You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@manifoldcf.apache.org by lalit jangra <la...@gmail.com> on 2014/06/12 15:27:56 UTC
How to query for content with ACLs?
Hi All,
As continuing from
http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
as per Ahmet's suggestion.
I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed into
solr indexes.
Now i want to write Solr query to put a user's permission details into in
it which can be compared to ACL stored in solr and only those results will
be returned to user on which he has been assigned ACL.
How can i do this? Can i use MCF filter below here or do i need to write
custom query for my need?
<requestHandler name="search" class="solr.SearchHandler" default="true">
<lst name="appends">
<str name="fq">{!manifoldCFSecurity}</str>
</lst>
</requestHandler>
Please help.
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by lalit jangra <la...@gmail.com>.
Hi Ahmet,
Sorry for my misinterpretation but do you want to replace original
'/select' request handler with mcf one and use '/query' request handler as
it is?
Regards.
On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <io...@yahoo.com> wrote:
> Hi Lalit,
>
> regarding "As i could not see any document in solr query,"
>
> Here is the best practise that I use :
>
> I configure /select request handler (RH) with mcfQParser, intended to use
> in production, default RH.
>
> I also use /query RH without mcfQParser, for debugging purposes.
>
> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>
> Ahmet
>
>
> On Friday, June 13, 2014 2:30 PM, lalit jangra <la...@gmail.com>
> wrote:
>
>
> Thanks Karl,
>
> As i could not see any document in solr query, i used Luke to open index
> and i could see below values for all MCF plugin fields for all documents.
> These are something different from previous values.
>
> allow_token_document = SP+KW:
> allow_token_share = __nosecurity__
> deny_token_document = SP+KW:DEAD_AUTHORITY
> allow_token_share = __nosecurity__
>
> I think something or a lot of things missing here. I am attaching zip of
> solr index(very small one with 10 documents from sharepoint) here. Please
> guide.
>
> Regards.
>
>
>
> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <da...@gmail.com> wrote:
>
> Hi Lalit,
>
> Can you show me somehow some of the the ACLs that have been indexed with
> your documents? The only other potential issue might be that your
> repository connection(s) may not be part of the same authority groups as
> your authority connections. In that case, the indexed authority tokens
> will have a different prefix (e.g. SP+KW in one case, something else in the
> other).
>
> Karl
>
>
>
>
> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <la...@gmail.com>
> wrote:
>
> Hi Again,
>
> As per Karl's suggestion, i am now converting user from water.com\ljangra
> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>
>
> <ht...@iwater.ie>
> I can see below ACL.
> AUTHORIZED:SP+K+Conn
> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>
> Still i am not able to see any results from query
>
> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
> <ht...@iwater.ie>
> . While debugging query i can see ACL doing fine. So i am confused why
> its now working. Can you please help.
>
> "parsed_filter_queries": [
> "ConstantScore(+((+allow_token_share:__nosecurity__
> +deny_token_share:__nosecurity__)
> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
> +((+allow_token_document:__nosecurity__
> +deny_token_document:__nosecurity__)
> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
> ],
>
> Finally solr.log also seems to be fine.
>
> INFO - 2014-06-13 11:38:19.862;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
> to match docs for user '[:ljangra@water.com]'
> INFO - 2014-06-13 11:38:19.909;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
> authority response AUTHORIZED:SP+K+Conn
> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
> ljangra@water.com} hits=0 status=0 QTime=47
>
> Regards.
>
>
> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com> wrote:
>
> Hi Lalit,
>
> It makes more sense to use appends section rather than defaults section
> when defining mcf query parser plugin in fq parameter.
>
> <lst name="appends">
> <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
>
>
>
>
> On Friday, June 13, 2014 12:51 AM, lalit jangra <
> lalit.j.jangra@gmail.com> wrote:
>
>
> Hi Ahmet,
>
> I have configured solrconfig.xml as per your suggestion.
>
> <requestHandler name="/select" class="solr.SearchHandler">
> <!-- default values for query parameters can be specified, these
> will be overridden by parameters in the request
> -->
> <lst name="defaults">
> <str name="echoParams">explicit</str>
> <int name="rows">1000</int>
> <str name="df">text</str>
> <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
> ....
> </requestHandler>
>
>
> Next i am running a job which indexes sharepoint content in solr but when
> i am searching in solr, i am getting not results & getting
> UNREACHABLEAUTHORITY message.
>
> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
> SolrDeletionPolicy.onCommit: commits: num=2
> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
> newest commit generation = 2
> INFO - 2014-06-12 22:22:29.960; org.apache.solr.search.SolrIndexSearcher;
> Opening Searcher@5ac787b0 main
> INFO - 2014-06-12 22:22:29.975;
> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener;
> QuerySenderListener sending requests to Searcher@5ac787b0
> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener;
> QuerySenderListener done.
> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
> [collection1] Registered new searcher Searcher@5ac787b0
> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
> INFO - 2014-06-12 22:22:29.975;
> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
> {commit=} 0 265
> INFO - 2014-06-12 22:22:35.663;
> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
> QTime=0
> INFO - 2014-06-12 22:22:35.741;
> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
> INFO - 2014-06-12 22:22:36.960;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
> no-user response (open documents only)
> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
> INFO - 2014-06-12 22:22:40.569;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
> to match docs for user '[:ljangra@water.com]'
> INFO - 2014-06-12 22:22:40.726;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
> ljangra@water.com} hits=0 status=0 QTime=157
>
> UNREACHABLEAUTHORITY means name of an authority that was found to be
> unreachable or unusable but i am having same authority working fine in MCF.
>
>
> Please help.
>
> Regards.
>
>
>
> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>
> Hi Karl,
>
> May be we should use
>
> <requestHandler name="/select" class="solr.SearchHandler">
>
> in
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>
> To avoid confusion?
>
> What do you think?
>
>
> On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com>
> wrote:
>
>
> What does your solrconfig.xml file look like?
> Karl
>
>
> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com>
> wrote:
>
> Hi Ahmet,
>
> I tried the way you suggested but its not working. My solr query is as
> below.
>
>
> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>
> Whatever name i am passing as AuthenticatedUserName, it returning all
> results.
>
> I have indexed my documents using mcf-solr plugin using instructions @
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
> Below are some of ACL stored in solr. Am i missing something?
>
> "_version_": 1470562493875093500,
> "allow_token_share": [
> "__nosecurity__"
> ],
> "deny_token_share": [
> "__nosecurity__"
> ]
> },
> {
> "content_name": "Alfresco-in-an-Hour.pdf"
> "deny_token_document": [
> "SP+Group:DEAD_AUTHORITY"
> ],
> "allow_token_document": [
> "SP+Group:GTest+lalit+Portal+Visitors",
> "SP+Group:GTest+lalit+Portal+Owners",
> "SP+Group:GRestricted+Readers",
> "SP+Group:GTest+lalit+Administrators",
> "SP+Group:GTest+lalit+Portal+Members",
> "SP+Group:Uc%3A0%28.s%7Ctrue",
> "SP+Group:GHierarchy+Managers",
> "SP+Group:GApprovers",
> "SP+Group:GViewers",
> "SP+Group:GDesigners"
> ],
> "content_modified_date": "2014-06-04T00:00:00Z",
>
>
>
> SDD
>
>
> "_version_": 1470564182244982800
> },
> {
> "deny_token_share": [
> "AD+Group:DEAD_AUTHORITY"
> ],
> "content_name": "hekko.txt",
> "content_modifier": "iwater.ie\\ljangra",
> "deny_token_document": [
> "AD+Group:DEAD_AUTHORITY"
> ],
> "id": "
> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
> "allow_token_document": [
> "AD+Group:S-1-5-18",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
> "AD+Group:S-1-5-32-544"
> ],
>
> "allow_token_share": [
> "AD+Group:S-1-1-0",
> "AD+Group:S-1-5-32-544"
> ],
>
>
> CMIS
>
> "allow_token_share": [
> "__nosecurity__"
> ],
> "deny_token_document": [
> "__nosecurity__"
> ],
> "deny_token_share": [
> "__nosecurity__"
> ],
> "allow_token_document": [
> "__nosecurity__"
> ]
>
> Regards.
>
>
>
> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>
> Hi,
>
> As documented here
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>
> "At a minimum, AuthenticatedUserName must be present in order"
>
>
> This is a URL parameter, just like Solr params. Here is an example.
>
>
> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>
>
> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
> lalit.j.jangra@gmail.com> wrote:
>
>
> Hi All,
>
> As continuing from
> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
> as per Ahmet's suggestion.
>
> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
> into solr indexes.
>
> Now i want to write Solr query to put a user's permission details into in
> it which can be compared to ACL stored in solr and only those results will
> be returned to user on which he has been assigned ACL.
>
> How can i do this? Can i use MCF filter below here or do i need to write
> custom query for my need?
>
> <requestHandler name="search" class="solr.SearchHandler" default="true">
> <lst name="appends">
> <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
> </requestHandler>
>
> Please help.
>
> Regards,
> Lalit Jangra.
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by lalit jangra <la...@gmail.com>.
Thanks Karl,
I renamed authority group to avoid any spaces or special characters but
still i am bugged by deny_tokens. For repository connection, i am using
"Sharepoint" as authority type and for authority connection, i am using
"Sharepoint/ActiveDirectory" as connection type which seems to be fine
here. My user mapping connection converts from water.com\ljangra to
ljangra@water.com as per need.
Also one unusual thing i noticed now is that every time i am trying to
create new user mapping connection or edit existing one, it waits for very
long time and sometimes i need to redo it couple of time. Could it be any
relation here?
Solr.log after rendexing with deny token as DEAD_AUTHORITY.
INFO - 2014-06-15 18:36:21.624;
org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
webapp=/solr path=/update/extract
params={literal.content_name=pptexamples.ppt&literal.deny_token_document=SPKWGroup:DEAD_AUTHORITY&literal.DocIcon=ppt&literal.content%3Aname=/pptexamples.ppt&
resource.name
=pptexamples.ppt&literal.allow_token_document=SPKWGroup:GApprovers&literal.allow_token_document=SPKWGroup:GDesigners&literal.allow_token_document=SPKWGroup:GHierarchy%2BManagers&literal.allow_token_document=SPKWGroup:GRestricted%2BReaders&literal.allow_token_document=SPKWGroup:GTest%2BIrish%2BWater%2BAdministrators&literal.allow_token_document=SPKWGroup:GTest%2BIrish%2BWater%2BPortal%2BMembers&literal.allow_token_document=SPKWGroup:GTest%2BIrish%2BWater%2BPortal%2BOwners&literal.allow_token_document=SPKWGroup:GTest%2BIrish%2BWater%2BPortal%2BVisitors&literal.allow_token_document=SPKWGroup:GViewers&literal.allow_token_document=SPKWGroup:Uc%253A0%2528.s%257Ctrue&literal.FolderChildCount=0&version=2.2&literal.ItemChildCount=0&literal._dlc_DocId=N7JQZDZPVPT7-50-1&literal.content%3Alink=
http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt&literal.content%3Aparent=testirishwaterportal/irish-water/DocumentLibrary&literal.content_size=1371648&literal.Edit=0&literal.id=http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt&literal.content%3AparentLink=http://testirishwaterportal/irish-water/DocumentLibrary&literal.LinkFilenameNoMenu=pptexamples.ppt&literal._dlc_DocIdUrl=http://testirishwaterportal/irish-water/_layouts/DocIdRedir.aspx?ID%3DN7JQZDZPVPT7-50-1,+N7JQZDZPVPT7-50-1&literal.Created=2014-06-04T16:55:09&literal._UIVersionString=1.0&literal.content%3Amimetype=application/vnd.ms-powerpoint&wt=xml&literal.Title=PPT+examples&literal.content%3Asource=Sharepoint&literal.Modified=2014-06-04T16:55:09&literal.Author=Lalit+Jangra&literal.LinkFilename=pptexamples.ppt&literal.lcf_metadata_id=1&literal.Editor=Lalit+Jangra&literal.ContentType=Document}
{add=[
http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt
(1470998806838378496)]} 0 1625
While querying for content using '/select' request handler
INFO - 2014-06-15 18:38:03.957;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
to match docs for user '[:ljangra@iwater.ie]'
INFO - 2014-06-15 18:38:04.363;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
authority response AUTHORIZED:SPKWConnection
INFO - 2014-06-15 18:38:04.363; org.apache.solr.core.SolrCore;
[collection1] webapp=/solr path=/select
params={debugQuery=true&indent=true&q=*:*&_=1402853883932&wt=json&AuthenticatedUserName=
ljangra@iwater.ie} hits=0 status=0 QTime=406
My authority tokens in MCF
AUTHORIZED:SPKWConnection
TOKEN:SPKWGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra
TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-32-545
TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
TOKEN:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
TOKEN:SPKWGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
TOKEN:SPKWGroup:Uc%3A0%21.s%7Cwindows
No mention of any deny_token but still while querying, i am getting same
results with one allow token & one deny token which supersedes allow token
giving me no results.
"parsed_filter_queries": [
"ConstantScore(+((+allow_token_share:__nosecurity__
+deny_token_share:__nosecurity__)
allow_token_share:SPKWGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra
-deny_token_share:SPKWGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-32-545
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-32-545
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
allow_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
-deny_token_share:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
allow_token_share:SPKWGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
-deny_token_share:SPKWGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
allow_token_share:SPKWGroup:Uc%3A0%21.s%7Cwindows
-deny_token_share:SPKWGroup:Uc%3A0%21.s%7Cwindows)
+((+allow_token_document:__nosecurity__
+deny_token_document:__nosecurity__)
allow_token_document:SPKWGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra
-deny_token_document:SPKWGroup:Ui%3A0%23.w%7Ciwater.ie%255cljangra
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-32-545
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-32-545
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
allow_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
-deny_token_document:SPKWGroup:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
allow_token_document:SPKWGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
-deny_token_document:SPKWGroup:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
allow_token_document:SPKWGroup:Uc%3A0%21.s%7Cwindows
-deny_token_document:SPKWGroup:Uc%3A0%21.s%7Cwindows))"
Sincere Regards.
On Sun, Jun 15, 2014 at 1:04 PM, Karl Wright <da...@gmail.com> wrote:
> If I'm right, the interim solution would be to just rename your authority
> group to something that does not have characters that need escaping in
> them. If that works, then we know what the issue is, and I'll open a
> ticket and try to find a solution.
>
> Thanks,
> Karl
>
>
>
> On Sun, Jun 15, 2014 at 8:01 AM, Karl Wright <da...@gmail.com> wrote:
>
>> Hi Lalit,
>>
>> I'm sorry, I was confused.
>>
>> The document ingest you included had only ONE deny_token_document value:
>> literal.deny_token_document=SP%2BKW:DEAD_AUTHORITY .
>>
>> So even though you see a deny_token_document clause in the Solr query
>> expression, it will not match *unless* your user has a DEAD_AUTHORITY
>> token. So that is not the problem.
>>
>> But what I do see is the following:
>>
>> SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>
>> Note the prefix; the prefix when indexing is SP%2BKW, while the prefix
>> when searching is SP+KW. I had discounted that because the [INFO] log from
>> Solr is logging a URL and it is therefore URL encoded -- but it is possible
>> now that since Solr no longer has Jetty involved, it may not be unencoding
>> SP%2BKW back to SP+KW properly. What do you see for the ACL field values
>> in Luke? Are they SP+KW?
>>
>> Karl
>>
>>
>>
>>
>>
>>
>>
>>
>> On Sun, Jun 15, 2014 at 7:48 AM, Karl Wright <da...@gmail.com> wrote:
>>
>>> Hi Lalit,
>>>
>>> Ok, I think that everything on your end is now set up correctly.
>>>
>>> You should be able to see Windows documents on your search, if I am
>>> correct. Do you see any?
>>>
>>> As for SharePoint, when a user has a deny token in ManifoldCF it takes
>>> precedence over any allow tokens. But SharePoint does not current generate
>>> *any* deny tokens; it doesn't have those in the model. So I'm wondering
>>> where those are coming from, and if there's a bug of some kind.
>>>
>>> Let me do some research and get back to you.
>>>
>>> Karl
>>>
>>>
>>>
>>> On Sun, Jun 15, 2014 at 5:56 AM, lalit jangra <la...@gmail.com>
>>> wrote:
>>>
>>>> Hi Karl,
>>>>
>>>> My sincere apologies for going out a context here as i was confused &
>>>> my limited knowledge of sharepoint and ACLs.
>>>>
>>>> After spending two more days and setting up everything from scratch
>>>> couple of times, i am back into square one. The only thing which i could
>>>> observe is that while indexing content into solr , i could see all ACL are
>>>> getting indexed correctly.
>>>>
>>>>
>>>> params={literal.content_name=/Alfresco-in-an-Hour.pdf&literal.deny_token_document=SP%2BKW:DEAD_AUTHORITY&literal.DocIcon=pdf&
>>>> resource.name
>>>> =Alfresco-in-an-Hour.pdf&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BVisitors&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BOwners&literal.allow_token_document=SP%2BKW:GRestricted%2BReaders&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BAdministrators&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BMembers&literal.allow_token_document=SP%2BKW:Uc%253A0%2528.s%257Ctrue&literal.allow_token_document=SP%2BKW:GHierarchy%2BManagers&literal.allow_token_document=SP%2BKW:GApprovers&literal.allow_token_document=SP%2BKW:GViewers&literal.allow_token_document=SP%2BKW:GDesigners&literal.content%3AmodifiedDate=2014-06-04T15:52:29.000Z&literal.FolderChildCount=0&version=2.2&literal.ItemChildCount=0&literal._dlc_DocId=N7JQZDZPVPT7-49-1&literal.content%3Alink=
>>>> http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.ParentVersionString=&literal.content_source=Sharepoint&literal._CopySource=&literal.content%3Aparent=testirishwaterportal/irish-water/Shared%2520Documents&literal.FileSizeDisplay=674383&literal._CheckinComment=&literal.Edit=0&literal.content%3AparentLink=http://testirishwaterportal/irish-water/Shared%2520Documents&literal.id=http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.LinkFilenameNoMenu=Alfresco-in-an-Hour.pdf&literal.Created=2014-06-04+16:52:29&literal._dlc_DocIdUrl=http://testirishwaterportal/irish-water/_layouts/DocIdRedir.aspx?ID%3DN7JQZDZPVPT7-49-1,+N7JQZDZPVPT7-49-1&literal.content%3Amimetype=application/pdf&literal._UIVersionString=1.0&wt=xml&literal.Title=&literal.Modified=2014-06-04+16:52:29&literal.FileLeafRef=Alfresco-in-an-Hour.pdf&literal.Author=Lalit+Jangra&literal.LinkFilename=Alfresco-in-an-Hour.pdf&literal.lcf_metadata_id=1&literal.Editor=Lalit+Jangra&literal.ParentLeafName=&literal.CheckoutUser=&literal.ContentType=Document}
>>>> {add=[
>>>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf
>>>> (1470968440371019776)]} 0 922
>>>>
>>>> INFO - 2014-06-15 10:33:54.343;
>>>> org.apache.solr.update.DirectUpdateHandler2; start
>>>> commit{,optimize=false,openSearcher=true,waitSearcher=true,expungeDeletes=false,softCommit=false,prepareCommit=false}
>>>>
>>>>
>>>> While searching in solr using '/select' query handler after updating it
>>>> using fq={!manifoldCFSecurity}, i could not see any content while passing
>>>> correct value for AuthenticatedUserName but while debugging it using
>>>> '/select' query handler, i could see extra deny tokens attached,which i
>>>> doubt are the reason behind no results showing up.
