Return-Path: X-Original-To: apmail-manifoldcf-user-archive@www.apache.org Delivered-To: apmail-manifoldcf-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 20BD711A7C for ; Wed, 13 Aug 2014 11:29:02 +0000 (UTC) Received: (qmail 7482 invoked by uid 500); 13 Aug 2014 11:29:01 -0000 Delivered-To: apmail-manifoldcf-user-archive@manifoldcf.apache.org Received: (qmail 7429 invoked by uid 500); 13 Aug 2014 11:29:01 -0000 Mailing-List: contact user-help@manifoldcf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@manifoldcf.apache.org Delivered-To: mailing list user@manifoldcf.apache.org Received: (qmail 7419 invoked by uid 99); 13 Aug 2014 11:29:01 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Aug 2014 11:29:01 +0000 X-ASF-Spam-Status: No, hits=2.8 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,URI_HEX X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of daddywri@gmail.com designates 209.85.160.169 as permitted sender) Received: from [209.85.160.169] (HELO mail-yk0-f169.google.com) (209.85.160.169) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Aug 2014 11:28:31 +0000 Received: by mail-yk0-f169.google.com with SMTP id 131so8138796ykp.0 for ; Wed, 13 Aug 2014 04:28:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=jRtCBC+l7aIjhGt8E083IVZs3nSMf/5dUUSfC21/9RA=; b=lPF0T/LMiys6ANGhvfq1lMHSaz6jz+OJQuiY21XFbQZiNzOovU4lXMlcwXUO2MN5v4 i6H9DsC0BKF9xDn69p8M69EI66Q6MUGmvAPWzILs7iZSUgLUApqOXuzRLIiKnCyFAOGx Asq6z1Stsp/lgs/fvqVNrruVOp19V9h9KSNvpRgjmxIOnsIYO4VUrS8LFFb8dWC5OBJx 7OxQJGeNuvtngQs7RKC6p1ZqEXteOqpOjJvQT42hjqfi/v6vYfL/oEcAe/FYz9B5zzhN FD5LOKfSkhxlPyT43k/t3qLixjOBa13yrcRbevWdjPkqYTXoT1CKzqkhUVFiq35JCn8I /G1w== MIME-Version: 1.0 X-Received: by 10.236.136.168 with SMTP id w28mr6026890yhi.132.1407929309978; Wed, 13 Aug 2014 04:28:29 -0700 (PDT) Received: by 10.170.131.73 with HTTP; Wed, 13 Aug 2014 04:28:29 -0700 (PDT) In-Reply-To: References: Date: Wed, 13 Aug 2014 07:28:29 -0400 Message-ID: Subject: Re: Solr MCF ACL Plugin From: Karl Wright To: "user@manifoldcf.apache.org" Content-Type: multipart/alternative; boundary=20cf303ddb9863e5b805008116ad X-Virus-Checked: Checked by ClamAV on apache.org --20cf303ddb9863e5b805008116ad Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I will be happy to review what you write for correctness. Karl On Wed, Aug 13, 2014 at 7:15 AM, lalit jangra wrote: > Thanks Karl, > > I will write code for sure but your advice is always precious. > > Regards. > > > On Wed, Aug 13, 2014 at 4:41 PM, Karl Wright wrote: > >> Hi Lalit, >> >> >> >> I=E2=80=99m afraid I cannot write your code for you. All I can say is: >> >> >> >> -- you will need to pass in sufficient information to construct your >> query using Solr parameters >> >> -- Query building in Solr is pretty simple; you should need to use >> TermQuery, BooleanQuery, and ConstantScoreQuery only; there are many >> examples already in the plugin you can draw from >> >> >> >> Here are some helpful links. >> >> >> >> >> http://lucene.apache.org/core/4_7_0/core/org/apache/lucene/search/Boolea= nQuery.html >> >> >> http://lucene.apache.org/core/4_7_0/core/org/apache/lucene/search/TermQu= ery.html >> >> >> http://lucene.apache.org/core/4_7_0/core/org/apache/lucene/search/Consta= ntScoreQuery.html >> >> >> >> Karl >> >> >> On Wed, Aug 13, 2014 at 6:53 AM, lalit jangra >> wrote: >> >>> Hi Karl, >>> >>> I am testing updated ManifoldCFQParserPlugin.java and what i did in my >>> implementation is to update for handling Alfresco ACLs also,For same i >>> need to do taks as below. >>> 1. Update ManifoldCFQParserPlugin.java to accommodate multiple sources >>> : alfresco or sharepoint or both. As per source selected, i need to cre= ate >>> boolean queries after adding checks to see what type of source is passe= d. >>> 2. I am adding multiple conditions as per content source passed. E.g. >>> for sharepoint, i need not to do anything and need to move it as per >>> check.But if alfresco is selected, i need to have a condition based on >>> content source as to which mechanism to use as sharepoint uses differen= t >>> acls method than alfresco. >>> 3. If both are selected, i need to handle it in different condition >>> check. Also i am passing content source to ManifoldCFQParserPlugin.java >>> beforehand to accomplish this. >>> >>> Please suggest. >>> >>> Regards. >>> >>> >>> >>> On Tue, Aug 12, 2014 at 6:43 PM, lalit jangra >>> wrote: >>> >>>> Thanks a lot Karl, >>>> >>>> I will follow the steps and update you. >>>> >>>> Regards. >>>> >>>> >>>> On Tue, Aug 12, 2014 at 6:30 PM, Karl Wright >>>> wrote: >>>> >>>>> Directions for modifying the solr plugin: >>>>> >>>>> (1) Download the plugin source package from the mcf site >>>>> (2) Unpack >>>>> (3) In ManifoldCFQParserPlugin.java, go to line 276. The query claus= e >>>>> that comes from ManifoldCF has been constructed by that point. Inste= ad of >>>>> returning that query, though, also construct your Alfresco clause bas= ed on >>>>> passed-in Alfresco access tokens. You can access these tokens from t= he >>>>> incoming parameters using code like this: >>>>> >>>>> String[] alfrescoTokens =3D params.getParams("alfresco_tokens"); >>>>> >>>>> You will need to form the alfresco tokens into a Query and merge that >>>>> Query with the one from ManifoldCF. >>>>> >>>>> Karl >>>>> >>>>> >>>>> >>>>> On Tue, Aug 12, 2014 at 8:07 AM, Karl Wright >>>>> wrote: >>>>> >>>>>> I think that would fix the issue, yes. Stop passing anything in >>>>>> "fq=3D" and modify the plugin. >>>>>> >>>>>> Karl >>>>>> >>>>>> >>>>>> On Tue, Aug 12, 2014 at 7:42 AM, lalit jangra < >>>>>> lalit.j.jangra@gmail.com> wrote: >>>>>> >>>>>>> Thanks Karl, >>>>>>> >>>>>>> So it means to me that i need to update ManifoldCFQParserPlugin.jav= a >>>>>>> to accommodate for alfresco also and as we are passing Authenticate= UserName >>>>>>> for SharePoint, we need to devise a meachanism to pass ACLs for alf= resco as >>>>>>> well and modify parse() method to make combined query? >>>>>>> >>>>>>> This would be the fix for issue? >>>>>>> >>>>>>> Please suggest. >>>>>>> >>>>>>> Regards. >>>>>>> >>>>>>> >>>>>>> On Tue, Aug 12, 2014 at 5:05 PM, Karl Wright >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Lalit, >>>>>>>> >>>>>>>> It occurs to me that even if you use the MCF search component, you >>>>>>>> will still need to make customizations, because otherwise only doc= uments >>>>>>>> visible to the SharePoint user will be visible. >>>>>>>> >>>>>>>> I think that if you can pass the alfresco access tokens in via >>>>>>>> another argument (say, "alfresco=3D"), then you can modify the que= ry-parser >>>>>>>> plugin to do what you need. >>>>>>>> >>>>>>>> Karl >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Tue, Aug 12, 2014 at 7:27 AM, Karl Wright >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi Lalit, >>>>>>>>> >>>>>>>>> The MCF query-parser plugin does have access to the incoming "fq" >>>>>>>>> parameter, but in order to do anything useful with it it would ha= ve to >>>>>>>>> parse it, and turn it into a Query. In addition, you would need = to decide >>>>>>>>> whether the passed-in fq argument should: >>>>>>>>> >>>>>>>>> -- RESTRICT the documents further that match the MCF authorizatio= n >>>>>>>>> criteria >>>>>>>>> -- ADD documents that do not match the MCF authorization criteria >>>>>>>>> >>>>>>>>> It can't be both, so I can't see making this a general feature. >>>>>>>>> For these reasons I don't recommend this approach. Instead, you = should be >>>>>>>>> able to add the MCF search component to the standard query proces= sing >>>>>>>>> chain, and that should always work. The biggest question is just= where in >>>>>>>>> the chain you put the plugin. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Karl >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Tue, Aug 12, 2014 at 7:08 AM, lalit jangra < >>>>>>>>> lalit.j.jangra@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> Thanks Karl, >>>>>>>>>> >>>>>>>>>> Does it mean that i need to update OOTB MCF-Solr component i.e. >>>>>>>>>> ManifoldCFQParserPlugin.java and pass all my arguments there and= update the >>>>>>>>>> final query? >>>>>>>>>> >>>>>>>>>> Currently i am using filter queries to maintain resultsets from >>>>>>>>>> different sources : alfresco & sharepoint as index from alfresco= & >>>>>>>>>> sharepoint are stored into same solr collection. >>>>>>>>>> E.g. If i search for alfresco, it works fine but if i search for >>>>>>>>>> sahrepoint using AuthenticatedUserName only without using filter= to return >>>>>>>>>> results from sharepoint, i get results from both alfresco(as ope= n items >>>>>>>>>> from MCF-Solr plugin) & sharepoint. >>>>>>>>>> >>>>>>>>>> Please suggest. >>>>>>>>>> >>>>>>>>>> Regards. