Hi Lalit,
Have a look at this query:
522471481 [http-bio-8080-exec-238] INFO org.apache.solr.core.SolrCore ?
[collection1] webapp=/solr path=/select
params={sort=score+desc&df=text&q="blue"&q.op=OR&wt=javabin&qt=/select&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EMAIL_CONTRIBUTORS%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_ExtendedWriters3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-CTX-IWDesktop%2BOR%2BGROUP_GLS-IW-CTX-IWStandardUsers%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteManager%2BOR%2BGROUP_site_asset-investment%2BOR%2BGROUP_site_asset-investment_SiteManager%2BOR%2BGROUP_site_asset-management%2BOR%2BGROUP_site_asset-management_SiteConsumer%2BOR%2BGROUP_site_asset-programmes%2BOR%2BGROUP_site_asset-programmes_SiteCollaborator%2BOR%2BGROUP_site_asset-programmes_SiteManager%2BOR%2BGROUP_site_asset-strategy%2BOR%2BGROUP_site_asset-strategy_SiteManager%2BOR%2BGROUP_site_capa%2BOR%2BGROUP_site_capa_SiteManager%2BOR%2BGROUP_site_capital-delivery%2BOR%2BGROUP_site_capital-delivery_SiteConsumer%2BOR%2BGROUP_site_communications%2BOR%2BGROUP_site_communications_SiteManager%2BOR%2BGROUP_site_customer-contacts%2BOR%2BGROUP_site_customer-contacts_SiteManager%2BOR%2BGROUP_site_hazcon%2BOR%2BGROUP_site_hazcon_SiteManager%2BOR%2BGROUP_site_human-resources%2BOR%2BGROUP_site_human-resources_SiteCollaborator%2BOR%2BGROUP_site_incident-management%2BOR%2BGROUP_site_incident-management_SiteManager%2BOR%2BGROUP_site_invoices%2BOR%2BGROUP_site_invoices_SiteManager%2BOR%2BGROUP_site_iwcontracts%2BOR%2BGROUP_site_iwcontracts_SiteManager%2BOR%2BGROUP_site_iwproject%2BOR%2BGROUP_site_iwproject_SiteManager%2BOR%2BGROUP_site_iwprojects%2BOR%2BGROUP_site_iwprojects_SiteManager%2BOR%2BGROUP_site_operations-and-maintenance%2BOR%2BGROUP_site_operations-and-maintenance_SiteManager%2BOR%2BGROUP_site_region-connaught-and-ulster%2BOR%2BGROUP_site_region-connaught-and-ulster_SiteCollaborator%2BOR%2BGROUP_site_region-east-and-midlands%2BOR%2BGROUP_site_region-east-and-midlands_SiteCollaborator%2BOR%2BGROUP_site_region-south-la-file-share%2BOR%2BGROUP_site_region-south-la-file-share_SiteCollaborator%2BOR%2BGROUP_site_rm%2BOR%2BGROUP_site_rm_SiteManager%2BOR%2BGROUP_site_site-water-investment-approvals-committee%2BOR%2BGROUP_site_site-water-investment-approvals-committee_SiteCollaborator%2BOR%2BGROUP_site_test-public%2BOR%2BGROUP_site_test-public_SiteManager%2BOR%2BGROUP_site_testing-private%2BOR%2BGROUP_site_testing-private_SiteManager%2529)+OR+content_source:SharePoint&version=2&AuthenticatedUserName=
[email protected]} hits=11 status=0 QTime=10
Note the following at the very end of the fq field:
"+OR+content_source:SharePoint". That will basically disable the entire
rest of the filter and permit ALL documents through that were indexed by
SharePoint. It should be "+AND+content_source:SharePoint".
Karl
On Mon, Aug 11, 2014 at 1:05 PM, lalit jangra <[email protected]>
wrote:
> Sure Karl,
>
> Can you let me know what type of logs you need?I am attaching part of
> solr.log for your reference.
>
> Regards.
> On Aug 11, 2014 9:42 PM, "Karl Wright" <[email protected]> wrote:
>
>> Hi Lalit,
>>
>> Are you sure you are using the standard select query handler? In order
>> to convince me, you will need to enable appropriate Solr logging so I can
>> see how a request is processed and whether the MCF solr plugin is being
>> called.
>>
>> Karl
>>
>>
>>
>> On Mon, Aug 11, 2014 at 11:59 AM, lalit jangra <[email protected]>
>> wrote:
>>
>>> Thanks Karl,
>>>
>>> Below are my comments.