>>>>
>>>>
>>>> Highlight from solr.log, its fine as i can see which are fine and user
>>>> passing authority test.
>>>>
>>>>
>>>> INFO - 2014-06-15 10:42:15.446;
>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>> to match docs for user '[:ljangra@iwater.ie]'
>>>>
>>>> INFO - 2014-06-15 10:42:15.649;
>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>> authority response AUTHORIZED:SP+K+Conn
>>>>
>>>> INFO - 2014-06-15 10:42:15.649; org.apache.solr.core.SolrCore;
>>>> [collection1] webapp=/solr path=/select
>>>> params={debugQuery=true&indent=true&q=*:*&_=1402825335417&wt=json&AuthenticatedUserName=
>>>> ljangra@iwater.ie} hits=0 status=0 QTime=203
>>>>
>>>> Debugging results for '/select' search query handler.
>>>>
>>>> "parsed_filter_queries": [
>>>> "ConstantScore(+((+allow_token_share:__nosecurity__
>>>> +deny_token_share:__nosecurity__)
>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>> +((+allow_token_document:__nosecurity__
>>>> +deny_token_document:__nosecurity__)
>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>
>>>> E.g. Here you can see allow token as
>>>> "allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
>>>> but at the same time there is additional dent token
>>>> "-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
>>>> which has minus sign prefixed to it. Here i assume that these are
>>>> cancelling each other that is why i can not see any results returned. Else
>>>> i could not find any discrepancy anywhere.
>>>>
>>>> While i am working on this, your valuable guidance will prove to be
>>>> light at the end of tunnel.
>>>>
>>>> Waiting for reply.
>>>>
>>>> My Sincere Regards.
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 4:12 PM, Karl Wright <da...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> I am not a Solr expert; Ahmet is a better resource for how to
>>>>> configure Solr. He has already furnished good advice on how to do that,
>>>>> and you have at one point showed us queries that included the appropriate
>>>>> access tokens in them so I know you had it working at one point.
>>>>>
>>>>> This is not rocket science, and all the components seem to be working
>>>>> as designed. You will have to put in some care and time getting your
>>>>> configuration right. Retrace your steps or start fresh if you have to. We
>>>>> really can't give you any more advice from here; things seem to be working
>>>>> and then not working and then working again, and I suspect that you are
>>>>> basically hacking away at your configuration without understanding at all
>>>>> what you are doing. So slow down, keep more careful notes, and review
>>>>> these emails.
>>>>>
>>>>> Thanks,
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 10:57 AM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>>> Hi Karl,
>>>>>>
>>>>>> I have tried with /select, /query & /search but not getting
>>>>>> appropriate results. Which query handler should i use here.
>>>>>>
>>>>>> I am also attaching solrconfig.xml.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 13, 2014 at 3:26 PM, Karl Wright <da...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Lalit,
>>>>>>>
>>>>>>> You are going through the wrong query handler again:
>>>>>>>
>>>>>>> "
>>>>>>> http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>>> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>>>>>> Annoucements/DispForm.aspx?ID=1": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>>>>>> product of:\n 1.0 = queryNorm\n",
>>>>>>> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>>>>>> Annoucements/DispForm.aspx?ID=2": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>>>>>> product of:\n 1.0 = queryNorm\n",
>>>>>>> "
>>>>>>> http://testirishwaterportal/irish-water/DocumentLibrary/serverDetails.xlsx":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>>> "
>>>>>>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>>> "
>>>>>>> http://testirishwaterportal/irish-water/Shared%20Documents/alfresco_aiim_2006_05_16.ppt":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>>> "
>>>>>>> http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>>> "
>>>>>>> http://testirishwaterportal/irish-water/Lists/IW%20Annoucements/Attachments/2/spp.log":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>>> "
>>>>>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/Alfresco-in-an-Hour%20-%20Copy.pdf":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>>> "
>>>>>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/DevCon%20Revenue.pptx":
>>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n"
>>>>>>>
>>>>>>>
>>>>>>> The Solr plugin query modification is not happening; it doesn't seem
>>>>>>> to be getting applied now. It was earlier, you must have turned it off.
>>>>>>>
>>>>>>> Karl
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jun 13, 2014 at 9:56 AM, lalit jangra <
>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>
>>>>>>>> Thanks Karl,
>>>>>>>>
>>>>>>>> After resetting everything again, now i could see content with ACL
>>>>>>>> posted to solr as per your instructions. Thanks again for this.I am
>>>>>>>> attaching solr.log.
>>>>>>>>
>>>>>>>> But still i am not able to see any content using /select query
>>>>>>>> handler & attached Select.log for same.
>>>>>>>>
>>>>>>>> While using /query request handler, i can see results with ACL but
>>>>>>>> whatever name i provide, it returns all results so effectively ACL not
>>>>>>>> working, attached Query.log for same.
>>>>>>>>
>>>>>>>> Can you please guide.
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 13, 2014 at 1:37 PM, Karl Wright <da...@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> I wonder if this is a Luke bug?
>>>>>>>>> The access tokens might well have a form that Luke doesn't like to
>>>>>>>>> display. That is the only thing that's making any sense to me at the
>>>>>>>>> moment.
>>>>>>>>>
>>>>>>>>> Karl
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, Jun 13, 2014 at 8:29 AM, Karl Wright <da...@gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> FWIW, your authority setup seems to be working properly, and the
>>>>>>>>>> query generator is working properly too. Only the acls are messed up.
>>>>>>>>>>
>>>>>>>>>> This is the interesting bit:
>>>>>>>>>>
>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>
>>>>>>>>>> "SP+KW:"]
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> It looks like a blank access token is being fetched for this list
>>>>>>>>>> item, which does not make any sense to me. And yet we saw access tokens
>>>>>>>>>> before, correct?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Karl
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <da...@gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>
>>>>>>>>>>> It is clear that your access tokens have not been actually
>>>>>>>>>>> indexed. But I remember seeing that they were correctly posted to Solr.
>>>>>>>>>>> So now I am confused.
>>>>>>>>>>>
>>>>>>>>>>> Can you please do the following:
>>>>>>>>>>> - Click the "reindex all documents" button in the MCF view page
>>>>>>>>>>> for your output connection
>>>>>>>>>>> - Start your job
>>>>>>>>>>> - Send me the Solr info output about what has been posted
>>>>>>>>>>>
>>>>>>>>>>> When that is done, if what is posted looks correct, you SHOULD
>>>>>>>>>>> have a Solr index that has ACLs in it.
>>>>>>>>>>> If it does not look correct, we will have to go back and look at
>>>>>>>>>>> your connections etc. to see why the acls are not being fetched.
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Karl
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Again,
>>>>>>>>>>>>
>>>>>>>>>>>> I used /query for debugging & using
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> <ht...@iwater.ie>I
>>>>>>>>>>>> could see below results without much information about ACLs.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> "deny_token_document": [
>>>>>>>>>>>>
>>>>>>>>>>>> "SP+KW:DEAD_AUTHORITY"
>>>>>>>>>>>>
>>>>>>>>>>>> ],
>>>>>>>>>>>>
>>>>>>>>>>>> "id": "
>>>>>>>>>>>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>>>>>>>>>>>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>>>>>>>>>>>> ",
>>>>>>>>>>>>
>>>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>>>
>>>>>>>>>>>> "SP+KW:"
>>>>>>>>>>>>
>>>>>>>>>>>> ],
>>>>>>>>>>>>
>>>>>>>>>>>> "content": [
>>>>>>>>>>>>
>>>>>>>>>>>> " \n \n \n \n \n \n \n \n \n \n "
>>>>>>>>>>>>
>>>>>>>>>>>> ],
>>>>>>>>>>>>
>>>>>>>>>>>> "_version_": 1470790301540941800,
>>>>>>>>>>>>
>>>>>>>>>>>> "allow_token_share": [
>>>>>>>>>>>>
>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>>
>>>>>>>>>>>> ],
>>>>>>>>>>>>
>>>>>>>>>>>> "deny_token_share": [
>>>>>>>>>>>>
>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>>
>>>>>>>>>>>> ]
>>>>>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <
>>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>
>>>>>>>>>>>>> regarding "As i could not see any document in solr query,"
>>>>>>>>>>>>>
>>>>>>>>>>>>> Here is the best practise that I use :
>>>>>>>>>>>>>
>>>>>>>>>>>>> I configure /select request handler (RH) with mcfQParser,
>>>>>>>>>>>>> intended to use in production, default RH.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I also use /query RH without mcfQParser, for debugging
>>>>>>>>>>>>> purposes.
>>>>>>>>>>>>>
>>>>>>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>>>>>>>>>>>
>>>>>>>>>>>>> Ahmet
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>>>
>>>>>>>>>>>>> As i could not see any document in solr query, i used Luke to
>>>>>>>>>>>>> open index and i could see below values for all MCF plugin fields for all
>>>>>>>>>>>>> documents. These are something different from previous values.
>>>>>>>>>>>>>
>>>>>>>>>>>>> allow_token_document = SP+KW:
>>>>>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>>>>>> deny_token_document = SP+KW:DEAD_AUTHORITY
>>>>>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>>>>>>
>>>>>>>>>>>>> I think something or a lot of things missing here. I am
>>>>>>>>>>>>> attaching zip of solr index(very small one with 10 documents from
>>>>>>>>>>>>> sharepoint) here. Please guide.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <
>>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>
>>>>>>>>>>>>> Can you show me somehow some of the the ACLs that have been
>>>>>>>>>>>>> indexed with your documents? The only other potential issue might be that
>>>>>>>>>>>>> your repository connection(s) may not be part of the same authority groups
>>>>>>>>>>>>> as your authority connections. In that case, the indexed authority tokens
>>>>>>>>>>>>> will have a different prefix (e.g. SP+KW in one case, something else in the
>>>>>>>>>>>>> other).
>>>>>>>>>>>>>
>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <
>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Again,
>>>>>>>>>>>>>
>>>>>>>>>>>>> As per Karl's suggestion, i am now converting user from
>>>>>>>>>>>>> water.com\ljangra to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>>>>>> I can see below ACL.
>>>>>>>>>>>>> AUTHORIZED:SP+K+Conn
>>>>>>>>>>>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>>>
>>>>>>>>>>>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>>>>
>>>>>>>>>>>>> Still i am not able to see any results from query
>>>>>>>>>>>>>
>>>>>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>>>>>> . While debugging query i can see ACL doing fine. So i am
>>>>>>>>>>>>> confused why its now working. Can you please help.
>>>>>>>>>>>>>
>>>>>>>>>>>>> "parsed_filter_queries": [
>>>>>>>>>>>>> "ConstantScore(+((+allow_token_share:__nosecurity__
>>>>>>>>>>>>> +deny_token_share:__nosecurity__)
>>>>>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>>>>>>>>>>> +((+allow_token_document:__nosecurity__
>>>>>>>>>>>>> +deny_token_document:__nosecurity__)
>>>>>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>>>>>>>>>> ],
>>>>>>>>>>>>>
>>>>>>>>>>>>> Finally solr.log also seems to be fine.
>>>>>>>>>>>>>
>>>>>>>>>>>>> INFO - 2014-06-13 11:38:19.862;
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>>>>>> INFO - 2014-06-13 11:38:19.909;
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>>>>>> authority response AUTHORIZED:SP+K+Conn
>>>>>>>>>>>>> INFO - 2014-06-13 11:38:19.909;
>>>>>>>>>>>>> org.apache.solr.core.SolrCore; [collection1] webapp=/solr path=/select
>>>>>>>>>>>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>>>>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <
>>>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>>
>>>>>>>>>>>>> It makes more sense to use appends section rather than
>>>>>>>>>>>>> defaults section when defining mcf query parser plugin in fq parameter.
>>>>>>>>>>>>>
>>>>>>>>>>>>> <lst name="appends">
>>>>>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>>>> </lst>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Ahmet,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have configured solrconfig.xml as per your suggestion.
>>>>>>>>>>>>>
>>>>>>>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>>>>>> <!-- default values for query parameters can be specified,
>>>>>>>>>>>>> these
>>>>>>>>>>>>> will be overridden by parameters in the request
>>>>>>>>>>>>> -->
>>>>>>>>>>>>> <lst name="defaults">
>>>>>>>>>>>>> <str name="echoParams">explicit</str>
>>>>>>>>>>>>> <int name="rows">1000</int>
>>>>>>>>>>>>> <str name="df">text</str>
>>>>>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>>>> </lst>
>>>>>>>>>>>>> ....
>>>>>>>>>>>>> </requestHandler>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Next i am running a job which indexes sharepoint content in
>>>>>>>>>>>>> solr but when i am searching in solr, i am getting not results & getting
>>>>>>>>>>>>> UNREACHABLEAUTHORITY message.
>>>>>>>>>>>>>
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>>>>>>>>>>>> commits: num=2
>>>>>>>>>>>>>
>>>>>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>>>>>>>>>>>
>>>>>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.960;
>>>>>>>>>>>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0
>>>>>>>>>>>>> main
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>>>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>>>>>>>>>>>> requests to Searcher@5ac787b0
>>>>>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>>>>> org.apache.solr.core.SolrCore; [collection1] Registered new searcher
>>>>>>>>>>>>> Searcher@5ac787b0
>>>>>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>>>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>>>>>>>>>>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>>>>>>>>>>>> {commit=} 0 265
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:35.663;
>>>>>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>>>>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>>>>>>>>>>>> QTime=0
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:35.741;
>>>>>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>>>>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:36.960;
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>>>>>>>>>>>> no-user response (open documents only)
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:36.976;
>>>>>>>>>>>>> org.apache.solr.core.SolrCore; [collection1] webapp=/solr path=/select
>>>>>>>>>>>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:40.569;
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:40.726;
>>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>>>>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>>>>>>>>>>> INFO - 2014-06-12 22:22:40.726;
>>>>>>>>>>>>> org.apache.solr.core.SolrCore; [collection1] webapp=/solr path=/select
>>>>>>>>>>>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>>>>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>>>>>>>>>>>
>>>>>>>>>>>>> UNREACHABLEAUTHORITY means name of an authority that was found
>>>>>>>>>>>>> to be unreachable or unusable but i am having same authority working fine
>>>>>>>>>>>>> in MCF.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Please help.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <
>>>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Karl,
>>>>>>>>>>>>>
>>>>>>>>>>>>> May be we should use
>>>>>>>>>>>>>
>>>>>>>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>>>>>>
>>>>>>>>>>>>> in
>>>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>>>>>
>>>>>>>>>>>>> To avoid confusion?
>>>>>>>>>>>>>
>>>>>>>>>>>>> What do you think?
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <
>>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> What does your solrconfig.xml file look like?
>>>>>>>>>>>>> Karl
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <
>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Ahmet,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I tried the way you suggested but its not working. My solr
>>>>>>>>>>>>> query is as below.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>>>>>>>>>
>>>>>>>>>>>>> Whatever name i am passing as AuthenticatedUserName, it
>>>>>>>>>>>>> returning all results.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have indexed my documents using mcf-solr plugin using
>>>>>>>>>>>>> instructions @
>>>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>>>>>>>>>>>> Below are some of ACL stored in solr. Am i missing something?
>>>>>>>>>>>>>
>>>>>>>>>>>>> "_version_": 1470562493875093500,
>>>>>>>>>>>>> "allow_token_share": [
>>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>>> ],
>>>>>>>>>>>>> "deny_token_share": [
>>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>>> ]
>>>>>>>>>>>>> },
>>>>>>>>>>>>> {
>>>>>>>>>>>>> "content_name": "Alfresco-in-an-Hour.pdf"
>>>>>>>>>>>>> "deny_token_document": [
>>>>>>>>>>>>> "SP+Group:DEAD_AUTHORITY"
>>>>>>>>>>>>> ],
>>>>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>>>> "SP+Group:GTest+lalit+Portal+Visitors",
>>>>>>>>>>>>> "SP+Group:GTest+lalit+Portal+Owners",
>>>>>>>>>>>>> "SP+Group:GRestricted+Readers",
>>>>>>>>>>>>> "SP+Group:GTest+lalit+Administrators",
>>>>>>>>>>>>> "SP+Group:GTest+lalit+Portal+Members",
>>>>>>>>>>>>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>>>>>>>>> "SP+Group:GHierarchy+Managers",
>>>>>>>>>>>>> "SP+Group:GApprovers",
>>>>>>>>>>>>> "SP+Group:GViewers",
>>>>>>>>>>>>> "SP+Group:GDesigners"
>>>>>>>>>>>>> ],
>>>>>>>>>>>>> "content_modified_date": "2014-06-04T00:00:00Z",
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> SDD
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> "_version_": 1470564182244982800
>>>>>>>>>>>>> },
>>>>>>>>>>>>> {
>>>>>>>>>>>>> "deny_token_share": [
>>>>>>>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>>>> ],
>>>>>>>>>>>>> "content_name": "hekko.txt",
>>>>>>>>>>>>> "content_modifier": "iwater.ie\\ljangra",
>>>>>>>>>>>>> "deny_token_document": [
>>>>>>>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>>>> ],
>>>>>>>>>>>>> "id": "
>>>>>>>>>>>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt
>>>>>>>>>>>>> ",
>>>>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>>>> "AD+Group:S-1-5-18",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>>>>>>>>>
>>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>>>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>>>>>>>> ],
>>>>>>>>>>>>>
>>>>>>>>>>>>> "allow_token_share": [
>>>>>>>>>>>>> "AD+Group:S-1-1-0",
>>>>>>>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>>>>>>>> ],
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> CMIS
>>>>>>>>>>>>>
>>>>>>>>>>>>> "allow_token_share": [
>>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>>> ],
>>>>>>>>>>>>> "deny_token_document": [
>>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>>> ],
>>>>>>>>>>>>> "deny_token_share": [
>>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>>> ],
>>>>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>>> ]
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <
>>>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>> As documented here
>>>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>>>>>
>>>>>>>>>>>>> "At a minimum, AuthenticatedUserName must be present in
>>>>>>>>>>>>> order"
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> This is a URL parameter, just like Solr params. Here is an
>>>>>>>>>>>>> example.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>>>>>>>>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi All,
>>>>>>>>>>>>>
>>>>>>>>>>>>> As continuing from
>>>>>>>>>>>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>>>>>>>>>>>> as per Ahmet's suggestion.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs
>>>>>>>>>>>>> indexed into solr indexes.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Now i want to write Solr query to put a user's permission
>>>>>>>>>>>>> details into in it which can be compared to ACL stored in solr and only
>>>>>>>>>>>>> those results will be returned to user on which he has been assigned ACL.