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Tue, Aug 12, 2014 at 3:44 PM, Karl Wright >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Lalit, >>>>>>>>>>> >>>>>>>>>>> The ManifoldCF query parser plugin only has the option of >>>>>>>>>>> generating a filter query from incoming arguments. It does not= have the >>>>>>>>>>> option of replacing the incoming arguments: >>>>>>>>>>> >>>>>>>>>>> >>>>>> >>>>>>>>>>> public Query parse() >>>>>>>>>>> <<<<<< >>>>>>>>>>> >>>>>>>>>>> It is Solr that decides whether an fq argument you pass >>>>>>>>>>> overrides a queryparser's plugin output. I can't change how th= at works. >>>>>>>>>>> >>>>>>>>>>> For what you are trying to do, you may do better by using the >>>>>>>>>>> MCF search component instead, since that modifies the whole que= ry, rather >>>>>>>>>>> than just the fq field. >>>>>>>>>>> >>>>>>>>>>> Karl >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Tue, Aug 12, 2014 at 6:07 AM, lalit jangra < >>>>>>>>>>> lalit.j.jangra@gmail.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Thanks Karl, >>>>>>>>>>>> >>>>>>>>>>>> It means that is seems to be clash between two fq or filter >>>>>>>>>>>> queries. First fq is set by MCF-Solr plugin which return Share= Point user >>>>>>>>>>>> tokens and then i am using another fq to create filter query b= ased on >>>>>>>>>>>> content_source etc. which overwrites previous one >>>>>>>>>>>> >>>>>>>>>>>> How can i consume incoming MCF-Solr plugin into second/other f= q >>>>>>>>>>>> here as i could not see any results coming from MCF-Solr plugi= n? Also as i >>>>>>>>>>>> am passing AutheticatedUserName as raw query parameter, i was = expecting >>>>>>>>>>>> results to be replaced inline within query itself. >>>>>>>>>>>> >>>>>>>>>>>> Please suggest. >>>>>>>>>>>> >>>>>>>>>>>> Regards. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Tue, Aug 12, 2014 at 3:20 PM, Karl Wright < >>>>>>>>>>>> daddywri@gmail.com> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi Lalit, >>>>>>>>>>>>> >>>>>>>>>>>>> Yes, it seems likely that the MCF solr plugin is setting fq t= o >>>>>>>>>>>>> the right query expression, and then you are later setting fq= to something >>>>>>>>>>>>> else entirely with your own plugin. >>>>>>>>>>>>> >>>>>>>>>>>>> Your plugin must take the incoming fq field and include it in >>>>>>>>>>>>> the final expression. >>>>>>>>>>>>> >>>>>>>>>>>>> Karl >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Tue, Aug 12, 2014 at 4:23 AM, lalit jangra < >>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks Karl for promptness, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Invoking http:// >>>>>>>>>>>>>> >>>>>>>>>>>>> ljangra@iwater.ie gives me below ACLs which seem to be fine >>>>>>>>>>>>>> to me. >>>>>>>>>>>>>> >>>>>>>>>>>>>> AUTHORIZED:SharePointAuthConnection >>>>>>>>>>>>>> >>>>>>>>>>>>>> TOKEN:SharepointAuthGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangr= a >>>>>>>>>>>>>> >>>>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-32-545 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-= 15384281-2988178474-15263 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-= 15384281-2988178474-513 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-= 15384281-2988178474-13472 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-= 15384281-2988178474-3182 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-= 15384281-2988178474-1619 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-= 15384281-2988178474-1813 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> TOKEN:SharepointAuthGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-= 15384281-2988178474-12149 >>>>>>>>>>>>>> >>>>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%21.s%7Cwindows >>>>>>>>>>>>>> >>>>>>>>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%28.s%7Ctrue >>>>>>>>>>>>>> >>>>>>>>>>>>>> I got it now, the missing part is absence of user tokens in >>>>>>>>>>>>>> solr query as you mentioned. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Please suggest. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Regards. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Tue, Aug 12, 2014 at 12:32 PM, Karl Wright < >>>>>>>>>>>>>> daddywri@gmail.com> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi Lalit, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The MCF plugin does this: >>>>>>>>>>>>>>> - Looks for the AuthenticatedUserName parameter >>>>>>>>>>>>>>> - Sends the AuthenticatedUserName parameter to ManifoldCF's >>>>>>>>>>>>>>> authority service, and gets back user tokens >>>>>>>>>>>>>>> - Constructs a filter query (fq) expression from the user >>>>>>>>>>>>>>> tokens >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> It's very hard for me to guess which acls come from your >>>>>>>>>>>>>>> SharePoint instance and which come from your Alfresco insta= nce. But this >>>>>>>>>>>>>>> is almost certainly wrong: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> fq=3Dcontent_source:SharePoint&version=3D2&AuthenticatedUse= rName=3D >>>>>>>>>>>>>>> ljangra@iwater.ie >>>>>>>>>>>>>>> ... because there are no access tokens whatsoever. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> This too has no ACLs: >>>>>>>>>>>>>>> fq=3D >>>>>>>>>>>>>>> content_source:SharePoint+AND+AuthenticatedUserName%3Dljang= ra@iwater.ie >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> This has access tokens, but they seem to all be from >>>>>>>>>>>>>>> Alfresco: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> fq=3D(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_C= TXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_= ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM= -ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-= Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2B= OR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+content_source:SharePoi= nt&AuthenticatedUserName=3D >>>>>>>>>>>>>>> ljangra@iwater.ie >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> So frankly I see no evidence that you are including any >>>>>>>>>>>>>>> SharePoint access tokens in your query at all. Could you d= o the following: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> curl "http:// >>>>>>>>>>>>>>> >>>>>>>>>>>>>> ljangra@iwater.ie" >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ... and send me what you get back? If that looks good, I >>>>>>>>>>>>>>> suggest that you are probably overwriting the mcf plugin's = fq entirely, and >>>>>>>>>>>>>>> not including it in your expression. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>> Karl >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Tue, Aug 12, 2014 at 2:38 AM, lalit jangra < >>>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks Karl, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I am working with filter queries here and initially i trie= d >>>>>>>>>>>>>>>> to put filter queries as below but it did not work and i g= ot only alfresco >>>>>>>>>>>>>>>> content. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> (alfresco_expression AND is_alfresco) OR >>>>>>>>>>>>>>>> (sharepoint_expression AND is_sharepoint) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Here is query from solr logs for same. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 588159410 [http-bio-8080-exec-330] INFO >>>>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Default no-= user response >>>>>>>>>>>>>>>> (open documents only) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 588547075 [http-bio-8080-exec-260] INFO >>>>>>>>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp=3D/s= olr path=3D/select >>>>>>>>>>>>>>>> params=3D{q=3D*:*&fq=3D(content_source:Alfresco+AND+alf_ac= ls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVE= RYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR= %2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands= %2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_si= te_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+( >>>>>>>>>>>>>>>> content_source:SharePoint+AND+AuthenticatedUserName%3Dljan= gra@iwater.ie)} >>>>>>>>>>>>>>>> hits=3D4404 status=3D0 QTime=3D96 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Here i get only 4404 results which i get if i select only >>>>>>>>>>>>>>>> alfresco as source without selecting sharepoint. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 588159410 [http-bio-8080-exec-330] INFO >>>>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Default no-= user response >>>>>>>>>>>>>>>> (open documents only) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 588159479 [http-bio-8080-exec-330] INFO >>>>>>>>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp=3D/s= olr path=3D/select >>>>>>>>>>>>>>>> params=3D{q=3D*:*&fq=3D(content_source:Alfresco+AND+alf_ac= ls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVE= RYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR= %2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands= %2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_si= te_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+( >>>>>>>>>>>>>>>> content_source:SharePoint+AND+uthenticatedUserName%3Dljang= ra@iwater.ie)} >>>>>>>>>>>>>>>> hits=3D4404 status=3D0 QTime=3D70 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Then i moved to below structure where i need to pass >>>>>>>>>>>>>>>> sharepoint_expression as raw query parameters for filter q= ueries. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> (alfresco_expression) OR (is_sharepoint) & >>>>>>>>>>>>>>>> sharepoint_expression >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> This way i got results from both alfresco and sharepoint. >>>>>>>>>>>>>>>> Here i get 5425 results including alfresco as well as shar= epoint. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 588799237 [http-bio-8080-exec-331] INFO >>>>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Trying to m= atch docs for >>>>>>>>>>>>>>>> user '[:ljangra@iwater.ie]' >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 588799238 [http-bio-8080-exec-331] INFO >>>>>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient ? I/O excep= tion >>>>>>>>>>>>>>>> (org.apache.http.NoHttpResponseException) caught when proc= essing request: >>>>>>>>>>>>>>>> The target server failed to respond >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 588799239 [http-bio-8080-exec-331] INFO >>>>>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient ? Retrying = request >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 588799330 [http-bio-8080-exec-331] INFO >>>>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Saw authori= ty response >>>>>>>>>>>>>>>> AUTHORIZED:SharePointAuthConnection >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 588799338 [http-bio-8080-exec-331] INFO >>>>>>>>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp=3D/s= olr path=3D/select >>>>>>>>>>>>>>>> params=3D{q=3D*:*&fq=3D(content_source:Alfresco+AND+alf_ac= ls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVE= RYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR= %2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands= %2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_si= te_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+cont= ent_source:SharePoint&AuthenticatedUserName=3D >>>>>>>>>>>>>>>> ljangra@iwater.ie} hits=3D5245 status=3D0 QTime=3D103 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Also for sharepoint only queries, if i try filter queries >>>>>>>>>>>>>>>> as below, i got no results. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> (sharepoint_expression AND is_sharepoint) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 587320867 [http-bio-8080-exec-325] INFO >>>>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Trying to m= atch docs for >>>>>>>>>>>>>>>> user '[:ljangra@iwater.ie]' >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 587320868 [http-bio-8080-exec-325] INFO >>>>>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient ? I/O excep= tion >>>>>>>>>>>>>>>> (org.apache.http.NoHttpResponseException) caught when proc= essing request: >>>>>>>>>>>>>>>> The target server failed to respond >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 587320869 [http-bio-8080-exec-325] INFO >>>>>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient ? Retrying = request >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 587324291 [http-bio-8080-exec-325] INFO >>>>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Saw authori= ty response >>>>>>>>>>>>>>>> AUTHORIZED:SharePointAuthConnection >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 587324292 [http-bio-8080-exec-325] INFO >>>>>>>>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp=3D/s= olr path=3D/select >>>>>>>>>>>>>>>> params=3D{indent=3Dtrue&q=3D*:*&_=3D1407823092895&wt=3Djso= n&fq=3D >>>>>>>>>>>>>>>> content_source:SharePoint+AND+AuthenticatedUserName%3Dljan= gra@iwater.ie >>>>>>>>>>>>>>>> &AuthenticatedUserName=3Dljangra@iwater.ie} hits=3D0 statu= s=3D0 >>>>>>>>>>>>>>>> QTime=3D3426 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 587338061 [http-bio-8080-exec-325] INFO >>>>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Default no-= user response >>>>>>>>>>>>>>>> (open documents only) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 587338061 [http-bio-8080-exec-325] INFO >>>>>>>>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp=3D/s= olr path=3D/select >>>>>>>>>>>>>>>> params=3D{indent=3Dtrue&q=3D*:*&_=3D1407823109996&wt=3Djso= n&fq=3D >>>>>>>>>>>>>>>> content_source:SharePoint+AND+AuthenticatedUserName%3Dljan= gra@iwater.ie} >>>>>>>>>>>>>>>> hits=3D0 status=3D0 QTime=3D1 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> But if i use sharepoint_expression as below , get results >>>>>>>>>>>>>>>> for sahrepoint only. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> fq=3Dcontent_source:SharePoint&version=3D2&AuthenticatedUs= erName=3D >>>>>>>>>>>>>>>> ljangra@iwater.ie >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 589523637 [http-bio-8080-exec-260] INFO >>>>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Trying to m= atch docs for >>>>>>>>>>>>>>>> user '[:ljangra@iwater.ie]' >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 589523639 [http-bio-8080-exec-260] INFO >>>>>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient ? I/O excep= tion >>>>>>>>>>>>>>>> (org.apache.http.NoHttpResponseException) caught when proc= essing request: >>>>>>>>>>>>>>>> The target server failed to respond >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 589523639 [http-bio-8080-exec-260] INFO >>>>>>>>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient ? Retrying = request >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 589523698 [http-bio-8080-exec-260] INFO >>>>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Saw authori= ty response >>>>>>>>>>>>>>>> AUTHORIZED:SharePointAuthConnection >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 589523699 [http-bio-8080-exec-260] INFO >>>>>>>>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp=3D/s= olr path=3D/select >>>>>>>>>>>>>>>> params=3D{sort=3Dscore+desc&df=3Dtext&q=3D"lalit"&q.op=3DO= R&wt=3Djavabin&qt=3D/select&fq=3Dcontent_source:SharePoint&version=3D2&Auth= enticatedUserName=3D >>>>>>>>>>>>>>>> ljangra@iwater.ie} hits=3D35 status=3D0 QTime=3D62 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> What i assume is whatever is passed with AuthenticatedUser= Name >>>>>>>>>>>>>>>> variable, it is compared with stored ACLs in index and acc= ordingly results >>>>>>>>>>>>>>>> are displayed. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Please suggest. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> regards. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 10:59 PM, Karl Wright < >>>>>>>>>>>>>>>> daddywri@gmail.com> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi Lalit, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> First, if both Alfresco and SharePoint documents are >>>>>>>>>>>>>>>>> indexed with the same MCF instance, then you do >>>>>>>>>>>>>>>>> not need to play games like this. You only need the one >>>>>>>>>>>>>>>>> query that the MCF solr plugin generates. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> If that's not the case, then what you want are two >>>>>>>>>>>>>>>>> separate clauses where one matches Alfresco documents and= one clause that >>>>>>>>>>>>>>>>> matches SharePoint documents. The expression therefore w= ould look like >>>>>>>>>>>>>>>>> this: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> (alfresco_expression AND is_alfresco) OR >>>>>>>>>>>>>>>>> (sharepoint_expression AND is_sharepoint) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> It cannot look like this and work: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> (alfresco_expression OR sharepoint_expression) OR >>>>>>>>>>>>>>>>> is_sharepoint >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> That is nonsensical. >>>>>>>>>>>>>>>>> Karl >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 1:22 PM, lalit jangra < >>>>>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Thanks Karl, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> In this query i am searching for results in both alfresc= o >>>>>>>>>>>>>>>>>> and SharePoint. So before OR i am checking for alfresco = ACLs and post OR i >>>>>>>>>>>>>>>>>> am checking for SharePoint ACLs by supplying authenticat= edusername .Hence >>>>>>>>>>>>>>>>>> OR facilitates here for both options. >>>>>>>>>>>>>>>>>> On Aug 11, 2014 10:44 PM, "Karl Wright" < >>>>>>>>>>>>>>>>>> daddywri@gmail.com> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hi Lalit, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Have a look at this query: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> 522471481 [http-bio-8080-exec-238] INFO >>>>>>>>>>>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp= =3D/solr path=3D/select >>>>>>>>>>>>>>>>>>> params=3D{sort=3Dscore+desc&df=3Dtext&q=3D"blue"&q.op= =3DOR&wt=3Djavabin&qt=3D/select&fq=3D(content_source:Alfresco+AND+alf_acls%= 253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EMAIL_= CONTRIBUTORS%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab9= 4-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_ExtendedWriters3e7350e3-ab94-4ecc-87f= a-d59ad3deda23%2BOR%2BGROUP_GLS-IW-CTX-IWDesktop%2BOR%2BGROUP_GLS-IW-CTX-IW= StandardUsers%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-A= dmins%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteM= anager%2BOR%2BGROUP_site_asset-investment%2BOR%2BGROUP_site_asset-investmen= t_SiteManager%2BOR%2BGROUP_site_asset-management%2BOR%2BGROUP_site_asset-ma= nagement_SiteConsumer%2BOR%2BGROUP_site_asset-programmes%2BOR%2BGROUP_site_= asset-programmes_SiteCollaborator%2BOR%2BGROUP_site_asset-programmes_SiteMa= nager%2BOR%2BGROUP_site_asset-strategy%2BOR%2BGROUP_site_asset-strategy_Sit= eManager%2BOR%2BGROUP_site_capa%2BOR%2BGROUP_site_capa_SiteManager%2BOR%2BG= ROUP_site_capital-delivery%2BOR%2BGROUP_site_capital-delivery_SiteConsumer%= 