The code that fetches the user IDs is here:

>>>>>>
  /**
  * Get the list of users that can see the specified issue.
  */
  public List<String> getUsers(String issueKey)
    throws IOException, ResponseException, ManifoldCFException {
    List<String> rval = new ArrayList<String>();
    long startAt = 0L;
    long setSize = 800L;
    while (true) {
      JiraUserQueryResults qr = new JiraUserQueryResults();
      getRest("user/viewissue/search?username=&issueKey="+URLEncoder.encode(issueKey)+"&maxResults=" + setSize + "&startAt=" + startAt, qr);
      qr.getNames(rval);
      startAt += setSize;
      if (rval.size() < startAt)
        break;
    }
    return rval;
  }
<<<<<<

This is sent using Basic Auth.  Offhand I can see a potential problem, which is that this seemingly assumes that the Jira query is allowed .  No user is sent.

Could you try this query directly aganst your JIRA server and let me know what you get back?

Karl


On Sun, Feb 4, 2018 at 5:59 PM, Karl Wright <daddywri@gmail.com> wrote:
Are both repository connections in the same authority group?

Karl


On Sun, Feb 4, 2018 at 5:55 PM, Damien Collis <Damien.Collis@aas.com.au> wrote:

Karl,

 

The following is reported in my solr logs (with some sanitisation of data).

The CIFS extract request to SOLR has the allow_token_document fields populated but these fields don’t exist in the JIRA extract request.

I’m not sure what might be missing, both are using the same output connection and security group.

 

 

CIFS EXTRACT

webapp=/solr path=/update/extract params={literal.lastModified=Wed+Mar+29+14:01:20+AEDT+2017

&literal.source=\\server\archive

&literal.allow_token_document=LinkGroup:S-1-1-0

&literal.allow_token_document=LinkGroup:S-1-5-21-????????????????????????????????????????

&literal.allow_token_document=LinkGroup:S-1-5-21-????????????????????????????????????????

&literal.allow_token_document=LinkGroup:S-1-5-21-????????????????????????????????????????

&literal.allow_token_document=LinkGroup:S-1-5-21-????????????????????????????????????????

&literal.createdOn=Fri+Mar+31+07:49:14+AEDT+2017

&commitWithin=5000

&resource.name= filename.xml

&literal.id=file://///server/ archive/2017/03/29/filename.xml

&literal.fileLastModified=2017-03-29T03:01:20.769Z

&version=2.2

&literal.fileCreatedOn=2017-03-30T20:49:14.164Z

&literal.deny_token_document=LinkGroup:DEAD_AUTHORITY

&literal.attributes=32

&literal.shareName= archive

&ignoreTikaException=true

&literal.last_modified_alt=2017-03-29T03:01:20.769Z

&wt=xml}{add=[file://///server/archive/ 2017/03/29/filename.xml (1591510847001198592)]} 0 46

 

 

JIRA EXTRACT

webapp=/solr path=/update/extract params={literal.project_avatarUrls_32x32=http://jira/secure/projectavatar?size%3Dmedium%26pid%3D10086%26avatarId%3D10137

&literal.assignee_timeZone=Australia/Sydney

&literal.customfield_12030_name=CUSTOMFIELDVALUE

&literal.customfield_10533_id=10743

&literal.customfield_10433_self=http://jira/rest/api/2/customFieldOption/10645

&literal.reporter_avatarUrls_48x48=http://jira/secure/useravatar?avatarId%3D10200

&literal.issuetype_subtask=true

&literal.attachment_author_displayName=Username

&literal.attachment_author_displayName=Username

&literal.creator_avatarUrls_16x16=http://jira/secure/useravatar?size%3Dxsmall%26avatarId%3D10200