>>>>>>>>>>>>>
>>>>>>>>>>>>> How can i do this? Can i use MCF filter below here or do i
>>>>>>>>>>>>> need to write custom query for my need?
>>>>>>>>>>>>>
>>>>>>>>>>>>> <requestHandler name="search" class="solr.SearchHandler"
>>>>>>>>>>>>> default="true">
>>>>>>>>>>>>> <lst name="appends">
>>>>>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>>>> </lst>
>>>>>>>>>>>>> </requestHandler>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Please help.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Lalit Jangra.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Lalit Jangra.
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Lalit Jangra.
>>>>
>>>
>>>
>>
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by Karl Wright <da...@gmail.com>.
If I'm right, the interim solution would be to just rename your authority
group to something that does not have characters that need escaping in
them. If that works, then we know what the issue is, and I'll open a
ticket and try to find a solution.
Thanks,
Karl
On Sun, Jun 15, 2014 at 8:01 AM, Karl Wright <da...@gmail.com> wrote:
> Hi Lalit,
>
> I'm sorry, I was confused.
>
> The document ingest you included had only ONE deny_token_document value:
> literal.deny_token_document=SP%2BKW:DEAD_AUTHORITY .
>
> So even though you see a deny_token_document clause in the Solr query
> expression, it will not match *unless* your user has a DEAD_AUTHORITY
> token. So that is not the problem.
>
> But what I do see is the following:
>
> SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>
> Note the prefix; the prefix when indexing is SP%2BKW, while the prefix
> when searching is SP+KW. I had discounted that because the [INFO] log from
> Solr is logging a URL and it is therefore URL encoded -- but it is possible
> now that since Solr no longer has Jetty involved, it may not be unencoding
> SP%2BKW back to SP+KW properly. What do you see for the ACL field values
> in Luke? Are they SP+KW?
>
> Karl
>
>
>
>
>
>
>
>
> On Sun, Jun 15, 2014 at 7:48 AM, Karl Wright <da...@gmail.com> wrote:
>
>> Hi Lalit,
>>
>> Ok, I think that everything on your end is now set up correctly.
>>
>> You should be able to see Windows documents on your search, if I am
>> correct. Do you see any?
>>
>> As for SharePoint, when a user has a deny token in ManifoldCF it takes
>> precedence over any allow tokens. But SharePoint does not current generate
>> *any* deny tokens; it doesn't have those in the model. So I'm wondering
>> where those are coming from, and if there's a bug of some kind.
>>
>> Let me do some research and get back to you.
>>
>> Karl
>>
>>
>>
>> On Sun, Jun 15, 2014 at 5:56 AM, lalit jangra <la...@gmail.com>
>> wrote:
>>
>>> Hi Karl,
>>>
>>> My sincere apologies for going out a context here as i was confused & my
>>> limited knowledge of sharepoint and ACLs.
>>>
>>> After spending two more days and setting up everything from scratch
>>> couple of times, i am back into square one. The only thing which i could
>>> observe is that while indexing content into solr , i could see all ACL are
>>> getting indexed correctly.
>>>
>>>
>>> params={literal.content_name=/Alfresco-in-an-Hour.pdf&literal.deny_token_document=SP%2BKW:DEAD_AUTHORITY&literal.DocIcon=pdf&
>>> resource.name
>>> =Alfresco-in-an-Hour.pdf&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BVisitors&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BOwners&literal.allow_token_document=SP%2BKW:GRestricted%2BReaders&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BAdministrators&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BMembers&literal.allow_token_document=SP%2BKW:Uc%253A0%2528.s%257Ctrue&literal.allow_token_document=SP%2BKW:GHierarchy%2BManagers&literal.allow_token_document=SP%2BKW:GApprovers&literal.allow_token_document=SP%2BKW:GViewers&literal.allow_token_document=SP%2BKW:GDesigners&literal.content%3AmodifiedDate=2014-06-04T15:52:29.000Z&literal.FolderChildCount=0&version=2.2&literal.ItemChildCount=0&literal._dlc_DocId=N7JQZDZPVPT7-49-1&literal.content%3Alink=
>>> http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.ParentVersionString=&literal.content_source=Sharepoint&literal._CopySource=&literal.content%3Aparent=testirishwaterportal/irish-water/Shared%2520Documents&literal.FileSizeDisplay=674383&literal._CheckinComment=&literal.Edit=0&literal.content%3AparentLink=http://testirishwaterportal/irish-water/Shared%2520Documents&literal.id=http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.LinkFilenameNoMenu=Alfresco-in-an-Hour.pdf&literal.Created=2014-06-04+16:52:29&literal._dlc_DocIdUrl=http://testirishwaterportal/irish-water/_layouts/DocIdRedir.aspx?ID%3DN7JQZDZPVPT7-49-1,+N7JQZDZPVPT7-49-1&literal.content%3Amimetype=application/pdf&literal._UIVersionString=1.0&wt=xml&literal.Title=&literal.Modified=2014-06-04+16:52:29&literal.FileLeafRef=Alfresco-in-an-Hour.pdf&literal.Author=Lalit+Jangra&literal.LinkFilename=Alfresco-in-an-Hour.pdf&literal.lcf_metadata_id=1&literal.Editor=Lalit+Jangra&literal.ParentLeafName=&literal.CheckoutUser=&literal.ContentType=Document}
>>> {add=[
>>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf
>>> (1470968440371019776)]} 0 922
>>>
>>> INFO - 2014-06-15 10:33:54.343;
>>> org.apache.solr.update.DirectUpdateHandler2; start
>>> commit{,optimize=false,openSearcher=true,waitSearcher=true,expungeDeletes=false,softCommit=false,prepareCommit=false}
>>>
>>>
>>> While searching in solr using '/select' query handler after updating it
>>> using fq={!manifoldCFSecurity}, i could not see any content while passing
>>> correct value for AuthenticatedUserName but while debugging it using
>>> '/select' query handler, i could see extra deny tokens attached,which i
>>> doubt are the reason behind no results showing up.
>>>
>>>
>>> Highlight from solr.log, its fine as i can see which are fine and user
>>> passing authority test.
>>>
>>>
>>> INFO - 2014-06-15 10:42:15.446;
>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>> to match docs for user '[:ljangra@iwater.ie]'
>>>
>>> INFO - 2014-06-15 10:42:15.649;
>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>> authority response AUTHORIZED:SP+K+Conn
>>>
>>> INFO - 2014-06-15 10:42:15.649; org.apache.solr.core.SolrCore;
>>> [collection1] webapp=/solr path=/select
>>> params={debugQuery=true&indent=true&q=*:*&_=1402825335417&wt=json&AuthenticatedUserName=
>>> ljangra@iwater.ie} hits=0 status=0 QTime=203
>>>
>>>
>>> Debugging results for '/select' search query handler.
>>>
>>> "parsed_filter_queries": [
>>> "ConstantScore(+((+allow_token_share:__nosecurity__
>>> +deny_token_share:__nosecurity__)
>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>> +((+allow_token_document:__nosecurity__
>>> +deny_token_document:__nosecurity__)
>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>
>>> E.g. Here you can see allow token as
>>> "allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
>>> but at the same time there is additional dent token
>>> "-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
>>> which has minus sign prefixed to it. Here i assume that these are
>>> cancelling each other that is why i can not see any results returned. Else
>>> i could not find any discrepancy anywhere.
>>>
>>> While i am working on this, your valuable guidance will prove to be
>>> light at the end of tunnel.
>>>
>>> Waiting for reply.
>>>
>>> My Sincere Regards.
>>>
>>>
>>> On Fri, Jun 13, 2014 at 4:12 PM, Karl Wright <da...@gmail.com> wrote:
>>>
>>>> Hi Lalit,
>>>>
>>>> I am not a Solr expert; Ahmet is a better resource for how to configure
>>>> Solr. He has already furnished good advice on how to do that, and you have
>>>> at one point showed us queries that included the appropriate access tokens
>>>> in them so I know you had it working at one point.
>>>>
>>>> This is not rocket science, and all the components seem to be working
>>>> as designed. You will have to put in some care and time getting your
>>>> configuration right. Retrace your steps or start fresh if you have to. We
>>>> really can't give you any more advice from here; things seem to be working
>>>> and then not working and then working again, and I suspect that you are
>>>> basically hacking away at your configuration without understanding at all
>>>> what you are doing. So slow down, keep more careful notes, and review
>>>> these emails.
>>>>
>>>> Thanks,
>>>> Karl
>>>>
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 10:57 AM, lalit jangra <
>>>> lalit.j.jangra@gmail.com> wrote:
>>>>
>>>>> Hi Karl,
>>>>>
>>>>> I have tried with /select, /query & /search but not getting
>>>>> appropriate results. Which query handler should i use here.
>>>>>
>>>>> I am also attaching solrconfig.xml.
>>>>>
>>>>> Regards.
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 3:26 PM, Karl Wright <da...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Lalit,
>>>>>>
>>>>>> You are going through the wrong query handler again:
>>>>>>
>>>>>> "
>>>>>> http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1":
>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>>>>> Annoucements/DispForm.aspx?ID=1": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>>>>> product of:\n 1.0 = queryNorm\n",
>>>>>> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>>>>> Annoucements/DispForm.aspx?ID=2": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>>>>> product of:\n 1.0 = queryNorm\n",
>>>>>> "
>>>>>> http://testirishwaterportal/irish-water/DocumentLibrary/serverDetails.xlsx":
>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>> "
>>>>>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf":
>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>> "
>>>>>> http://testirishwaterportal/irish-water/Shared%20Documents/alfresco_aiim_2006_05_16.ppt":
>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>> "
>>>>>> http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt":
>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>> "
>>>>>> http://testirishwaterportal/irish-water/Lists/IW%20Annoucements/Attachments/2/spp.log":
>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>> "
>>>>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/Alfresco-in-an-Hour%20-%20Copy.pdf":
>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>>> "
>>>>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/DevCon%20Revenue.pptx":
>>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n"
>>>>>>
>>>>>>
>>>>>> The Solr plugin query modification is not happening; it doesn't seem
>>>>>> to be getting applied now. It was earlier, you must have turned it off.
>>>>>>
>>>>>> Karl
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 13, 2014 at 9:56 AM, lalit jangra <
>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>
>>>>>>> Thanks Karl,
>>>>>>>
>>>>>>> After resetting everything again, now i could see content with ACL
>>>>>>> posted to solr as per your instructions. Thanks again for this.I am
>>>>>>> attaching solr.log.
>>>>>>>
>>>>>>> But still i am not able to see any content using /select query
>>>>>>> handler & attached Select.log for same.
>>>>>>>
>>>>>>> While using /query request handler, i can see results with ACL but
>>>>>>> whatever name i provide, it returns all results so effectively ACL not
>>>>>>> working, attached Query.log for same.
>>>>>>>
>>>>>>> Can you please guide.
>>>>>>>
>>>>>>> Regards.
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jun 13, 2014 at 1:37 PM, Karl Wright <da...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> I wonder if this is a Luke bug?
>>>>>>>> The access tokens might well have a form that Luke doesn't like to
>>>>>>>> display. That is the only thing that's making any sense to me at the
>>>>>>>> moment.
>>>>>>>>
>>>>>>>> Karl
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 13, 2014 at 8:29 AM, Karl Wright <da...@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> FWIW, your authority setup seems to be working properly, and the
>>>>>>>>> query generator is working properly too. Only the acls are messed up.
>>>>>>>>>
>>>>>>>>> This is the interesting bit:
>>>>>>>>>
>>>>>>>>> "allow_token_document": [
>>>>>>>>>
>>>>>>>>> "SP+KW:"]
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> It looks like a blank access token is being fetched for this list
>>>>>>>>> item, which does not make any sense to me. And yet we saw access tokens
>>>>>>>>> before, correct?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Karl
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <da...@gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Lalit,
>>>>>>>>>>
>>>>>>>>>> It is clear that your access tokens have not been actually
>>>>>>>>>> indexed. But I remember seeing that they were correctly posted to Solr.
>>>>>>>>>> So now I am confused.
>>>>>>>>>>
>>>>>>>>>> Can you please do the following:
>>>>>>>>>> - Click the "reindex all documents" button in the MCF view page
>>>>>>>>>> for your output connection
>>>>>>>>>> - Start your job
>>>>>>>>>> - Send me the Solr info output about what has been posted
>>>>>>>>>>
>>>>>>>>>> When that is done, if what is posted looks correct, you SHOULD
>>>>>>>>>> have a Solr index that has ACLs in it.
>>>>>>>>>> If it does not look correct, we will have to go back and look at
>>>>>>>>>> your connections etc. to see why the acls are not being fetched.
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>> Karl
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <
>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Again,
>>>>>>>>>>>
>>>>>>>>>>> I used /query for debugging & using
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> <ht...@iwater.ie>I
>>>>>>>>>>> could see below results without much information about ACLs.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> "deny_token_document": [
>>>>>>>>>>>
>>>>>>>>>>> "SP+KW:DEAD_AUTHORITY"
>>>>>>>>>>>
>>>>>>>>>>> ],
>>>>>>>>>>>
>>>>>>>>>>> "id": "
>>>>>>>>>>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>>>>>>>>>>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>>>>>>>>>>> ",
>>>>>>>>>>>
>>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>>
>>>>>>>>>>> "SP+KW:"
>>>>>>>>>>>
>>>>>>>>>>> ],
>>>>>>>>>>>
>>>>>>>>>>> "content": [
>>>>>>>>>>>
>>>>>>>>>>> " \n \n \n \n \n \n \n \n \n \n "
>>>>>>>>>>>
>>>>>>>>>>> ],
>>>>>>>>>>>
>>>>>>>>>>> "_version_": 1470790301540941800,
>>>>>>>>>>>
>>>>>>>>>>> "allow_token_share": [
>>>>>>>>>>>
>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>
>>>>>>>>>>> ],
>>>>>>>>>>>
>>>>>>>>>>> "deny_token_share": [
>>>>>>>>>>>
>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>
>>>>>>>>>>> ]
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <
>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>
>>>>>>>>>>>> regarding "As i could not see any document in solr query,"
>>>>>>>>>>>>
>>>>>>>>>>>> Here is the best practise that I use :
>>>>>>>>>>>>
>>>>>>>>>>>> I configure /select request handler (RH) with mcfQParser,
>>>>>>>>>>>> intended to use in production, default RH.
>>>>>>>>>>>>
>>>>>>>>>>>> I also use /query RH without mcfQParser, for debugging
>>>>>>>>>>>> purposes.
>>>>>>>>>>>>
>>>>>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>>>>>>>>>>
>>>>>>>>>>>> Ahmet
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>>
>>>>>>>>>>>> As i could not see any document in solr query, i used Luke to
>>>>>>>>>>>> open index and i could see below values for all MCF plugin fields for all
>>>>>>>>>>>> documents. These are something different from previous values.
>>>>>>>>>>>>
>>>>>>>>>>>> allow_token_document = SP+KW:
>>>>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>>>>> deny_token_document = SP+KW:DEAD_AUTHORITY
>>>>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>>>>>
>>>>>>>>>>>> I think something or a lot of things missing here. I am
>>>>>>>>>>>> attaching zip of solr index(very small one with 10 documents from
>>>>>>>>>>>> sharepoint) here. Please guide.
>>>>>>>>>>>>
>>>>>>>>>>>> Regards.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <
>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>
>>>>>>>>>>>> Can you show me somehow some of the the ACLs that have been
>>>>>>>>>>>> indexed with your documents? The only other potential issue might be that
>>>>>>>>>>>> your repository connection(s) may not be part of the same authority groups
>>>>>>>>>>>> as your authority connections. In that case, the indexed authority tokens
>>>>>>>>>>>> will have a different prefix (e.g. SP+KW in one case, something else in the
>>>>>>>>>>>> other).
>>>>>>>>>>>>
>>>>>>>>>>>> Karl
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <
>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hi Again,
>>>>>>>>>>>>
>>>>>>>>>>>> As per Karl's suggestion, i am now converting user from
>>>>>>>>>>>> water.com\ljangra to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>>>>> I can see below ACL.
>>>>>>>>>>>> AUTHORIZED:SP+K+Conn
>>>>>>>>>>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>>
>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>>
>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>>
>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>>
>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>>
>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>>
>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>>
>>>>>>>>>>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>>>
>>>>>>>>>>>> Still i am not able to see any results from query
>>>>>>>>>>>>
>>>>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>>>>> . While debugging query i can see ACL doing fine. So i am
>>>>>>>>>>>> confused why its now working. Can you please help.
>>>>>>>>>>>>
>>>>>>>>>>>> "parsed_filter_queries": [
>>>>>>>>>>>> "ConstantScore(+((+allow_token_share:__nosecurity__
>>>>>>>>>>>> +deny_token_share:__nosecurity__)
>>>>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>>>>>>>>>> +((+allow_token_document:__nosecurity__
>>>>>>>>>>>> +deny_token_document:__nosecurity__)
>>>>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>>>>>>>>> ],
>>>>>>>>>>>>
>>>>>>>>>>>> Finally solr.log also seems to be fine.
>>>>>>>>>>>>
>>>>>>>>>>>> INFO - 2014-06-13 11:38:19.862;
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>>>>> INFO - 2014-06-13 11:38:19.909;
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>>>>> authority response AUTHORIZED:SP+K+Conn
>>>>>>>>>>>> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>>>>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>>>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>>>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>>>>>>>>>>
>>>>>>>>>>>> Regards.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <
>>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>>
>>>>>>>>>>>> It makes more sense to use appends section rather than defaults
>>>>>>>>>>>> section when defining mcf query parser plugin in fq parameter.
>>>>>>>>>>>>
>>>>>>>>>>>> <lst name="appends">
>>>>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>>> </lst>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Hi Ahmet,
>>>>>>>>>>>>
>>>>>>>>>>>> I have configured solrconfig.xml as per your suggestion.
