Return-Path: 
 <user-return-2908-apmail-manifoldcf-user-archive=manifoldcf.apache.org@manifoldcf.apache.org>
X-Original-To: apmail-manifoldcf-user-archive@www.apache.org
Delivered-To: apmail-manifoldcf-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 59E86C64F
	for <apmail-manifoldcf-user-archive@www.apache.org>;
 Tue, 12 Aug 2014 06:39:11 +0000 (UTC)
Received: (qmail 78761 invoked by uid 500); 12 Aug 2014 06:39:11 -0000
Delivered-To: apmail-manifoldcf-user-archive@manifoldcf.apache.org
Received: (qmail 78707 invoked by uid 500); 12 Aug 2014 06:39:11 -0000
Mailing-List: contact user-help@manifoldcf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@manifoldcf.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@manifoldcf.apache.org>
List-Post: <mailto:user@manifoldcf.apache.org>
List-Id: <user.manifoldcf.apache.org>
Reply-To: user@manifoldcf.apache.org
Delivered-To: mailing list user@manifoldcf.apache.org
Received: (qmail 78697 invoked by uid 99); 12 Aug 2014 06:39:11 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Aug 2014 06:39:11 +0000
X-ASF-Spam-Status: No, hits=2.8 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,URI_HEX
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of lalit.j.jangra@gmail.com
 designates 209.85.213.51 as permitted sender)
Received: from [209.85.213.51] (HELO mail-yh0-f51.google.com) (209.85.213.51)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Aug 2014 06:39:06 +0000
Received: by mail-yh0-f51.google.com with SMTP id f73so7189103yha.38
        for <user@manifoldcf.apache.org>;
 Mon, 11 Aug 2014 23:38:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=NVZ6yoSCI0izHQlG6QgwFhUYC5/RwYiY5vLXE4SuydA=;
        b=bl7FvwiCt8dncv9bvPDfuO1g9M5l40YKz8/dBQ7DXqcL3sZaZ0n1pCo+h8qdTJuogC
         OvEIROWcMBntan9U6xnWT7b96lp1VZRfTwJyRHVxxOzrDyC+9N5R9BP8gPjnmAAeZh0n
         ikI8r2o5YlXCc0ifuyJZS+kpKdzPB1q8A5JuaegEfNJW9TCSKB6pRqKBoZBZW56+APTR
         X7phN8dZ20NmbfTrTCDilSWwelYwVkuAtDfzGVi/cDHCpvPtFk7o6Loi17eL12tuFkNW
         50EIRQ7D7PzYjj4dFrvOrDss3TIPrpumwH0mB+HaV1ufxKrERBXIeaBCv95tNA9xYoyt
         OuNw==
MIME-Version: 1.0
X-Received: by 10.236.55.195 with SMTP id k43mr21180733yhc.135.1407825525860;
 Mon, 11 Aug 2014 23:38:45 -0700 (PDT)
Received: by 10.170.150.193 with HTTP; Mon, 11 Aug 2014 23:38:45 -0700 (PDT)
In-Reply-To: 
 <CALUFAGDgCdOfOA5=UoT_mGQAG5RwunT=Wi3OzC9exwNuB4x8bw@mail.gmail.com>
References: 
 <CANWCqG5PykU7C2P3L_wcLS5mUhN1t3D-y6wao319v_020ZkrvQ@mail.gmail.com>
	<CALUFAGD5=X1QW5E+Lb88qDOxYYNanpgQSa3-SeYSzb3EdkK6Gw@mail.gmail.com>
	<CANWCqG6iwAq4sin24om4xuXFH3XUO6wbvioHBz-EmH=wNOso-Q@mail.gmail.com>
	<CALUFAGAwH8sBXUTvk=vDZr7jST3OJSYmtPpcUZi0A4jM_Pr_aA@mail.gmail.com>
	<CANWCqG7sXHFTgy7GwgObr2e1=VGaanzeoQ_J2hzaPYessnJ8xQ@mail.gmail.com>
	<CALUFAGBBtdZ_4R_0-cJ9O+Rn+KyYGHQMSy6wNidt18paPHkGWQ@mail.gmail.com>
	<CANWCqG7kSKTi1=OrBG7JHkHVF1vr95dYofzoxtxZ9L7eNEKOLQ@mail.gmail.com>
	<CALUFAGDgCdOfOA5=UoT_mGQAG5RwunT=Wi3OzC9exwNuB4x8bw@mail.gmail.com>
Date: Tue, 12 Aug 2014 12:08:45 +0530
Message-ID: 
 <CANWCqG76VX8=pGNXdXPawkBgbgxKDjxEmUP0fH8Mq2o6zoCfWg@mail.gmail.com>
Subject: Re: Solr MCF ACL Plugin
From: lalit jangra <lalit.j.jangra@gmail.com>
To: "user@manifoldcf.apache.org" <user@manifoldcf.apache.org>
Content-Type: multipart/alternative; boundary=bcaec50b4b345ff1a7050068ec8e
X-Virus-Checked: Checked by ClamAV on apache.org

--bcaec50b4b345ff1a7050068ec8e
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Thanks Karl,

I am working with filter queries here and initially i tried to put filter
queries as below but it did not work and i got only alfresco content.

(alfresco_expression AND is_alfresco) OR (sharepoint_expression AND
is_sharepoint)

Here is query from solr logs for same.

588159410 [http-bio-8080-exec-330] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response
(open documents only)

588547075 [http-bio-8080-exec-260] INFO  org.apache.solr.core.SolrCore  ?
[collection1] webapp=3D/solr path=3D/select
params=3D{q=3D*:*&fq=3D(content_source:Alfresco+AND+alf_acls%253A%2528GROUP=
_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROU=
P_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-A=
DM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jum=
p-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%=
2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(
content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie)}
hits=3D4404 status=3D0 QTime=3D96

Here i get only 4404 results which i get if i select only alfresco as
source without selecting sharepoint.