&literal.resolution_id=1

&literal.parent_fields_status_name=Closed

&literal.issuetype_description=User+Acceptance+Testing

&literal.customfield_10533_self=http://jira/rest/api/2/customFieldOption/10743

&literal.customfield_10433_id=10645

&literal.watches_self=http://jira/rest/api/2/issue/REQ-1174/watchers

&literal.status_statusCategory_self=http://jira/rest/api/2/statuscategory/3

&literal.comment_maxResults=0

&literal.summary=ClassificationOfSummary

&literal.parent_fields_priority_id=4

&literal.priority_id=4

&literal.attachment_thumbnail=http://jira/secure/thumbnail/79798/_thumb_79798.png

&literal.attachment_thumbnail=http://jira/secure/thumbnail/78645/_thumb_78645.png

&literal.key=REQ-1174

&literal.parent_key=REQ-936

&literal.creator_active=true

&literal.status_statusCategory_key=done

&version=2.2

&literal.priority_self=http://jira/rest/api/2/priority/4

&literal.parent_fields_issuetype_name=Task

&literal.attachment_author_emailAddress=Username@email.address

&literal.attachment_author_emailAddress=Username@email.address

&literal.parent_fields_issuetype_subtask=false

&literal.project_projectCategory_name=BITS

&literal.customfield_10632=You+must+also+update+the+Proposed/Assigned+Release+for+any+linked+issues%0d%0a%0d%0a+

&literal.parent_fields_priority_name=P3

&literal.customfield_12030_id=96

&literal.parent_fields_summary=SUMMARY FIELD PARENT

&literal.attachment_author_avatarUrls_24x24=http://jira/secure/useravatar?size%3Dsmall%26avatarId%3D10200

&literal.attachment_author_avatarUrls_24x24=http://jira/secure/useravatar?size%3Dsmall%26avatarId%3D10200

&literal.resolution_description=The+issue+was+succesfully+completed+or+fixed

&literal.id=http://jira/browse/REQ-1174

&literal.reporter_timeZone=Australia/Sydney

&literal.customfield_10177_avatarUrls_24x24=http://jira/secure/useravatar?size%3Dsmall%26avatarId%3D10200

&literal.parent_fields_status_statusCategory_id=3

&literal.customfield_12730=0|i04szb:

&literal.worklog_startAt=0

&literal.project_id=10086

&literal.webUrl=http://jira/browse/REQ-1174

&literal.priority_iconUrl=http://jira/images/icons/priorities/jira.P3.jpg

&literal.assignee_active=true

&literal.reporter_self=http://jira/rest/api/2/user?username%3Duserid

&literal.creator_emailAddress=Username@email.address

&literal.status_id=6

&literal.parent_fields_status_statusCategory_key=done

&literal.aggregateprogress_progress=0

&literal.parent_fields_status_self=http://jira/rest/api/2/status/6

&literal.project_key=REQ

&literal.parent_fields_status_description=The+issue+is+considered+finished,+work+is+complete+and+changes+have+been+released.

&ignoreTikaException=true

&literal.creator_name=userid

&literal.priority_name=P3

&literal.customfield_11231=CUSTOMFIELD

&literal.parent_fields_status_id=6

&literal.customfield_10177_avatarUrls_16x16=http://jira/secure/useravatar?size%3Dxsmall%26avatarId%3D10200

&literal.customfield_10533_value=EPO

&literal.reporter_avatarUrls_24x24=http://jira/secure/useravatar?size%3Dsmall%26avatarId%3D10200

&literal.project_projectCategory_description=Business+and+IT+Shared+Project

&literal.attachment_author_avatarUrls_16x16=http://jira/secure/useravatar?size%3Dxsmall%26avatarId%3D10200

&literal.attachment_author_avatarUrls_16x16=http://jira/secure/useravatar?size%3Dxsmall%26avatarId%3D10200

&literal.reporter_active=true

&literal.issuetype_id=48

&literal.assignee_displayName=Username

&literal.status_iconUrl=http://jira/images/icons/statuses/closed.png

&literal.status_description=The+issue+is+considered+finished,+work+is+complete+and+changes+have+been+released.