>>>>>>>>>>>>
>>>>>>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>>>>> <!-- default values for query parameters can be specified,
>>>>>>>>>>>> these
>>>>>>>>>>>> will be overridden by parameters in the request
>>>>>>>>>>>> -->
>>>>>>>>>>>> <lst name="defaults">
>>>>>>>>>>>> <str name="echoParams">explicit</str>
>>>>>>>>>>>> <int name="rows">1000</int>
>>>>>>>>>>>> <str name="df">text</str>
>>>>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>>> </lst>
>>>>>>>>>>>> ....
>>>>>>>>>>>> </requestHandler>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Next i am running a job which indexes sharepoint content in
>>>>>>>>>>>> solr but when i am searching in solr, i am getting not results & getting
>>>>>>>>>>>> UNREACHABLEAUTHORITY message.
>>>>>>>>>>>>
>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>>>>>>>>>>> commits: num=2
>>>>>>>>>>>>
>>>>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>>>>>>>>>>
>>>>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.960;
>>>>>>>>>>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0
>>>>>>>>>>>> main
>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>>>>>>>>>>> requests to Searcher@5ac787b0
>>>>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>>>>>>>>>>> [collection1] Registered new searcher Searcher@5ac787b0
>>>>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>>>>>>>>>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>>>>>>>>>>> {commit=} 0 265
>>>>>>>>>>>> INFO - 2014-06-12 22:22:35.663;
>>>>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>>>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>>>>>>>>>>> QTime=0
>>>>>>>>>>>> INFO - 2014-06-12 22:22:35.741;
>>>>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>>>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>>>>>>>>>>> INFO - 2014-06-12 22:22:36.960;
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>>>>>>>>>>> no-user response (open documents only)
>>>>>>>>>>>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>>>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>>>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>>>>>>>>>>> INFO - 2014-06-12 22:22:40.569;
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>>>>> INFO - 2014-06-12 22:22:40.726;
>>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>>>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>>>>>>>>>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>>>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>>>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>>>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>>>>>>>>>>
>>>>>>>>>>>> UNREACHABLEAUTHORITY means name of an authority that was found
>>>>>>>>>>>> to be unreachable or unusable but i am having same authority working fine
>>>>>>>>>>>> in MCF.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Please help.
>>>>>>>>>>>>
>>>>>>>>>>>> Regards.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <
>>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hi Karl,
>>>>>>>>>>>>
>>>>>>>>>>>> May be we should use
>>>>>>>>>>>>
>>>>>>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>>>>>
>>>>>>>>>>>> in
>>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>>>>
>>>>>>>>>>>> To avoid confusion?
>>>>>>>>>>>>
>>>>>>>>>>>> What do you think?
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <
>>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> What does your solrconfig.xml file look like?
>>>>>>>>>>>> Karl
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <
>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hi Ahmet,
>>>>>>>>>>>>
>>>>>>>>>>>> I tried the way you suggested but its not working. My solr
>>>>>>>>>>>> query is as below.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>>>>>>>>
>>>>>>>>>>>> Whatever name i am passing as AuthenticatedUserName, it
>>>>>>>>>>>> returning all results.
>>>>>>>>>>>>
>>>>>>>>>>>> I have indexed my documents using mcf-solr plugin using
>>>>>>>>>>>> instructions @
>>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>>>>>>>>>>> Below are some of ACL stored in solr. Am i missing something?
>>>>>>>>>>>>
>>>>>>>>>>>> "_version_": 1470562493875093500,
>>>>>>>>>>>> "allow_token_share": [
>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>> ],
>>>>>>>>>>>> "deny_token_share": [
>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>> ]
>>>>>>>>>>>> },
>>>>>>>>>>>> {
>>>>>>>>>>>> "content_name": "Alfresco-in-an-Hour.pdf"
>>>>>>>>>>>> "deny_token_document": [
>>>>>>>>>>>> "SP+Group:DEAD_AUTHORITY"
>>>>>>>>>>>> ],
>>>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>>> "SP+Group:GTest+lalit+Portal+Visitors",
>>>>>>>>>>>> "SP+Group:GTest+lalit+Portal+Owners",
>>>>>>>>>>>> "SP+Group:GRestricted+Readers",
>>>>>>>>>>>> "SP+Group:GTest+lalit+Administrators",
>>>>>>>>>>>> "SP+Group:GTest+lalit+Portal+Members",
>>>>>>>>>>>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>>>>>>>> "SP+Group:GHierarchy+Managers",
>>>>>>>>>>>> "SP+Group:GApprovers",
>>>>>>>>>>>> "SP+Group:GViewers",
>>>>>>>>>>>> "SP+Group:GDesigners"
>>>>>>>>>>>> ],
>>>>>>>>>>>> "content_modified_date": "2014-06-04T00:00:00Z",
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> SDD
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> "_version_": 1470564182244982800
>>>>>>>>>>>> },
>>>>>>>>>>>> {
>>>>>>>>>>>> "deny_token_share": [
>>>>>>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>>> ],
>>>>>>>>>>>> "content_name": "hekko.txt",
>>>>>>>>>>>> "content_modifier": "iwater.ie\\ljangra",
>>>>>>>>>>>> "deny_token_document": [
>>>>>>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>>> ],
>>>>>>>>>>>> "id": "
>>>>>>>>>>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt
>>>>>>>>>>>> ",
>>>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>>> "AD+Group:S-1-5-18",
>>>>>>>>>>>>
>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>>>>>>>>
>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>>>>>>>>
>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>>>>>>>>
>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>>>>>>>>
>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>>>>>>>>
>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>>>>>>>>
>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>>>>>>>>
>>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>>>>>>> ],
>>>>>>>>>>>>
>>>>>>>>>>>> "allow_token_share": [
>>>>>>>>>>>> "AD+Group:S-1-1-0",
>>>>>>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>>>>>>> ],
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> CMIS
>>>>>>>>>>>>
>>>>>>>>>>>> "allow_token_share": [
>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>> ],
>>>>>>>>>>>> "deny_token_document": [
>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>> ],
>>>>>>>>>>>> "deny_token_share": [
>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>> ],
>>>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>>> ]
>>>>>>>>>>>>
>>>>>>>>>>>> Regards.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <
>>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hi,
>>>>>>>>>>>>
>>>>>>>>>>>> As documented here
>>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>>>>
>>>>>>>>>>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> This is a URL parameter, just like Solr params. Here is an
>>>>>>>>>>>> example.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>>>>>>>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Hi All,
>>>>>>>>>>>>
>>>>>>>>>>>> As continuing from
>>>>>>>>>>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>>>>>>>>>>> as per Ahmet's suggestion.
>>>>>>>>>>>>
>>>>>>>>>>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs
>>>>>>>>>>>> indexed into solr indexes.
>>>>>>>>>>>>
>>>>>>>>>>>> Now i want to write Solr query to put a user's permission
>>>>>>>>>>>> details into in it which can be compared to ACL stored in solr and only
>>>>>>>>>>>> those results will be returned to user on which he has been assigned ACL.
>>>>>>>>>>>>
>>>>>>>>>>>> How can i do this? Can i use MCF filter below here or do i
>>>>>>>>>>>> need to write custom query for my need?
>>>>>>>>>>>>
>>>>>>>>>>>> <requestHandler name="search" class="solr.SearchHandler"
>>>>>>>>>>>> default="true">
>>>>>>>>>>>> <lst name="appends">
>>>>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>>> </lst>
>>>>>>>>>>>> </requestHandler>
>>>>>>>>>>>>
>>>>>>>>>>>> Please help.
>>>>>>>>>>>>
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Regards,
>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>> Lalit Jangra.
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Lalit Jangra.
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>
>>
>
Re: How to query for content with ACLs?
Posted by Karl Wright <da...@gmail.com>.
Hi Lalit,
I'm sorry, I was confused.
The document ingest you included had only ONE deny_token_document value:
literal.deny_token_document=SP%2BKW:DEAD_AUTHORITY .
So even though you see a deny_token_document clause in the Solr query
expression, it will not match *unless* your user has a DEAD_AUTHORITY
token. So that is not the problem.
But what I do see is the following:
SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
Note the prefix; the prefix when indexing is SP%2BKW, while the prefix when
searching is SP+KW. I had discounted that because the [INFO] log from Solr
is logging a URL and it is therefore URL encoded -- but it is possible now
that since Solr no longer has Jetty involved, it may not be unencoding
SP%2BKW back to SP+KW properly. What do you see for the ACL field values
in Luke? Are they SP+KW?
Karl
On Sun, Jun 15, 2014 at 7:48 AM, Karl Wright <da...@gmail.com> wrote:
> Hi Lalit,
>
> Ok, I think that everything on your end is now set up correctly.
>
> You should be able to see Windows documents on your search, if I am
> correct. Do you see any?
>
> As for SharePoint, when a user has a deny token in ManifoldCF it takes
> precedence over any allow tokens. But SharePoint does not current generate
> *any* deny tokens; it doesn't have those in the model. So I'm wondering
> where those are coming from, and if there's a bug of some kind.
>
> Let me do some research and get back to you.
>
> Karl
>
>
>
> On Sun, Jun 15, 2014 at 5:56 AM, lalit jangra <la...@gmail.com>
> wrote:
>
>> Hi Karl,
>>
>> My sincere apologies for going out a context here as i was confused & my
>> limited knowledge of sharepoint and ACLs.
>>
>> After spending two more days and setting up everything from scratch
>> couple of times, i am back into square one. The only thing which i could
>> observe is that while indexing content into solr , i could see all ACL are
>> getting indexed correctly.
>>
>>
>> params={literal.content_name=/Alfresco-in-an-Hour.pdf&literal.deny_token_document=SP%2BKW:DEAD_AUTHORITY&literal.DocIcon=pdf&
>> resource.name
>> =Alfresco-in-an-Hour.pdf&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BVisitors&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BOwners&literal.allow_token_document=SP%2BKW:GRestricted%2BReaders&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BAdministrators&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BMembers&literal.allow_token_document=SP%2BKW:Uc%253A0%2528.s%257Ctrue&literal.allow_token_document=SP%2BKW:GHierarchy%2BManagers&literal.allow_token_document=SP%2BKW:GApprovers&literal.allow_token_document=SP%2BKW:GViewers&literal.allow_token_document=SP%2BKW:GDesigners&literal.content%3AmodifiedDate=2014-06-04T15:52:29.000Z&literal.FolderChildCount=0&version=2.2&literal.ItemChildCount=0&literal._dlc_DocId=N7JQZDZPVPT7-49-1&literal.content%3Alink=
>> http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.ParentVersionString=&literal.content_source=Sharepoint&literal._CopySource=&literal.content%3Aparent=testirishwaterportal/irish-water/Shared%2520Documents&literal.FileSizeDisplay=674383&literal._CheckinComment=&literal.Edit=0&literal.content%3AparentLink=http://testirishwaterportal/irish-water/Shared%2520Documents&literal.id=http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.LinkFilenameNoMenu=Alfresco-in-an-Hour.pdf&literal.Created=2014-06-04+16:52:29&literal._dlc_DocIdUrl=http://testirishwaterportal/irish-water/_layouts/DocIdRedir.aspx?ID%3DN7JQZDZPVPT7-49-1,+N7JQZDZPVPT7-49-1&literal.content%3Amimetype=application/pdf&literal._UIVersionString=1.0&wt=xml&literal.Title=&literal.Modified=2014-06-04+16:52:29&literal.FileLeafRef=Alfresco-in-an-Hour.pdf&literal.Author=Lalit+Jangra&literal.LinkFilename=Alfresco-in-an-Hour.pdf&literal.lcf_metadata_id=1&literal.Editor=Lalit+Jangra&literal.ParentLeafName=&literal.CheckoutUser=&literal.ContentType=Document}
>> {add=[
>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf
>> (1470968440371019776)]} 0 922
>>
>> INFO - 2014-06-15 10:33:54.343;
>> org.apache.solr.update.DirectUpdateHandler2; start
>> commit{,optimize=false,openSearcher=true,waitSearcher=true,expungeDeletes=false,softCommit=false,prepareCommit=false}
>>
>>
>> While searching in solr using '/select' query handler after updating it
>> using fq={!manifoldCFSecurity}, i could not see any content while passing
>> correct value for AuthenticatedUserName but while debugging it using
>> '/select' query handler, i could see extra deny tokens attached,which i
>> doubt are the reason behind no results showing up.
>>
>>
>> Highlight from solr.log, its fine as i can see which are fine and user
>> passing authority test.
>>
>>
>> INFO - 2014-06-15 10:42:15.446;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>> to match docs for user '[:ljangra@iwater.ie]'
>>
>> INFO - 2014-06-15 10:42:15.649;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>> authority response AUTHORIZED:SP+K+Conn
>>
>> INFO - 2014-06-15 10:42:15.649; org.apache.solr.core.SolrCore;
>> [collection1] webapp=/solr path=/select
>> params={debugQuery=true&indent=true&q=*:*&_=1402825335417&wt=json&AuthenticatedUserName=
>> ljangra@iwater.ie} hits=0 status=0 QTime=203
>>
>>
>> Debugging results for '/select' search query handler.
>>
>> "parsed_filter_queries": [
>> "ConstantScore(+((+allow_token_share:__nosecurity__
>> +deny_token_share:__nosecurity__)
>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>> +((+allow_token_document:__nosecurity__
>> +deny_token_document:__nosecurity__)
>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>
>> E.g. Here you can see allow token as
>> "allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
>> but at the same time there is additional dent token
>> "-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
>> which has minus sign prefixed to it. Here i assume that these are
>> cancelling each other that is why i can not see any results returned. Else
>> i could not find any discrepancy anywhere.
>>
>> While i am working on this, your valuable guidance will prove to be light
>> at the end of tunnel.
>>
>> Waiting for reply.
>>
>> My Sincere Regards.
>>
>>
>> On Fri, Jun 13, 2014 at 4:12 PM, Karl Wright <da...@gmail.com> wrote:
>>
>>> Hi Lalit,
>>>
>>> I am not a Solr expert; Ahmet is a better resource for how to configure
>>> Solr. He has already furnished good advice on how to do that, and you have
>>> at one point showed us queries that included the appropriate access tokens
>>> in them so I know you had it working at one point.
>>>
>>> This is not rocket science, and all the components seem to be working as
>>> designed. You will have to put in some care and time getting your
>>> configuration right. Retrace your steps or start fresh if you have to. We
>>> really can't give you any more advice from here; things seem to be working
>>> and then not working and then working again, and I suspect that you are
>>> basically hacking away at your configuration without understanding at all
>>> what you are doing. So slow down, keep more careful notes, and review
>>> these emails.
>>>
>>> Thanks,
>>> Karl
>>>
>>>
>>>
>>> On Fri, Jun 13, 2014 at 10:57 AM, lalit jangra <lalit.j.jangra@gmail.com
>>> > wrote:
>>>
>>>> Hi Karl,
>>>>
>>>> I have tried with /select, /query & /search but not getting appropriate
>>>> results. Which query handler should i use here.
>>>>
>>>> I am also attaching solrconfig.xml.
>>>>
>>>> Regards.
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 3:26 PM, Karl Wright <da...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> You are going through the wrong query handler again:
>>>>>
>>>>> "
>>>>> http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>>>> Annoucements/DispForm.aspx?ID=1": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>>>> product of:\n 1.0 = queryNorm\n",
>>>>> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>>>> Annoucements/DispForm.aspx?ID=2": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>>>> product of:\n 1.0 = queryNorm\n",
>>>>> "
>>>>> http://testirishwaterportal/irish-water/DocumentLibrary/serverDetails.xlsx":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>> "
>>>>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>> "
>>>>> http://testirishwaterportal/irish-water/Shared%20Documents/alfresco_aiim_2006_05_16.ppt":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>> "
>>>>> http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>> "
>>>>> http://testirishwaterportal/irish-water/Lists/IW%20Annoucements/Attachments/2/spp.log":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>> "
>>>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/Alfresco-in-an-Hour%20-%20Copy.pdf":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>>> "
>>>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/DevCon%20Revenue.pptx":
>>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n"
>>>>>
>>>>>
>>>>> The Solr plugin query modification is not happening; it doesn't seem
>>>>> to be getting applied now. It was earlier, you must have turned it off.
>>>>>
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 9:56 AM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>>> Thanks Karl,
>>>>>>
>>>>>> After resetting everything again, now i could see content with ACL
>>>>>> posted to solr as per your instructions. Thanks again for this.I am
>>>>>> attaching solr.log.
>>>>>>
>>>>>> But still i am not able to see any content using /select query
>>>>>> handler & attached Select.log for same.
>>>>>>
>>>>>> While using /query request handler, i can see results with ACL but
>>>>>> whatever name i provide, it returns all results so effectively ACL not
>>>>>> working, attached Query.log for same.
>>>>>>
>>>>>> Can you please guide.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 13, 2014 at 1:37 PM, Karl Wright <da...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> I wonder if this is a Luke bug?
>>>>>>> The access tokens might well have a form that Luke doesn't like to
>>>>>>> display. That is the only thing that's making any sense to me at the
>>>>>>> moment.
>>>>>>>
>>>>>>> Karl
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jun 13, 2014 at 8:29 AM, Karl Wright <da...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> FWIW, your authority setup seems to be working properly, and the
>>>>>>>> query generator is working properly too. Only the acls are messed up.
>>>>>>>>
>>>>>>>> This is the interesting bit:
>>>>>>>>
>>>>>>>> "allow_token_document": [
>>>>>>>>
>>>>>>>> "SP+KW:"]
>>>>>>>>
>>>>>>>>
>>>>>>>> It looks like a blank access token is being fetched for this list
>>>>>>>> item, which does not make any sense to me. And yet we saw access tokens
>>>>>>>> before, correct?
>>>>>>>>
>>>>>>>>
>>>>>>>> Karl
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <da...@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi Lalit,
>>>>>>>>>
>>>>>>>>> It is clear that your access tokens have not been actually
>>>>>>>>> indexed. But I remember seeing that they were correctly posted to Solr.
>>>>>>>>> So now I am confused.
>>>>>>>>>
>>>>>>>>> Can you please do the following:
>>>>>>>>> - Click the "reindex all documents" button in the MCF view page
>>>>>>>>> for your output connection
>>>>>>>>> - Start your job
>>>>>>>>> - Send me the Solr info output about what has been posted
>>>>>>>>>
>>>>>>>>> When that is done, if what is posted looks correct, you SHOULD
>>>>>>>>> have a Solr index that has ACLs in it.