588159410 [http-bio-8080-exec-330] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response
(open documents only)

588159479 [http-bio-8080-exec-330] INFO  org.apache.solr.core.SolrCore  ?
[collection1] webapp=3D/solr path=3D/select
params=3D{q=3D*:*&fq=3D(content_source:Alfresco+AND+alf_acls%253A%2528GROUP=
_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROU=
P_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-A=
DM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jum=
p-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%=
2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(
content_source:SharePoint+AND+uthenticatedUserName%3Dljangra@iwater.ie)}
hits=3D4404 status=3D0 QTime=3D70


Then i moved to below structure where i need to pass sharepoint_expression
as raw query parameters for filter queries.

(alfresco_expression) OR (is_sharepoint) & sharepoint_expression

This way i got results from both alfresco and sharepoint. Here i get 5425
results including alfresco as well as sharepoint.

588799237 [http-bio-8080-exec-331] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for
user '[:ljangra@iwater.ie]'

588799238 [http-bio-8080-exec-331] INFO
org.apache.http.impl.client.DefaultHttpClient  ? I/O exception
(org.apache.http.NoHttpResponseException) caught when processing request:
The target server failed to respond

588799239 [http-bio-8080-exec-331] INFO
org.apache.http.impl.client.DefaultHttpClient  ? Retrying request

588799330 [http-bio-8080-exec-331] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response
AUTHORIZED:SharePointAuthConnection

588799338 [http-bio-8080-exec-331] INFO  org.apache.solr.core.SolrCore  ?
[collection1] webapp=3D/solr path=3D/select
params=3D{q=3D*:*&fq=3D(content_source:Alfresco+AND+alf_acls%253A%2528GROUP=
_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROU=
P_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-A=
DM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jum=
p-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%=
2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+content_source:ShareP=
oint&AuthenticatedUserName=3D
ljangra@iwater.ie} hits=3D5245 status=3D0 QTime=3D103

Also for sharepoint only queries, if i try filter queries as below, i got
no results.

(sharepoint_expression AND is_sharepoint)


587320867 [http-bio-8080-exec-325] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for
user '[:ljangra@iwater.ie]'

587320868 [http-bio-8080-exec-325] INFO
org.apache.http.impl.client.DefaultHttpClient  ? I/O exception
(org.apache.http.NoHttpResponseException) caught when processing request:
The target server failed to respond

587320869 [http-bio-8080-exec-325] INFO
org.apache.http.impl.client.DefaultHttpClient  ? Retrying request

587324291 [http-bio-8080-exec-325] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response
AUTHORIZED:SharePointAuthConnection

587324292 [http-bio-8080-exec-325] INFO  org.apache.solr.core.SolrCore  ?
[collection1] webapp=3D/solr path=3D/select
params=3D{indent=3Dtrue&q=3D*:*&_=3D1407823092895&wt=3Djson&fq=3D
content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie
&AuthenticatedUserName=3Dljangra@iwater.ie} hits=3D0 status=3D0 QTime=3D342=
6

587338061 [http-bio-8080-exec-325] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Default no-user response
(open documents only)

587338061 [http-bio-8080-exec-325] INFO  org.apache.solr.core.SolrCore  ?
[collection1] webapp=3D/solr path=3D/select
params=3D{indent=3Dtrue&q=3D*:*&_=3D1407823109996&wt=3Djson&fq=3D
content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwater.ie}
hits=3D0 status=3D0 QTime=3D1


But if i use sharepoint_expression as below , get results for sahrepoint
only.


fq=3Dcontent_source:SharePoint&version=3D2&AuthenticatedUserName=3D
ljangra@iwater.ie

589523637 [http-bio-8080-exec-260] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Trying to match docs for
user '[:ljangra@iwater.ie]'

589523639 [http-bio-8080-exec-260] INFO
org.apache.http.impl.client.DefaultHttpClient  ? I/O exception
(org.apache.http.NoHttpResponseException) caught when processing request:
The target server failed to respond

589523639 [http-bio-8080-exec-260] INFO
org.apache.http.impl.client.DefaultHttpClient  ? Retrying request

589523698 [http-bio-8080-exec-260] INFO
org.apache.solr.mcf.ManifoldCFQParserPlugin  ? Saw authority response
AUTHORIZED:SharePointAuthConnection

589523699 [http-bio-8080-exec-260] INFO  org.apache.solr.core.SolrCore  ?
[collection1] webapp=3D/solr path=3D/select
params=3D{sort=3Dscore+desc&df=3Dtext&q=3D"lalit"&q.op=3DOR&wt=3Djavabin&qt=
=3D/select&fq=3Dcontent_source:SharePoint&version=3D2&AuthenticatedUserName=
=3D
ljangra@iwater.ie} hits=3D35 status=3D0 QTime=3D62


What i assume is whatever is passed with AuthenticatedUserName variable, it
is compared with stored ACLs in index and accordingly results are displayed=
.

Please suggest.

regards.


On Mon, Aug 11, 2014 at 10:59 PM, Karl Wright <daddywri@gmail.com> wrote:

> Hi Lalit,
>
> First, if both Alfresco and SharePoint documents are indexed with the sam=
e
> MCF instance, then you do
> not need to play games like this.  You only need the one query that the
> MCF solr plugin generates.
>
> If that's not the case, then what you want are two separate clauses where
> one matches Alfresco documents and one clause that matches SharePoint
> documents.  The expression therefore would look like this:
>
> (alfresco_expression AND is_alfresco) OR (sharepoint_expression AND
> is_sharepoint)
>
>
> It cannot look like this and work:
>
> (alfresco_expression OR sharepoint_expression) OR is_sharepoint
>
> That is nonsensical.
> Karl
>
>
>
> On Mon, Aug 11, 2014 at 1:22 PM, lalit jangra <lalit.j.jangra@gmail.com>
> wrote:
>
>> Thanks Karl,
>>
>> In this query i am searching for results in both alfresco and SharePoint=
.
>> So before OR i am checking for alfresco ACLs and post OR i am checking f=
or
>> SharePoint ACLs by supplying authenticatedusername .Hence OR facilitates
>> here for both options.
>>  On Aug 11, 2014 10:44 PM, "Karl Wright" <daddywri@gmail.com> wrote:
>>
>>> Hi Lalit,
>>>
>>> Have a look at this query:
>>>
>>> 522471481 [http-bio-8080-exec-238] INFO  org.apache.solr.core.SolrCore
>>> ? [collection1] webapp=3D/solr path=3D/select
>>> params=3D{sort=3Dscore+desc&df=3Dtext&q=3D"blue"&q.op=3DOR&wt=3Djavabin=
&qt=3D/select&fq=3D(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTX=
RDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EMAIL_CONTRIBUTORS%2BOR%=
2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3=
deda23%2BOR%2BGROUP_ExtendedWriters3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BO=
R%2BGROUP_GLS-IW-CTX-IWDesktop%2BOR%2BGROUP_GLS-IW-CTX-IWStandardUsers%2BOR=
%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP=
_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteManager%2BOR%2BGROU=
P_site_asset-investment%2BOR%2BGROUP_site_asset-investment_SiteManager%2BOR=
%2BGROUP_site_asset-management%2BOR%2BGROUP_site_asset-management_SiteConsu=
mer%2BOR%2BGROUP_site_asset-programmes%2BOR%2BGROUP_site_asset-programmes_S=
iteCollaborator%2BOR%2BGROUP_site_asset-programmes_SiteManager%2BOR%2BGROUP=
_site_asset-strategy%2BOR%2BGROUP_site_asset-strategy_SiteManager%2BOR%2BGR=
OUP_site_capa%2BOR%2BGROUP_site_capa_SiteManager%2BOR%2BGROUP_site_capital-=
delivery%2BOR%2BGROUP_site_capital-delivery_SiteConsumer%2BOR%2BGROUP_site_=
communications%2BOR%2BGROUP_site_communications_SiteManager%2BOR%2BGROUP_si=
te_customer-contacts%2BOR%2BGROUP_site_customer-contacts_SiteManager%2BOR%2=
BGROUP_site_hazcon%2BOR%2BGROUP_site_hazcon_SiteManager%2BOR%2BGROUP_site_h=
uman-resources%2BOR%2BGROUP_site_human-resources_SiteCollaborator%2BOR%2BGR=
OUP_site_incident-management%2BOR%2BGROUP_site_incident-management_SiteMana=
ger%2BOR%2BGROUP_site_invoices%2BOR%2BGROUP_site_invoices_SiteManager%2BOR%=
2BGROUP_site_iwcontracts%2BOR%2BGROUP_site_iwcontracts_SiteManager%2BOR%2BG=
ROUP_site_iwproject%2BOR%2BGROUP_site_iwproject_SiteManager%2BOR%2BGROUP_si=
te_iwprojects%2BOR%2BGROUP_site_iwprojects_SiteManager%2BOR%2BGROUP_site_op=
erations-and-maintenance%2BOR%2BGROUP_site_operations-and-maintenance_SiteM=
anager%2BOR%2BGROUP_site_region-connaught-and-ulster%2BOR%2BGROUP_site_regi=
on-connaught-and-ulster_SiteCollaborator%2BOR%2BGROUP_site_region-east-and-=
midlands%2BOR%2BGROUP_site_region-east-and-midlands_SiteCollaborator%2BOR%2=
BGROUP_site_region-south-la-file-share%2BOR%2BGROUP_site_region-south-la-fi=
le-share_SiteCollaborator%2BOR%2BGROUP_site_rm%2BOR%2BGROUP_site_rm_SiteMan=
ager%2BOR%2BGROUP_site_site-water-investment-approvals-committee%2BOR%2BGRO=
UP_site_site-water-investment-approvals-committee_SiteCollaborator%2BOR%2BG=
ROUP_site_test-public%2BOR%2BGROUP_site_test-public_SiteManager%2BOR%2BGROU=
P_site_testing-private%2BOR%2BGROUP_site_testing-private_SiteManager%2529)+=
OR+content_source:SharePoint&version=3D2&AuthenticatedUserName=3D
>>> vchauhan@iwater.ie} hits=3D11 status=3D0 QTime=3D10
>>>
>>>
>>> Note the following at the very end of the fq field:
>>> "+OR+content_source:SharePoint".  That will basically disable the entir=
e
>>> rest of the filter and permit ALL documents through that were indexed b=
y
>>> SharePoint.  It should be "+AND+content_source:SharePoint".
>>>
>>> Karl
>>>
>>>
>>>
>>> On Mon, Aug 11, 2014 at 1:05 PM, lalit jangra <lalit.j.jangra@gmail.com=
>
>>> wrote:
>>>
>>>> Sure Karl,
>>>>
>>>> Can you let me know what type of logs you need?I am attaching part of
>>>> solr.log for your reference.
>>>>
>>>> Regards.
>>>> On Aug 11, 2014 9:42 PM, "Karl Wright" <daddywri@gmail.com> wrote:
>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> Are you sure you are using the standard select query handler?  In
>>>>> order to convince me, you will need to enable appropriate Solr loggin=
g so I
>>>>> can see how a request is processed and whether the MCF solr plugin is=
 being
>>>>> called.
>>>>>
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Aug 11, 2014 at 11:59 AM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>>> Thanks Karl,
>>>>>>
>>>>>> Below are my comments.
>>>>>>
>>>>>> 1. Your Solr query is in fact not hooked up to use the appropriate
>>>>>> MCF Solr plugin, in which case no security whatsoever is being appli=
ed.
>>>>>> --- Below is snippet from solrconfig.xml from one of servers with MC=
F
>>>>>> Solr plugin included and enabled with /select query handler which i =
am
>>>>>> using for search. I assume i need not to provide full server name fo=
r AuthorityServiceBaseURL
>>>>>> & instead localhost will work fine.
>>>>>>
>>>>>>
>>>>>> <!-- ManifoldCF document security enforcement component -->
>>>>>>
>>>>>>   <queryParser name=3D"manifoldCFSecurity"
>>>>>>
>>>>>>     class=3D"org.apache.solr.mcf.ManifoldCFQParserPlugin">
>>>>>>
>>>>>>     <str name=3D"AuthorityServiceBaseURL">
>>>>>> http://localhost:80/mcf-authority-service</str>
>>>>>>
>>>>>>     <int name=3D"ConnectionPoolSize">50</int>
>>>>>>
>>>>>>   </queryParser>
>>>>>>
>>>>>>
>>>>>>
>>>>>>    <!-- ManifoldCF document security enforcement component -->
>>>>>>
>>>>>>   <searchComponent name=3D"manifoldCFSecurity"
>>>>>>
>>>>>>     class=3D"org.apache.solr.mcf.ManifoldCFSearchComponent">
>>>>>>
>>>>>>     <str name=3D"AuthorityServiceBaseURL">
>>>>>> http://localhost:80/mcf-authority-service</str>
>>>>>>
>>>>>>     <int name=3D"ConnectionPoolSize">50</int>
>>>>>>
>>>>>>   </searchComponent>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>   <requestHandler name=3D"/select" class=3D"solr.SearchHandler">
>>>>>>
>>>>>>      <lst name=3D"defaults">
>>>>>>
>>>>>>        <str name=3D"echoParams">explicit</str>
>>>>>>
>>>>>>        <int name=3D"rows">10000</int>
>>>>>>
>>>>>>        <str name=3D"df">text</str>
>>>>>>
>>>>>>      </lst>
>>>>>>
>>>>>>          <lst name=3D"appends">
>>>>>>
>>>>>>                 <str name=3D"fq">{!manifoldCFSecurity}</str>
>>>>>>
>>>>>>          </lst>
>>>>>>
>>>>>>   </requestHandler>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Below is one of queries built for same using AuthenticatedUserName
>>>>>>
>>>>>>
>>>>>>
>>>>>> q=3D%22blue%22&q.op=3DOR&df=3Dtext&qt=3D%2Fselect&sort=3Dscore+desc&=
fq=3Dcontent_source%3ASharePoint&AuthenticatedUserName=3Dljangra%
>>>>>> 40iwater.ie
>>>>>>
>>>>>>
>>>>>> 2. You are supposed to be able to see the documents, but the URL
>>>>>> ManifoldCF is generating does not permit you to log into SharePoint =
for
>>>>>> some reason.
>>>>>> -- If i go to the location of the search result, i am not able to se=
e
>>>>>> any document available there for me as per my permissions.
>>>>>>
>>>>>> 3. You indexed the documents with security "off", and so no security
>>>>>> information was attached to the documents in Solr.
>>>>>> --- I have enabled security before starting the job as below.
>>>>>>
>>>>>>
>>>>>> Please suggest.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>> On Mon, Aug 11, 2014 at 5:17 PM, Karl Wright <daddywri@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Lalit,
>>>>>>>
>>>>>>> There are a number of possibilities.  You will need to do some
>>>>>>> investigation to figure out which one it is.  Here are the possibil=
ities I
>>>>>>> see:
>>>>>>>
>>>>>>> (1) Your Solr query is in fact not hooked up to use the appropriate
>>>>>>> MCF Solr plugin, in which case no security whatsoever is being appl=
ied.
>>>>>>> (2) You are supposed to be able to see the documents, but the URL
>>>>>>> ManifoldCF is generating does not permit you to log into SharePoint=
 for
>>>>>>> some reason.
>>>>>>> (3) You indexed the documents with security "off", and so no
>>>>>>> security information was attached to the documents in Solr.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Karl
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Aug 11, 2014 at 7:30 AM, lalit jangra <
>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I am using MCF 1.5.1 and crawling SharePoint 2010 list items. I
>>>>>>>> have also placed MCF solr ACL plugin into solr instances and updat=
ed
>>>>>>>> solrconfig.xml for same. I created a job to connect to SharePoint =
and
>>>>>>>> indexed list items in solr.
>>>>>>>>
>>>>>>>> Next i am searching for content items from index and what i could
>>>>>>>> see is that i am able to see search results for content on which i=
 do not
>>>>>>>> have any access. I can see these content into search results but w=
hen i am
>>>>>>>> trying to aceess these content , i can getting SharePoint access d=
enied
>>>>>>>> error. Ideally if a user has no access to a content, he should not=
 be see
>>>>>>>> these content.
>>>>>>>>
>>>>>>>> Am i missing anything here?
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Lalit.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Lalit.
>>>>>>
>>>>>
>>>>>
>>>
>