2BOR%2BGROUP_site_communications%2BOR%2BGROUP_site_communications_SiteManag= er%2BOR%2BGROUP_site_customer-contacts%2BOR%2BGROUP_site_customer-contacts_= SiteManager%2BOR%2BGROUP_site_hazcon%2BOR%2BGROUP_site_hazcon_SiteManager%2= BOR%2BGROUP_site_human-resources%2BOR%2BGROUP_site_human-resources_SiteColl= aborator%2BOR%2BGROUP_site_incident-management%2BOR%2BGROUP_site_incident-m= anagement_SiteManager%2BOR%2BGROUP_site_invoices%2BOR%2BGROUP_site_invoices= _SiteManager%2BOR%2BGROUP_site_iwcontracts%2BOR%2BGROUP_site_iwcontracts_Si= teManager%2BOR%2BGROUP_site_iwproject%2BOR%2BGROUP_site_iwproject_SiteManag= er%2BOR%2BGROUP_site_iwprojects%2BOR%2BGROUP_site_iwprojects_SiteManager%2B= OR%2BGROUP_site_operations-and-maintenance%2BOR%2BGROUP_site_operations-and= -maintenance_SiteManager%2BOR%2BGROUP_site_region-connaught-and-ulster%2BOR= %2BGROUP_site_region-connaught-and-ulster_SiteCollaborator%2BOR%2BGROUP_sit= e_region-east-and-midlands%2BOR%2BGROUP_site_region-east-and-midlands_SiteC= ollaborator%2BOR%2BGROUP_site_region-south-la-file-share%2BOR%2BGROUP_site_= region-south-la-file-share_SiteCollaborator%2BOR%2BGROUP_site_rm%2BOR%2BGRO= UP_site_rm_SiteManager%2BOR%2BGROUP_site_site-water-investment-approvals-co= mmittee%2BOR%2BGROUP_site_site-water-investment-approvals-committee_SiteCol= laborator%2BOR%2BGROUP_site_test-public%2BOR%2BGROUP_site_test-public_SiteM= anager%2BOR%2BGROUP_site_testing-private%2BOR%2BGROUP_site_testing-private_= SiteManager%2529)+OR+content_source:SharePoint&version=3D2&AuthenticatedUse= rName=3D >>>>>>>>>>>>>>>>>>> vchauhan@iwater.ie} hits=3D11 status=3D0 QTime=3D10 >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Note the following at the very end of the fq field: >>>>>>>>>>>>>>>>>>> "+OR+content_source:SharePoint". That will basically d= isable the entire >>>>>>>>>>>>>>>>>>> rest of the filter and permit ALL documents through tha= t were indexed by >>>>>>>>>>>>>>>>>>> SharePoint. It should be "+AND+content_source:SharePoi= nt". >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Karl >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 1:05 PM, lalit jangra < >>>>>>>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Sure Karl, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Can you let me know what type of logs you need?I am >>>>>>>>>>>>>>>>>>>> attaching part of solr.log for your reference. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Regards. >>>>>>>>>>>>>>>>>>>> On Aug 11, 2014 9:42 PM, "Karl Wright" < >>>>>>>>>>>>>>>>>>>> daddywri@gmail.com> wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Hi Lalit, >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Are you sure you are using the standard select query >>>>>>>>>>>>>>>>>>>>> handler? In order to convince me, you will need to e= nable appropriate Solr >>>>>>>>>>>>>>>>>>>>> logging so I can see how a request is processed and w= hether the MCF solr >>>>>>>>>>>>>>>>>>>>> plugin is being called. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Karl >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 11:59 AM, lalit jangra < >>>>>>>>>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Thanks Karl, >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Below are my comments. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> 1. Your Solr query is in fact not hooked up to use >>>>>>>>>>>>>>>>>>>>>> the appropriate MCF Solr plugin, in which case no se= curity whatsoever is >>>>>>>>>>>>>>>>>>>>>> being applied. >>>>>>>>>>>>>>>>>>>>>> --- Below is snippet from solrconfig.xml from one of >>>>>>>>>>>>>>>>>>>>>> servers with MCF Solr plugin included and enabled wi= th /select query >>>>>>>>>>>>>>>>>>>>>> handler which i am using for search. I assume i need= not to provide full >>>>>>>>>>>>>>>>>>>>>> server name for AuthorityServiceBaseURL & instead >>>>>>>>>>>>>>>>>>>>>> localhost will work fine. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> class=3D"org.apache.solr.mcf.ManifoldCFQParserPlugin= "> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> http://localhost:80/mcf-authority-service >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> 50 >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> class=3D"org.apache.solr.mcf.ManifoldCFSearchCompone= nt"> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> http://localhost:80/mcf-authority-service >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> 50 >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> class=3D"solr.SearchHandler"> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> explicit >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> 10000 >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> text >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> name=3D"fq">{!manifoldCFSecurity} >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Below is one of queries built for same using >>>>>>>>>>>>>>>>>>>>>> AuthenticatedUserName >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> q=3D%22blue%22&q.op=3DOR&df=3Dtext&qt=3D%2Fselect&so= rt=3Dscore+desc&fq=3Dcontent_source%3ASharePoint&AuthenticatedUserName=3Dlj= angra% >>>>>>>>>>>>>>>>>>>>>> 40iwater.ie >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> 2. You are supposed to be able to see the documents, >>>>>>>>>>>>>>>>>>>>>> but the URL ManifoldCF is generating does not permit= you to log into >>>>>>>>>>>>>>>>>>>>>> SharePoint for some reason. >>>>>>>>>>>>>>>>>>>>>> -- If i go to the location of the search result, i a= m >>>>>>>>>>>>>>>>>>>>>> not able to see any document available there for me = as per my permissions. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> 3. You indexed the documents with security "off", an= d >>>>>>>>>>>>>>>>>>>>>> so no security information was attached to the docum= ents in Solr. >>>>>>>>>>>>>>>>>>>>>> --- I have enabled security before starting the job >>>>>>>>>>>>>>>>>>>>>> as below. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Please suggest. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Regards. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 5:17 PM, Karl Wright < >>>>>>>>>>>>>>>>>>>>>> daddywri@gmail.com> wrote: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Hi Lalit, >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> There are a number of possibilities. You will need >>>>>>>>>>>>>>>>>>>>>>> to do some investigation to figure out which one it= is. Here are the >>>>>>>>>>>>>>>>>>>>>>> possibilities I see: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> (1) Your Solr query is in fact not hooked up to use >>>>>>>>>>>>>>>>>>>>>>> the appropriate MCF Solr plugin, in which case no s= ecurity whatsoever is >>>>>>>>>>>>>>>>>>>>>>> being applied. >>>>>>>>>>>>>>>>>>>>>>> (2) You are supposed to be able to see the >>>>>>>>>>>>>>>>>>>>>>> documents, but the URL ManifoldCF is generating doe= s not permit you to log >>>>>>>>>>>>>>>>>>>>>>> into SharePoint for some reason. >>>>>>>>>>>>>>>>>>>>>>> (3) You indexed the documents with security "off", >>>>>>>>>>>>>>>>>>>>>>> and so no security information was attached to the = documents in Solr. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>>>>>>> Karl >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 7:30 AM, lalit jangra < >>>>>>>>>>>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> I am using MCF 1.5.1 and crawling SharePoint 2010 >>>>>>>>>>>>>>>>>>>>>>>> list items. I have also placed MCF solr ACL plugin= into solr instances and >>>>>>>>>>>>>>>>>>>>>>>> updated solrconfig.xml for same. I created a job t= o connect to SharePoint >>>>>>>>>>>>>>>>>>>>>>>> and indexed list items in solr. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Next i am searching for content items from index >>>>>>>>>>>>>>>>>>>>>>>> and what i could see is that i am able to see sear= ch results for content on >>>>>>>>>>>>>>>>>>>>>>>> which i do not have any access. I can see these co= ntent into search results >>>>>>>>>>>>>>>>>>>>>>>> but when i am trying to aceess these content , i c= an getting SharePoint >>>>>>>>>>>>>>>>>>>>>>>> access denied error. Ideally if a user has no acce= ss to a content, he >>>>>>>>>>>>>>>>>>>>>>>> should not be see these content. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Am i missing anything here? >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>>>>>>>>> Lalit. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>>>>>>> Lalit. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>> Lalit. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>> Lalit. >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Regards, >>>>>>>>>>>> Lalit. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Regards, >>>>>>>>>> Lalit. >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> Lalit. >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Lalit. >>>> >>> >>> >>> >>> -- >>> Regards, >>> Lalit. >>> >> >> > > > -- > Regards, > Lalit. > --20cf303ddb9863e5b805008116ad Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I will be happy to review what you write for correctness.<= br>Karl