>>>>>>>>> If it does not look correct, we will have to go back and look at
>>>>>>>>> your connections etc. to see why the acls are not being fetched.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Karl
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <
>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Again,
>>>>>>>>>>
>>>>>>>>>> I used /query for debugging & using
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> <ht...@iwater.ie>I
>>>>>>>>>> could see below results without much information about ACLs.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> "deny_token_document": [
>>>>>>>>>>
>>>>>>>>>> "SP+KW:DEAD_AUTHORITY"
>>>>>>>>>>
>>>>>>>>>> ],
>>>>>>>>>>
>>>>>>>>>> "id": "
>>>>>>>>>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>>>>>>>>>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>>>>>>>>>> ",
>>>>>>>>>>
>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>
>>>>>>>>>> "SP+KW:"
>>>>>>>>>>
>>>>>>>>>> ],
>>>>>>>>>>
>>>>>>>>>> "content": [
>>>>>>>>>>
>>>>>>>>>> " \n \n \n \n \n \n \n \n \n \n "
>>>>>>>>>>
>>>>>>>>>> ],
>>>>>>>>>>
>>>>>>>>>> "_version_": 1470790301540941800,
>>>>>>>>>>
>>>>>>>>>> "allow_token_share": [
>>>>>>>>>>
>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>
>>>>>>>>>> ],
>>>>>>>>>>
>>>>>>>>>> "deny_token_share": [
>>>>>>>>>>
>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>
>>>>>>>>>> ]
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <iorixxx@yahoo.com
>>>>>>>>>> > wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>
>>>>>>>>>>> regarding "As i could not see any document in solr query,"
>>>>>>>>>>>
>>>>>>>>>>> Here is the best practise that I use :
>>>>>>>>>>>
>>>>>>>>>>> I configure /select request handler (RH) with mcfQParser,
>>>>>>>>>>> intended to use in production, default RH.
>>>>>>>>>>>
>>>>>>>>>>> I also use /query RH without mcfQParser, for debugging purposes.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>>>>>>>>>
>>>>>>>>>>> Ahmet
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Thanks Karl,
>>>>>>>>>>>
>>>>>>>>>>> As i could not see any document in solr query, i used Luke to
>>>>>>>>>>> open index and i could see below values for all MCF plugin fields for all
>>>>>>>>>>> documents. These are something different from previous values.
>>>>>>>>>>>
>>>>>>>>>>> allow_token_document = SP+KW:
>>>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>>>> deny_token_document = SP+KW:DEAD_AUTHORITY
>>>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>>>>
>>>>>>>>>>> I think something or a lot of things missing here. I am
>>>>>>>>>>> attaching zip of solr index(very small one with 10 documents from
>>>>>>>>>>> sharepoint) here. Please guide.
>>>>>>>>>>>
>>>>>>>>>>> Regards.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <
>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>
>>>>>>>>>>> Can you show me somehow some of the the ACLs that have been
>>>>>>>>>>> indexed with your documents? The only other potential issue might be that
>>>>>>>>>>> your repository connection(s) may not be part of the same authority groups
>>>>>>>>>>> as your authority connections. In that case, the indexed authority tokens
>>>>>>>>>>> will have a different prefix (e.g. SP+KW in one case, something else in the
>>>>>>>>>>> other).
>>>>>>>>>>>
>>>>>>>>>>> Karl
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi Again,
>>>>>>>>>>>
>>>>>>>>>>> As per Karl's suggestion, i am now converting user from
>>>>>>>>>>> water.com\ljangra to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>>>> I can see below ACL.
>>>>>>>>>>> AUTHORIZED:SP+K+Conn
>>>>>>>>>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>>
>>>>>>>>>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>>
>>>>>>>>>>> Still i am not able to see any results from query
>>>>>>>>>>>
>>>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>>>> . While debugging query i can see ACL doing fine. So i am
>>>>>>>>>>> confused why its now working. Can you please help.
>>>>>>>>>>>
>>>>>>>>>>> "parsed_filter_queries": [
>>>>>>>>>>> "ConstantScore(+((+allow_token_share:__nosecurity__
>>>>>>>>>>> +deny_token_share:__nosecurity__)
>>>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>>>>>>>>> +((+allow_token_document:__nosecurity__
>>>>>>>>>>> +deny_token_document:__nosecurity__)
>>>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>>>>>>>> ],
>>>>>>>>>>>
>>>>>>>>>>> Finally solr.log also seems to be fine.
>>>>>>>>>>>
>>>>>>>>>>> INFO - 2014-06-13 11:38:19.862;
>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>>>> INFO - 2014-06-13 11:38:19.909;
>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>>>> authority response AUTHORIZED:SP+K+Conn
>>>>>>>>>>> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>>>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>>>>>>>>>
>>>>>>>>>>> Regards.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <
>>>>>>>>>>> iorixxx@yahoo.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi Lalit,
>>>>>>>>>>>
>>>>>>>>>>> It makes more sense to use appends section rather than defaults
>>>>>>>>>>> section when defining mcf query parser plugin in fq parameter.
>>>>>>>>>>>
>>>>>>>>>>> <lst name="appends">
>>>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>> </lst>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Hi Ahmet,
>>>>>>>>>>>
>>>>>>>>>>> I have configured solrconfig.xml as per your suggestion.
>>>>>>>>>>>
>>>>>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>>>> <!-- default values for query parameters can be specified,
>>>>>>>>>>> these
>>>>>>>>>>> will be overridden by parameters in the request
>>>>>>>>>>> -->
>>>>>>>>>>> <lst name="defaults">
>>>>>>>>>>> <str name="echoParams">explicit</str>
>>>>>>>>>>> <int name="rows">1000</int>
>>>>>>>>>>> <str name="df">text</str>
>>>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>> </lst>
>>>>>>>>>>> ....
>>>>>>>>>>> </requestHandler>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Next i am running a job which indexes sharepoint content in solr
>>>>>>>>>>> but when i am searching in solr, i am getting not results & getting
>>>>>>>>>>> UNREACHABLEAUTHORITY message.
>>>>>>>>>>>
>>>>>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>>>>>>>>>> commits: num=2
>>>>>>>>>>>
>>>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>>>>>>>>>
>>>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>>>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>>>>>>>>>> INFO - 2014-06-12 22:22:29.960;
>>>>>>>>>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0
>>>>>>>>>>> main
>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>>>>>>>>>> requests to Searcher@5ac787b0
>>>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>>>>>>>>>> [collection1] Registered new searcher Searcher@5ac787b0
>>>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>>>>>>>>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>>>>>>>>>> {commit=} 0 265
>>>>>>>>>>> INFO - 2014-06-12 22:22:35.663;
>>>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>>>>>>>>>> QTime=0
>>>>>>>>>>> INFO - 2014-06-12 22:22:35.741;
>>>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>>>>>>>>>> INFO - 2014-06-12 22:22:36.960;
>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>>>>>>>>>> no-user response (open documents only)
>>>>>>>>>>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>>>>>>>>>> INFO - 2014-06-12 22:22:40.569;
>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>>>> INFO - 2014-06-12 22:22:40.726;
>>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>>>>>>>>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>>>>>>>>>
>>>>>>>>>>> UNREACHABLEAUTHORITY means name of an authority that was found
>>>>>>>>>>> to be unreachable or unusable but i am having same authority working fine
>>>>>>>>>>> in MCF.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Please help.
>>>>>>>>>>>
>>>>>>>>>>> Regards.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <iorixxx@yahoo.com
>>>>>>>>>>> > wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi Karl,
>>>>>>>>>>>
>>>>>>>>>>> May be we should use
>>>>>>>>>>>
>>>>>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>>>>
>>>>>>>>>>> in
>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>>>
>>>>>>>>>>> To avoid confusion?
>>>>>>>>>>>
>>>>>>>>>>> What do you think?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <
>>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> What does your solrconfig.xml file look like?
>>>>>>>>>>> Karl
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi Ahmet,
>>>>>>>>>>>
>>>>>>>>>>> I tried the way you suggested but its not working. My solr query
>>>>>>>>>>> is as below.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>>>>>>>
>>>>>>>>>>> Whatever name i am passing as AuthenticatedUserName, it
>>>>>>>>>>> returning all results.
>>>>>>>>>>>
>>>>>>>>>>> I have indexed my documents using mcf-solr plugin using
>>>>>>>>>>> instructions @
>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>>>>>>>>>> Below are some of ACL stored in solr. Am i missing something?
>>>>>>>>>>>
>>>>>>>>>>> "_version_": 1470562493875093500,
>>>>>>>>>>> "allow_token_share": [
>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>> ],
>>>>>>>>>>> "deny_token_share": [
>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>> ]
>>>>>>>>>>> },
>>>>>>>>>>> {
>>>>>>>>>>> "content_name": "Alfresco-in-an-Hour.pdf"
>>>>>>>>>>> "deny_token_document": [
>>>>>>>>>>> "SP+Group:DEAD_AUTHORITY"
>>>>>>>>>>> ],
>>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>> "SP+Group:GTest+lalit+Portal+Visitors",
>>>>>>>>>>> "SP+Group:GTest+lalit+Portal+Owners",
>>>>>>>>>>> "SP+Group:GRestricted+Readers",
>>>>>>>>>>> "SP+Group:GTest+lalit+Administrators",
>>>>>>>>>>> "SP+Group:GTest+lalit+Portal+Members",
>>>>>>>>>>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>>>>>>> "SP+Group:GHierarchy+Managers",
>>>>>>>>>>> "SP+Group:GApprovers",
>>>>>>>>>>> "SP+Group:GViewers",
>>>>>>>>>>> "SP+Group:GDesigners"
>>>>>>>>>>> ],
>>>>>>>>>>> "content_modified_date": "2014-06-04T00:00:00Z",
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> SDD
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> "_version_": 1470564182244982800
>>>>>>>>>>> },
>>>>>>>>>>> {
>>>>>>>>>>> "deny_token_share": [
>>>>>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>> ],
>>>>>>>>>>> "content_name": "hekko.txt",
>>>>>>>>>>> "content_modifier": "iwater.ie\\ljangra",
>>>>>>>>>>> "deny_token_document": [
>>>>>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>>> ],
>>>>>>>>>>> "id": "
>>>>>>>>>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt
>>>>>>>>>>> ",
>>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>> "AD+Group:S-1-5-18",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>>>>>>>
>>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>>>>>> ],
>>>>>>>>>>>
>>>>>>>>>>> "allow_token_share": [
>>>>>>>>>>> "AD+Group:S-1-1-0",
>>>>>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>>>>>> ],
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> CMIS
>>>>>>>>>>>
>>>>>>>>>>> "allow_token_share": [
>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>> ],
>>>>>>>>>>> "deny_token_document": [
>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>> ],
>>>>>>>>>>> "deny_token_share": [
>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>> ],
>>>>>>>>>>> "allow_token_document": [
>>>>>>>>>>> "__nosecurity__"
>>>>>>>>>>> ]
>>>>>>>>>>>
>>>>>>>>>>> Regards.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <iorixxx@yahoo.com
>>>>>>>>>>> > wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> As documented here
>>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>>>
>>>>>>>>>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> This is a URL parameter, just like Solr params. Here is an
>>>>>>>>>>> example.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>>>>>>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Hi All,
>>>>>>>>>>>
>>>>>>>>>>> As continuing from
>>>>>>>>>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>>>>>>>>>> as per Ahmet's suggestion.
>>>>>>>>>>>
>>>>>>>>>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs
>>>>>>>>>>> indexed into solr indexes.
>>>>>>>>>>>
>>>>>>>>>>> Now i want to write Solr query to put a user's permission
>>>>>>>>>>> details into in it which can be compared to ACL stored in solr and only
>>>>>>>>>>> those results will be returned to user on which he has been assigned ACL.
>>>>>>>>>>>
>>>>>>>>>>> How can i do this? Can i use MCF filter below here or do i
>>>>>>>>>>> need to write custom query for my need?
>>>>>>>>>>>
>>>>>>>>>>> <requestHandler name="search" class="solr.SearchHandler"
>>>>>>>>>>> default="true">
>>>>>>>>>>> <lst name="appends">
>>>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>>> </lst>
>>>>>>>>>>> </requestHandler>
>>>>>>>>>>>
>>>>>>>>>>> Please help.
>>>>>>>>>>>
>>>>>>>>>>> Regards,
>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Regards,
>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Regards,
>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Regards,
>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Regards,
>>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Regards,
>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Lalit Jangra.
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Lalit Jangra.
>>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>
>
Re: How to query for content with ACLs?
Posted by Karl Wright <da...@gmail.com>.
Hi Lalit,
Ok, I think that everything on your end is now set up correctly.
You should be able to see Windows documents on your search, if I am
correct. Do you see any?
As for SharePoint, when a user has a deny token in ManifoldCF it takes
precedence over any allow tokens. But SharePoint does not current generate
*any* deny tokens; it doesn't have those in the model. So I'm wondering
where those are coming from, and if there's a bug of some kind.
Let me do some research and get back to you.
Karl
On Sun, Jun 15, 2014 at 5:56 AM, lalit jangra <la...@gmail.com>
wrote:
> Hi Karl,
>
> My sincere apologies for going out a context here as i was confused & my
> limited knowledge of sharepoint and ACLs.
>
> After spending two more days and setting up everything from scratch couple
> of times, i am back into square one. The only thing which i could observe
> is that while indexing content into solr , i could see all ACL are getting
> indexed correctly.
>
>
> params={literal.content_name=/Alfresco-in-an-Hour.pdf&literal.deny_token_document=SP%2BKW:DEAD_AUTHORITY&literal.DocIcon=pdf&
> resource.name
> =Alfresco-in-an-Hour.pdf&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BVisitors&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BOwners&literal.allow_token_document=SP%2BKW:GRestricted%2BReaders&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BAdministrators&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BMembers&literal.allow_token_document=SP%2BKW:Uc%253A0%2528.s%257Ctrue&literal.allow_token_document=SP%2BKW:GHierarchy%2BManagers&literal.allow_token_document=SP%2BKW:GApprovers&literal.allow_token_document=SP%2BKW:GViewers&literal.allow_token_document=SP%2BKW:GDesigners&literal.content%3AmodifiedDate=2014-06-04T15:52:29.000Z&literal.FolderChildCount=0&version=2.2&literal.ItemChildCount=0&literal._dlc_DocId=N7JQZDZPVPT7-49-1&literal.content%3Alink=
> http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.ParentVersionString=&literal.content_source=Sharepoint&literal._CopySource=&literal.content%3Aparent=testirishwaterportal/irish-water/Shared%2520Documents&literal.FileSizeDisplay=674383&literal._CheckinComment=&literal.Edit=0&literal.content%3AparentLink=http://testirishwaterportal/irish-water/Shared%2520Documents&literal.id=http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.LinkFilenameNoMenu=Alfresco-in-an-Hour.pdf&literal.Created=2014-06-04+16:52:29&literal._dlc_DocIdUrl=http://testirishwaterportal/irish-water/_layouts/DocIdRedir.aspx?ID%3DN7JQZDZPVPT7-49-1,+N7JQZDZPVPT7-49-1&literal.content%3Amimetype=application/pdf&literal._UIVersionString=1.0&wt=xml&literal.Title=&literal.Modified=2014-06-04+16:52:29&literal.FileLeafRef=Alfresco-in-an-Hour.pdf&literal.Author=Lalit+Jangra&literal.LinkFilename=Alfresco-in-an-Hour.pdf&literal.lcf_metadata_id=1&literal.Editor=Lalit+Jangra&literal.ParentLeafName=&literal.CheckoutUser=&literal.ContentType=Document}
> {add=[
> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf
> (1470968440371019776)]} 0 922
>
> INFO - 2014-06-15 10:33:54.343;
> org.apache.solr.update.DirectUpdateHandler2; start
> commit{,optimize=false,openSearcher=true,waitSearcher=true,expungeDeletes=false,softCommit=false,prepareCommit=false}
>
>
> While searching in solr using '/select' query handler after updating it
> using fq={!manifoldCFSecurity}, i could not see any content while passing
> correct value for AuthenticatedUserName but while debugging it using
> '/select' query handler, i could see extra deny tokens attached,which i
> doubt are the reason behind no results showing up.
>
>
> Highlight from solr.log, its fine as i can see which are fine and user
> passing authority test.
>
>
> INFO - 2014-06-15 10:42:15.446;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
> to match docs for user '[:ljangra@iwater.ie]'
>
> INFO - 2014-06-15 10:42:15.649;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
> authority response AUTHORIZED:SP+K+Conn
>
> INFO - 2014-06-15 10:42:15.649; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={debugQuery=true&indent=true&q=*:*&_=1402825335417&wt=json&AuthenticatedUserName=
> ljangra@iwater.ie} hits=0 status=0 QTime=203
>
>
> Debugging results for '/select' search query handler.
>
> "parsed_filter_queries": [
> "ConstantScore(+((+allow_token_share:__nosecurity__
> +deny_token_share:__nosecurity__)
> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
> +((+allow_token_document:__nosecurity__
> +deny_token_document:__nosecurity__)
> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>
> E.g. Here you can see allow token as
> "allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
> but at the same time there is additional dent token
> "-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
> which has minus sign prefixed to it. Here i assume that these are
> cancelling each other that is why i can not see any results returned. Else
> i could not find any discrepancy anywhere.
>
> While i am working on this, your valuable guidance will prove to be light
> at the end of tunnel.
>
> Waiting for reply.
>
> My Sincere Regards.
>
>
> On Fri, Jun 13, 2014 at 4:12 PM, Karl Wright <da...@gmail.com> wrote:
>
>> Hi Lalit,
>>
>> I am not a Solr expert; Ahmet is a better resource for how to configure
>> Solr. He has already furnished good advice on how to do that, and you have
>> at one point showed us queries that included the appropriate access tokens
>> in them so I know you had it working at one point.
>>
>> This is not rocket science, and all the components seem to be working as
>> designed. You will have to put in some care and time getting your
>> configuration right. Retrace your steps or start fresh if you have to. We
>> really can't give you any more advice from here; things seem to be working
>> and then not working and then working again, and I suspect that you are
>> basically hacking away at your configuration without understanding at all
>> what you are doing. So slow down, keep more careful notes, and review
>> these emails.
>>
>> Thanks,
>> Karl
>>
>>
>>
>> On Fri, Jun 13, 2014 at 10:57 AM, lalit jangra <la...@gmail.com>
>> wrote:
>>
>>> Hi Karl,
>>>
>>> I have tried with /select, /query & /search but not getting appropriate
>>> results. Which query handler should i use here.
>>>
>>> I am also attaching solrconfig.xml.
>>>
>>> Regards.