--=20
Regards,
Lalit.

--bcaec50b4b345ff1a7050068ec8e
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div><div><div><div><div>Thanks Karl,<br><br></div><d=
iv>I am working with filter queries here and initially i tried to put filte=
r queries as below but it did not work and i got only alfresco content.<br>
</div><br>(alfresco_expression AND is_alfresco) OR (sharepoint_expression A=
ND is_sharepoint)<br><br></div>Here is query from solr logs for same.<br><b=
r><span style lang=3D"EN-IE">588159410
[http-bio-8080-exec-330] INFO=C2=A0
org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Default no-user respons=
e
(open documents only)</span><br>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">588547075
[http-bio-8080-exec-260] INFO=C2=A0 org.apache.solr.core.SolrCore=C2=A0 ?
[collection1] webapp=3D/solr path=3D/select
params=3D{q=3D*:*&amp;fq=3D(content_source:Alfresco+AND+alf_acls%253A%2528G=
ROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2B=
GROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-=
IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP=
_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServi=
ces%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(<a href=3D"mailt=
o:content_source%3ASharePoint%2BAND%2BAuthenticatedUserName%253Dljangra@iwa=
ter.ie">content_source:SharePoint+AND+AuthenticatedUserName%3Dljangra@iwate=
r.ie</a>)}
hits=3D4404 status=3D0 QTime=3D96</span></p>

