Thanks Karl,
In this query i am searching for results in both alfresco and SharePoint.
So before OR i am checking for alfresco ACLs and post OR i am checking for
SharePoint ACLs by supplying authenticatedusername .Hence OR facilitates
here for both options.
On Aug 11, 2014 10:44 PM, "Karl Wright" <[email protected]> wrote:
> Hi Lalit,
>
> Have a look at this query:
>
> 522471481 [http-bio-8080-exec-238] INFO org.apache.solr.core.SolrCore ?
> [collection1] webapp=/solr path=/select
> params={sort=score+desc&df=text&q="blue"&q.op=OR&wt=javabin&qt=/select&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EMAIL_CONTRIBUTORS%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_ExtendedWriters3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-CTX-IWDesktop%2BOR%2BGROUP_GLS-IW-CTX-IWStandardUsers%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteManager%2BOR%2BGROUP_site_asset-investment%2BOR%2BGROUP_site_asset-investment_SiteManager%2BOR%2BGROUP_site_asset-management%2BOR%2BGROUP_site_asset-management_SiteConsumer%2BOR%2BGROUP_site_asset-programmes%2BOR%2BGROUP_site_asset-programmes_SiteCollaborator%2BOR%2BGROUP_site_asset-programmes_SiteManager%2BOR%2BGROUP_site_asset-strategy%2BOR%2BGROUP_site_asset-strategy_SiteManager%2BOR%2BGROUP_site_capa%2BOR%2BGROUP_site_capa_SiteManager%2BOR%2BGROUP_site_capital-delivery%2BOR%2BGROUP_site_capital-delivery_SiteConsumer%2BOR%2BGROUP_site_communications%2BOR%2BGROUP_site_communications_SiteManager%2BOR%2BGROUP_site_customer-contacts%2BOR%2BGROUP_site_customer-contacts_SiteManager%2BOR%2BGROUP_site_hazcon%2BOR%2BGROUP_site_hazcon_SiteManager%2BOR%2BGROUP_site_human-resources%2BOR%2BGROUP_site_human-resources_SiteCollaborator%2BOR%2BGROUP_site_incident-management%2BOR%2BGROUP_site_incident-management_SiteManager%2BOR%2BGROUP_site_invoices%2BOR%2BGROUP_site_invoices_SiteManager%2BOR%2BGROUP_site_iwcontracts%2BOR%2BGROUP_site_iwcontracts_SiteManager%2BOR%2BGROUP_site_iwproject%2BOR%2BGROUP_site_iwproject_SiteManager%2BOR%2BGROUP_site_iwprojects%2BOR%2BGROUP_site_iwprojects_SiteManager%2BOR%2BGROUP_site_operations-and-maintenance%2BOR%2BGROUP_site_operations-and-maintenance_SiteManager%2BOR%2BGROUP_site_region-connaught-and-ulster%2BOR%2BGROUP_site_region-connaught-and-ulster_SiteCollaborator%2BOR%2BGROUP_site_region-east-and-midlands%2BOR%2BGROUP_site_region-east-and-midlands_SiteCollaborator%2BOR%2BGROUP_site_region-south-la-file-share%2BOR%2BGROUP_site_region-south-la-file-share_SiteCollaborator%2BOR%2BGROUP_site_rm%2BOR%2BGROUP_site_rm_SiteManager%2BOR%2BGROUP_site_site-water-investment-approvals-committee%2BOR%2BGROUP_site_site-water-investment-approvals-committee_SiteCollaborator%2BOR%2BGROUP_site_test-public%2BOR%2BGROUP_site_test-public_SiteManager%2BOR%2BGROUP_site_testing-private%2BOR%2BGROUP_site_testing-private_SiteManager%2529)+OR+content_source:SharePoint&version=2&AuthenticatedUserName=
> [email protected]} hits=11 status=0 QTime=10
>
>
> Note the following at the very end of the fq field:
> "+OR+content_source:SharePoint". That will basically disable the entire
> rest of the filter and permit ALL documents through that were indexed by
> SharePoint. It should be "+AND+content_source:SharePoint".
>
> Karl
>
>
>
> On Mon, Aug 11, 2014 at 1:05 PM, lalit jangra <[email protected]>
> wrote:
>
>> Sure Karl,
>>
>> Can you let me know what type of logs you need?I am attaching part of
>> solr.log for your reference.
>>
>> Regards.
>> On Aug 11, 2014 9:42 PM, "Karl Wright" <[email protected]> wrote:
>>
>>> Hi Lalit,
>>>
>>> Are you sure you are using the standard select query handler? In order
>>> to convince me, you will need to enable appropriate Solr logging so I can
>>> see how a request is processed and whether the MCF solr plugin is being
>>> called.
