manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Rhodes <motley.crue....@gmail.com>
Subject Re: Problem with Solr/ManifoldCF security filtering
Date Sun, 29 Oct 2017 00:39:36 GMT
Just to follow up on this:  if I hand craft a query to the MCF
authority service that looks like this:

http://manifoldcf.aws:8345/mcf-authority-service/UserACLs?username=Fred

I get back

AUTHORIZED:Null+authority+connection+for+testing
TOKEN:Null:Fred

which looks right to me, given what I know about this so far.

And "Null:Fred" matches what is getting put into the Solr documents.


Thanks,


Phil


This message optimized for indexing by NSA PRISM


On Sat, Oct 28, 2017 at 8:36 PM, Phillip Rhodes
<motley.crue.fan@gmail.com> wrote:
> MCF Gang:
>
> I've followed the instructions in the "ManifoldCF in Action" docs to
> setup security integration between ManifoldCF and Solr.  I've added
> the ManifoldCF SearchComponent to Solr, and I see that my indexed
> documents are getting allow_token_share, allow_token_parent,
> allow_token_share, etc. tokens added.
>
> But when I query with the MCF plugin added and the
> AuthenticatedUserName parameter added, I never get any results.
>
> I tried just with with username "Fred" and I see this in the solr logs:
>
> 2017-10-29 00:18:51.527 INFO  (qtp834133664-16) [   ]
> o.a.s.c.TransientSolrCoreCacheDefault Allocating transient cache for
> 2147483647\
>  transient cores
> 2017-10-29 00:18:52.742 INFO  (qtp834133664-15) [   ]
> o.a.s.s.HttpSolrCall [admin] webapp=null path=/admin/cores
> params={indexInfo=fa\
> lse&wt=json&_=1509236332203} status=0 QTime=6
> 2017-10-29 00:18:53.009 INFO  (qtp834133664-11) [   ]
> o.a.s.s.HttpSolrCall [admin] webapp=null path=/admin/info/system
> params={wt=jso\
> n&_=1509236332206} status=0 QTime=201
> 2017-10-29 00:19:14.349 INFO  (qtp834133664-16) [   x:gettingstarted]
> o.a.s.m.ManifoldCFSearchComponent Trying to match docs for user\
>  '[:Fred]'
> 2017-10-29 00:19:14.476 INFO  (qtp834133664-16) [   x:gettingstarted]
> o.a.s.m.ManifoldCFSearchComponent Saw authority response AUTHOR\
> IZED:Null+authority+connection+for+testing
> 2017-10-29 00:19:14.529 INFO  (qtp834133664-16) [   x:gettingstarted]
> o.a.s.c.S.Request [gettingstarted]  webapp=/solr path=/select p\
> arams={q=*:*&AuthenticatedUserName=Fred&indent=on&wt=xml&_=1509236332558}
> hits=0 status=0 QTime=228
>
> I can tell Solr is talking to the MCF authority service, because
> "Null+authority+connection+for+testing" is the description I used on
> the Manifold side.
>
> There are documents in the index that include fields like this:
>
> <doc> <arr name="allow_token_document"> <str>Null:Fred</str>
</arr>
> <arr name="title"> <str/> </arr> <str
> name="id">http://rss.cnn.com/~r/rss/cnn_world/~3/iTYAcfUavzM/orig-burger-king-bullying.cnn</str>
> <arr name="deny_token_document"> <str>Null:DEAD_AUTHORITY</str> </arr>
> <str name="stream_content_type">text/html; charset=utf-8</str> <str
> name="keywords">world, Burger King stands up to bullying - CNN
> Video</str> <str name="description">Burger King creates a PSA that
> asks their customers to take a closer look at bullying. </str> <str
> name="stream_name">docname</str> <str name="dc_title">Burger King
> stands up to bullying - CNN Video</str> <arr name="content_type">
> <str>text/html; charset=UTF-8</str> </arr> <long
> name="stream_size">489145</long> <str
> name="x_parsed_by">org.apache.tika.parser.DefaultParser
> org.apache.tika.parser.html.HtmlParser</str> <str
> name="stream_source_info">docname</str> <str
> name="resourcename">docname</str> <str
> name="fb_app_id">80401312489</str> <arr name="deny_token_parent">
> <str>__no_security__</str> </arr> <arr name="allow_token_share">
> <str>__no_security__</str> </arr> <arr name="deny_token_share">
> <str>__no_security__</str> </arr> <arr name="allow_token_parent">
> <str>__no_security__</str> </arr>
> ...
> ...
> </doc>
>
>
> But nonetheless, no results are returned.   I'm sure I'm missing
> something obvious here, but whatever it is is defeating me at the
> moment.
>
> The only thing I see that looks a little dodgy is this  "Trying to
> match docs for user '[:Fred]'"  given that the tokens look like
> "Null:Fred".
>
>
> Any ideas what the problem could be?
>
>
>
>
> Thanks,
>
>
> Phil

Mime
View raw message