You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@manifoldcf.apache.org by "Konstantin Avdeev (JIRA)" <ji...@apache.org> on 2016/04/04 17:13:25 UTC

[jira] [Commented] (CONNECTORS-1286) Solr Plugin: Add support for User Principal

    [ https://issues.apache.org/jira/browse/CONNECTORS-1286?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15224309#comment-15224309 ] 

Konstantin Avdeev commented on CONNECTORS-1286:
-----------------------------------------------

If the patch gets simplified as follows:
{code:java}
    if (rb.req.getUserPrincipal() != null) {
                domainMap.put("", rb.req.getUserPrincipal().getName();
    }
{code}
then the solr/jetty login parameter will NOT supercede all of the formal authenticated user parameters/domains passed into the component, but it will be simply added to the {{domainMap}}, if exist. And we would not need a new config parameter like {{AuthDomain}}, since any modifications of the user name (e.g. {{DOMAIN\USER}} -> {{user@domain.com}}) can be achieved by the MCF mapping.

So, users, starting from Solr 5.3, would be able to configure a secure search out of the box then :)
What do you think? Thanks!

> Solr Plugin: Add support for User Principal
> -------------------------------------------
>
>                 Key: CONNECTORS-1286
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1286
>             Project: ManifoldCF
>          Issue Type: Improvement
>          Components: Solr-5.x component
>    Affects Versions: ManifoldCF 2.3
>            Reporter: Konrad Holl
>            Assignee: Karl Wright
>            Priority: Minor
>             Fix For: ManifoldCF 2.4
>
>
> I’m using ManifoldCF 2.3 with Solr 5.4.1 and the Velocity templating engine. I needed to do searches with ACLs enabled and installed the plugin. Unfortunately it is not possible to use the login information provided by Jetty in the Solr plugin.
> As of Solr 5.3 it is possible to extract the authenticated user from the SolrQueryRequest object: http://lucene.apache.org/solr/5_3_0/solr-core/org/apache/solr/request/SolrQueryRequest.html#getUserPrincipal(). I added these lines to the code in org.apache.solr.mcf.ManifoldCFSearchComponent before the evaluation of parameters for authenticated user name:
> {code}
>     String authDomain = (String)args.get("AuthDomain");
>     if (rb.req.getUserPrincipal() != null) {
>                 domainMap.put("", rb.req.getUserPrincipal().getName() + ((authDomain == null) ? "" : "@" + authDomain));
>     }
>     else {
>       // Get the authenticated user name from the parameters
> {code}
> I also needed an additional setting “authDomain” in the search component configuration (solrconfig.xml). Now I can use Velocity even for documents with ACLs :o)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)