&literal.parent_id=58726

&literal.updated=2013-08-23T11:43:39.000%2B1000

&literal.reporter_avatarUrls_32x32=http://jira/secure/useravatar?size%3Dmedium%26avatarId%3D10200

&literal.parent_fields_priority_self=http://jira/rest/api/2/priority/4

&literal.project_projectCategory_self=http://jira/rest/api/2/projectCategory/10112

&literal.comment_total=0

&literal.creator_displayName=Username

&literal.attachment_self=http://jira/rest/api/2/attachment/79798

&literal.attachment_self=http://jira/rest/api/2/attachment/78645

&literal.issuetype_self=http://jira/rest/api/2/issuetype/48

&literal.issuetype_iconUrl=http://jira/secure/viewavatar?size%3Dxsmall%26avatarId%3D15516%26avatarType%3Dissuetype

&literal.parent_fields_issuetype_avatarId=15518

&literal.customfield_10297=29/02/2011:+Data+Integrity+team+to+check+100%25+of+Investment+Switch+transactions

&literal.attachment_author_self=http://jira/rest/api/2/user?username%3Duserid

&literal.attachment_author_self=http://jira/rest/api/2/user?username%3Duserid

&literal.reporter_avatarUrls_16x16=http://jira/secure/useravatar?size%3Dxsmall%26avatarId%3D10200

&literal.parent_fields_issuetype_id=3

&literal.customfield_10299=18/01/2011+-+CustomFeild

&literal.attachment_author_key=userid

&literal.attachment_author_key=userid

&literal.attachment_size=177209

&literal.attachment_size=143348

&literal.reporter_name=userid

&literal.assignee_self=http://jira/rest/api/2/user?username%3Duserid

&literal.attachment_mimeType=image/jpeg

&literal.attachment_mimeType=image/jpeg

&literal.resolution_name=Completed

&literal.customfield_10177_avatarUrls_32x32=http://jira/secure/useravatar?size%3Dmedium%26avatarId%3D10200

&literal.attachment_id=79798

&literal.attachment_id=78645

&literal.parent_fields_status_statusCategory_name=Done

&literal.attachment_created=2013-08-23T11:43:12.000%2B1000

&literal.attachment_created=2013-08-19T15:08:40.000%2B1000

&literal.creator_avatarUrls_48x48=http://jira/secure/useravatar?avatarId%3D10200

&literal.customfield_10843=Awaiting+input

&literal.creator_self=http://jira/rest/api/2/user?username%3Duserid

&literal.customfield_10846=0.0

&literal.assignee_avatarUrls_32x32=http://jira/secure/useravatar?size%3Dmedium%26avatarId%3D10200

&literal.reporter_displayName=Username

&literal.watches_watchCount=1

&literal.attachment_author_avatarUrls_48x48=http://jira/secure/useravatar?avatarId%3D10200

&literal.attachment_author_avatarUrls_48x48=http://jira/secure/useravatar?avatarId%3D10200

&literal.source=http://jira

&literal.status_statusCategory_id=3

&literal.customfield_10177_avatarUrls_48x48=http://jira/secure/useravatar?avatarId%3D10200

&literal.customfield_10433_value=No

&literal.watches_isWatching=false

&literal.attachment_content=http://jira/secure/attachment/79798/No%2Bissue.jpg

&literal.attachment_content=http://jira/secure/attachment/78645/screenshot-1.jpg

&literal.parent_fields_status_iconUrl=http://jira/images/icons/statuses/closed.png

&literal.project_name=Requirements+Team

&literal.aggregateprogress_total=0

&literal.parent_self=http://jira/rest/api/2/issue/58726

&literal.attachment_author_timeZone=Australia/Sydney

&literal.attachment_author_timeZone=Australia/Sydney

&literal.resolution_self=http://jira/rest/api/2/resolution/1

&literal.resolutiondate=2013-08-23T11:43:39.000%2B1000

&literal.customfield_10177_timeZone=Australia/Sydney

&literal.status_self=http://jira/rest/api/2/status/6

&literal.attachment_author_avatarUrls_32x32=http://jira/secure/useravatar?size%3Dmedium%26avatarId%3D10200

&literal.attachment_author_avatarUrls_32x32=http://jira/secure/useravatar?size%3Dmedium%26avatarId%3D10200

