I think that would fix the issue, yes. Stop passing anything in "fq=" and modify the plugin.
Karl On Tue, Aug 12, 2014 at 7:42 AM, lalit jangra <[email protected]> wrote: > Thanks Karl, > > So it means to me that i need to update ManifoldCFQParserPlugin.java to > accommodate for alfresco also and as we are passing AuthenticateUserName > for SharePoint, we need to devise a meachanism to pass ACLs for alfresco as > well and modify parse() method to make combined query? > > This would be the fix for issue? > > Please suggest. > > Regards. > > > On Tue, Aug 12, 2014 at 5:05 PM, Karl Wright <[email protected]> wrote: > >> Hi Lalit, >> >> It occurs to me that even if you use the MCF search component, you will >> still need to make customizations, because otherwise only documents visible >> to the SharePoint user will be visible. >> >> I think that if you can pass the alfresco access tokens in via another >> argument (say, "alfresco="), then you can modify the query-parser plugin to >> do what you need. >> >> Karl >> >> >> >> On Tue, Aug 12, 2014 at 7:27 AM, Karl Wright <[email protected]> wrote: >> >>> Hi Lalit, >>> >>> The MCF query-parser plugin does have access to the incoming "fq" >>> parameter, but in order to do anything useful with it it would have to >>> parse it, and turn it into a Query. In addition, you would need to decide >>> whether the passed-in fq argument should: >>> >>> -- RESTRICT the documents further that match the MCF authorization >>> criteria >>> -- ADD documents that do not match the MCF authorization criteria >>> >>> It can't be both, so I can't see making this a general feature. For >>> these reasons I don't recommend this approach. Instead, you should be able >>> to add the MCF search component to the standard query processing chain, and >>> that should always work. The biggest question is just where in the chain >>> you put the plugin. >>> >>> Thanks, >>> Karl >>> >>> >>> >>> On Tue, Aug 12, 2014 at 7:08 AM, lalit jangra <[email protected]> >>> wrote: >>> >>>> Thanks Karl, >>>> >>>> Does it mean that i need to update OOTB MCF-Solr component i.e. >>>> ManifoldCFQParserPlugin.java and pass all my arguments there and update the >>>> final query? >>>> >>>> Currently i am using filter queries to maintain resultsets from >>>> different sources : alfresco & sharepoint as index from alfresco & >>>> sharepoint are stored into same solr collection. >>>> E.g. If i search for alfresco, it works fine but if i search for >>>> sahrepoint using AuthenticatedUserName only without using filter to return >>>> results from sharepoint, i get results from both alfresco(as open items >>>> from MCF-Solr plugin) & sharepoint. >>>> >>>> Please suggest. >>>> >>>> Regards. >>>> >>>> >>>> On Tue, Aug 12, 2014 at 3:44 PM, Karl Wright <[email protected]> >>>> wrote: >>>> >>>>> Hi Lalit, >>>>> >>>>> The ManifoldCF query parser plugin only has the option of generating a >>>>> filter query from incoming arguments. It does not have the option of >>>>> replacing the incoming arguments: >>>>> >>>>> >>>>>> >>>>> public Query parse() >>>>> <<<<<< >>>>> >>>>> It is Solr that decides whether an fq argument you pass overrides a >>>>> queryparser's plugin output. I can't change how that works. >>>>> >>>>> For what you are trying to do, you may do better by using the MCF >>>>> search component instead, since that modifies the whole query, rather than >>>>> just the fq field. >>>>> >>>>> Karl >>>>> >>>>> >>>>> >>>>> On Tue, Aug 12, 2014 at 6:07 AM, lalit jangra < >>>>> [email protected]> wrote: >>>>> >>>>>> Thanks Karl, >>>>>> >>>>>> It means that is seems to be clash between two fq or filter queries. >>>>>> First fq is set by MCF-Solr plugin which return SharePoint user tokens >>>>>> and >>>>>> then i am using another fq to create filter query based on content_source >>>>>> etc. which overwrites previous one >>>>>> >>>>>> How can i consume incoming MCF-Solr plugin into second/other fq here >>>>>> as i could