Hi Lalit, Can you show me somehow some of the the ACLs that have been indexed with your documents? The only other potential issue might be that your repository connection(s) may not be part of the same authority groups as your authority connections. In that case, the indexed authority tokens will have a different prefix (e.g. SP+KW in one case, something else in the other).
Karl On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <[email protected]> wrote: > Hi Again, > > As per Karl's suggestion, i am now converting user from water.com\ljangra > to [email protected]. Also referring to > http://localhost:8345/mcf-authority-service/[email protected] > > > <http://localhost:8345/mcf-authority-service/[email protected]> > I can see below ACL. > > AUTHORIZED:SP+K+Conn > > TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra > > TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545 > > TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263 > > TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513 > > TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472 > > TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182 > > TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619 > > TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813 > > TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149 > > TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows > > > Still i am not able to see any results from query > > > http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&[email protected] > <http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&[email protected]> > . While debugging query i can see ACL doing fine. So i am confused why > its now working. Can you please help. > > > "parsed_filter_queries": [ > > "ConstantScore(+((+allow_token_share:__nosecurity__ > +deny_token_share:__nosecurity__) > allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra > -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra > allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545 > -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545 > allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263 > -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263 > allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513 > -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513 > allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472 > -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472 > allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182 > -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182 > allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619 > -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619 > allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813 > -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813 > allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149 > -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149 > allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows > -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows) > +((+allow_token_document:__nosecurity__ > +deny_token_document:__nosecurity__) > allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra > -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra > allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545 > -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545 > allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263 > -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263 > allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513 > -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513 > allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472 > -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472 > allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182 > -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182 > allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619 > -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619 > allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813 > -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813 > allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149 > -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149 > allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows > -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))" > > ], > > > Finally solr.log also seems to be fine. > > > INFO - 2014-06-13 11:38:19.862; > org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying > to match docs for user '[:[email protected]]' > > INFO - 2014-06-13 11:38:19.909; > org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw > authority response AUTHORIZED:SP+K+Conn > > INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore; > [collection1] webapp=/solr path=/select > params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName= > [email protected]} hits=0 status=0 QTime=47 > > > Regards. > > > On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <[email protected]> wrote: > >> Hi Lalit, >> >> It makes more sense to use appends section rather than defaults section >> when defining mcf query parser plugin in fq parameter. >> >> <lst name="appends"> >> <str name="fq">{!manifoldCFSecurity}</str> >> </lst> >> >> >> >> >> On Friday, June 13, 2014 12:51 AM, lalit jangra < >> [email protected]> wrote: >> >> >> Hi Ahmet, >> >> I have configured solrconfig.xml as per your suggestion. >> >> <requestHandler name="/select" class="solr.SearchHandler"> >> <!-- default values for query parameters can be specified, these >> will be overridden by parameters in the request >> --> >> <lst name="defaults"> >> <str name="echoParams">explicit</str> >> <int name="rows">1000</int> >> <str name="df">text</str> >> <str name="fq">{!manifoldCFSecurity}</str> >> </lst> >> .... >> </requestHandler> >> >> >> Next i am running a job which indexes sharepoint content in solr but when >> i am searching in solr, i am getting not results & getting >> UNREACHABLEAUTHORITY message. >> >> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy; >> SolrDeletionPolicy.onCommit: commits: num=2 >> >> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index >> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846; >> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1} >> >> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index >> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846; >> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2} >> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy; >> newest commit generation = 2 >> INFO - 2014-06-12 