manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alejandro Calbazana <acalbaz...@gmail.com>
Subject Re: Solr Plugin
Date Thu, 20 Nov 2014 19:37:58 GMT
Hi Karl,

Sure.  I set up 2 auth connectors as JDBC.  In my example, I am dummying up
auth tokens for each,  The user is coming from a live table:

AuthConn1 is defined as:

User ID query: SELECT system_userid AS "$(IDCOLUMN)" FROM master.users
WHERE userid = UPPER($(USERNAME))
Auth token query: SELECT 1 from dual;

AuthConn2 is defined as:
User ID query: SELECT system_userid AS "$(IDCOLUMN)" FROM master.users
WHERE userid = UPPER($(USERNAME))
Auth token query: SELECT 2 from dual;

Here is example output using the above setup:

acalbaza@acalbaza-virtual-machine ~/src $ curl
http://localhost:8345/mcf/UserACLs?username=THOLLY2
AUTHORIZED:authConn2
TOKEN:authGroup:1
AUTHORIZED:authConn1
TOKEN:authGroup:1

I would expect:

AUTHORIZED:authConn2
TOKEN:authGroup:2
AUTHORIZED:authConn1
TOKEN:authGroup:1

Thanks,

Alejandro


On Thu, Nov 20, 2014 at 2:21 PM, Karl Wright <daddywri@gmail.com> wrote:

> Hi Alejandro,
>
> I'm having a bit of trouble from your email figuring out what your
> authorities are each doing.
>
> Within an authority group, each authority is consulted, and the list of
> tokens returned are added together.  So, for instance, if your authority
> group "mygroup" has two authorities in it A and B, both authorities are
> called, and the results are aggregated.  So if A returned tokens "A1" and
> "A2", and B returned tokens "B1" and "B2, you should see:
>
> TOKEN:mygroup:A1
> TOKEN:mygroup:A2
> TOKEN:mygroup:B1
> TOKEN:mygroup:B2
>
> The tokens returned are qualified with the authority group name, so there
> should definitely be a difference if you put authorities in one group vs.
> another.
>
> If I am not understanding the problem, please help by describing what the
> individual authorities in your group are supposed to be returning.
>
> Thanks,
> Karl
>
>
> On Thu, Nov 20, 2014 at 2:09 PM, Alejandro Calbazana <acalbazana@gmail.com
> > wrote:
>
>> Hi Karl,
>>
>> It looks like the Solr plugin is doing what it is supposed to.  I had
>> content that was not marked with any auth tokens.
>>
>> I do have a question about auth groups.  I noticed something that I did
>> not expect.  I added mutiple auth connectors to an auth group.  Each one
>> has a different underlying query.  The idea here is that each auth
>> connector returns a different set of tokens depending on the query.  What
>> I'm seeing is that the results are duplicated across auth connectors in the
>> group.  Is this what should happen?
>>
>> Here is an example of what I'm getting back:
>>
>> AUTHORIZED:authConn1
>> TOKEN:authGroup:A127839-1411291
>> TOKEN:authGroup:A127839-1413366
>> TOKEN:authGroup:A127839-1413038
>> AUTHORIZED:authConn2
>> TOKEN:authGroup:A127839-1411291
>> TOKEN:authGroup:A127839-1413366
>> TOKEN:authGroup:A127839-1413038
>>
>> What I expect:
>>
>> AUTHORIZED:authConn1
>> TOKEN:authGroup:A127839-1411291
>> AUTHORIZED:authConn2
>> TOKEN:authGroup:A127839-1411291
>> TOKEN:authGroup:A127839-1413366
>> TOKEN:authGroup:A127839-1413038
>>
>> It doesn't even matter if the auth connectors are placed in separate
>> groups.
>>
>> Thanks,
>>
>> Alejandro
>>
>>
>> On Fri, Nov 7, 2014 at 12:43 PM, Karl Wright <daddywri@gmail.com> wrote:
>>
>>> My suspicion, FWIW, is that you may either not have made all the solr
>>> schema field additions required, or you need to reindex because you added
>>> the security fields after running MCF.  But first let's be sure MCF is
>>> doing what you expect first.
>>>
>>> Karl
>>>
>>>
>>> On Fri, Nov 7, 2014 at 12:37 PM, Karl Wright <daddywri@gmail.com> wrote:
>>>
>>>> Hi Alejandro,
>>>>
>>>> The best way to see if an authority is working as expected is to use
>>>> curl, as follows:
>>>>
>>>> curl http://localhost:8345/mcf-authority-service/UserACLs?user=
>>>> <username>
>>>>
>>>> Can you do that in your case and post the tokens?  Thanks!
>>>>
>>>> Karl
>>>>
>>>>
>>>> On Fri, Nov 7, 2014 at 12:22 PM, Alejandro Calbazana <
>>>> acalbazana@gmail.com> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I've now have content indexed with auth tokens (thanks Karl).  I'm
>>>>> working out the Solr plugin so that I can enforce security.  It looks
like
>>>>> I have things lined up properly on the Solr side as I can see that Solr
>>>>> calls out to MCF to get auth tokens for the authorized user on incoming
>>>>> queries.  However, I also notice that I'm getting results back for
>>>>> unauthorized users.
>>>>>
>>>>> From the Solr side:
>>>>>
>>>>>
>>>>> 84665 [qtp2011579990-13] INFO
>>>>> org.apache.solr.mcf.ManifoldCFSearchComponent  – Trying to match docs
for
>>>>> user '[:ACALBAZA]'
>>>>> 84754 [qtp2011579990-13] INFO
>>>>> org.apache.solr.mcf.ManifoldCFSearchComponent  – Saw authority response
>>>>> AUTHORIZED:authGroupConnector
>>>>> 84758 [qtp2011579990-13] INFO  org.apache.solr.core.SolrCore  –
>>>>> [collection1] webapp=/solr path=/custom
>>>>> params={q=DE&AuthenticatedUserName=ACALBAZA} hits=116 status=0 QTime=93
>>>>> 84814 [qtp2011579990-11] INFO  org.apache.solr.core.SolrCore  –
>>>>> [collection1] webapp=/solr path=/admin/file
>>>>> params={file=/velocity/main.css&contentType=text/css} status=0 QTime=0
>>>>> 84815 [qtp2011579990-14] INFO  org.apache.solr.core.SolrCore  –
>>>>> [collection1] webapp=/solr path=/admin/file
>>>>> params={file=/velocity/jquery.autocomplete.css&contentType=text/css}
>>>>> status=0 QTime=0
>>>>> 84824 [qtp2011579990-13] INFO  org.apache.solr.core.SolrCore  –
>>>>> [collection1] webapp=/solr path=/admin/file
>>>>> params={file=/velocity/jquery.autocomplete.js&contentType=text/javascript}
>>>>> status=0 QTime=1
>>>>> 87632 [qtp2011579990-11] INFO
>>>>> org.apache.solr.mcf.ManifoldCFSearchComponent  – Trying to match docs
for
>>>>> user '[:FOO]'
>>>>> 87636 [qtp2011579990-11] INFO
>>>>> org.apache.solr.mcf.ManifoldCFSearchComponent  – Saw authority response
>>>>> USERNOTFOUND:authGroupConnector
>>>>> 87637 [qtp2011579990-11] INFO  org.apache.solr.core.SolrCore  –
>>>>> [collection1] webapp=/solr path=/custom
>>>>> params={q=DE&AuthenticatedUserName=FOO} hits=59 status=0 QTime=5
>>>>> 87683 [qtp2011579990-14] INFO  org.apache.solr.core.SolrCore  –
>>>>> [collection1] webapp=/solr path=/admin/file
>>>>> params={file=/velocity/main.css&contentType=text/css} status=0 QTime=0
>>>>> 87684 [qtp2011579990-13] INFO  org.apache.solr.core.SolrCore  –
>>>>> [collection1] webapp=/solr path=/admin/file
>>>>> params={file=/velocity/jquery.autocomplete.css&contentType=text/css}
>>>>> status=0 QTime=0
>>>>> 87684 [qtp2011579990-11] INFO  org.apache.solr.core.SolrCore  –
>>>>> [collection1] webapp=/solr path=/admin/file
>>>>> params={file=/velocity/jquery.autocomplete.js&contentType=text/javascript}
>>>>> status=0 QTime=0
>>>>>
>>>>> Any hints appreciated.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Alejandro
>>>>>
>>>>>
>>>>
>>>
>>
>

Mime
View raw message