>>>
>>>
>>> On Fri, Jun 13, 2014 at 3:26 PM, Karl Wright <da...@gmail.com> wrote:
>>>
>>>> Hi Lalit,
>>>>
>>>> You are going through the wrong query handler again:
>>>>
>>>> "
>>>> http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1":
>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>>> Annoucements/DispForm.aspx?ID=1": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>>> product of:\n 1.0 = queryNorm\n",
>>>> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>>> Annoucements/DispForm.aspx?ID=2": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>>> product of:\n 1.0 = queryNorm\n",
>>>> "
>>>> http://testirishwaterportal/irish-water/DocumentLibrary/serverDetails.xlsx":
>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>> "
>>>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf":
>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>> "
>>>> http://testirishwaterportal/irish-water/Shared%20Documents/alfresco_aiim_2006_05_16.ppt":
>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>> "
>>>> http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt":
>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>> "
>>>> http://testirishwaterportal/irish-water/Lists/IW%20Annoucements/Attachments/2/spp.log":
>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>> "
>>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/Alfresco-in-an-Hour%20-%20Copy.pdf":
>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>>> "
>>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/DevCon%20Revenue.pptx":
>>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n"
>>>>
>>>>
>>>> The Solr plugin query modification is not happening; it doesn't seem to
>>>> be getting applied now. It was earlier, you must have turned it off.
>>>>
>>>> Karl
>>>>
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 9:56 AM, lalit jangra <lalit.j.jangra@gmail.com
>>>> > wrote:
>>>>
>>>>> Thanks Karl,
>>>>>
>>>>> After resetting everything again, now i could see content with ACL
>>>>> posted to solr as per your instructions. Thanks again for this.I am
>>>>> attaching solr.log.
>>>>>
>>>>> But still i am not able to see any content using /select query handler
>>>>> & attached Select.log for same.
>>>>>
>>>>> While using /query request handler, i can see results with ACL but
>>>>> whatever name i provide, it returns all results so effectively ACL not
>>>>> working, attached Query.log for same.
>>>>>
>>>>> Can you please guide.
>>>>>
>>>>> Regards.
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 1:37 PM, Karl Wright <da...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> I wonder if this is a Luke bug?
>>>>>> The access tokens might well have a form that Luke doesn't like to
>>>>>> display. That is the only thing that's making any sense to me at the
>>>>>> moment.
>>>>>>
>>>>>> Karl
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 13, 2014 at 8:29 AM, Karl Wright <da...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>> FWIW, your authority setup seems to be working properly, and the
>>>>>>> query generator is working properly too. Only the acls are messed up.
>>>>>>>
>>>>>>> This is the interesting bit:
>>>>>>>
>>>>>>> "allow_token_document": [
>>>>>>>
>>>>>>> "SP+KW:"]
>>>>>>>
>>>>>>>
>>>>>>> It looks like a blank access token is being fetched for this list
>>>>>>> item, which does not make any sense to me. And yet we saw access tokens
>>>>>>> before, correct?
>>>>>>>
>>>>>>>
>>>>>>> Karl
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <da...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Lalit,
>>>>>>>>
>>>>>>>> It is clear that your access tokens have not been actually
>>>>>>>> indexed. But I remember seeing that they were correctly posted to Solr.
>>>>>>>> So now I am confused.
>>>>>>>>
>>>>>>>> Can you please do the following:
>>>>>>>> - Click the "reindex all documents" button in the MCF view page for
>>>>>>>> your output connection
>>>>>>>> - Start your job
>>>>>>>> - Send me the Solr info output about what has been posted
>>>>>>>>
>>>>>>>> When that is done, if what is posted looks correct, you SHOULD have
>>>>>>>> a Solr index that has ACLs in it.
>>>>>>>> If it does not look correct, we will have to go back and look at
>>>>>>>> your connections etc. to see why the acls are not being fetched.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Karl
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <
>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Hi Again,
>>>>>>>>>
>>>>>>>>> I used /query for debugging & using
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> <ht...@iwater.ie>I
>>>>>>>>> could see below results without much information about ACLs.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "deny_token_document": [
>>>>>>>>>
>>>>>>>>> "SP+KW:DEAD_AUTHORITY"
>>>>>>>>>
>>>>>>>>> ],
>>>>>>>>>
>>>>>>>>> "id": "
>>>>>>>>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>>>>>>>>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>>>>>>>>> ",
>>>>>>>>>
>>>>>>>>> "allow_token_document": [
>>>>>>>>>
>>>>>>>>> "SP+KW:"
>>>>>>>>>
>>>>>>>>> ],
>>>>>>>>>
>>>>>>>>> "content": [
>>>>>>>>>
>>>>>>>>> " \n \n \n \n \n \n \n \n \n \n "
>>>>>>>>>
>>>>>>>>> ],
>>>>>>>>>
>>>>>>>>> "_version_": 1470790301540941800,
>>>>>>>>>
>>>>>>>>> "allow_token_share": [
>>>>>>>>>
>>>>>>>>> "__nosecurity__"
>>>>>>>>>
>>>>>>>>> ],
>>>>>>>>>
>>>>>>>>> "deny_token_share": [
>>>>>>>>>
>>>>>>>>> "__nosecurity__"
>>>>>>>>>
>>>>>>>>> ]
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Lalit,
>>>>>>>>>>
>>>>>>>>>> regarding "As i could not see any document in solr query,"
>>>>>>>>>>
>>>>>>>>>> Here is the best practise that I use :
>>>>>>>>>>
>>>>>>>>>> I configure /select request handler (RH) with mcfQParser,
>>>>>>>>>> intended to use in production, default RH.
>>>>>>>>>>
>>>>>>>>>> I also use /query RH without mcfQParser, for debugging purposes.
>>>>>>>>>>
>>>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>>>>>>>>
>>>>>>>>>> Ahmet
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Thanks Karl,
>>>>>>>>>>
>>>>>>>>>> As i could not see any document in solr query, i used Luke to
>>>>>>>>>> open index and i could see below values for all MCF plugin fields for all
>>>>>>>>>> documents. These are something different from previous values.
>>>>>>>>>>
>>>>>>>>>> allow_token_document = SP+KW:
>>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>>> deny_token_document = SP+KW:DEAD_AUTHORITY
>>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>>>
>>>>>>>>>> I think something or a lot of things missing here. I am attaching
>>>>>>>>>> zip of solr index(very small one with 10 documents from sharepoint) here.
>>>>>>>>>> Please guide.
>>>>>>>>>>
>>>>>>>>>> Regards.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <daddywri@gmail.com
>>>>>>>>>> > wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Lalit,
>>>>>>>>>>
>>>>>>>>>> Can you show me somehow some of the the ACLs that have been
>>>>>>>>>> indexed with your documents? The only other potential issue might be that
>>>>>>>>>> your repository connection(s) may not be part of the same authority groups
>>>>>>>>>> as your authority connections. In that case, the indexed authority tokens
>>>>>>>>>> will have a different prefix (e.g. SP+KW in one case, something else in the
>>>>>>>>>> other).
>>>>>>>>>>
>>>>>>>>>> Karl
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <
>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Again,
>>>>>>>>>>
>>>>>>>>>> As per Karl's suggestion, i am now converting user from water.com\ljangra
>>>>>>>>>> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>>> I can see below ACL.
>>>>>>>>>> AUTHORIZED:SP+K+Conn
>>>>>>>>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>>
>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>>
>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>>
>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>>
>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>>
>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>>
>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>>
>>>>>>>>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>>
>>>>>>>>>> Still i am not able to see any results from query
>>>>>>>>>>
>>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>>> . While debugging query i can see ACL doing fine. So i am
>>>>>>>>>> confused why its now working. Can you please help.
>>>>>>>>>>
>>>>>>>>>> "parsed_filter_queries": [
>>>>>>>>>> "ConstantScore(+((+allow_token_share:__nosecurity__
>>>>>>>>>> +deny_token_share:__nosecurity__)
>>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>>>>>>>> +((+allow_token_document:__nosecurity__
>>>>>>>>>> +deny_token_document:__nosecurity__)
>>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>>>>>>> ],
>>>>>>>>>>
>>>>>>>>>> Finally solr.log also seems to be fine.
>>>>>>>>>>
>>>>>>>>>> INFO - 2014-06-13 11:38:19.862;
>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>>> INFO - 2014-06-13 11:38:19.909;
>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>>> authority response AUTHORIZED:SP+K+Conn
>>>>>>>>>> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>>>>>>>>
>>>>>>>>>> Regards.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <iorixxx@yahoo.com
>>>>>>>>>> > wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Lalit,
>>>>>>>>>>
>>>>>>>>>> It makes more sense to use appends section rather than defaults
>>>>>>>>>> section when defining mcf query parser plugin in fq parameter.
>>>>>>>>>>
>>>>>>>>>> <lst name="appends">
>>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>> </lst>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Hi Ahmet,
>>>>>>>>>>
>>>>>>>>>> I have configured solrconfig.xml as per your suggestion.
>>>>>>>>>>
>>>>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>>> <!-- default values for query parameters can be specified,
>>>>>>>>>> these
>>>>>>>>>> will be overridden by parameters in the request
>>>>>>>>>> -->
>>>>>>>>>> <lst name="defaults">
>>>>>>>>>> <str name="echoParams">explicit</str>
>>>>>>>>>> <int name="rows">1000</int>
>>>>>>>>>> <str name="df">text</str>
>>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>> </lst>
>>>>>>>>>> ....
>>>>>>>>>> </requestHandler>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Next i am running a job which indexes sharepoint content in solr
>>>>>>>>>> but when i am searching in solr, i am getting not results & getting
>>>>>>>>>> UNREACHABLEAUTHORITY message.
>>>>>>>>>>
>>>>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>>>>>>>>> commits: num=2
>>>>>>>>>>
>>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>>>>>>>>
>>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>>>>>>>>> INFO - 2014-06-12 22:22:29.960;
>>>>>>>>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0
>>>>>>>>>> main
>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>>>>>>>>> requests to Searcher@5ac787b0
>>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>>>>>>>>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>>>>>>>>> [collection1] Registered new searcher Searcher@5ac787b0
>>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>>>>>>>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>>>>>>>>> {commit=} 0 265
>>>>>>>>>> INFO - 2014-06-12 22:22:35.663;
>>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>>>>>>>>> QTime=0
>>>>>>>>>> INFO - 2014-06-12 22:22:35.741;
>>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>>>>>>>>> INFO - 2014-06-12 22:22:36.960;
>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>>>>>>>>> no-user response (open documents only)
>>>>>>>>>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>>>>>>>>> INFO - 2014-06-12 22:22:40.569;
>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>>> INFO - 2014-06-12 22:22:40.726;
>>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>>>>>>>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>>>>>>>>
>>>>>>>>>> UNREACHABLEAUTHORITY means name of an authority that was found to
>>>>>>>>>> be unreachable or unusable but i am having same authority working fine in
>>>>>>>>>> MCF.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Please help.
>>>>>>>>>>
>>>>>>>>>> Regards.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Karl,
>>>>>>>>>>
>>>>>>>>>> May be we should use
>>>>>>>>>>
>>>>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>>>
>>>>>>>>>> in
>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>>
>>>>>>>>>> To avoid confusion?
>>>>>>>>>>
>>>>>>>>>> What do you think?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <
>>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> What does your solrconfig.xml file look like?
>>>>>>>>>> Karl
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <
>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Ahmet,
>>>>>>>>>>
>>>>>>>>>> I tried the way you suggested but its not working. My solr query
>>>>>>>>>> is as below.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>>>>>>
>>>>>>>>>> Whatever name i am passing as AuthenticatedUserName, it returning
>>>>>>>>>> all results.
>>>>>>>>>>
>>>>>>>>>> I have indexed my documents using mcf-solr plugin using
>>>>>>>>>> instructions @
>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>>>>>>>>> Below are some of ACL stored in solr. Am i missing something?
>>>>>>>>>>
>>>>>>>>>> "_version_": 1470562493875093500,
>>>>>>>>>> "allow_token_share": [
>>>>>>>>>> "__nosecurity__"
>>>>>>>>>> ],
>>>>>>>>>> "deny_token_share": [
>>>>>>>>>> "__nosecurity__"
>>>>>>>>>> ]
>>>>>>>>>> },
>>>>>>>>>> {
>>>>>>>>>> "content_name": "Alfresco-in-an-Hour.pdf"
>>>>>>>>>> "deny_token_document": [
>>>>>>>>>> "SP+Group:DEAD_AUTHORITY"
>>>>>>>>>> ],
>>>>>>>>>> "allow_token_document": [
>>>>>>>>>> "SP+Group:GTest+lalit+Portal+Visitors",
>>>>>>>>>> "SP+Group:GTest+lalit+Portal+Owners",
>>>>>>>>>> "SP+Group:GRestricted+Readers",
>>>>>>>>>> "SP+Group:GTest+lalit+Administrators",
>>>>>>>>>> "SP+Group:GTest+lalit+Portal+Members",
>>>>>>>>>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>>>>>> "SP+Group:GHierarchy+Managers",
>>>>>>>>>> "SP+Group:GApprovers",
>>>>>>>>>> "SP+Group:GViewers",
>>>>>>>>>> "SP+Group:GDesigners"
>>>>>>>>>> ],
>>>>>>>>>> "content_modified_date": "2014-06-04T00:00:00Z",
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> SDD
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> "_version_": 1470564182244982800
>>>>>>>>>> },
>>>>>>>>>> {
>>>>>>>>>> "deny_token_share": [
>>>>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>> ],
>>>>>>>>>> "content_name": "hekko.txt",
>>>>>>>>>> "content_modifier": "iwater.ie\\ljangra",
>>>>>>>>>> "deny_token_document": [
>>>>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>>>>> ],
>>>>>>>>>> "id": "
>>>>>>>>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt
>>>>>>>>>> ",
>>>>>>>>>> "allow_token_document": [
>>>>>>>>>> "AD+Group:S-1-5-18",
>>>>>>>>>>
>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>>>>>>
>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>>>>>>
>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>>>>>>
>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>>>>>>
>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>>>>>>
>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>>>>>>
>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>>>>> ],
>>>>>>>>>>
>>>>>>>>>> "allow_token_share": [
>>>>>>>>>> "AD+Group:S-1-1-0",
>>>>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>>>>> ],
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> CMIS
>>>>>>>>>>
>>>>>>>>>> "allow_token_share": [
>>>>>>>>>> "__nosecurity__"
>>>>>>>>>> ],
>>>>>>>>>> "deny_token_document": [
>>>>>>>>>> "__nosecurity__"
>>>>>>>>>> ],
>>>>>>>>>> "deny_token_share": [
>>>>>>>>>> "__nosecurity__"
>>>>>>>>>> ],
>>>>>>>>>> "allow_token_document": [
>>>>>>>>>> "__nosecurity__"
>>>>>>>>>> ]
>>>>>>>>>>
>>>>>>>>>> Regards.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> As documented here
>>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>>
>>>>>>>>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> This is a URL parameter, just like Solr params. Here is an
>>>>>>>>>> example.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>>>>>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Hi All,
>>>>>>>>>>
>>>>>>>>>> As continuing from
>>>>>>>>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>>>>>>>>> as per Ahmet's suggestion.
>>>>>>>>>>
>>>>>>>>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs
>>>>>>>>>> indexed into solr indexes.
>>>>>>>>>>
>>>>>>>>>> Now i want to write Solr query to put a user's permission details
>>>>>>>>>> into in it which can be compared to ACL stored in solr and only those
>>>>>>>>>> results will be returned to user on which he has been assigned ACL.
>>>>>>>>>>
>>>>>>>>>> How can i do this? Can i use MCF filter below here or do i need
>>>>>>>>>> to write custom query for my need?
>>>>>>>>>>
>>>>>>>>>> <requestHandler name="search" class="solr.SearchHandler"
>>>>>>>>>> default="true">
>>>>>>>>>> <lst name="appends">
>>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>>> </lst>
>>>>>>>>>> </requestHandler>
>>>>>>>>>>
>>>>>>>>>> Please help.
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Regards,
>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Regards,
>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Regards,
>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Regards,
>>>>>>>>>> Lalit Jangra.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Regards,
>>>>>>>>> Lalit Jangra.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Lalit Jangra.
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>
>>
>
>
> --
> Regards,
> Lalit Jangra.
>
Re: How to query for content with ACLs?
Posted by lalit jangra <la...@gmail.com>.
Hi Karl,
My sincere apologies for going out a context here as i was confused & my
limited knowledge of sharepoint and ACLs.
After spending two more days and setting up everything from scratch couple
of times, i am back into square one. The only thing which i could observe
is that while indexing content into solr , i could see all ACL are getting
indexed correctly.
params={literal.content_name=/Alfresco-in-an-Hour.pdf&literal.deny_token_document=SP%2BKW:DEAD_AUTHORITY&literal.DocIcon=pdf&
resource.name
=Alfresco-in-an-Hour.pdf&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BVisitors&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BOwners&literal.allow_token_document=SP%2BKW:GRestricted%2BReaders&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BAdministrators&literal.allow_token_document=SP%2BKW:GTest%2BIrish%2BWater%2BPortal%2BMembers&literal.allow_token_document=SP%2BKW:Uc%253A0%2528.s%257Ctrue&literal.allow_token_document=SP%2BKW:GHierarchy%2BManagers&literal.allow_token_document=SP%2BKW:GApprovers&literal.allow_token_document=SP%2BKW:GViewers&literal.allow_token_document=SP%2BKW:GDesigners&literal.content%3AmodifiedDate=2014-06-04T15:52:29.000Z&literal.FolderChildCount=0&version=2.2&literal.ItemChildCount=0&literal._dlc_DocId=N7JQZDZPVPT7-49-1&literal.content%3Alink=
http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.ParentVersionString=&literal.content_source=Sharepoint&literal._CopySource=&literal.content%3Aparent=testirishwaterportal/irish-water/Shared%2520Documents&literal.FileSizeDisplay=674383&literal._CheckinComment=&literal.Edit=0&literal.content%3AparentLink=http://testirishwaterportal/irish-water/Shared%2520Documents&literal.id=http://testirishwaterportal/irish-water/Shared%2520Documents/Alfresco-in-an-Hour.pdf&literal.LinkFilenameNoMenu=Alfresco-in-an-Hour.pdf&literal.Created=2014-06-04+16:52:29&literal._dlc_DocIdUrl=http://testirishwaterportal/irish-water/_layouts/DocIdRedir.aspx?ID%3DN7JQZDZPVPT7-49-1,+N7JQZDZPVPT7-49-1&literal.content%3Amimetype=application/pdf&literal._UIVersionString=1.0&wt=xml&literal.Title=&literal.Modified=2014-06-04+16:52:29&literal.FileLeafRef=Alfresco-in-an-Hour.pdf&literal.Author=Lalit+Jangra&literal.LinkFilename=Alfresco-in-an-Hour.pdf&literal.lcf_metadata_id=1&literal.Editor=Lalit+Jangra&literal.ParentLeafName=&literal.CheckoutUser=&literal.ContentType=Document}
{add=[
http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf
(1470968440371019776)]} 0 922
INFO - 2014-06-15 10:33:54.343;
org.apache.solr.update.DirectUpdateHandler2; start
commit{,optimize=false,openSearcher=true,waitSearcher=true,expungeDeletes=false,softCommit=false,prepareCommit=false}
While searching in solr using '/select' query handler after updating it
using fq={!manifoldCFSecurity}, i could not see any content while passing
correct value for AuthenticatedUserName but while debugging it using
'/select' query handler, i could see extra deny tokens attached,which i
doubt are the reason behind no results showing up.