<br></div>Here i get only 4404 results which i get if i select only alfresc=
o as source without selecting sharepoint.<br><br>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">588159410
[http-bio-8080-exec-330] INFO=C2=A0
org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Default no-user respons=
e
(open documents only)</span></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">588159479
[http-bio-8080-exec-330] INFO=C2=A0 org.apache.solr.core.SolrCore=C2=A0 ?
[collection1] webapp=3D/solr path=3D/select
params=3D{q=3D*:*&amp;fq=3D(content_source:Alfresco+AND+alf_acls%253A%2528G=
ROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2B=
GROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-=
IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP=
_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServi=
ces%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+(<a href=3D"mailt=
o:content_source%3ASharePoint%2BAND%2ButhenticatedUserName%253Dljangra@iwat=
er.ie">content_source:SharePoint+AND+uthenticatedUserName%3Dljangra@iwater.=
ie</a>)}
hits=3D4404 status=3D0 QTime=3D70</span></p>

<br><br></div>Then i moved to below structure where i need to pass sharepoi=
nt_expression as raw query parameters for filter queries.<br><br>(alfresco_=
expression) OR (is_sharepoint) &amp; sharepoint_expression<br><br></div>
This way i got results from both alfresco and sharepoint. Here i get 5425 r=
esults including alfresco as well as sharepoint.<br><br>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">588799237
[http-bio-8080-exec-331] INFO=C2=A0
org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Trying to match docs fo=
r
user &#39;[:<a href=3D"mailto:ljangra@iwater.ie">ljangra@iwater.ie</a>]&#39=
;</span></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">588799238
[http-bio-8080-exec-331] INFO=C2=A0 org.apache.http.impl.client.DefaultHttp=
Client=C2=A0
? I/O exception (org.apache.http.NoHttpResponseException) caught when
processing request: The target server failed to respond</span></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">588799239
[http-bio-8080-exec-331] INFO=C2=A0
org.apache.http.impl.client.DefaultHttpClient=C2=A0 ? Retrying request</spa=
n></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">588799330
[http-bio-8080-exec-331] INFO=C2=A0
org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Saw authority response
AUTHORIZED:SharePointAuthConnection</span></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">588799338
[http-bio-8080-exec-331] INFO=C2=A0 org.apache.solr.core.SolrCore=C2=A0 ?
[collection1] webapp=3D/solr path=3D/select
params=3D{q=3D*:*&amp;fq=3D(content_source:Alfresco+AND+alf_acls%253A%2528G=
ROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2B=
GROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-=
IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP=
_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServi=
ces%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+content_source:Sh=
arePoint&amp;AuthenticatedUserName=3D<a href=3D"mailto:ljangra@iwater.ie">l=
jangra@iwater.ie</a>}
hits=3D5245 status=3D0 QTime=3D103</span></p>

<br></div>Also for sharepoint only queries, if i try filter queries as belo=
w, i got no results.<br><br>(sharepoint_expression AND is_sharepoint)<br><b=
r><br>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">587320867
[http-bio-8080-exec-325] INFO=C2=A0
org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Trying to match docs fo=
r
user &#39;[:<a href=3D"mailto:ljangra@iwater.ie">ljangra@iwater.ie</a>]&#39=
;</span></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">587320868
[http-bio-8080-exec-325] INFO=C2=A0
org.apache.http.impl.client.DefaultHttpClient=C2=A0 ? I/O exception
(org.apache.http.NoHttpResponseException) caught when processing request: T=
he
target server failed to respond</span></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">587320869
[http-bio-8080-exec-325] INFO=C2=A0
org.apache.http.impl.client.DefaultHttpClient=C2=A0 ? Retrying request</spa=
n></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">587324291
[http-bio-8080-exec-325] INFO=C2=A0 org.apache.solr.mcf.ManifoldCFQParserPl=
ugin=C2=A0
? Saw authority response AUTHORIZED:SharePointAuthConnection</span></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">587324292
[http-bio-8080-exec-325] INFO=C2=A0 org.apache.solr.core.SolrCore=C2=A0 ?
[collection1] webapp=3D/solr path=3D/select
params=3D{indent=3Dtrue&amp;q=3D*:*&amp;_=3D1407823092895&amp;wt=3Djson&amp=
;fq=3D<a href=3D"mailto:content_source%3ASharePoint%2BAND%2BAuthenticatedUs=
erName%253Dljangra@iwater.ie">content_source:SharePoint+AND+AuthenticatedUs=
erName%3Dljangra@iwater.ie</a>&amp;AuthenticatedUserName=3D<a href=3D"mailt=
o:ljangra@iwater.ie">ljangra@iwater.ie</a>}
hits=3D0 status=3D0 QTime=3D3426</span></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">587338061
[http-bio-8080-exec-325] INFO=C2=A0
org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Default no-user respons=
e (open
documents only)</span></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">587338061
[http-bio-8080-exec-325] INFO=C2=A0 org.apache.solr.core.SolrCore=C2=A0 ?
[collection1] webapp=3D/solr path=3D/select
params=3D{indent=3Dtrue&amp;q=3D*:*&amp;_=3D1407823109996&amp;wt=3Djson&amp=
;fq=3D<a href=3D"mailto:content_source%3ASharePoint%2BAND%2BAuthenticatedUs=
erName%253Dljangra@iwater.ie">content_source:SharePoint+AND+AuthenticatedUs=
erName%3Dljangra@iwater.ie</a>}
hits=3D0 status=3D0 QTime=3D1</span></p><p class=3D"MsoNormal"><br><span st=
yle lang=3D"EN-IE"></span></p><p class=3D"MsoNormal"><span style lang=3D"EN=
-IE">But if i use </span>sharepoint_expression as below , get results for s=
ahrepoint only.<br>
</p><p class=3D"MsoNormal"><br></p><span style lang=3D"EN-IE">fq=3Dcontent_=
source:SharePoint&amp;version=3D2&amp;AuthenticatedUserName=3D<a href=3D"ma=
ilto:ljangra@iwater.ie">ljangra@iwater.ie</a><br><br></span><p class=3D"Mso=
Normal"></p>
<p class=3D"MsoNormal">