22:22:29.960; >> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0 main >> INFO - 2014-06-12 22:22:29.975; >> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush >> INFO - 2014-06-12 22:22:29.975; >> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending >> requests to Searcher@5ac787b0 >> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)} >> INFO - 2014-06-12 22:22:29.975; >> org.apache.solr.core.QuerySenderListener; QuerySenderListener done. >> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore; >> [collection1] Registered new searcher Searcher@5ac787b0 >> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)} >> INFO - 2014-06-12 22:22:29.975; >> org.apache.solr.update.processor.LogUpdateProcessor; [collection1] >> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2} >> {commit=} 0 265 >> INFO - 2014-06-12 22:22:35.663; >> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null >> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0 >> QTime=0 >> INFO - 2014-06-12 22:22:35.741; >> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null >> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15 >> INFO - 2014-06-12 22:22:36.960; >> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default >> no-user response (open documents only) >> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore; >> [collection1] webapp=/solr path=/select >> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16 >> INFO - 2014-06-12 22:22:40.569; >> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying >> to match docs for user '[:[email protected]]' >> INFO - 2014-06-12 22:22:40.726; >> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw >> authority response UNREACHABLEAUTHORITY:SsharepointAuthority >> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore; >> [collection1] webapp=/solr path=/select >> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName= >> [email protected]} hits=0 status=0 QTime=157 >> >> UNREACHABLEAUTHORITY means name of an authority that was found to be >> unreachable or unusable but i am having same authority working fine in MCF. >> >> >> Please help. >> >> Regards. >> >> >> >> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <[email protected]> wrote: >> >> Hi Karl, >> >> May be we should use >> >> <requestHandler name="/select" class="solr.SearchHandler"> >> >> in >> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt >> >> To avoid confusion? >> >> What do you think? >> >> >> On Thursday, June 12, 2014 11:12 PM, Karl Wright <[email protected]> >> wrote: >> >> >> What does your solrconfig.xml file look like? >> Karl >> >> >> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <[email protected]> >> wrote: >> >> Hi Ahmet, >> >> I tried the way you suggested but its not working. My solr query is as >> below. >> >> >> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&[email protected] >> >> Whatever name i am passing as AuthenticatedUserName, it returning all >> results. >> >> I have indexed my documents using mcf-solr plugin using instructions @ >> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt. >> Below are some of ACL stored in solr. Am i missing something? >> >> "_version_": 1470562493875093500, >> "allow_token_share": [ >> "__nosecurity__" >> ], >> "deny_token_share": [ >> "__nosecurity__" >> ] >> }, >> { >> "content_name": "Alfresco-in-an-Hour.pdf" >> "deny_token_document": [ >> "SP+Group:DEAD_AUTHORITY" >> ], >> "allow_token_document": [ >> "SP+Group:GTest+lalit+Portal+Visitors", >> "SP+Group:GTest+lalit+Portal+Owners", >> "SP+Group:GRestricted+Readers", >> "SP+Group:GTest+lalit+Administrators", >> "SP+Group:GTest+lalit+Portal+Members", >> "SP+Group:Uc%3A0%28.s%7Ctrue", >> "SP+Group:GHierarchy+Managers", >> "SP+Group:GApprovers", >> "SP+Group:GViewers", >> "SP+Group:GDesigners" >> ], >> "content_modified_date": "2014-06-04T00:00:00Z", >> >> >> >> SDD >> >> >> "_version_": 1470564182244982800 >> }, >> { >> "deny_token_share": [ >> "AD+Group:DEAD_AUTHORITY" >> ], >> "content_name": "hekko.txt", >> "content_modifier": "iwater.ie\\ljangra", >> "deny_token_document": [ >> "AD+Group:DEAD_AUTHORITY" >> ], >> "id": " >> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt", >> "allow_token_document": [ >> "AD+Group:S-1-5-18", >> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088", >> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147", >> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148", >> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149", >> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150", >> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217", >> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154", >> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005", >> "AD+Group:S-1-5-32-544" >> ], >> >> "allow_token_share": [ >> "AD+Group:S-1-1-0", >> "AD+Group:S-1-5-32-544" >> ], >> >> >> CMIS >> >> "allow_token_share": [ >> "__nosecurity__" >> ], >> "deny_token_document": [ >> "__nosecurity__" >> ], >> "deny_token_share": [ >> "__nosecurity__" >> ], >> "allow_token_document": [ >> "__nosecurity__" >> ] >> >> Regards. >> >> >> >> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <[email protected]> wrote: >> >> Hi, >> >> As documented here >> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt >> >> "At a minimum, AuthenticatedUserName must be present in order" >> >> >> This is a URL parameter, just like Solr params. Here is an example. >> >> >> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&[email protected]&facet=on&facet.field=Content-Type >> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&[email protected]&facet=on&facet.field=Content-Type> >> >> >> On Thursday, June 12, 2014 4:28 PM, lalit jangra < >> [email protected]> wrote: >> >> >> Hi All, >> >> As continuing from >> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html >> as per Ahmet's suggestion. >> >> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed >> into solr indexes. >> >> Now i want to write Solr query to put a user's permission details into in >> it which can be compared to ACL stored in solr and only those results will >> be returned to user on which he has been assigned ACL. >> >> How can i do this? Can i use MCF filter below here or do i need to >> write custom query for my need? >> >> <requestHandler name="search" class="solr.SearchHandler" default="true"> >> <lst name="appends"> >> <str name="fq">{!manifoldCFSecurity}</str> >> </lst> >> </requestHandler> >> >> Please help. >> >> Regards, >> Lalit Jangra. >> >> >> >> >> >> -- >> Regards, >> Lalit Jangra. >> >> >> >> >> >> >> >> -- >> Regards, >> Lalit Jangra. >> >> >> > > > -- > Regards, > Lalit Jangra. >
