[jira] [Commented] (CONNECTORS-1286) Solr Plugin: Add support for User Principal

Mon, 04 Apr 2016 08:13:43 -0700 

    [ 
https://issues.apache.org/jira/browse/CONNECTORS-1286?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15224309#comment-15224309
 ] 

Konstantin Avdeev commented on CONNECTORS-1286:
-----------------------------------------------

If the patch gets simplified as follows:
{code:java}
    if (rb.req.getUserPrincipal() != null) {
                domainMap.put("", rb.req.getUserPrincipal().getName();
    }
{code}
then the solr/jetty login parameter will NOT supercede all of the formal 
authenticated user parameters/domains passed into the component, but it will be 
simply added to the {{domainMap}}, if exist. And we would not need a new config 
parameter like {{AuthDomain}}, since any modifications of the user name (e.g. 
{{DOMAIN\USER}} -> {{[email protected]}}) can be achieved by the MCF mapping.

So, users, starting from Solr 5.3, would be able to configure a secure search 
out of the box then :)
What do you think? Thanks!

> Solr Plugin: Add support for User Principal
> -------------------------------------------
>
>                 Key: CONNECTORS-1286
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1286
>             Project: ManifoldCF
>          Issue Type: Improvement
>          Components: Solr-5.x component
>    Affects Versions: ManifoldCF 2.3
>            Reporter: Konrad Holl
>            Assignee: Karl Wright
>            Priority: Minor
>             Fix For: ManifoldCF 2.4
>
>
> I’m using ManifoldCF 2.3 with Solr 5.4.1 and the Velocity templating engine. 
> I needed to do searches with ACLs enabled and installed the plugin. 
> Unfortunately it is not possible to use the login information provided by 
> Jetty in the Solr plugin.
> As of Solr 5.3 it is possible to extract the authenticated user from the 
> SolrQueryRequest object: 
> http://lucene.apache.org/solr/5_3_0/solr-core/org/apache/solr/request/SolrQueryRequest.html#getUserPrincipal().
>  I added these lines to the code in 
> org.apache.solr.mcf.ManifoldCFSearchComponent before the evaluation of 
> parameters for authenticated user name:
> {code}
>     String authDomain = (String)args.get("AuthDomain");
>     if (rb.req.getUserPrincipal() != null) {
>                 domainMap.put("", rb.req.getUserPrincipal().getName() + 
> ((authDomain == null) ? "" : "@" + authDomain));
>     }
>     else {
>       // Get the authenticated user name from the parameters
> {code}
> I also needed an additional setting “authDomain” in the search component 
> configuration (solrconfig.xml). Now I can use Velocity even for documents 
> with ACLs :o)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to