not see any results coming from MCF-Solr plugin? Also as i am >>>>>> passing AutheticatedUserName as raw query parameter, i was expecting >>>>>> results to be replaced inline within query itself. >>>>>> >>>>>> Please suggest. >>>>>> >>>>>> Regards. >>>>>> >>>>>> >>>>>> On Tue, Aug 12, 2014 at 3:20 PM, Karl Wright <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi Lalit, >>>>>>> >>>>>>> Yes, it seems likely that the MCF solr plugin is setting fq to the >>>>>>> right query expression, and then you are later setting fq to something >>>>>>> else >>>>>>> entirely with your own plugin. >>>>>>> >>>>>>> Your plugin must take the incoming fq field and include it in the >>>>>>> final expression. >>>>>>> >>>>>>> Karl >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Tue, Aug 12, 2014 at 4:23 AM, lalit jangra < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Thanks Karl for promptness, >>>>>>>> >>>>>>>> Invoking http:// >>>>>>>> <your_mcf_instance/mcf-authority-service/UserACLs?username= >>>>>>>> [email protected] gives me below ACLs which seem to be fine to me. >>>>>>>> >>>>>>>> AUTHORIZED:SharePointAuthConnection >>>>>>>> >>>>>>>> TOKEN:SharepointAuthGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra >>>>>>>> >>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-32-545 >>>>>>>> >>>>>>>> >>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263 >>>>>>>> >>>>>>>> >>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513 >>>>>>>> >>>>>>>> >>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472 >>>>>>>> >>>>>>>> >>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182 >>>>>>>> >>>>>>>> >>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619 >>>>>>>> >>>>>>>> >>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813 >>>>>>>> >>>>>>>> >>>>>>>> TOKEN:SharepointAuthGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149 >>>>>>>> >>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%21.s%7Cwindows >>>>>>>> >>>>>>>> TOKEN:SharepointAuthGroup:Uc%3A0%28.s%7Ctrue >>>>>>>> >>>>>>>> I got it now, the missing part is absence of user tokens in solr >>>>>>>> query as you mentioned. >>>>>>>> >>>>>>>> Please suggest. >>>>>>>> >>>>>>>> Regards. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Tue, Aug 12, 2014 at 12:32 PM, Karl Wright <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi Lalit, >>>>>>>>> >>>>>>>>> The MCF plugin does this: >>>>>>>>> - Looks for the AuthenticatedUserName parameter >>>>>>>>> - Sends the AuthenticatedUserName parameter to ManifoldCF's >>>>>>>>> authority service, and gets back user tokens >>>>>>>>> - Constructs a filter query (fq) expression from the user tokens >>>>>>>>> >>>>>>>>> It's very hard for me to guess which acls come from your >>>>>>>>> SharePoint instance and which come from your Alfresco instance. But >>>>>>>>> this >>>>>>>>> is almost certainly wrong: >>>>>>>>> >>>>>>>>> fq=content_source:SharePoint&version=2&AuthenticatedUserName= >>>>>>>>> [email protected] >>>>>>>>> ... because there are no access tokens whatsoever. >>>>>>>>> >>>>>>>>> This too has no ACLs: >>>>>>>>> fq= >>>>>>>>> content_source:sharepoint+and+authenticatedusername%[email protected] >>>>>>>>> >>>>>>>>> >>>>>>>>> This has access tokens, but they seem to all be from Alfresco: >>>>>>>>> >>>>>>>>> fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+content_source:SharePoint&AuthenticatedUserName= >>>>>>>>> [email protected] >>>>>>>>> >>>>>>>>> So frankly I see no evidence that you are including any SharePoint >>>>>>>>> access tokens in your query at all. Could you do the following: >>>>>>>>> >>>>>>>>> curl "http:// >>>>>>>>> <your_mcf_instance/mcf-authority-service/UserACLs?username= >>>>>>>>> [email protected]" >>>>>>>>> >>>>>>>>> ... and send me what you get back? If that looks good, I suggest >>>>>>>>> that you are probably overwriting the mcf plugin's fq entirely, and >>>>>>>>> not >>>>>>>>> including it in your expression. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Karl >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Tue, Aug 12, 2014 at 2:38 AM, lalit jangra < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Thanks Karl, >>>>>>>>>> >>>>>>>>>> I am working with filter queries here and initially i tried to >>>>>>>>>> put filter queries as below but it did not work and i got only >>>>>>>>>> alfresco >>>>>>>>>> content. >>>>>>>>>> >>>>>>>>>> (alfresco_expression AND is_alfresco) OR (sharepoint_expression >>>>>>>>>> AND is_sharepoint) >>>>>>>>>> >>>>>>>>>> Here is query from solr logs for same. >>>>>>>>>> >>>>>>>>>> 588159410 [http-bio-8080-exec-330] INFO >>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Default no-user >>>>>>>>>> response >>>>>>>>>> (open documents only) >>>>>>>>>> >>>>>>>>>> 588547075 [http-bio-8080-exec-260] INFO >>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp=/solr >>>>>>>>>> path=/select >>>>>>>>>> params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+( >>>>>>>>>> content_source:sharepoint+and+authenticatedusername%[email protected])} >>>>>>>>>> hits=4404 status=0 QTime=96 >>>>>>>>>> >>>>>>>>>> Here i get only 4404 results which i get if i select only >>>>>>>>>> alfresco as source without selecting sharepoint. >>>>>>>>>> >>>>>>>>>> 588159410 [http-bio-8080-exec-330] INFO >>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Default no-user >>>>>>>>>> response >>>>>>>>>> (open documents only) >>>>>>>>>> >>>>>>>>>> 588159479 [http-bio-8080-exec-330] INFO >>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp=/solr >>>>>>>>>> path=/select >>>>>>>>>> params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+( >>>>>>>>>> content_source:sharepoint+and+uthenticatedusername%[email protected])} >>>>>>>>>> hits=4404 status=0 QTime=70 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Then i moved to below structure where i need to pass >>>>>>>>>> sharepoint_expression as raw query parameters for filter queries. >>>>>>>>>> >>>>>>>>>> (alfresco_expression) OR (is_sharepoint) & sharepoint_expression >>>>>>>>>> >>>>>>>>>> This way i got results from both alfresco and sharepoint. Here i >>>>>>>>>> get 5425 results including alfresco as well as sharepoint. >>>>>>>>>> >>>>>>>>>> 588799237 [http-bio-8080-exec-331] INFO >>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Trying to match docs >>>>>>>>>> for >>>>>>>>>> user '[:[email protected]]' >>>>>>>>>> >>>>>>>>>> 588799238 [http-bio-8080-exec-331] INFO >>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient ? I/O exception >>>>>>>>>> (org.apache.http.NoHttpResponseException) caught when processing >>>>>>>>>> request: >>>>>>>>>> The target server failed to respond >>>>>>>>>> >>>>>>>>>> 588799239 [http-bio-8080-exec-331] INFO >>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient ? Retrying request >>>>>>>>>> >>>>>>>>>> 588799330 [http-bio-8080-exec-331] INFO >>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Saw authority response >>>>>>>>>> AUTHORIZED:SharePointAuthConnection >>>>>>>>>> >>>>>>>>>> 588799338 [http-bio-8080-exec-331] INFO >>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp=/solr >>>>>>>>>> path=/select >>>>>>>>>> params={q=*:*&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-ADM-ECM-Manifold-Testing%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_iwaterdesktop%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteConsumer%2529)+OR+content_source:SharePoint&AuthenticatedUserName= >>>>>>>>>> [email protected]} hits=5245 status=0 QTime=103 >>>>>>>>>> >>>>>>>>>> Also for sharepoint only queries, if i try filter queries as >>>>>>>>>> below, i got no results. >>>>>>>>>> >>>>>>>>>> (sharepoint_expression AND is_sharepoint) >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 587320867 [http-bio-8080-exec-325] INFO >>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Trying to match docs >>>>>>>>>> for >>>>>>>>>> user '[:[email protected]]' >>>>>>>>>> >>>>>>>>>> 587320868 [http-bio-8080-exec-325] INFO >>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient ? I/O exception >>>>>>>>>> (org.apache.http.NoHttpResponseException) caught when processing >>>>>>>>>> request: >>>>>>>>>> The target server failed to respond >>>>>>>>>> >>>>>>>>>> 587320869 [http-bio-8080-exec-325] INFO >>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient ? Retrying request >>>>>>>>>> >>>>>>>>>> 587324291 [http-bio-8080-exec-325] INFO >>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Saw authority response >>>>>>>>>> AUTHORIZED:SharePointAuthConnection >>>>>>>>>> >>>>>>>>>> 587324292 [http-bio-8080-exec-325] INFO >>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp=/solr >>>>>>>>>> path=/select >>>>>>>>>> params={indent=true&q=*:*&_=1407823092895&wt=json&fq= >>>>>>>>>> content_source:sharepoint+and+authenticatedusername%[email protected] >>>>>>>>>> &[email protected]} hits=0 status=0 >>>>>>>>>> QTime=3426 >>>>>>>>>> >>>>>>>>>> 587338061 [http-bio-8080-exec-325] INFO >>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Default no-user >>>>>>>>>> response >>>>>>>>>> (open documents only) >>>>>>>>>> >>>>>>>>>> 587338061 [http-bio-8080-exec-325] INFO >>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp=/solr >>>>>>>>>> path=/select >>>>>>>>>> params={indent=true&q=*:*&_=1407823109996&wt=json&fq= >>>>>>>>>> content_source:sharepoint+and+authenticatedusername%[email protected]} >>>>>>>>>> hits=0 status=0 QTime=1 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> But if i use sharepoint_expression as below , get results for >>>>>>>>>> sahrepoint only. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> fq=content_source:SharePoint&version=2&AuthenticatedUserName= >>>>>>>>>> [email protected] >>>>>>>>>> >>>>>>>>>> 589523637 [http-bio-8080-exec-260] INFO >>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Trying to match docs >>>>>>>>>> for >>>>>>>>>> user '[:[email protected]]' >>>>>>>>>> >>>>>>>>>> 589523639 [http-bio-8080-exec-260] INFO >>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient ? I/O exception >>>>>>>>>> (org.apache.http.NoHttpResponseException) caught when processing >>>>>>>>>> request: >>>>>>>>>> The target server failed to respond >>>>>>>>>> >>>>>>>>>> 589523639 [http-bio-8080-exec-260] INFO >>>>>>>>>> org.apache.http.impl.client.DefaultHttpClient ? Retrying request >>>>>>>>>> >>>>>>>>>> 589523698 [http-bio-8080-exec-260] INFO >>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin ? Saw authority response >>>>>>>>>> AUTHORIZED:SharePointAuthConnection >>>>>>>>>> >>>>>>>>>> 589523699 [http-bio-8080-exec-260] INFO >>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp=/solr >>>>>>>>>> path=/select >>>>>>>>>> params={sort=score+desc&df=text&q="lalit"&q.op=OR&wt=javabin&qt=/select&fq=content_source:SharePoint&version=2&AuthenticatedUserName= >>>>>>>>>> [email protected]} hits=35 status=0 QTime=62 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> What i assume is whatever is passed with AuthenticatedUserName >>>>>>>>>> variable, it is compared with stored ACLs in index and accordingly >>>>>>>>>> results >>>>>>>>>> are displayed. >>>>>>>>>> >>>>>>>>>> Please suggest. >>>>>>>>>> >>>>>>>>>> regards. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mon, Aug 11, 2014 at 10:59 PM, Karl Wright <[email protected] >>>>>>>>>> > wrote: >>>>>>>>>> >>>>>>>>>>> Hi Lalit, >>>>>>>>>>> >>>>>>>>>>> First, if both Alfresco and SharePoint documents are indexed >>>>>>>>>>> with the same MCF instance, then you do >>>>>>>>>>> not need to play games like this. You only need the one query >>>>>>>>>>> that the MCF solr plugin generates. >>>>>>>>>>> >>>>>>>>>>> If that's not the case, then what you want are two separate >>>>>>>>>>> clauses where one matches Alfresco documents and one clause that >>>>>>>>>>> matches >>>>>>>>>>> SharePoint documents. The expression therefore would look like >>>>>>>>>>> this: >>>>>>>>>>> >>>>>>>>>>> (alfresco_expression AND is_alfresco) OR (sharepoint_expression >>>>>>>>>>> AND is_sharepoint) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> It cannot look like this and work: >>>>>>>>>>> >>>>>>>>>>> (alfresco_expression OR sharepoint_expression) OR is_sharepoint >>>>>>>>>>> >>>>>>>>>>> That is nonsensical. >>>>>>>>>>> Karl >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Mon, Aug 11, 2014 at 1:22 PM, lalit jangra < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Thanks Karl, >>>>>>>>>>>> >>>>>>>>>>>> In this query i am searching for results in both alfresco and >>>>>>>>>>>> SharePoint. So before OR i am checking for alfresco ACLs and post >>>>>>>>>>>> OR i am >>>>>>>>>>>> checking for SharePoint ACLs by supplying authenticatedusername >>>>>>>>>>>> .Hence OR >>>>>>>>>>>> facilitates here for both options. >>>>>>>>>>>> On Aug 11, 2014 10:44 PM, "Karl Wright" <[email protected]> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi Lalit, >>>>>>>>>>>>> >>>>>>>>>>>>> Have a look at this query: >>>>>>>>>>>>> >>>>>>>>>>>>> 522471481 [http-bio-8080-exec-238] INFO >>>>>>>>>>>>> org.apache.solr.core.SolrCore ? [collection1] webapp=/solr >>>>>>>>>>>>> path=/select >>>>>>>>>>>>> params={sort=score+desc&df=text&q="blue"&q.op=OR&wt=javabin&qt=/select&fq=(content_source:Alfresco+AND+alf_acls%253A%2528GROUP_CTXRDP%2BOR%2BGROUP_ECM-Developer-Admins%2BOR%2BGROUP_EMAIL_CONTRIBUTORS%2BOR%2BGROUP_EVERYONE%2BOR%2BGROUP_ExtendedReaders3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_ExtendedWriters3e7350e3-ab94-4ecc-87fa-d59ad3deda23%2BOR%2BGROUP_GLS-IW-CTX-IWDesktop%2BOR%2BGROUP_GLS-IW-CTX-IWStandardUsers%2BOR%2BGROUP_Irish+Water+All+Hands%2BOR%2BGROUP_Jump-Server-Admins%2BOR%2BGROUP_site_LegalServices%2BOR%2BGROUP_site_LegalServices_SiteManager%2BOR%2BGROUP_site_asset-investment%2BOR%2BGROUP_site_asset-investment_SiteManager%2BOR%2BGROUP_site_asset-management%2BOR%2BGROUP_site_asset-management_SiteConsumer%2BOR%2BGROUP_site_asset-programmes%2BOR%2BGROUP_site_asset-programmes_SiteCollaborator%2BOR%2BGROUP_site_asset-programmes_SiteManager%2BOR%2BGROUP_site_asset-strategy%2BOR%2BGROUP_site_asset-strategy_SiteManager%2BOR%2BGROUP_site_capa%2BOR%2BGROUP_site_capa_SiteManager%2BOR%2BGROUP_site_capital-delivery%2BOR%2BGROUP_site_capital-delivery_SiteConsumer%2BOR%2BGROUP_site_communications%2BOR%2BGROUP_site_communications_SiteManager%2BOR%2BGROUP_site_customer-contacts%2BOR%2BGROUP_site_customer-contacts_SiteManager%2BOR%2BGROUP_site_hazcon%2BOR%2BGROUP_site_hazcon_SiteManager%2BOR%2BGROUP_site_human-resources%2BOR%2BGROUP_site_human-resources_SiteCollaborator%2BOR%2BGROUP_site_incident-management%2BOR%2BGROUP_site_incident-management_SiteManager%2BOR%2BGROUP_site_invoices%2BOR%2BGROUP_site_invoices_SiteManager%2BOR%2BGROUP_site_iwcontracts%2BOR%2BGROUP_site_iwcontracts_SiteManager%2BOR%2BGROUP_site_iwproject%2BOR%2BGROUP_site_iwproject_SiteManager%2BOR%2BGROUP_site_iwprojects%2BOR%2BGROUP_site_iwprojects_SiteManager%2BOR%2BGROUP_site_operations-and-maintenance%2BOR%2BGROUP_site_operations-and-maintenance_SiteManager%2BOR%2BGROUP_site_region-connaught-and-ulster%2BOR%2BGROUP_site_region-connaught-and-ulster_SiteCollaborator%2BOR%2BGROUP_site_region-east-and-midlands%2BOR%2BGROUP_site_region-east-and-midlands_SiteCollaborator%2BOR%2BGROUP_site_region-south-la-file-share%2BOR%2BGROUP_site_region-south-la-file-share_SiteCollaborator%2BOR%2BGROUP_site_rm%2BOR%2BGROUP_site_rm_SiteManager%2BOR%2BGROUP_site_site-water-investment-approvals-committee%2BOR%2BGROUP_site_site-water-investment-approvals-committee_SiteCollaborator%2BOR%2BGROUP_site_test-public%2BOR%2BGROUP_site_test-public_SiteManager%2BOR%2BGROUP_site_testing-private%2BOR%2BGROUP_site_testing-private_SiteManager%2529)+OR+content_source:SharePoint&version=2&AuthenticatedUserName= >>>>>>>>>>>>> [email protected]} hits=11 status=0 QTime=10 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Note the following at the very end of the fq field: >>>>>>>>>>>>> "+OR+content_source:SharePoint". That will basically disable the >>>>>>>>>>>>> entire >>>>>>>>>>>>> rest of the filter and permit ALL documents through that were >>>>>>>>>>>>> indexed by >>>>>>>>>>>>> SharePoint. It should be "+AND+content_source:SharePoint". >>>>>>>>>>>>> >>>>>>>>>>>>> Karl >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Mon, Aug 11, 2014 at 1:05 PM, lalit jangra < >>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Sure Karl, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Can you let me know what type of logs you need?I am attaching >>>>>>>>>>>>>> part of solr.log for your reference. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Regards. >>>>>>>>>>>>>> On Aug 11, 2014 9:42 PM, "Karl Wright" <[email protected]> >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi Lalit, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Are you sure you are using the standard select query >>>>>>>>>>>>>>> handler? In order to convince me, you will need to enable >>>>>>>>>>>>>>> appropriate Solr >>>>>>>>>>>>>>> logging so I can see how a request is processed and whether the >>>>>>>>>>>>>>> MCF solr >>>>>>>>>>>>>>> plugin is being called. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Karl >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 11:59 AM, lalit jangra < >>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks Karl, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Below are my comments. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 1. Your Solr query is in fact not hooked up to use the >>>>>>>>>>>>>>>> appropriate MCF Solr plugin, in which case no security >>>>>>>>>>>>>>>> whatsoever is being >>>>>>>>>>>>>>>> applied. >>>>>>>>>>>>>>>> --- Below is snippet from solrconfig.xml from one of >>>>>>>>>>>>>>>> servers with MCF Solr plugin included and enabled with /select >>>>>>>>>>>>>>>> query >>>>>>>>>>>>>>>> handler which i am using for search. I assume i need not to >>>>>>>>>>>>>>>> provide full >>>>>>>>>>>>>>>> server name for AuthorityServiceBaseURL & instead >>>>>>>>>>>>>>>> localhost will work fine. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <!-- ManifoldCF document security enforcement component --> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <queryParser name="manifoldCFSecurity" >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> class="org.apache.solr.mcf.ManifoldCFQParserPlugin"> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <str name="AuthorityServiceBaseURL"> >>>>>>>>>>>>>>>> http://localhost:80/mcf-authority-service</str> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <int name="ConnectionPoolSize">50</int> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> </queryParser> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <!-- ManifoldCF document security enforcement component >>>>>>>>>>>>>>>> --> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <searchComponent name="manifoldCFSecurity" >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> class="org.apache.solr.mcf.ManifoldCFSearchComponent"> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <str name="AuthorityServiceBaseURL"> >>>>>>>>>>>>>>>> http://localhost:80/mcf-authority-service</str> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <int name="ConnectionPoolSize">50</int> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> </searchComponent> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <requestHandler name="/select" class="solr.SearchHandler"> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <lst name="defaults"> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <str name="echoParams">explicit</str> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <int name="rows">10000</int> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <str name="df">text</str> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> </lst> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <lst