&literal.progress_total=0

&literal.customfield_10177_active=true

&literal.customfield_10177_name=userid

&literal.self=http://jira/rest/api/2/issue/61034

&literal.comment_startAt=0

&literal.project_projectCategory_id=10112

&literal.customfield_12030_self=http://jira/rest/tempo-accounts/1/account/96

&literal.customfield_10177_displayName=Username

&literal.reporter_emailAddress=Username@email.address

&literal.customfield_10472= custmofield

&literal.parent_fields_issuetype_iconUrl=http://jira/secure/viewavatar?size%3Dxsmall%26avatarId%3D15518%26avatarType%3Dissuetype

&resource.name=docname

&literal.parent_fields_issuetype_description=A+task+that+needs+to+be+done.

&literal.issuetype_name=UAT

&literal.attachment_author_name=userid

&literal.attachment_author_name=userid

&literal.assignee_emailAddress=Username@email.address

&literal.assignee_name=userid

&literal.assignee_avatarUrls_48x48=http://jira/secure/useravatar?avatarId%3D10200

&literal.progress_progress=0

&literal.customfield_10177_key=userid

&literal.status_statusCategory_colorName=green

&literal.worklog_maxResults=20

&literal.project_avatarUrls_48x48=http://jira/secure/projectavatar?pid%3D10086%26avatarId%3D10137

&literal.worklog_total=0

&literal.workratio=-1

&literal.customfield_10467=<i>Click+on+Edit+to+add+or+update+Investigation+results.</i>

&literal.creator_key=userid

&literal.parent_fields_status_statusCategory_self=http://jira/rest/api/2/statuscategory/3

&literal.project_avatarUrls_16x16=http://jira/secure/projectavatar?size%3Dxsmall%26pid%3D10086%26avatarId%3D10137

&wt=xml

&literal.customfield_10177_emailAddress=Username@email.address

&literal.customfield_10461=<i>Click+on+Edit+to+add+or+update+Requirements.</i>

&literal.customfield_10462=<i>Click+on+Edit+to+add+or+update+Specifications.</i>

&commitWithin=5000

&literal.customfield_10463=<i>Click+on+Edit+to+add+or+update+Development+details.</i>

&literal.reporter_key=userid

&literal.created=2013-08-19T15:08:17.000%2B1000

&literal.customfield_12030_key=EPO020003

&literal.customfield_10464=<i>Click+on+Edit+to+add+or+update+Testing+details.</i>

&literal.status_statusCategory_name=Done

&literal.attachment_author_active=true

&literal.attachment_author_active=true

&literal.creator_avatarUrls_32x32=http://jira/secure/useravatar?size%3Dmedium%26avatarId%3D10200

&literal.assignee_avatarUrls_24x24=http://jira/secure/useravatar?size%3Dsmall%26avatarId%3D10200

&literal.project_self=http://jira/rest/api/2/project/10086

&literal.attachment_filename=No+issue.jpg

&literal.attachment_filename=screenshot-1.jpg

&literal.parent_fields_status_statusCategory_colorName=green

&literal.creator_timeZone=Australia/Sydney

&literal.status_name=Closed

&literal.project_avatarUrls_24x24=http://jira/secure/projectavatar?size%3Dsmall%26pid%3D10086%26avatarId%3D10137

&literal.issuetype_avatarId=15516

&literal.customfield_10455= customfield_10455_VALUE

&literal.assignee_avatarUrls_16x16=http://jira/secure/useravatar?size%3Dxsmall%26avatarId%3D10200

&literal.customfield_10177_self=http://jira/rest/api/2/user?username%3Duserid

&literal.creator_avatarUrls_24x24=http://jira/secure/useravatar?size%3Dsmall%26avatarId%3D10200

&literal.assignee_key= assignee_key_VALUE

&literal.parent_fields_issuetype_self=http://jira/rest/api/2/issuetype/3

&literal.parent_fields_priority_iconUrl=http://jira/images/icons/priorities/jira.P3.jpg}{add=[http://jira/browse/REQ-1174 (1591236990137794560)]} 0 9

 

 

 

 

Regards

Damien Collis
Team Leader – Systems Integration
Link Group


*
   Level 4, 1A Homebush Bay Drive, Rhodes NSW 2138
:
Email: damien.collis@linkgroup.com
(
Ph: +61 2 8571 5616

 

From: Karl Wright [mailto:daddywri@gmail.com]
Sent: Friday, 2 February 2018 5:24 PM
To: user@manifoldcf.apache.org
Subject: Re: How to extract JIRA authorities

 

All looks good; the token qualification should always take place in the output connection in any case.