</p><p class=3D"MsoNormal"><span style lang=3D"EN-IE">589523637
[http-bio-8080-exec-260] INFO=C2=A0
org.apache.solr.mcf.ManifoldCFQParserPlugin=C2=A0 ? Trying to match docs fo=
r
user &#39;[:<a href=3D"mailto:ljangra@iwater.ie">ljangra@iwater.ie</a>]&#39=
;</span></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">589523639
[http-bio-8080-exec-260] INFO=C2=A0
org.apache.http.impl.client.DefaultHttpClient=C2=A0 ? I/O exception (org.ap=
ache.http.NoHttpResponseException)
caught when processing request: The target server failed to respond</span><=
/p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">589523639
[http-bio-8080-exec-260] INFO=C2=A0
org.apache.http.impl.client.DefaultHttpClient=C2=A0 ? Retrying request</spa=
n></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">589523698
[http-bio-8080-exec-260] INFO=C2=A0 org.apache.solr.mcf.ManifoldCFQParserPl=
ugin=C2=A0
? Saw authority response AUTHORIZED:SharePointAuthConnection</span></p>

<p class=3D"MsoNormal"><span style lang=3D"EN-IE">589523699
[http-bio-8080-exec-260] INFO=C2=A0 org.apache.solr.core.SolrCore=C2=A0 ?
[collection1] webapp=3D/solr path=3D/select
params=3D{sort=3Dscore+desc&amp;df=3Dtext&amp;q=3D&quot;lalit&quot;&amp;q.o=
p=3DOR&amp;wt=3Djavabin&amp;qt=3D/select&amp;fq=3Dcontent_source:SharePoint=
&amp;version=3D2&amp;AuthenticatedUserName=3D<a href=3D"mailto:ljangra@iwat=
er.ie">ljangra@iwater.ie</a>}
hits=3D35 status=3D0 QTime=3D62</span></p>

<p></p>

<br><div><div><div><div><div><div><div class=3D"gmail_extra">What i assume =
is whatever is passed with <span style lang=3D"EN-IE">AuthenticatedUserName=
 variable, it is compared with stored ACLs in index and accordingly results=
 are displayed.<br>
<br>Please suggest.<br><br></span></div><div class=3D"gmail_extra"><span st=
yle lang=3D"EN-IE">regards.<br><br></span></div><div class=3D"gmail_extra">=
<br><div class=3D"gmail_quote">On Mon, Aug 11, 2014 at 10:59 PM, Karl Wrigh=
t <span dir=3D"ltr">&lt;<a href=3D"mailto:daddywri@gmail.com" target=3D"_bl=
ank">daddywri@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div><di=
v>Hi Lalit,<br><br>First, if both Alfresco and SharePoint documents are ind=
exed with the same MCF instance, then you do<br>
not need to play games like this.=C2=A0 You only need the one query that th=
e MCF solr plugin generates.<br>
<br>If that&#39;s not the case, then what you want are two separate clauses=
 where one matches Alfresco documents and one clause that matches SharePoin=
t documents.=C2=A0 The expression therefore would look like this:<br><br></=
div>

<div>(alfresco_expression AND is_alfresco) OR (sharepoint_expression AND is=
_sharepoint)<br><br><br></div>It cannot look like this and work:<br><br></d=
iv><div>(alfresco_expression OR sharepoint_expression) OR is_sharepoint<br>

<br></div><div>That is nonsensical.<span class=3D""><font color=3D"#888888"=
><br></font></span></div><span class=3D""><font color=3D"#888888"><div>Karl=
<br><br></div></font></span></div><div class=3D""><div class=3D"h5"><div cl=
ass=3D"gmail_extra">
<br><br><div class=3D"gmail_quote">On Mon, Aug 11, 2014 at 1:22 PM, lalit j=
angra <span dir=3D"ltr">&lt;<a href=3D"mailto:lalit.j.jangra@gmail.com" tar=
get=3D"_blank">lalit.j.jangra@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><p dir=3D"ltr">Thanks Kar=
l,</p>
<p dir=3D"ltr">In this query i am searching for results in both alfresco an=
d SharePoint. So before OR i am checking for alfresco ACLs and post OR i am=
 checking for SharePoint ACLs by supplying authenticatedusername .Hence OR =
facilitates here for both options.</p>

<div><div>

<div class=3D"gmail_quote">On Aug 11, 2014 10:44 PM, &quot;Karl Wright&quot=
; &lt;<a href=3D"mailto:daddywri@gmail.com" target=3D"_blank">daddywri@gmai=
l.com</a>&gt; wrote:<br type=3D"attribution"><blockquote class=3D"gmail_quo=
te" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204=
);padding-left:1ex">