On Wed, Aug 13, 2014 at 7:15 AM, lalit jangra <lalit.j.jangra@g= mail.com> wrote:
Thanks Karl,

I will write code for sure but your advice is always precious.

R= egards.


On Wed, Aug 13, 2014 at 4:41 PM, Karl Wright <daddywri@g= mail.com> wrote:

Hi Lalit,

=C2=A0

I=E2=80=99m afraid I= cannot write your code for you.=C2=A0 All I can say is:

=C2=A0

-- you will need to = pass in sufficient information to construct your query using Solr parameters

-- Query building in= Solr is pretty simple; you should need to use TermQuery, BooleanQuery, and ConstantScoreQuery only; there are many examples already in the plugin you can draw from

=C2=A0

Here are some helpfu= l links.

=C2=A0

http://lucene.apache.org/core/4_7_0/core/org/apache/luce= ne/search/BooleanQuery.html

http://lucene.apache.org/core/4_7_0/core/org/apache/lucene/= search/TermQuery.html

http://lucene.apache.org/core/4_7_0/core/org/apach= e/lucene/search/ConstantScoreQuery.html

=C2=A0

Karl



On Wed, Aug 13, 2014 at 6:53 AM, lalit jangra <lal= it.j.jangra@gmail.com> wrote:
Hi Karl,
=
I am testing updated ManifoldCFQParserPlugin.java and what i did in my = implementation is to update for handling Alfresco ACLs also,For same=C2=A0 = i need to do taks as below.
1. Update ManifoldCFQParserPlugin.java to accommodate multiple sources : al= fresco or sharepoint or both. As per source selected, i need to create bool= ean queries after adding checks to see what type of source is passed.
2. I am adding multiple conditions as per content source passed. E.g.= for sharepoint, i need not to do anything and need to move it as per check= .But if alfresco is selected, i need to have a condition based on content s= ource as to which mechanism to use as sharepoint uses different acls method= than alfresco.
3. If both are selected, i need to handle it in different condition c= heck. Also i am passing content source to ManifoldCFQParserPlugin.java befo= rehand to accomplish this.

Please suggest.

Regards.



On Tue, Aug 12, 2014 at 6:43 PM, lalit jangra <lal= it.j.jangra@gmail.com> wrote:
Tha= nks a lot Karl,

I will follow the steps and update you.

Regards.


On Tue, Aug 12, 2014 at 6:30 PM, Karl Wright <daddywri@gmail.com&g= t; wrote:
Directions for modifying the solr plugin:

(1) Down= load the plugin source package from the mcf site
(2) Unpack
(3) In ManifoldCFQParserPlugin.java, go to line 2= 76.=C2=A0 The query clause that comes from ManifoldCF has been constructed = by that point.=C2=A0 Instead of returning that query, though, also construc= t your Alfresco clause based on passed-in Alfresco access tokens.=C2=A0 You= can access these tokens from the incoming parameters using code like this:=

String[] alfrescoTokens =3D params.getParams("alfresco_tokens"= ;);

You will need to form the alfresco tokens into a Query and= merge that Query with the one from ManifoldCF.

Karl



On Tue, Aug 1= 2, 2014 at 8:07 AM, Karl Wright <daddywri@gmail.com> wrote:=
I think that would fix the issue, yes.=C2=A0 Stop passing = anything in "fq=3D" and modify the plugin.

Karl


On Tue, Aug 1= 2, 2014 at 7:42 AM, lalit jangra <lalit.j.jangra@gmail.com><= /span> wrote:
Tha= nks Karl,

So it means to me that i need to update ManifoldCFQParserP= lugin.java to accommodate for alfresco also and as we are passing Authentic= ateUserName for SharePoint, we need to devise a meachanism to pass ACLs for= alfresco as well and modify parse() method to make combined query?

This would be the fix for issue?

Ple= ase suggest.

Regards.
=

On Tue, Aug 12, 2014 at 5:05 PM, Karl Wr= ight <daddywri@gmail.com> wrote:
Hi = Lalit,

It occurs to me that even if you use the MCF search component= , you will still need to make customizations, because otherwise only docume= nts visible to the SharePoint user will be visible.