name="appends"> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> </lst> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> </requestHandler> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Below is one of queries built for same using >>>>>>>>>>>>>>>> AuthenticatedUserName >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> q=%22blue%22&q.op=OR&df=text&qt=%2Fselect&sort=score+desc&fq=content_source%3ASharePoint&AuthenticatedUserName=ljangra% >>>>>>>>>>>>>>>> 40iwater.ie >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 2. You are supposed to be able to see the documents, but >>>>>>>>>>>>>>>> the URL ManifoldCF is generating does not permit you to log >>>>>>>>>>>>>>>> into SharePoint >>>>>>>>>>>>>>>> for some reason. >>>>>>>>>>>>>>>> -- If i go to the location of the search result, i am not >>>>>>>>>>>>>>>> able to see any document available there for me as per my >>>>>>>>>>>>>>>> permissions. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 3. You indexed the documents with security "off", and so no >>>>>>>>>>>>>>>> security information was attached to the documents in Solr. >>>>>>>>>>>>>>>> --- I have enabled security before starting the job as >>>>>>>>>>>>>>>> below. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Please suggest. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Regards. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 5:17 PM, Karl Wright < >>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi Lalit, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> There are a number of possibilities. You will need to do >>>>>>>>>>>>>>>>> some investigation to figure out which one it is. Here are >>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>> possibilities I see: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> (1) Your Solr query is in fact not hooked up to use the >>>>>>>>>>>>>>>>> appropriate MCF Solr plugin, in which case no security >>>>>>>>>>>>>>>>> whatsoever is being >>>>>>>>>>>>>>>>> applied. >>>>>>>>>>>>>>>>> (2) You are supposed to be able to see the documents, but >>>>>>>>>>>>>>>>> the URL ManifoldCF is generating does not permit you to log >>>>>>>>>>>>>>>>> into SharePoint >>>>>>>>>>>>>>>>> for some reason. >>>>>>>>>>>>>>>>> (3) You indexed the documents with security "off", and so >>>>>>>>>>>>>>>>> no security information was attached to the documents in Solr. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>> Karl >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Mon, Aug 11, 2014 at 7:30 AM, lalit jangra < >>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I am using MCF 1.5.1 and crawling SharePoint 2010 list >>>>>>>>>>>>>>>>>> items. I have also placed MCF solr ACL plugin into solr >>>>>>>>>>>>>>>>>> instances and >>>>>>>>>>>>>>>>>> updated solrconfig.xml for same. I created a job to connect >>>>>>>>>>>>>>>>>> to SharePoint >>>>>>>>>>>>>>>>>> and indexed list items in solr. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Next i am searching for content items from index and what >>>>>>>>>>>>>>>>>> i could see is that i am able to see search results for >>>>>>>>>>>>>>>>>> content on which i >>>>>>>>>>>>>>>>>> do not have any access. I can see these content into search >>>>>>>>>>>>>>>>>> results but >>>>>>>>>>>>>>>>>> when i am trying to aceess these content , i can getting >>>>>>>>>>>>>>>>>> SharePoint access >>>>>>>>>>>>>>>>>> denied error. Ideally if a user has no access to a content, >>>>>>>>>>>>>>>>>> he should not >>>>>>>>>>>>>>>>>> be see these content. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Am i missing anything here? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>>> Lalit. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>> Lalit. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Regards, >>>>>>>>>> Lalit. >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Regards, >>>>>>>> Lalit. >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> Lalit. >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Lalit. >>>> >>> >>> >> > > > -- > Regards, > Lalit. >
