BOR%2BGROUP_site_iwproject_SiteManager%2BOR%2BGROUP_site_iwprojects%2BOR%2BGROUP_site_iwprojects_SiteManager%2BOR%2BGROUP_site_operations-and-maintenance%2BOR%2BGROUP_site_operations-and-maintenance_SiteManager%2BOR%2BGROUP_site_region-connaught-and-ulster%2BOR%2BGROUP_site_region-connaught-and-ulster_SiteCollaborator%2BOR%2BGROUP_site_region-east-and-midlands%2BOR%2BGROUP_site_region-east-and-midlands_SiteCollaborator%2BOR%2BGROUP_site_region-south-la-file-share%2BOR%2BGROUP_site_region-south-la-file-share_SiteCollaborator%2BOR%2BGROUP_site_rm%2BOR%2BGROUP_site_rm_SiteManager%2BOR%2BGROUP_site_site-water-investment-approvals-committee%2BOR%2BGROUP_site_site-water-investment-approvals-committee_SiteCollaborator%2BOR%2BGROUP_site_test-public%2BOR%2BGROUP_site_test-public_SiteManager%2BOR%2BGROUP_site_testing-private%2BOR%2BGROUP_site_testing-private_SiteManager%2529)+OR+content_source:SharePoint&version=2&AuthenticatedUserName=vchauhan@iwater.ie} hits=11 status=0 QTime=10


Note the following at the very end of the fq field: "+OR+content_source:SharePoint".  That will basically disable the entire rest of the filter and permit ALL documents through that were indexed by SharePoint.  It should be "+AND+content_source:SharePoint".

Karl



On Mon, Aug 11, 2014 at 1:05 PM, lalit jangra <lalit.j.jangra@gmail.com> wrote:

Sure Karl,

Can you let me know what type of logs you need?I am attaching part of solr.log for your reference. 

Regards.

On Aug 11, 2014 9:42 PM, "Karl Wright" <daddywri@gmail.com> wrote:
Hi Lalit,

Are you sure you are using the standard select query handler?  In order to convince me, you will need to enable appropriate Solr logging so I can see how a request is processed and whether the MCF solr plugin is being called.

Karl



On Mon, Aug 11, 2014 at 11:59 AM, lalit jangra <lalit.j.jangra@gmail.com> wrote:
Thanks Karl,

Below are my comments.

1. Your Solr query is in fact not hooked up to use the appropriate MCF Solr plugin, in which case no security whatsoever is being applied.
--- Below is snippet from solrconfig.xml from one of servers with MCF Solr plugin included and enabled with /select query handler which i am using for search. I assume i need not to provide full server name for AuthorityServiceBaseURL & instead localhost will work fine.
       

<!-- ManifoldCF document security enforcement component -->

  <queryParser name="manifoldCFSecurity"

    class="org.apache.solr.mcf.ManifoldCFQParserPlugin">

    <str name="AuthorityServiceBaseURL">http://localhost:80/mcf-authority-service</str>

    <int name="ConnectionPoolSize">50</int>

  </queryParser>

 

   <!-- ManifoldCF document security enforcement component -->

  <searchComponent name="manifoldCFSecurity"

    class="org.apache.solr.mcf.ManifoldCFSearchComponent">

    <str name="AuthorityServiceBaseURL">http://localhost:80/mcf-authority-service</str>

    <int name="ConnectionPoolSize">50</int>

  </searchComponent>

 

 

  <requestHandler name="/select" class="solr.SearchHandler">

     <lst name="defaults">

       <str name="echoParams">explicit</str>

       <int name="rows">10000</int>

       <str name="df">text</str>

     </lst>

         <lst name="appends">

                <str name="fq">{!manifoldCFSecurity}</str>

         </lst>

  </requestHandler>

 

Below is one of queries built for same using AuthenticatedUserName


q=%22blue%22&q.op=OR&df=text&qt=%2Fselect&sort=score+desc&fq=content_source%3ASharePoint&AuthenticatedUserName=ljangra%40iwater.ie


2. You are supposed to be able to see the documents, but the URL ManifoldCF is generating does not permit you to log into SharePoint for some reason.
-- If i go to the location of the search result, i am not able to see any document available there for me as per my permissions.

3. You indexed the documents with security "off", and so no security information was attached to the documents in Solr.
--- I have enabled security before starting the job as below.


Please suggest.

Regards.


On Mon, Aug 11, 2014 at 5:17 PM, Karl Wright <daddywri@gmail.com> wrote:
Hi Lalit,

There are a number of possibilities.  You will need to do some investigation to figure out which one it is.  Here are the possibilities I see:

(1) Your Solr query is in fact not hooked up to use the appropriate MCF Solr plugin, in which case no security whatsoever is being applied.
(2) You are supposed to be able to see the documents, but the URL ManifoldCF is generating does not permit you to log into SharePoint for some reason.
(3) You indexed the documents with security "off", and so no security information was attached to the documents in Solr.

Thanks,
Karl



On Mon, Aug 11, 2014 at 7:30 AM, lalit jangra <lalit.j.jangra@gmail.com> wrote:
Hi,

I am using MCF 1.5.1 and crawling SharePoint 2010 list items. I have also placed MCF solr ACL plugin into solr instances and updated solrconfig.xml for same. I created a job to connect to SharePoint and indexed list items in solr.

Next i am searching for content items from index and what i could see is that i am able to see search results for content on which i do not have any access. I can see these content into search results but when i am trying to aceess these content , i can getting SharePoint access denied error. Ideally if a user has no access to a content, he should not be see these content.

Am i missing anything here?

Regards,
Lalit.




--
Regards,
Lalit.






--
Regards,
Lalit.




--
Regards,
Lalit.




--
Regards,
Lalit.




--
Regards,
Lalit.





--
Regards,
Lalit.





--
Regards,
Lalit.



--
Regards,
Lalit.




--
Regards,
Lalit.