Highlight from solr.log, its fine as i can see which are fine and user
passing authority test.
INFO - 2014-06-15 10:42:15.446;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
to match docs for user '[:ljangra@iwater.ie]'
INFO - 2014-06-15 10:42:15.649;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
authority response AUTHORIZED:SP+K+Conn
INFO - 2014-06-15 10:42:15.649; org.apache.solr.core.SolrCore;
[collection1] webapp=/solr path=/select
params={debugQuery=true&indent=true&q=*:*&_=1402825335417&wt=json&AuthenticatedUserName=
ljangra@iwater.ie} hits=0 status=0 QTime=203
Debugging results for '/select' search query handler.
"parsed_filter_queries": [
"ConstantScore(+((+allow_token_share:__nosecurity__
+deny_token_share:__nosecurity__)
allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
-deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
-deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
-deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
+((+allow_token_document:__nosecurity__
+deny_token_document:__nosecurity__)
allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
-deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
-deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
-deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
E.g. Here you can see allow token as
"allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
but at the same time there is additional dent token
"-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513"
which has minus sign prefixed to it. Here i assume that these are
cancelling each other that is why i can not see any results returned. Else
i could not find any discrepancy anywhere.
While i am working on this, your valuable guidance will prove to be light
at the end of tunnel.
Waiting for reply.
My Sincere Regards.
On Fri, Jun 13, 2014 at 4:12 PM, Karl Wright <da...@gmail.com> wrote:
> Hi Lalit,
>
> I am not a Solr expert; Ahmet is a better resource for how to configure
> Solr. He has already furnished good advice on how to do that, and you have
> at one point showed us queries that included the appropriate access tokens
> in them so I know you had it working at one point.
>
> This is not rocket science, and all the components seem to be working as
> designed. You will have to put in some care and time getting your
> configuration right. Retrace your steps or start fresh if you have to. We
> really can't give you any more advice from here; things seem to be working
> and then not working and then working again, and I suspect that you are
> basically hacking away at your configuration without understanding at all
> what you are doing. So slow down, keep more careful notes, and review
> these emails.
>
> Thanks,
> Karl
>
>
>
> On Fri, Jun 13, 2014 at 10:57 AM, lalit jangra <la...@gmail.com>
> wrote:
>
>> Hi Karl,
>>
>> I have tried with /select, /query & /search but not getting appropriate
>> results. Which query handler should i use here.
>>
>> I am also attaching solrconfig.xml.
>>
>> Regards.
>>
>>
>> On Fri, Jun 13, 2014 at 3:26 PM, Karl Wright <da...@gmail.com> wrote:
>>
>>> Hi Lalit,
>>>
>>> You are going through the wrong query handler again:
>>>
>>> "
>>> http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1":
>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>> Annoucements/DispForm.aspx?ID=1": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>> product of:\n 1.0 = queryNorm\n",
>>> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>>> Annoucements/DispForm.aspx?ID=2": "\n1.0 = (MATCH) MatchAllDocsQuery,
>>> product of:\n 1.0 = queryNorm\n",
>>> "
>>> http://testirishwaterportal/irish-water/DocumentLibrary/serverDetails.xlsx":
>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>> "
>>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf":
>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>> "
>>> http://testirishwaterportal/irish-water/Shared%20Documents/alfresco_aiim_2006_05_16.ppt":
>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>> "
>>> http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt":
>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>> "
>>> http://testirishwaterportal/irish-water/Lists/IW%20Annoucements/Attachments/2/spp.log":
>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>> "
>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/Alfresco-in-an-Hour%20-%20Copy.pdf":
>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>>> "
>>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/DevCon%20Revenue.pptx":
>>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n"
>>>
>>>
>>> The Solr plugin query modification is not happening; it doesn't seem to
>>> be getting applied now. It was earlier, you must have turned it off.
>>>
>>> Karl
>>>
>>>
>>>
>>> On Fri, Jun 13, 2014 at 9:56 AM, lalit jangra <la...@gmail.com>
>>> wrote:
>>>
>>>> Thanks Karl,
>>>>
>>>> After resetting everything again, now i could see content with ACL
>>>> posted to solr as per your instructions. Thanks again for this.I am
>>>> attaching solr.log.
>>>>
>>>> But still i am not able to see any content using /select query handler
>>>> & attached Select.log for same.
>>>>
>>>> While using /query request handler, i can see results with ACL but
>>>> whatever name i provide, it returns all results so effectively ACL not
>>>> working, attached Query.log for same.
>>>>
>>>> Can you please guide.
>>>>
>>>> Regards.
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 1:37 PM, Karl Wright <da...@gmail.com>
>>>> wrote:
>>>>
>>>>> I wonder if this is a Luke bug?
>>>>> The access tokens might well have a form that Luke doesn't like to
>>>>> display. That is the only thing that's making any sense to me at the
>>>>> moment.
>>>>>
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 8:29 AM, Karl Wright <da...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>> FWIW, your authority setup seems to be working properly, and the
>>>>>> query generator is working properly too. Only the acls are messed up.
>>>>>>
>>>>>> This is the interesting bit:
>>>>>>
>>>>>> "allow_token_document": [
>>>>>>
>>>>>> "SP+KW:"]
>>>>>>
>>>>>>
>>>>>> It looks like a blank access token is being fetched for this list
>>>>>> item, which does not make any sense to me. And yet we saw access tokens
>>>>>> before, correct?
>>>>>>
>>>>>>
>>>>>> Karl
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <da...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Lalit,
>>>>>>>
>>>>>>> It is clear that your access tokens have not been actually indexed.
>>>>>>> But I remember seeing that they were correctly posted to Solr. So now I am
>>>>>>> confused.
>>>>>>>
>>>>>>> Can you please do the following:
>>>>>>> - Click the "reindex all documents" button in the MCF view page for
>>>>>>> your output connection
>>>>>>> - Start your job
>>>>>>> - Send me the Solr info output about what has been posted
>>>>>>>
>>>>>>> When that is done, if what is posted looks correct, you SHOULD have
>>>>>>> a Solr index that has ACLs in it.
>>>>>>> If it does not look correct, we will have to go back and look at
>>>>>>> your connections etc. to see why the acls are not being fetched.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Karl
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <
>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi Again,
>>>>>>>>
>>>>>>>> I used /query for debugging & using
>>>>>>>>
>>>>>>>>
>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>> <ht...@iwater.ie>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> <ht...@iwater.ie>I
>>>>>>>> could see below results without much information about ACLs.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> "deny_token_document": [
>>>>>>>>
>>>>>>>> "SP+KW:DEAD_AUTHORITY"
>>>>>>>>
>>>>>>>> ],
>>>>>>>>
>>>>>>>> "id": "
>>>>>>>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>>>>>>>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>>>>>>>> ",
>>>>>>>>
>>>>>>>> "allow_token_document": [
>>>>>>>>
>>>>>>>> "SP+KW:"
>>>>>>>>
>>>>>>>> ],
>>>>>>>>
>>>>>>>> "content": [
>>>>>>>>
>>>>>>>> " \n \n \n \n \n \n \n \n \n \n "
>>>>>>>>
>>>>>>>> ],
>>>>>>>>
>>>>>>>> "_version_": 1470790301540941800,
>>>>>>>>
>>>>>>>> "allow_token_share": [
>>>>>>>>
>>>>>>>> "__nosecurity__"
>>>>>>>>
>>>>>>>> ],
>>>>>>>>
>>>>>>>> "deny_token_share": [
>>>>>>>>
>>>>>>>> "__nosecurity__"
>>>>>>>>
>>>>>>>> ]
>>>>>>>> }
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi Lalit,
>>>>>>>>>
>>>>>>>>> regarding "As i could not see any document in solr query,"
>>>>>>>>>
>>>>>>>>> Here is the best practise that I use :
>>>>>>>>>
>>>>>>>>> I configure /select request handler (RH) with mcfQParser, intended
>>>>>>>>> to use in production, default RH.
>>>>>>>>>
>>>>>>>>> I also use /query RH without mcfQParser, for debugging purposes.
>>>>>>>>>
>>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>>>>>>>
>>>>>>>>> Ahmet
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks Karl,
>>>>>>>>>
>>>>>>>>> As i could not see any document in solr query, i used Luke to open
>>>>>>>>> index and i could see below values for all MCF plugin fields for all
>>>>>>>>> documents. These are something different from previous values.
>>>>>>>>>
>>>>>>>>> allow_token_document = SP+KW:
>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>> deny_token_document = SP+KW:DEAD_AUTHORITY
>>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>>
>>>>>>>>> I think something or a lot of things missing here. I am attaching
>>>>>>>>> zip of solr index(very small one with 10 documents from sharepoint) here.
>>>>>>>>> Please guide.
>>>>>>>>>
>>>>>>>>> Regards.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <da...@gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Hi Lalit,
>>>>>>>>>
>>>>>>>>> Can you show me somehow some of the the ACLs that have been
>>>>>>>>> indexed with your documents? The only other potential issue might be that
>>>>>>>>> your repository connection(s) may not be part of the same authority groups
>>>>>>>>> as your authority connections. In that case, the indexed authority tokens
>>>>>>>>> will have a different prefix (e.g. SP+KW in one case, something else in the
>>>>>>>>> other).
>>>>>>>>>
>>>>>>>>> Karl
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <
>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>> Hi Again,
>>>>>>>>>
>>>>>>>>> As per Karl's suggestion, i am now converting user from water.com\ljangra
>>>>>>>>> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>> I can see below ACL.
>>>>>>>>> AUTHORIZED:SP+K+Conn
>>>>>>>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>>
>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>>
>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>>
>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>>
>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>>
>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>>
>>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>>
>>>>>>>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>>
>>>>>>>>> Still i am not able to see any results from query
>>>>>>>>>
>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>>> <ht...@iwater.ie>
>>>>>>>>> . While debugging query i can see ACL doing fine. So i am
>>>>>>>>> confused why its now working. Can you please help.
>>>>>>>>>
>>>>>>>>> "parsed_filter_queries": [
>>>>>>>>> "ConstantScore(+((+allow_token_share:__nosecurity__
>>>>>>>>> +deny_token_share:__nosecurity__)
>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>>>>>>> +((+allow_token_document:__nosecurity__
>>>>>>>>> +deny_token_document:__nosecurity__)
>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>>>>>> ],
>>>>>>>>>
>>>>>>>>> Finally solr.log also seems to be fine.
>>>>>>>>>
>>>>>>>>> INFO - 2014-06-13 11:38:19.862;
>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>> INFO - 2014-06-13 11:38:19.909;
>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>> authority response AUTHORIZED:SP+K+Conn
>>>>>>>>> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>>>>>>>
>>>>>>>>> Regards.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Hi Lalit,
>>>>>>>>>
>>>>>>>>> It makes more sense to use appends section rather than defaults
>>>>>>>>> section when defining mcf query parser plugin in fq parameter.
>>>>>>>>>
>>>>>>>>> <lst name="appends">
>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>> </lst>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hi Ahmet,
>>>>>>>>>
>>>>>>>>> I have configured solrconfig.xml as per your suggestion.
>>>>>>>>>
>>>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>> <!-- default values for query parameters can be specified,
>>>>>>>>> these
>>>>>>>>> will be overridden by parameters in the request
>>>>>>>>> -->
>>>>>>>>> <lst name="defaults">
>>>>>>>>> <str name="echoParams">explicit</str>
>>>>>>>>> <int name="rows">1000</int>
>>>>>>>>> <str name="df">text</str>
>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>> </lst>
>>>>>>>>> ....
>>>>>>>>> </requestHandler>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Next i am running a job which indexes sharepoint content in solr
>>>>>>>>> but when i am searching in solr, i am getting not results & getting
>>>>>>>>> UNREACHABLEAUTHORITY message.
>>>>>>>>>
>>>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>>>>>>>> commits: num=2
>>>>>>>>>
>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>>>>>>>
>>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>>>>>>>> INFO - 2014-06-12 22:22:29.960;
>>>>>>>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0
>>>>>>>>> main
>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>>>>>>>> requests to Searcher@5ac787b0
>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>>>>>>>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>>>>>>>> [collection1] Registered new searcher Searcher@5ac787b0
>>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>>>>>>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>>>>>>>> {commit=} 0 265
>>>>>>>>> INFO - 2014-06-12 22:22:35.663;
>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>>>>>>>> QTime=0
>>>>>>>>> INFO - 2014-06-12 22:22:35.741;
>>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>>>>>>>> INFO - 2014-06-12 22:22:36.960;
>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>>>>>>>> no-user response (open documents only)
>>>>>>>>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>>>>>>>> INFO - 2014-06-12 22:22:40.569;
>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>>> INFO - 2014-06-12 22:22:40.726;
>>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>>>>>>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>>>>>>>
>>>>>>>>> UNREACHABLEAUTHORITY means name of an authority that was found to
>>>>>>>>> be unreachable or unusable but i am having same authority working fine in
>>>>>>>>> MCF.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Please help.
>>>>>>>>>
>>>>>>>>> Regards.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Hi Karl,
>>>>>>>>>
>>>>>>>>> May be we should use
>>>>>>>>>
>>>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>>
>>>>>>>>> in
>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>
>>>>>>>>> To avoid confusion?
>>>>>>>>>
>>>>>>>>> What do you think?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <
>>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> What does your solrconfig.xml file look like?
>>>>>>>>> Karl
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <
>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>> Hi Ahmet,
>>>>>>>>>
>>>>>>>>> I tried the way you suggested but its not working. My solr query
>>>>>>>>> is as below.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>>>>>
>>>>>>>>> Whatever name i am passing as AuthenticatedUserName, it returning
>>>>>>>>> all results.
>>>>>>>>>
>>>>>>>>> I have indexed my documents using mcf-solr plugin using
>>>>>>>>> instructions @
>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>>>>>>>> Below are some of ACL stored in solr. Am i missing something?
>>>>>>>>>
>>>>>>>>> "_version_": 1470562493875093500,
>>>>>>>>> "allow_token_share": [
>>>>>>>>> "__nosecurity__"
>>>>>>>>> ],
>>>>>>>>> "deny_token_share": [
>>>>>>>>> "__nosecurity__"
>>>>>>>>> ]
>>>>>>>>> },
>>>>>>>>> {
>>>>>>>>> "content_name": "Alfresco-in-an-Hour.pdf"
>>>>>>>>> "deny_token_document": [
>>>>>>>>> "SP+Group:DEAD_AUTHORITY"
>>>>>>>>> ],
>>>>>>>>> "allow_token_document": [
>>>>>>>>> "SP+Group:GTest+lalit+Portal+Visitors",
>>>>>>>>> "SP+Group:GTest+lalit+Portal+Owners",
>>>>>>>>> "SP+Group:GRestricted+Readers",
>>>>>>>>> "SP+Group:GTest+lalit+Administrators",
>>>>>>>>> "SP+Group:GTest+lalit+Portal+Members",
>>>>>>>>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>>>>> "SP+Group:GHierarchy+Managers",
>>>>>>>>> "SP+Group:GApprovers",
>>>>>>>>> "SP+Group:GViewers",
>>>>>>>>> "SP+Group:GDesigners"
>>>>>>>>> ],
>>>>>>>>> "content_modified_date": "2014-06-04T00:00:00Z",
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> SDD
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "_version_": 1470564182244982800
>>>>>>>>> },
>>>>>>>>> {
>>>>>>>>> "deny_token_share": [
>>>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>>>> ],
>>>>>>>>> "content_name": "hekko.txt",
>>>>>>>>> "content_modifier": "iwater.ie\\ljangra",
>>>>>>>>> "deny_token_document": [
>>>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>>>> ],
>>>>>>>>> "id": "
>>>>>>>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>>>>>>>> "allow_token_document": [
>>>>>>>>> "AD+Group:S-1-5-18",
>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>>>> ],
>>>>>>>>>
>>>>>>>>> "allow_token_share": [
>>>>>>>>> "AD+Group:S-1-1-0",
>>>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>>>> ],
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> CMIS
>>>>>>>>>
>>>>>>>>> "allow_token_share": [
>>>>>>>>> "__nosecurity__"
>>>>>>>>> ],
>>>>>>>>> "deny_token_document": [
>>>>>>>>> "__nosecurity__"
>>>>>>>>> ],
>>>>>>>>> "deny_token_share": [
>>>>>>>>> "__nosecurity__"
>>>>>>>>> ],
>>>>>>>>> "allow_token_document": [
>>>>>>>>> "__nosecurity__"
>>>>>>>>> ]
>>>>>>>>>
>>>>>>>>> Regards.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> As documented here
>>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>>
>>>>>>>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> This is a URL parameter, just like Solr params. Here is an example.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>>>>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hi All,
>>>>>>>>>
>>>>>>>>> As continuing from
>>>>>>>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>>>>>>>> as per Ahmet's suggestion.
>>>>>>>>>
>>>>>>>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs
>>>>>>>>> indexed into solr indexes.
>>>>>>>>>
>>>>>>>>> Now i want to write Solr query to put a user's permission details
>>>>>>>>> into in it which can be compared to ACL stored in solr and only those
>>>>>>>>> results will be returned to user on which he has been assigned ACL.
>>>>>>>>>
>>>>>>>>> How can i do this? Can i use MCF filter below here or do i need
>>>>>>>>> to write custom query for my need?
>>>>>>>>>
>>>>>>>>> <requestHandler name="search" class="solr.SearchHandler"
>>>>>>>>> default="true">
>>>>>>>>> <lst name="appends">
>>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>>> </lst>
>>>>>>>>> </requestHandler>
>>>>>>>>>
>>>>>>>>> Please help.
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Lalit Jangra.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Regards,
>>>>>>>>> Lalit Jangra.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Regards,
>>>>>>>>> Lalit Jangra.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Regards,
>>>>>>>>> Lalit Jangra.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Regards,
>>>>>>>>> Lalit Jangra.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Lalit Jangra.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Lalit Jangra.
>>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by Karl Wright <da...@gmail.com>.
Hi Lalit,
I am not a Solr expert; Ahmet is a better resource for how to configure
Solr. He has already furnished good advice on how to do that, and you have
at one point showed us queries that included the appropriate access tokens
in them so I know you had it working at one point.
This is not rocket science, and all the components seem to be working as
designed. You will have to put in some care and time getting your
configuration right. Retrace your steps or start fresh if you have to. We
really can't give you any more advice from here; things seem to be working
and then not working and then working again, and I suspect that you are
basically hacking away at your configuration without understanding at all
what you are doing. So slow down, keep more careful notes, and review
these emails.