<div dir=3D"ltr"><div><div><div>Hi Lalit,<br><br></div>Have a look at this =
query:<br><br>522471481 [http-bio-8080-exec-238] INFO=C2=A0 org.apache.solr=
.core.SolrCore=C2=A0 ? [collection1] webapp=3D/solr path=3D/select params=
=3D{sort=3Dscore+desc&amp;df=3Dtext&amp;q=3D&quot;blue&quot;&amp;q.op=3DOR&=
amp;wt=3Djavabin&amp;qt=3D/select&amp;fq=3D(content_source:Alfresco+AND+alf=
_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_=
EMAIL_CONTRIBUTORS%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350=
e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_ExtendedWriters3e7350e3-ab94-4e=
cc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-CTX-IWDesktop%2BOR%2BGROUP_GLS-IW-=
CTX-IWStandardUsers%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Se=
rver-Admins%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices=
_SiteManager%2BOR%2BGROUP_site_asset-investment%2BOR%2BGROUP_site_asset-inv=
estment_SiteManager%2BOR%2BGROUP_site_asset-management%2BOR%2BGROUP_site_as=
set-management_SiteConsumer%2BOR%2BGROUP_site_asset-programmes%2BOR%2BGROUP=
_site_asset-programmes_SiteCollaborator%2BOR%2BGROUP_site_asset-programmes_=
SiteManager%2BOR%2BGROUP_site_asset-strategy%2BOR%2BGROUP_site_asset-strate=
gy_SiteManager%2BOR%2BGROUP_site_capa%2BOR%2BGROUP_site_capa_SiteManager%2B=
OR%2BGROUP_site_capital-delivery%2BOR%2BGROUP_site_capital-delivery_SiteCon=
sumer%2BOR%2BGROUP_site_communications%2BOR%2BGROUP_site_communications_Sit=
eManager%2BOR%2BGROUP_site_customer-contacts%2BOR%2BGROUP_site_customer-con=
tacts_SiteManager%2BOR%2BGROUP_site_hazcon%2BOR%2BGROUP_site_hazcon_SiteMan=
ager%2BOR%2BGROUP_site_human-resources%2BOR%2BGROUP_site_human-resources_Si=
teCollaborator%2BOR%2BGROUP_site_incident-management%2BOR%2BGROUP_site_inci=
dent-management_SiteManager%2BOR%2BGROUP_site_invoices%2BOR%2BGROUP_site_in=
voices_SiteManager%2BOR%2BGROUP_site_iwcontracts%2BOR%2BGROUP_site_iwcontra=
cts_SiteManager%2BOR%2BGROUP_site_iwproject%2BOR%2BGROUP_site_iwproject_Sit=
eManager%2BOR%2BGROUP_site_iwprojects%2BOR%2BGROUP_site_iwprojects_SiteMana=
ger%2BOR%2BGROUP_site_operations-and-maintenance%2BOR%2BGROUP_site_operatio=
ns-and-maintenance_SiteManager%2BOR%2BGROUP_site_region-connaught-and-ulste=
r%2BOR%2BGROUP_site_region-connaught-and-ulster_SiteCollaborator%2BOR%2BGRO=
UP_site_region-east-and-midlands%2BOR%2BGROUP_site_region-east-and-midlands=
_SiteCollaborator%2BOR%2BGROUP_site_region-south-la-file-share%2BOR%2BGROUP=
_site_region-south-la-file-share_SiteCollaborator%2BOR%2BGROUP_site_rm%2BOR=
%2BGROUP_site_rm_SiteManager%2BOR%2BGROUP_site_site-water-investment-approv=
als-committee%2BOR%2BGROUP_site_site-water-investment-approvals-committee_S=
iteCollaborator%2BOR%2BGROUP_site_test-public%2BOR%2BGROUP_site_test-public=
_SiteManager%2BOR%2BGROUP_site_testing-private%2BOR%2BGROUP_site_testing-pr=
ivate_SiteManager%2529)+OR+content_source:SharePoint&amp;version=3D2&amp;Au=
thenticatedUserName=3D<a href=3D"mailto:vchauhan@iwater.ie" target=3D"_blan=
k">vchauhan@iwater.ie</a>} hits=3D11 status=3D0 QTime=3D10<br>



<br><br></div>Note the following at the very end of the fq field: &quot;+OR=
+content_source:SharePoint&quot;.=C2=A0 That will basically disable the ent=
ire rest of the filter and permit ALL documents through that were indexed b=
y SharePoint.=C2=A0 It should be &quot;+AND+content_source:SharePoint&quot;=
.<br>



<br></div>Karl<br><br></div><div class=3D"gmail_extra"><br><br><div class=
=3D"gmail_quote">On Mon, Aug 11, 2014 at 1:05 PM, lalit jangra <span dir=3D=
"ltr">&lt;<a href=3D"mailto:lalit.j.jangra@gmail.com" target=3D"_blank">lal=
it.j.jangra@gmail.com</a>&gt;</span> wrote:<br>



<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><p dir=
=3D"ltr">Sure Karl,</p>
<p>Can you let me know what type of logs you need?I am attaching part of so=
lr.log for your reference.=C2=A0</p><p></p><p>Regards.<br></p><div><div><di=
v class=3D"gmail_quote">On Aug 11, 2014 9:42 PM, &quot;Karl Wright&quot; &l=
t;<a href=3D"mailto:daddywri@gmail.com" target=3D"_blank">daddywri@gmail.co=
m</a>&gt; wrote:<br type=3D"attribution">




<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir=3D"ltr"><div>Hi Lalit,<br><br></div>Are you sure you are using the=
 standard select query handler?=C2=A0 In order to convince me, you will nee=
d to enable appropriate Solr logging so I can see how a request is processe=
d and whether the MCF solr plugin is being called.<br>






<br>Karl<br><br></div><div class=3D"gmail_extra"><br><br><div class=3D"gmai=
l_quote">On Mon, Aug 11, 2014 at 11:59 AM, lalit jangra <span dir=3D"ltr">&=
lt;<a href=3D"mailto:lalit.j.jangra@gmail.com" target=3D"_blank">lalit.j.ja=
ngra@gmail.com</a>&gt;</span> wrote:<br>






<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div><di=
v><div><div><div><div>Thanks Karl,<br><br></div>Below are my comments.<br><=
br>




1. Your Solr query is in fact not hooked up to use the appropriate MCF Solr
 plugin, in which case no security whatsoever is being applied.<br></div>--=
- Below is snippet from solrconfig.xml from one of servers with MCF Solr pl=
ugin included and enabled with /select query handler which i am using for s=
earch. I assume i need not to provide full server name for <span lang=3D"EN=
-IE">AuthorityServiceBaseURL &amp; instead localhost will work fine.</span>=
<br>