 

So it looks like all the code is there and seems to be doing reasonable stuff.  The only question is whether you've got forced acls configured or not.

 

Karl

 

 

On Fri, Feb 2, 2018 at 1:18 AM, Karl Wright <daddywri@gmail.com> wrote:

Hi Damien,

 

The JIRA connector fetches users from JIRA and converts them to acls:

 

>>>>>> 

        if (acls == null) {

          // Get acls from issue

          List<String> users = getUsers(issueID);

          aclsToUse = (String[])users.toArray(new String[0]);

          java.util.Arrays.sort(aclsToUse);

        } else {

          aclsToUse = acls;

        }

<<<<<< 

 

and

>>>>>>

          // Turn into acls and add into description

          String[] denyAclsToUse;

          if (aclsToUse.length > 0)

            denyAclsToUse = new String[]{defaultAuthorityDenyToken};

          else

            denyAclsToUse = new String[0];

          rd.setSecurity(RepositoryDocument.SECURITY_TYPE_DOCUMENT,aclsToUse,denyAclsToUse);

<<<<<< 

 

This only happens if you don't have any "forced" acls set in the job specification (which would be set on the "Security" tab for the job), so be sure nothing is set there.

 

The only thing I don't see here is whether the user names so fetched are properly qualified with the relevant authority group.  That's also essential for this to work and I'll check that next.  But in any case you should see tokens indexed -- if not I'd look at your output connection and/or your index configuration.  If this is Solr you should see log info messages that include the tokens with every document.

 

Karl

 

 

On Fri, Feb 2, 2018 at 1:08 AM, Karl Wright <daddywri@gmail.com> wrote:

Hi Damien,

 

First, let me understand the problem.  You say you are seeing no authorization tokens being indexed at all, correct?  It sounds like you have the authority side configured properly.  You have confirmed that you are getting authority tokens back that you expect, it sounds like.  So the fact that there is (apparently) missing documentation for the Jira authority is not a problem for you at this time.

 

I'll have a look at the JIRA repository connector code to see how/where it sets authorization tokens and get back to you.

 

Karl

 

 

 

 

On Fri, Feb 2, 2018 at 12:48 AM, Damien Collis <Damien.Collis@aas.com.au> wrote:

Hi User Group,

 

I am successfully indexing a JIRA server with Manifoldcf 2.9.1 and Solr 7.1.0.

 

However I am unable to correctly configure the JIRA authorities.

 

I have successfully configured a JIRA Authority Connection associated with an Authority Group

I have successfully configured a User Mapping Connection to append the domain to the simple JIRA username.

I have tested the configuration with the http://manifoldcf/mcf-combined-service-2.9/UserACLs?username=username@domain.corp and receive:

   AUTHORIZED:Jira

   TOKEN:LinkGroup:collida

 

But I am not seeing any evidence of the authority values being extracted and passed to solr upon crawling.

 

The documentation states… “This repository connection type is meant to secure documents in conjunction with the Jira Authority Connection type. Please read the associated documentation to configure document security.”

 

But I am unsure where to find the “associated documentation”.

 

BTW, I have successfully extracted Authorities for a CIFS extraction (thanks to your responses from an earlier post)

 

Any assistance would be highly appreciated.

 

 

Regards

Damien Collis
Team Leader – Systems Integration
Link Group


*
   Level 4, 1A Homebush Bay Drive, Rhodes NSW 2138
:
Email: damien.collis@linkgroup.com
(
Ph: +61 2 8571 5616