[ https://issues.apache.org/jira/browse/SOLR-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13112475#comment-13112475 ]
Karl Wright commented on SOLR-1895: ----------------------------------- Doing some debugging on the test yields no joy. Here's a chunk of the output (where I dump the security part of the query that is being applied): {code} [junit] ------------- Standard Error ----------------- [junit] +((-allow_token_share:* -deny_token_share:*) allow_token_share:token1 -deny_token_share:token1) +((-allow_token_document:* -deny_token_document:*) allow_token_document:token1 -deny_token_document:token1) [junit] 22/09/2011 08:26:50 ? org.apache.solr.SolrTestCaseJ4 assertQ [junit] SEVERE: REQUEST FAILED: xpath=//*[@numFound='3'] [junit] xml response was: <?xml version="1.0" encoding="UTF-8"?> [junit] <response> [junit] <lst name="responseHeader"><int name="status">0</int><int name="QTime">116</int><lst name="params"><str name="echoParams">all</str><str name="fl">id</str><str name="q">*:*</str><str name="qt">/mcf</str><str name="UserTokens">token1</str><str name="mcf">true</str></lst></lst><result name="response" numFound="0" start="0"></result> [junit] </response> {code} The query looks correct, and given the following data: {code} // | share | document // |--------------|-------------- // | allow | deny | allow | deny // ------------+-------+------+-------+------ // da12 | | | 1, 2 | // ------------+-------+------+-------+------ // da13-dd3 | | | 1,3 | 3 // ------------+-------+------+-------+------ // sa123-sd13 | 1,2,3 | 1, 3 | | // ------------+-------+------+-------+------ // sa3-sd1-da23| 3 | 1 | 2,3 | // ------------+-------+------+-------+------ // notoken | | | | // ------------+-------+------+-------+------ {code} ... I would indeed expect three documents to be returned by that query: da12, da13-dd3, and notoken. So I have to conclude that there's currently a bug in trunk in BooleanQuery. Is anybody looking at this? > ManifoldCF SearchComponent plugin for enforcing ManifoldCF security at search > time > ---------------------------------------------------------------------------------- > > Key: SOLR-1895 > URL: https://issues.apache.org/jira/browse/SOLR-1895 > Project: Solr > Issue Type: New Feature > Components: SearchComponents - other > Reporter: Karl Wright > Labels: document, security, solr > Fix For: 3.5, 4.0 > > Attachments: LCFSecurityFilter.java, LCFSecurityFilter.java, > LCFSecurityFilter.java, LCFSecurityFilter.java, > SOLR-1895-service-plugin.patch, SOLR-1895-service-plugin.patch, > SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch, SOLR-1895.patch, > SOLR-1895.patch, SOLR-1895.patch > > > I've written an LCF SearchComponent which filters returned results based on > access tokens provided by LCF's authority service. The component requires > you to configure the appropriate authority service URL base, e.g.: > <!-- LCF document security enforcement component --> > <searchComponent name="lcfSecurity" class="LCFSecurityFilter"> > <str > name="AuthorityServiceBaseURL">http://localhost:8080/lcf-authority-service</str> > </searchComponent> > Also required are the following schema.xml additions: > <!-- Security fields --> > <field name="allow_token_document" type="string" indexed="true" > stored="false" multiValued="true"/> > <field name="deny_token_document" type="string" indexed="true" > stored="false" multiValued="true"/> > <field name="allow_token_share" type="string" indexed="true" > stored="false" multiValued="true"/> > <field name="deny_token_share" type="string" indexed="true" stored="false" > multiValued="true"/> > Finally, to tie it into the standard request handler, it seems to need to run > last: > <requestHandler name="standard" class="solr.SearchHandler" default="true"> > <arr name="last-components"> > <str>lcfSecurity</str> > </arr> > ... > I have not set a package for this code. Nor have I been able to get it > reviewed by someone as conversant with Solr as I would prefer. It is my > hope, however, that this module will become part of the standard Solr 1.5 > suite of search components, since that would tie it in with LCF nicely. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org