>>>
>>> Karl
>>>
>>>
>>>
>>> On Mon, Aug 11, 2014 at 11:59 AM, lalit jangra <[email protected]
>>> > wrote:
>>>
>>>> Thanks Karl,
>>>>
>>>> Below are my comments.
>>>>
>>>> 1. Your Solr query is in fact not hooked up to use the appropriate MCF
>>>> Solr plugin, in which case no security whatsoever is being applied.
>>>> --- Below is snippet from solrconfig.xml from one of servers with MCF
>>>> Solr plugin included and enabled with /select query handler which i am
>>>> using for search. I assume i need not to provide full server name for
>>>> AuthorityServiceBaseURL
>>>> & instead localhost will work fine.
>>>>
>>>>
>>>> <!-- ManifoldCF document security enforcement component -->
>>>>
>>>> <queryParser name="manifoldCFSecurity"
>>>>
>>>> class="org.apache.solr.mcf.ManifoldCFQParserPlugin">
>>>>
>>>> <str name="AuthorityServiceBaseURL">
>>>> http://localhost:80/mcf-authority-service</str>
>>>>
>>>> <int name="ConnectionPoolSize">50</int>
>>>>
>>>> </queryParser>
>>>>
>>>>
>>>>
>>>> <!-- ManifoldCF document security enforcement component -->
>>>>
>>>> <searchComponent name="manifoldCFSecurity"
>>>>
>>>> class="org.apache.solr.mcf.ManifoldCFSearchComponent">
>>>>
>>>> <str name="AuthorityServiceBaseURL">
>>>> http://localhost:80/mcf-authority-service</str>
>>>>
>>>> <int name="ConnectionPoolSize">50</int>
>>>>
>>>> </searchComponent>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>
>>>> <lst name="defaults">
>>>>
>>>> <str name="echoParams">explicit</str>
>>>>
>>>> <int name="rows">10000</int>
>>>>
>>>> <str name="df">text</str>
>>>>
>>>> </lst>
>>>>
>>>> <lst name="appends">
>>>>
>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>
>>>> </lst>
>>>>
>>>> </requestHandler>
>>>>
>>>>
>>>>
>>>> Below is one of queries built for same using AuthenticatedUserName
>>>>
>>>>
>>>>
>>>> q=%22blue%22&q.op=OR&df=text&qt=%2Fselect&sort=score+desc&fq=content_source%3ASharePoint&AuthenticatedUserName=ljangra%
>>>> 40iwater.ie
>>>>
>>>>
>>>> 2. You are supposed to be able to see the documents, but the URL
>>>> ManifoldCF is generating does not permit you to log into SharePoint for
>>>> some reason.
>>>> -- If i go to the location of the search result, i am not able to see
>>>> any document available there for me as per my permissions.
>>>>
>>>> 3. You indexed the documents with security "off", and so no security
>>>> information was attached to the documents in Solr.
>>>> --- I have enabled security before starting the job as below.
>>>>
>>>>
>>>> Please suggest.
>>>>
>>>> Regards.
>>>>
>>>>
>>>> On Mon, Aug 11, 2014 at 5:17 PM, Karl Wright <[email protected]>
>>>> wrote:
>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> There are a number of possibilities. You will need to do some
>>>>> investigation to figure out which one it is. Here are the possibilities I
>>>>> see:
>>>>>
>>>>> (1) Your Solr query is in fact not hooked up to use the appropriate
>>>>> MCF Solr plugin, in which case no security whatsoever is being applied.
>>>>> (2) You are supposed to be able to see the documents, but the URL
>>>>> ManifoldCF is generating does not permit you to log into SharePoint for
>>>>> some reason.
>>>>> (3) You indexed the documents with security "off", and so no security
>>>>> information was attached to the documents in Solr.
>>>>>
>>>>> Thanks,
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Aug 11, 2014 at 7:30 AM, lalit jangra <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I am using MCF 1.5.1 and crawling SharePoint 2010 list items. I have
>>>>>> also placed MCF solr ACL plugin into solr instances and updated
>>>>>> solrconfig.xml for same. I created a job to connect to SharePoint and
>>>>>> indexed list items in solr.
>>>>>>
>>>>>> Next i am searching for content items from index and what i could see
>>>>>> is that i am able to see search results for content on which i do not
>>>>>> have
>>>>>> any access. I can see these content into search results but when i am
>>>>>> trying to aceess these content , i can getting SharePoint access denied
>>>>>> error. Ideally if a user has no access to a content, he should not be see
>>>>>> these content.
>>>>>>
>>>>>> Am i missing anything here?
>>>>>>
>>>>>> Regards,
>>>>>> Lalit.
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Lalit.
>>>>
>>>
>>>
>