I think that if you can pass the alfresco access tokens in via an= other argument (say, "alfresco=3D"), then you can modify the quer= y-parser plugin to do what you need.

Karl



On Tue, Aug 12, 2014 at 7:27 AM, Karl Wr= ight <daddywri@gmail.com> wrote:
Hi Lalit,

The MCF query-p= arser plugin does have access to the incoming "fq" parameter, but= in order to do anything useful with it it would have to parse it, and turn= it into a Query.=C2=A0 In addition, you would need to decide whether the p= assed-in fq argument should:

-- RESTRICT the documents further that match the MCF authorizatio= n criteria
-- ADD documents that do not match the MCF authorizatio= n criteria

It can't be both, so I can't see making thi= s a general feature.=C2=A0 For these reasons I don't recommend this app= roach.=C2=A0 Instead, you should be able to add the MCF search component to= the standard query processing chain, and that should always work.=C2=A0 Th= e biggest question is just where in the chain you put the plugin.

Thanks,
Karl


<= br>
On Tue, Aug 12, 2014 at 7:08 AM, lalit jangra= <lalit.j.jangra@gmail.com> wrote:
Thanks Karl,

Does it mean that i need to update OO= TB MCF-Solr component i.e. ManifoldCFQParserPlugin.java and pass all my arg= uments there and update the final query?

Currently=C2=A0 i am using filter queries to maintain resultsets from diffe= rent sources : alfresco & sharepoint as index from alfresco & share= point are stored into same solr collection.
E.g. If i search for alfresc= o, it works fine but if i search for sahrepoint using AuthenticatedUserName= only without using filter to return results from sharepoint, i get results= from both alfresco(as open items from MCF-Solr plugin) & sharepoint.
Please suggest.

Regards.


On Tue,= Aug 12, 2014 at 3:44 PM, Karl Wright <daddywri@gmail.com> = wrote:
Hi Lalit,

The ManifoldCF query parser plugin only = has the option of generating a filter query from incoming arguments.=C2=A0 = It does not have the option of replacing the incoming arguments:

>>>>>>
=C2=A0=C2=A0=C2=A0 public Query parse()
= <<<<<<

It is Solr that decides whether an fq= argument you pass overrides a queryparser's plugin output.=C2=A0 I can= 't change how that works.

For what you are trying to do, you may do better by using the MCF= search component instead, since that modifies the whole query, rather than= just the fq field.

 Karl



On Tue, Aug 12, 2014 at 6:07 AM, lalit j= angra <lalit.j.jangra@gmail.com> wrote:
Thanks Karl,

It means that is = seems to be clash between two fq or filter queries. First fq is set by MCF-= Solr plugin which return SharePoint user tokens and then i am using another= fq to create filter query based on content_source etc. which overwrites pr= evious one

How can i consume incoming MCF-Solr plugin into second/other fq h= ere as i could not see any results coming from MCF-Solr plugin? Also as i a= m passing AutheticatedUserName as raw query parameter, i was expecting resu= lts to be replaced inline within query itself.

Please suggest.

Regards.


On Tue, Aug 12, 2014 at 3:2= 0 PM, Karl Wright <daddywri@gmail.com> wrote:
Hi Lalit,

Yes, it seems likely that the MCF solr plugin is s= etting fq to the right query expression, and then you are later setting fq = to something else entirely with your own plugin.

Your plugin must take the incoming fq field and include it in the= final expression.

Karl

=


On Tue, Aug 12, 2014 at 4:23 AM, lalit j= angra <lalit.j.jangra@gmail.com> wrote:
Thanks Karl for promptness,

Invoking ht= tp://<your_mcf_instance/mcf-authority-service/UserACLs?username=3Dljangra@iwater.ie give= s me below ACLs which seem to be fine to me.

AUTHORIZED:SharePointAuthConnection

TOKEN:SharepointAuthGroup:Ui%3A0%23.w%7Ciwate= r.ie%255cljangra

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5= -32-545

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5= -21-2630432783-15384281-2988178474-15263

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5= -21-2630432783-15384281-2988178474-513

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5= -21-2630432783-15384281-2988178474-13472

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5= -21-2630432783-15384281-2988178474-3182

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5= -21-2630432783-15384281-2988178474-1619

TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5= -21-2630432783-15384281-2988178474-1813

TOKEN:SharepointAuthGroup:Ui%3A0%2B.w%7Cs-1-5= -21-2630432783-15384281-2988178474-12149

TOKEN:SharepointAuthGroup:Uc%3A0%21.s%7Cwindo= ws

TOKEN:SharepointAuthGroup:Uc%3A0%28.s%7Ctrue<= /span>


I got it now, the missing part is absence of user tokens in solr = query as you mentioned.

Please suggest.

Regards.

=


On Tue, Aug 12, 2014 at 12:32 PM, Karl Wright <daddywri@gmail.com>= wrote:
Hi Lalit,

The MCF plugin does this:
- Looks for the AuthenticatedUserName parameter
- Se= nds the AuthenticatedUserName parameter to ManifoldCF's authority servi= ce, and gets back user tokens
- Constructs a filter query (fq) expression from the user tokens=

It's very hard for me to guess which acls come from = your SharePoint instance and which come from your Alfresco instance.=C2=A0 = But this is almost certainly wrong:

fq=3Dcontent_source:SharePoint&version=3D2&= ;AuthenticatedUserName=3Dljangra@iwater.ie
... because= there are no access tokens whatsoever.

This too has no ACLs:
fq=3Dcontent_sour= ce:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie


This has access tokens, but they seem to all be fr= om Alfresco:
fq=3D(content_source:Alfresco+AND+alf_= acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_E= VERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2B= OR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Han= ds%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_= site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+co= ntent_source:SharePoint&AuthenticatedUserName=3Dljangra@iwater.ie

So frankly I see no evidence tha= t you are including any SharePoint access tokens in your query at all.=C2= =A0 Could you do the following:

curl "http://<your_mcf_insta= nce/mcf-authority-service/UserACLs?username=3Dljangra@iwater.ie"

... and send me what you get bac= k?=C2=A0 If that looks good, I suggest that you are probably overwriting th= e mcf plugin's fq entirely, and not including it in your expression.
Thanks,
Karl

=



On Tue, Aug 12, 2014 at 2:38 AM, lalit jangra <lalit.j.jangra@gmail.com> wrote:
Thanks Karl,

I am working with filt= er queries here and initially i tried to put filter queries as below but it= did not work and i got only alfresco content.

(alfresco_expression AND is_alfresco) OR (sharepoint_express= ion AND is_sharepoint)

Here is query from solr logs for = same.

588159410 [http-bio-8080-exec-330] INFO=C2=A0 org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Default no-user respons= e (open documents only)

588547075 [http-bio-8080-exec-260] INFO=C2=A0 org.apache.solr.core.SolrCore=C2=A0 ? [collection1] webapp=3D/solr path=3D/select params=3D{q=3D*:*&fq=3D(content_source:Alfresco+AND+alf_acls%253A%2528G= ROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2B= GROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-= IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP= _Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServi= ces%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(content_source:SharePoint+AND+AuthenticatedUserNa= me%3Dljangra@iwater.ie)} hits=3D4404 status=3D0 QTime=3D96


Here i get only 4404 results which i get if i select only alfresc= o as source without selecting sharepoint.

588159410 [http-bio-8080-exec-330] INFO=C2=A0 org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Default no-user respons= e (open documents only)

588159479 [http-bio-8080-exec-330] INFO=C2=A0 org.apache.solr.core.SolrCore=C2=A0 ? [collection1] webapp=3D/solr path=3D/select params=3D{q=3D*:*&fq=3D(content_source:Alfresco+AND+alf_acls%253A%2528G= ROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2B= GROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-= IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP= _Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServi= ces%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(content_source:SharePoint+AND+uthenticatedUserName= %3Dljangra@iwater.ie)} hits=3D4404 status=3D0 QTime=3D70



Then i moved to below structure where i need to pass sharepoi= nt_expression as raw query parameters for filter queries.