=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=20

<p class=3D"MsoNormal"><span lang=3D"EN-IE">&lt;!--
ManifoldCF document security enforcement component --&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0
&lt;queryParser name=3D&quot;manifoldCFSecurity&quot;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0
class=3D&quot;org.apache.solr.mcf.ManifoldCFQParserPlugin&quot;&gt;</span><=
/p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0
&lt;str name=3D&quot;AuthorityServiceBaseURL&quot;&gt;<a href=3D"http://loc=
alhost:80/mcf-authority-service%3c/str" target=3D"_blank">http://localhost:=
80/mcf-authority-service&lt;/str</a>&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0
&lt;int name=3D&quot;ConnectionPoolSize&quot;&gt;50&lt;/int&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0
&lt;/queryParser&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0
&lt;!-- ManifoldCF document security enforcement component --&gt;</span></p=
>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0
&lt;searchComponent name=3D&quot;manifoldCFSecurity&quot;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0
class=3D&quot;org.apache.solr.mcf.ManifoldCFSearchComponent&quot;&gt;</span=
></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0
&lt;str name=3D&quot;AuthorityServiceBaseURL&quot;&gt;<a href=3D"http://loc=
alhost:80/mcf-authority-service%3c/str" target=3D"_blank">http://localhost:=
80/mcf-authority-service&lt;/str</a>&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0
&lt;int name=3D&quot;ConnectionPoolSize&quot;&gt;50&lt;/int&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0
&lt;/searchComponent&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0
&lt;requestHandler name=3D&quot;/select&quot;
class=3D&quot;solr.SearchHandler&quot;&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0=C2=A0
&lt;lst name=3D&quot;defaults&quot;&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0
&lt;str name=3D&quot;echoParams&quot;&gt;explicit&lt;/str&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0
&lt;int name=3D&quot;rows&quot;&gt;10000&lt;/int&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0
&lt;str name=3D&quot;df&quot;&gt;text&lt;/str&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0=C2=A0
&lt;/lst&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0
&lt;lst name=3D&quot;appends&quot;&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
&lt;str name=3D&quot;fq&quot;&gt;{!manifoldCFSecurity}&lt;/str&gt;</span></=
p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0
&lt;/lst&gt;</span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0 &lt;/requestHandler&gt;<=
/span></p>

<p class=3D"MsoNormal"><span lang=3D"EN-IE">=C2=A0</span></p><p class=3D"Ms=
oNormal"><span lang=3D"EN-IE">Below is one of queries built for same using =
</span><span lang=3D"EN-IE">AuthenticatedUserName</span><br><span lang=3D"E=
N-IE"></span></p>







<p class=3D"MsoNormal"><br></p><p class=3D"MsoNormal">

</p><p class=3D"MsoNormal"><span lang=3D"EN-IE">q=3D%22blue%22&amp;q.op=3DO=
R&amp;df=3Dtext&amp;qt=3D%2Fselect&amp;sort=3Dscore+desc&amp;fq=3Dcontent_s=
ource%3ASharePoint&amp;AuthenticatedUserName=3Dljangra%<a href=3D"http://40=
iwater.ie" target=3D"_blank">40iwater.ie</a></span></p>









<p></p>

<br>2. You are supposed to be able to see the documents, but the URL Manifo=
ldCF
 is generating does not permit you to log into SharePoint for some=20
reason.<br></div>-- If i go to the location of the search result, i am not =
able to see any document available there for me as per my permissions.<br><=
br>3. You indexed the documents with security &quot;off&quot;, and so no se=
curity information was attached to the documents in Solr.<br>







</div>--- I have enabled security before starting the job as below. <br><im=
g alt=3D""><br>
<br></div>Please suggest.<br><br></div>Regards.<br></div><div class=3D"gmai=
l_extra"><div><div><br><br><div class=3D"gmail_quote">On Mon, Aug 11, 2014 =
at 5:17 PM, Karl Wright <span dir=3D"ltr">&lt;<a href=3D"mailto:daddywri@gm=
ail.com" target=3D"_blank">daddywri@gmail.com</a>&gt;</span> wrote:<br>







<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div><di=
v>Hi Lalit,<br><br></div>There are a number of possibilities.=C2=A0 You wil=
l need to do some investigation to figure out which one it is.=C2=A0 Here a=
re the possibilities I see:<br>







<br></div><div>(1) Your Solr query is in fact not hooked up to use the appr=
opriate MCF Solr plugin, in which case no security whatsoever is being appl=
ied.<br>
</div><div>(2) You are supposed to be able to see the documents, but the UR=
L ManifoldCF is generating does not permit you to log into SharePoint for s=
ome reason.<br></div><div>(3) You indexed the documents with security &quot=
;off&quot;, and so no security information was attached to the documents in=
 Solr.<br>








<br></div><div>Thanks,<br>Karl<br><br></div></div><div><div><div class=3D"g=
mail_extra"><br><br><div class=3D"gmail_quote">On Mon, Aug 11, 2014 at 7:30=
 AM, lalit jangra <span dir=3D"ltr">&lt;<a href=3D"mailto:lalit.j.jangra@gm=
ail.com" target=3D"_blank">lalit.j.jangra@gmail.com</a>&gt;</span> wrote:<b=
r>








<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div><di=
v><div>Hi,<br><br></div>I am using MCF 1.5.1 and crawling SharePoint 2010 l=
ist items. I have also placed MCF solr ACL plugin into solr instances and u=
pdated solrconfig.xml for same. I created a job to connect to SharePoint an=
d indexed list items in solr.<br>









<br></div>Next i am searching for content items from index and what i could=
 see is that i am able to see search results for content on which i do not =
have any access. I can see these content into search results but when i am =
trying to aceess these content , i can getting SharePoint access denied err=
or. Ideally if a user has no access to a content, he should not be see thes=
e content.<br>









<br></div>Am i missing anything here?<br clear=3D"all"><div><div><div><div>=
<br><div dir=3D"ltr">Regards,<br>Lalit.</div>
</div></div></div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br><br clear=3D"all"><br></div></div><span>=
<font color=3D"#888888">-- <br><div dir=3D"ltr">Regards,<br>Lalit.</div>
</font></span></div>
</blockquote></div><br></div>
</blockquote></div>
</div></div></div>
</blockquote></div><br></div>
</blockquote></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br><br clear=3D"all"><br>-- <br><div dir=3D=
"ltr">Regards,<br>Lalit.</div>
</div></div></div></div></div></div></div></div>

--bcaec50b4b345ff1a7050068ec8e--