>>>
>>> 1. Your Solr query is in fact not hooked up to use the appropriate MCF
>>> Solr plugin, in which case no security whatsoever is being applied.
>>> --- Below is snippet from solrconfig.xml from one of servers with MCF
>>> Solr plugin included and enabled with /select query handler which i am
>>> using for search. I assume i need not to provide full server name for
>>> AuthorityServiceBaseURL
>>> & instead localhost will work fine.
>>>
>>>
>>> <!-- ManifoldCF document security enforcement component -->
>>>
>>> <queryParser name="manifoldCFSecurity"
>>>
>>> class="org.apache.solr.mcf.ManifoldCFQParserPlugin">
>>>
>>> <str name="AuthorityServiceBaseURL">
>>> http://localhost:80/mcf-authority-service</str>
>>>
>>> <int name="ConnectionPoolSize">50</int>
>>>
>>> </queryParser>
>>>
>>>
>>>
>>> <!-- ManifoldCF document security enforcement component -->
>>>
>>> <searchComponent name="manifoldCFSecurity"
>>>
>>> class="org.apache.solr.mcf.ManifoldCFSearchComponent">
>>>
>>> <str name="AuthorityServiceBaseURL">
>>> http://localhost:80/mcf-authority-service</str>
>>>
>>> <int name="ConnectionPoolSize">50</int>
>>>
>>> </searchComponent>
>>>
>>>
>>>
>>>
>>>
>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>
>>> <lst name="defaults">
>>>
>>> <str name="echoParams">explicit</str>
>>>
>>> <int name="rows">10000</int>
>>>
>>> <str name="df">text</str>
>>>
>>> </lst>
>>>
>>> <lst name="appends">
>>>
>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>
>>> </lst>
>>>
>>> </requestHandler>
>>>
>>>
>>>
>>> Below is one of queries built for same using AuthenticatedUserName
>>>
>>>
>>>
>>> q=%22blue%22&q.op=OR&df=text&qt=%2Fselect&sort=score+desc&fq=content_source%3ASharePoint&AuthenticatedUserName=ljangra%
>>> 40iwater.ie
>>>
>>>
>>> 2. You are supposed to be able to see the documents, but the URL
>>> ManifoldCF is generating does not permit you to log into SharePoint for
>>> some reason.
>>> -- If i go to the location of the search result, i am not able to see
>>> any document available there for me as per my permissions.
>>>
>>> 3. You indexed the documents with security "off", and so no security
>>> information was attached to the documents in Solr.
>>> --- I have enabled security before starting the job as below.
>>>
>>>
>>> Please suggest.
>>>
>>> Regards.
>>>
>>>
>>> On Mon, Aug 11, 2014 at 5:17 PM, Karl Wright <[email protected]> wrote:
>>>
>>>> Hi Lalit,
>>>>
>>>> There are a number of possibilities. You will need to do some
>>>> investigation to figure out which one it is. Here are the possibilities I
>>>> see:
>>>>
>>>> (1) Your Solr query is in fact not hooked up to use the appropriate MCF
>>>> Solr plugin, in which case no security whatsoever is being applied.
>>>> (2) You are supposed to be able to see the documents, but the URL
>>>> ManifoldCF is generating does not permit you to log into SharePoint for
>>>> some reason.
>>>> (3) You indexed the documents with security "off", and so no security
>>>> information was attached to the documents in Solr.
>>>>
>>>> Thanks,
>>>> Karl
>>>>
>>>>
>>>>
>>>> On Mon, Aug 11, 2014 at 7:30 AM, lalit jangra <[email protected]
>>>> > wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I am using MCF 1.5.1 and crawling SharePoint 2010 list items. I have
>>>>> also placed MCF solr ACL plugin into solr instances and updated
>>>>> solrconfig.xml for same. I created a job to connect to SharePoint and
>>>>> indexed list items in solr.
>>>>>
>>>>> Next i am searching for content items from index and what i could see
>>>>> is that i am able to see search results for content on which i do not have
>>>>> any access. I can see these content into search results but when i am
>>>>> trying to aceess these content , i can getting SharePoint access denied
>>>>> error. Ideally if a user has no access to a content, he should not be see
>>>>> these content.
>>>>>
>>>>> Am i missing anything here?
>>>>>
>>>>> Regards,
>>>>> Lalit.
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit.
>>>
>>
>>