(alfresco_= expression) OR (is_sharepoint) & sharepoint_expression

This way i got results from both alfresco and sharepoint. Here i get 5425 r= esults including alfresco as well as sharepoint.

588799237 [http-bio-8080-exec-331] INFO=C2=A0 org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Trying to match docs fo= r user '[:ljangra@= iwater.ie]'

588799238 [http-bio-8080-exec-331] INFO=C2=A0 org.apache.http.impl.client.DefaultHttp= Client=C2=A0 ? I/O exception (org.apache.http.NoHttpResponseException) caught when processing request: The target server failed to respond

588799239 [http-bio-8080-exec-331] INFO=C2=A0 org.apache.http.impl.client.DefaultHttpClient=C2=A0 ? Retrying request

588799330 [http-bio-8080-exec-331] INFO=C2=A0 org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Saw authority response AUTHORIZED:SharePointAuthConnection

588799338 [http-bio-8080-exec-331] INFO=C2=A0 org.apache.solr.core.SolrCore=C2=A0 ? [collection1] webapp=3D/solr path=3D/select params=3D{q=3D*:*&fq=3D(content_source:Alfresco+AND+alf_acls%253A%2528G= ROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2B= GROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-= IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP= _Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServi= ces%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+content_source:Sh= arePoint&AuthenticatedUserName=3Dljangra@iwater.ie} hits=3D5245 status=3D0 QTime=3D103


Also for sharepoint only queries, if i try filter queries as belo= w, i got no results.

(sharepoint_expression AND is_sharepoint)

587320867 [http-bio-8080-exec-325] INFO=C2=A0 org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Trying to match docs fo= r user '[:ljangra@= iwater.ie]'

587320868 [http-bio-8080-exec-325] INFO=C2=A0 org.apache.http.impl.client.DefaultHttpClient=C2=A0 ? I/O exception (org.apache.http.NoHttpResponseException) caught when processing request: T= he target server failed to respond

587320869 [http-bio-8080-exec-325] INFO=C2=A0 org.apache.http.impl.client.DefaultHttpClient=C2=A0 ? Retrying request

587324291 [http-bio-8080-exec-325] INFO=C2=A0 org.apache.solr.mcf.ManifoldCFQParserPl= ugin=C2=A0 ? Saw authority response AUTHORIZED:SharePointAuthConnection

587324292 [http-bio-8080-exec-325] INFO=C2=A0 org.apache.solr.core.SolrCore=C2=A0 ? [collection1] webapp=3D/solr path=3D/select params=3D{indent=3Dtrue&q=3D*:*&_=3D1407823092895&wt=3Djson&= ;fq=3Dcontent_source:SharePoint+A= ND+AuthenticatedUserName%3Dljangra@iwater.ie&AuthenticatedUserName= =3Dljangra@iwater.ie= } hits=3D0 status=3D0 QTime=3D3426

587338061 [http-bio-8080-exec-325] INFO=C2=A0 org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Default no-user respons= e (open documents only)

587338061 [http-bio-8080-exec-325] INFO=C2=A0 org.apache.solr.core.SolrCore=C2=A0 ? [collection1] webapp=3D/solr path=3D/select params=3D{indent=3Dtrue&q=3D*:*&_=3D1407823109996&wt=3Djson&= ;fq=3Dcontent_source:SharePoint+A= ND+AuthenticatedUserName%3Dljangra@iwater.ie} hits=3D0 status=3D0 QTime=3D1


But if = i use sharepoint_expression as below , get results for sahrepoint on= ly.


fq=3Dcontent_source= :SharePoint&version=3D2&AuthenticatedUserName=3Dljangra@iwater.ie

589523637 [http-bio-8080-exec-260] INFO=C2=A0 org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Trying to match docs fo= r user '[:ljangra@= iwater.ie]'

589523639 [http-bio-8080-exec-260] INFO=C2=A0 org.apache.http.impl.client.DefaultHttpClient=C2=A0 ? I/O exception (org.ap= ache.http.NoHttpResponseException) caught when processing request: The target server failed to respond<= /p>

589523639 [http-bio-8080-exec-260] INFO=C2=A0 org.apache.http.impl.client.DefaultHttpClient=C2=A0 ? Retrying request

589523698 [http-bio-8080-exec-260] INFO=C2=A0 org.apache.solr.mcf.ManifoldCFQParserPl= ugin=C2=A0 ? Saw authority response AUTHORIZED:SharePointAuthConnection

589523699 [http-bio-8080-exec-260] INFO=C2=A0 org.apache.solr.core.SolrCore=C2=A0 ? [collection1] webapp=3D/solr path=3D/select params=3D{sort=3Dscore+desc&df=3Dtext&q=3D"lalit"&q.o= p=3DOR&wt=3Djavabin&qt=3D/select&fq=3Dcontent_source:SharePoint= &version=3D2&AuthenticatedUserName=3Dljangra@iwater.ie} hits=3D35 status=3D0 QTime=3D62


What i assume = is whatever is passed with AuthenticatedUserName varia= ble, it is compared with stored ACLs in index and accordingly results are d= isplayed.

Please suggest.

regards.

<= div>
On Mon, Aug 11, 2014 at 10:59 PM, Karl W= right <daddywri@gmail.com> wrote:
Hi Lalit,

First, if both Alfresco and SharePoint documents are ind= exed with the same MCF instance, then you do
not need to play games like this.=C2=A0 You only need the one query that th= e MCF solr plugin generates.

If that's not the case, then what you want are two separate clauses= where one matches Alfresco documents and one clause that matches SharePoin= t documents.=C2=A0 The expression therefore would look like this:

(alfresco_expression AND is_alfresco) OR (sharepoint_expression AND is= _sharepoint)


It cannot look like this and work:

(alfresco_expression OR sharepoint_expression) OR is_sharepoint

That is nonsensical.
Karl

<= /span>


On Mon, Aug 11, 2014 at 1:22 PM, lalit j= angra <lalit.j.jangra@gmail.com> wrote:

Thanks Kar= l,

In this query i am searching for results in both alfresco an= d SharePoint. So before OR i am checking for alfresco ACLs and post OR i am= checking for SharePoint ACLs by supplying authenticatedusername .Hence OR = facilitates here for both options.

On Aug 11, 2014 10:44 PM, "Karl Wright"= ; <daddywri@gmai= l.com> wrote:
Hi Lalit,

Have a look at this = query:

522471481 [http-bio-8080-exec-238] INFO=C2=A0 org.apache.solr= .core.SolrCore=C2=A0 ? [collection1] webapp=3D/solr path=3D/select params= =3D{sort=3Dscore+desc&df=3Dtext&q=3D"blue"&q.op=3DOR&= amp;wt=3Djavabin&qt=3D/select&fq=3D(content_source:Alfresco+AND+alf= _acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_= EMAIL_CONTRIBUTORS%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350= e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_ExtendedWriters3e7350e3-ab94-4e= cc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-CTX-IWDesktop%2BOR%2BGROUP_GLS-IW-= CTX-IWStandardUsers%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Se= rver-Admins%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices= _SiteManager%2BOR%2BGROUP_site_asset-investment%2BOR%2BGROUP_site_asset-inv= estment_SiteManager%2BOR%2BGROUP_site_asset-management%2BOR%2BGROUP_site_as= set-management_SiteConsumer%2BOR%2BGROUP_site_asset-programmes%2BOR%2BGROUP= _site_asset-programmes_SiteCollaborator%2BOR%2BGROUP_site_asset-programmes_= SiteManager%2BOR%2BGROUP_site_asset-strategy%2BOR%2BGROUP_site_asset-strate= gy_SiteManager%2BOR%2BGROUP_site_capa%2BOR%2BGROUP_site_capa_SiteManager%2B= OR%2BGROUP_site_capital-delivery%2BOR%2BGROUP_site_capital-delivery_SiteCon= sumer%2BOR%2BGROUP_site_communications%2BOR%2BGROUP_site_communications_Sit= eManager%2BOR%2BGROUP_site_customer-contacts%2BOR%2BGROUP_site_customer-con= tacts_SiteManager%2BOR%2BGROUP_site_hazcon%2BOR%2BGROUP_site_hazcon_SiteMan= ager%2BOR%2BGROUP_site_human-resources%2BOR%2BGROUP_site_human-resources_Si= teCollaborator%2BOR%2BGROUP_site_incident-management%2BOR%2BGROUP_site_inci= dent-management_SiteManager%2BOR%2BGROUP_site_invoices%2BOR%2BGROUP_site_in= voices_SiteManager%2BOR%2BGROUP_site_iwcontracts%2BOR%2BGROUP_site_iwcontra= cts_SiteManager%2BOR%2BGROUP_site_iwproject%2BOR%2BGROUP_site_iwproject_Sit= eManager%2BOR%2BGROUP_site_iwprojects%2BOR%2BGROUP_site_iwprojects_SiteMana= ger%2BOR%2BGROUP_site_operations-and-maintenance%2BOR%2BGROUP_site_operatio= ns-and-maintenance_SiteManager%2BOR%2BGROUP_site_region-connaught-and-ulste= r%2BOR%2BGROUP_site_region-connaught-and-ulster_SiteCollaborator%2BOR%2BGRO= UP_site_region-east-and-midlands%2BOR%2BGROUP_site_region-east-and-midlands= _SiteCollaborator%2BOR%2BGROUP_site_region-south-la-file-share%2BOR%2BGROUP= _site_region-south-la-file-share_SiteCollaborator%2BOR%2BGROUP_site_rm%2BOR= %2BGROUP_site_rm_SiteManager%2BOR%2BGROUP_site_site-water-investment-approv= als-committee%2BOR%2BGROUP_site_site-water-investment-approvals-committee_S= iteCollaborator%2BOR%2BGROUP_site_test-public%2BOR%2BGROUP_site_test-public= _SiteManager%2BOR%2BGROUP_site_testing-private%2BOR%2BGROUP_site_testing-pr= ivate_SiteManager%2529)+OR+content_source:SharePoint&version=3D2&Au= thenticatedUserName=3Dvchauhan@iwater.ie} hits=3D11 status=3D0 QTime=3D10


Note the following at the very end of the fq field: "+OR= +content_source:SharePoint".=C2=A0 That will basically disable the ent= ire rest of the filter and permit ALL documents through that were indexed b= y SharePoint.=C2=A0 It should be "+AND+content_source:SharePoint"= .

Karl



On Mon, Aug 11, 2014 at 1:05 PM, lalit jangra <lal= it.j.jangra@gmail.com> wrote:

Sure Karl,

Can you let me know what type of logs you need?I am attaching part of so= lr.log for your reference.=C2=A0

Regards.

On Aug 11, 2014 9:42 PM, "Karl Wright" &l= t;daddywri@gmail.co= m> wrote:
Hi Lalit,

Are you sure you are using the= standard select query handler?=C2=A0 In order to convince me, you will nee= d to enable appropriate Solr logging so I can see how a request is processe= d and whether the MCF solr plugin is being called.

Karl



On Mon, Aug 11, 2014 at 11:59 AM, lalit jangra &= lt;lalit.j.ja= ngra@gmail.com> wrote:
Thanks Karl,

Below are my comments.
<= br> 1. Your Solr query is in fact not hooked up to use the appropriate MCF Solr plugin, in which case no security whatsoever is being applied.
--= - Below is snippet from solrconfig.xml from one of servers with MCF Solr pl= ugin included and enabled with /select query handler which i am using for s= earch. I assume i need not to provide full server name for AuthorityServiceBaseURL & instead localhost will work fine.=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=20

<!-- ManifoldCF document security enforcement component -->

=C2=A0 <queryParser name=3D"manifoldCFSecurity"

=C2=A0=C2=A0=C2=A0 class=3D"org.apache.solr.mcf.ManifoldCFQParserPlugin"><= /p>

=C2=A0=C2=A0=C2=A0 <str name=3D"AuthorityServiceBaseURL">http://localhost:= 80/mcf-authority-service</str>

=C2=A0=C2=A0=C2=A0 <int name=3D"ConnectionPoolSize">50</int>

=C2=A0 </queryParser>

=C2=A0

=C2=A0=C2=A0 <!-- ManifoldCF document security enforcement component -->

=C2=A0 <searchComponent name=3D"manifoldCFSecurity"

=C2=A0=C2=A0=C2=A0 class=3D"org.apache.solr.mcf.ManifoldCFSearchComponent">

=C2=A0=C2=A0=C2=A0 <str name=3D"AuthorityServiceBaseURL">http://localhost:= 80/mcf-authority-service</str>

=C2=A0=C2=A0=C2=A0 <int name=3D"ConnectionPoolSize">50</int>

=C2=A0 </searchComponent>

=C2=A0

=C2=A0

=C2=A0 <requestHandler name=3D"/select" class=3D"solr.SearchHandler">

=C2=A0=C2=A0=C2=A0=C2=A0 <lst name=3D"defaults">

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0 <str name=3D"echoParams">explicit</str>

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0 <int name=3D"rows">10000</int>

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0 <str name=3D"df">text</str>

=C2=A0=C2=A0=C2=A0=C2=A0 </lst>

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 <lst name=3D"appends">

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 <str name=3D"fq">{!manifoldCFSecurity}</str>

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 </lst>

=C2=A0 </requestHandler><= /span>

=C2=A0

Below is one of queries built for same using = AuthenticatedUserName


q=3D%22blue%22&q.op=3DO= R&df=3Dtext&qt=3D%2Fselect&sort=3Dscore+desc&fq=3Dcontent_s= ource%3ASharePoint&AuthenticatedUserName=3Dljangra%40iwater.ie


2. You are supposed to be able to see the documents, but the URL Manifo= ldCF is generating does not permit you to log into SharePoint for some=20 reason.
-- If i go to the location of the search result, i am not = able to see any document available there for me as per my permissions.
<= br>3. You indexed the documents with security "off", and so no se= curity information was attached to the documents in Solr.
--- I have enabled security before starting the job as below.


Please suggest.

Regards.


On Mon, Aug 11, 2014 = at 5:17 PM, Karl Wright <daddywri@gmail.com> wrote:
Hi Lalit,

There are a number of possibilities.=C2=A0 You wil= l need to do some investigation to figure out which one it is.=C2=A0 Here a= re the possibilities I see:

(1) Your Solr query is in fact not hooked up to use the appr= opriate MCF Solr plugin, in which case no security whatsoever is being appl= ied.
(2) You are supposed to be able to see the documents, but the UR= L ManifoldCF is generating does not permit you to log into SharePoint for s= ome reason.
(3) You indexed the documents with security "= ;off", and so no security information was attached to the documents in= Solr.

Thanks,
Karl



On Mon, Aug 11, 2014 at 7:30= AM, lalit jangra <lalit.j.jangra@gmail.com> wrote:
Hi,

I am using MCF 1.5.1 and crawling SharePoint 2010 l= ist items. I have also placed MCF solr ACL plugin into solr instances and u= pdated solrconfig.xml for same. I created a job to connect to SharePoint an= d indexed list items in solr.

Next i am searching for content items from index and what i could= see is that i am able to see search results for content on which i do not = have any access. I can see these content into search results but when i am = trying to aceess these content , i can getting SharePoint access denied err= or. Ideally if a user has no access to a content, he should not be see thes= e content.

Am i missing anything here?
=
Regards,
Lalit.




= --
Regards,
Lalit.






= --
Regards,
Lalit.




= --
Regards,
Lalit.




= --
Regards,
Lalit.




= --
Regards,
Lalit.




= --
Regards,
Lalit.




= --
Regards,
Lalit.


--
Regards,
Lalit.



--
Regards,Lalit.
--20cf303ddb9863e5b805008116ad--