Thanks,
Karl
On Fri, Jun 13, 2014 at 10:57 AM, lalit jangra <la...@gmail.com>
wrote:
> Hi Karl,
>
> I have tried with /select, /query & /search but not getting appropriate
> results. Which query handler should i use here.
>
> I am also attaching solrconfig.xml.
>
> Regards.
>
>
> On Fri, Jun 13, 2014 at 3:26 PM, Karl Wright <da...@gmail.com> wrote:
>
>> Hi Lalit,
>>
>> You are going through the wrong query handler again:
>>
>> "
>> http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>> Annoucements/DispForm.aspx?ID=1": "\n1.0 = (MATCH) MatchAllDocsQuery,
>> product of:\n 1.0 = queryNorm\n",
>> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
>> Annoucements/DispForm.aspx?ID=2": "\n1.0 = (MATCH) MatchAllDocsQuery,
>> product of:\n 1.0 = queryNorm\n",
>> "
>> http://testirishwaterportal/irish-water/DocumentLibrary/serverDetails.xlsx":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>> "
>> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>> "
>> http://testirishwaterportal/irish-water/Shared%20Documents/alfresco_aiim_2006_05_16.ppt":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>> "
>> http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>> "
>> http://testirishwaterportal/irish-water/Lists/IW%20Annoucements/Attachments/2/spp.log":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>> "
>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/Alfresco-in-an-Hour%20-%20Copy.pdf":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
>> "
>> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/DevCon%20Revenue.pptx":
>> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n"
>>
>>
>> The Solr plugin query modification is not happening; it doesn't seem to
>> be getting applied now. It was earlier, you must have turned it off.
>>
>> Karl
>>
>>
>>
>> On Fri, Jun 13, 2014 at 9:56 AM, lalit jangra <la...@gmail.com>
>> wrote:
>>
>>> Thanks Karl,
>>>
>>> After resetting everything again, now i could see content with ACL
>>> posted to solr as per your instructions. Thanks again for this.I am
>>> attaching solr.log.
>>>
>>> But still i am not able to see any content using /select query handler &
>>> attached Select.log for same.
>>>
>>> While using /query request handler, i can see results with ACL but
>>> whatever name i provide, it returns all results so effectively ACL not
>>> working, attached Query.log for same.
>>>
>>> Can you please guide.
>>>
>>> Regards.
>>>
>>>
>>> On Fri, Jun 13, 2014 at 1:37 PM, Karl Wright <da...@gmail.com> wrote:
>>>
>>>> I wonder if this is a Luke bug?
>>>> The access tokens might well have a form that Luke doesn't like to
>>>> display. That is the only thing that's making any sense to me at the
>>>> moment.
>>>>
>>>> Karl
>>>>
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 8:29 AM, Karl Wright <da...@gmail.com>
>>>> wrote:
>>>>
>>>>>
>>>>> FWIW, your authority setup seems to be working properly, and the query
>>>>> generator is working properly too. Only the acls are messed up.
>>>>>
>>>>> This is the interesting bit:
>>>>>
>>>>> "allow_token_document": [
>>>>>
>>>>> "SP+KW:"]
>>>>>
>>>>>
>>>>> It looks like a blank access token is being fetched for this list
>>>>> item, which does not make any sense to me. And yet we saw access tokens
>>>>> before, correct?
>>>>>
>>>>>
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <da...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Lalit,
>>>>>>
>>>>>> It is clear that your access tokens have not been actually indexed.
>>>>>> But I remember seeing that they were correctly posted to Solr. So now I am
>>>>>> confused.
>>>>>>
>>>>>> Can you please do the following:
>>>>>> - Click the "reindex all documents" button in the MCF view page for
>>>>>> your output connection
>>>>>> - Start your job
>>>>>> - Send me the Solr info output about what has been posted
>>>>>>
>>>>>> When that is done, if what is posted looks correct, you SHOULD have a
>>>>>> Solr index that has ACLs in it.
>>>>>> If it does not look correct, we will have to go back and look at your
>>>>>> connections etc. to see why the acls are not being fetched.
>>>>>>
>>>>>> Thanks,
>>>>>> Karl
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <
>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>
>>>>>>> Hi Again,
>>>>>>>
>>>>>>> I used /query for debugging & using
>>>>>>>
>>>>>>>
>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>>>>>>> <ht...@iwater.ie>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <ht...@iwater.ie>I
>>>>>>> could see below results without much information about ACLs.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "deny_token_document": [
>>>>>>>
>>>>>>> "SP+KW:DEAD_AUTHORITY"
>>>>>>>
>>>>>>> ],
>>>>>>>
>>>>>>> "id": "
>>>>>>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>>>>>>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>>>>>>> ",
>>>>>>>
>>>>>>> "allow_token_document": [
>>>>>>>
>>>>>>> "SP+KW:"
>>>>>>>
>>>>>>> ],
>>>>>>>
>>>>>>> "content": [
>>>>>>>
>>>>>>> " \n \n \n \n \n \n \n \n \n \n "
>>>>>>>
>>>>>>> ],
>>>>>>>
>>>>>>> "_version_": 1470790301540941800,
>>>>>>>
>>>>>>> "allow_token_share": [
>>>>>>>
>>>>>>> "__nosecurity__"
>>>>>>>
>>>>>>> ],
>>>>>>>
>>>>>>> "deny_token_share": [
>>>>>>>
>>>>>>> "__nosecurity__"
>>>>>>>
>>>>>>> ]
>>>>>>> }
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Lalit,
>>>>>>>>
>>>>>>>> regarding "As i could not see any document in solr query,"
>>>>>>>>
>>>>>>>> Here is the best practise that I use :
>>>>>>>>
>>>>>>>> I configure /select request handler (RH) with mcfQParser, intended
>>>>>>>> to use in production, default RH.
>>>>>>>>
>>>>>>>> I also use /query RH without mcfQParser, for debugging purposes.
>>>>>>>>
>>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>>>>>>
>>>>>>>> Ahmet
>>>>>>>>
>>>>>>>>
>>>>>>>> On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks Karl,
>>>>>>>>
>>>>>>>> As i could not see any document in solr query, i used Luke to open
>>>>>>>> index and i could see below values for all MCF plugin fields for all
>>>>>>>> documents. These are something different from previous values.
>>>>>>>>
>>>>>>>> allow_token_document = SP+KW:
>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>> deny_token_document = SP+KW:DEAD_AUTHORITY
>>>>>>>> allow_token_share = __nosecurity__
>>>>>>>>
>>>>>>>> I think something or a lot of things missing here. I am attaching
>>>>>>>> zip of solr index(very small one with 10 documents from sharepoint) here.
>>>>>>>> Please guide.
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <da...@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi Lalit,
>>>>>>>>
>>>>>>>> Can you show me somehow some of the the ACLs that have been indexed
>>>>>>>> with your documents? The only other potential issue might be that your
>>>>>>>> repository connection(s) may not be part of the same authority groups as
>>>>>>>> your authority connections. In that case, the indexed authority tokens
>>>>>>>> will have a different prefix (e.g. SP+KW in one case, something else in the
>>>>>>>> other).
>>>>>>>>
>>>>>>>> Karl
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <
>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>
>>>>>>>> Hi Again,
>>>>>>>>
>>>>>>>> As per Karl's suggestion, i am now converting user from water.com\ljangra
>>>>>>>> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>>>>>>
>>>>>>>>
>>>>>>>> <ht...@iwater.ie>
>>>>>>>> I can see below ACL.
>>>>>>>> AUTHORIZED:SP+K+Conn
>>>>>>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>>
>>>>>>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>>
>>>>>>>> Still i am not able to see any results from query
>>>>>>>>
>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>>>>>>> <ht...@iwater.ie>
>>>>>>>> . While debugging query i can see ACL doing fine. So i am confused
>>>>>>>> why its now working. Can you please help.
>>>>>>>>
>>>>>>>> "parsed_filter_queries": [
>>>>>>>> "ConstantScore(+((+allow_token_share:__nosecurity__
>>>>>>>> +deny_token_share:__nosecurity__)
>>>>>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>>>>>> +((+allow_token_document:__nosecurity__
>>>>>>>> +deny_token_document:__nosecurity__)
>>>>>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>>>>> ],
>>>>>>>>
>>>>>>>> Finally solr.log also seems to be fine.
>>>>>>>>
>>>>>>>> INFO - 2014-06-13 11:38:19.862;
>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>> INFO - 2014-06-13 11:38:19.909;
>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>> authority response AUTHORIZED:SP+K+Conn
>>>>>>>> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi Lalit,
>>>>>>>>
>>>>>>>> It makes more sense to use appends section rather than defaults
>>>>>>>> section when defining mcf query parser plugin in fq parameter.
>>>>>>>>
>>>>>>>> <lst name="appends">
>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>> </lst>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> Hi Ahmet,
>>>>>>>>
>>>>>>>> I have configured solrconfig.xml as per your suggestion.
>>>>>>>>
>>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>> <!-- default values for query parameters can be specified, these
>>>>>>>> will be overridden by parameters in the request
>>>>>>>> -->
>>>>>>>> <lst name="defaults">
>>>>>>>> <str name="echoParams">explicit</str>
>>>>>>>> <int name="rows">1000</int>
>>>>>>>> <str name="df">text</str>
>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>> </lst>
>>>>>>>> ....
>>>>>>>> </requestHandler>
>>>>>>>>
>>>>>>>>
>>>>>>>> Next i am running a job which indexes sharepoint content in solr
>>>>>>>> but when i am searching in solr, i am getting not results & getting
>>>>>>>> UNREACHABLEAUTHORITY message.
>>>>>>>>
>>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>>>>>>> commits: num=2
>>>>>>>>
>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>>>>>>
>>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>>>>>>> INFO - 2014-06-12 22:22:29.960;
>>>>>>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0
>>>>>>>> main
>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>>>>>>> requests to Searcher@5ac787b0
>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>>>>>>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>>>>>>> [collection1] Registered new searcher Searcher@5ac787b0
>>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>>>>>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>>>>>>> {commit=} 0 265
>>>>>>>> INFO - 2014-06-12 22:22:35.663;
>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>>>>>>> QTime=0
>>>>>>>> INFO - 2014-06-12 22:22:35.741;
>>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>>>>>>> INFO - 2014-06-12 22:22:36.960;
>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>>>>>>> no-user response (open documents only)
>>>>>>>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>>>>>>> INFO - 2014-06-12 22:22:40.569;
>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>>> INFO - 2014-06-12 22:22:40.726;
>>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>>>>>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>>>>>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>>>>>>
>>>>>>>> UNREACHABLEAUTHORITY means name of an authority that was found to
>>>>>>>> be unreachable or unusable but i am having same authority working fine in
>>>>>>>> MCF.
>>>>>>>>
>>>>>>>>
>>>>>>>> Please help.
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi Karl,
>>>>>>>>
>>>>>>>> May be we should use
>>>>>>>>
>>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>>
>>>>>>>> in
>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>
>>>>>>>> To avoid confusion?
>>>>>>>>
>>>>>>>> What do you think?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <
>>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> What does your solrconfig.xml file look like?
>>>>>>>> Karl
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <
>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>
>>>>>>>> Hi Ahmet,
>>>>>>>>
>>>>>>>> I tried the way you suggested but its not working. My solr query is
>>>>>>>> as below.
>>>>>>>>
>>>>>>>>
>>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>>>>
>>>>>>>> Whatever name i am passing as AuthenticatedUserName, it returning
>>>>>>>> all results.
>>>>>>>>
>>>>>>>> I have indexed my documents using mcf-solr plugin using
>>>>>>>> instructions @
>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>>>>>>> Below are some of ACL stored in solr. Am i missing something?
>>>>>>>>
>>>>>>>> "_version_": 1470562493875093500,
>>>>>>>> "allow_token_share": [
>>>>>>>> "__nosecurity__"
>>>>>>>> ],
>>>>>>>> "deny_token_share": [
>>>>>>>> "__nosecurity__"
>>>>>>>> ]
>>>>>>>> },
>>>>>>>> {
>>>>>>>> "content_name": "Alfresco-in-an-Hour.pdf"
>>>>>>>> "deny_token_document": [
>>>>>>>> "SP+Group:DEAD_AUTHORITY"
>>>>>>>> ],
>>>>>>>> "allow_token_document": [
>>>>>>>> "SP+Group:GTest+lalit+Portal+Visitors",
>>>>>>>> "SP+Group:GTest+lalit+Portal+Owners",
>>>>>>>> "SP+Group:GRestricted+Readers",
>>>>>>>> "SP+Group:GTest+lalit+Administrators",
>>>>>>>> "SP+Group:GTest+lalit+Portal+Members",
>>>>>>>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>>>> "SP+Group:GHierarchy+Managers",
>>>>>>>> "SP+Group:GApprovers",
>>>>>>>> "SP+Group:GViewers",
>>>>>>>> "SP+Group:GDesigners"
>>>>>>>> ],
>>>>>>>> "content_modified_date": "2014-06-04T00:00:00Z",
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> SDD
>>>>>>>>
>>>>>>>>
>>>>>>>> "_version_": 1470564182244982800
>>>>>>>> },
>>>>>>>> {
>>>>>>>> "deny_token_share": [
>>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>>> ],
>>>>>>>> "content_name": "hekko.txt",
>>>>>>>> "content_modifier": "iwater.ie\\ljangra",
>>>>>>>> "deny_token_document": [
>>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>>> ],
>>>>>>>> "id": "
>>>>>>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>>>>>>> "allow_token_document": [
>>>>>>>> "AD+Group:S-1-5-18",
>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>>> ],
>>>>>>>>
>>>>>>>> "allow_token_share": [
>>>>>>>> "AD+Group:S-1-1-0",
>>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>>> ],
>>>>>>>>
>>>>>>>>
>>>>>>>> CMIS
>>>>>>>>
>>>>>>>> "allow_token_share": [
>>>>>>>> "__nosecurity__"
>>>>>>>> ],
>>>>>>>> "deny_token_document": [
>>>>>>>> "__nosecurity__"
>>>>>>>> ],
>>>>>>>> "deny_token_share": [
>>>>>>>> "__nosecurity__"
>>>>>>>> ],
>>>>>>>> "allow_token_document": [
>>>>>>>> "__nosecurity__"
>>>>>>>> ]
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> As documented here
>>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>>
>>>>>>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>>>>>>
>>>>>>>>
>>>>>>>> This is a URL parameter, just like Solr params. Here is an example.
>>>>>>>>
>>>>>>>>
>>>>>>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>>>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> Hi All,
>>>>>>>>
>>>>>>>> As continuing from
>>>>>>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>>>>>>> as per Ahmet's suggestion.
>>>>>>>>
>>>>>>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs
>>>>>>>> indexed into solr indexes.
>>>>>>>>
>>>>>>>> Now i want to write Solr query to put a user's permission details
>>>>>>>> into in it which can be compared to ACL stored in solr and only those
>>>>>>>> results will be returned to user on which he has been assigned ACL.
>>>>>>>>
>>>>>>>> How can i do this? Can i use MCF filter below here or do i need
>>>>>>>> to write custom query for my need?
>>>>>>>>
>>>>>>>> <requestHandler name="search" class="solr.SearchHandler"
>>>>>>>> default="true">
>>>>>>>> <lst name="appends">
>>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>>> </lst>
>>>>>>>> </requestHandler>
>>>>>>>>
>>>>>>>> Please help.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Lalit Jangra.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Lalit Jangra.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Lalit Jangra.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Lalit Jangra.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Lalit Jangra.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>> Lalit Jangra.
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>
>>
>
>
> --
> Regards,
> Lalit Jangra.
>
Re: How to query for content with ACLs?
Posted by lalit jangra <la...@gmail.com>.
Hi Karl,
I have tried with /select, /query & /search but not getting appropriate
results. Which query handler should i use here.
I am also attaching solrconfig.xml.
Regards.
On Fri, Jun 13, 2014 at 3:26 PM, Karl Wright <da...@gmail.com> wrote:
> Hi Lalit,
>
> You are going through the wrong query handler again:
>
> "
> http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1":
> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
> Annoucements/DispForm.aspx?ID=1": "\n1.0 = (MATCH) MatchAllDocsQuery,
> product of:\n 1.0 = queryNorm\n",
> "http://testirishwaterportal/irish-water/irish-water/Lists/IW
> Annoucements/DispForm.aspx?ID=2": "\n1.0 = (MATCH) MatchAllDocsQuery,
> product of:\n 1.0 = queryNorm\n",
> "
> http://testirishwaterportal/irish-water/DocumentLibrary/serverDetails.xlsx":
> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
> "
> http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf":
> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
> "
> http://testirishwaterportal/irish-water/Shared%20Documents/alfresco_aiim_2006_05_16.ppt":
> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
> "
> http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt":
> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
> "
> http://testirishwaterportal/irish-water/Lists/IW%20Annoucements/Attachments/2/spp.log":
> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
> "
> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/Alfresco-in-an-Hour%20-%20Copy.pdf":
> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
> "
> http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/DevCon%20Revenue.pptx":
> "\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n"
>
>
> The Solr plugin query modification is not happening; it doesn't seem to be
> getting applied now. It was earlier, you must have turned it off.
>
> Karl
>
>
>
> On Fri, Jun 13, 2014 at 9:56 AM, lalit jangra <la...@gmail.com>
> wrote:
>
>> Thanks Karl,
>>
>> After resetting everything again, now i could see content with ACL posted
>> to solr as per your instructions. Thanks again for this.I am attaching
>> solr.log.
>>
>> But still i am not able to see any content using /select query handler &
>> attached Select.log for same.
>>
>> While using /query request handler, i can see results with ACL but
>> whatever name i provide, it returns all results so effectively ACL not
>> working, attached Query.log for same.
>>
>> Can you please guide.
>>
>> Regards.
>>
>>
>> On Fri, Jun 13, 2014 at 1:37 PM, Karl Wright <da...@gmail.com> wrote:
>>
>>> I wonder if this is a Luke bug?
>>> The access tokens might well have a form that Luke doesn't like to
>>> display. That is the only thing that's making any sense to me at the
>>> moment.
>>>
>>> Karl
>>>
>>>
>>>
>>> On Fri, Jun 13, 2014 at 8:29 AM, Karl Wright <da...@gmail.com> wrote:
>>>
>>>>
>>>> FWIW, your authority setup seems to be working properly, and the query
>>>> generator is working properly too. Only the acls are messed up.
>>>>
>>>> This is the interesting bit:
>>>>
>>>> "allow_token_document": [
>>>>
>>>> "SP+KW:"]
>>>>
>>>>
>>>> It looks like a blank access token is being fetched for this list item,
>>>> which does not make any sense to me. And yet we saw access tokens before,
>>>> correct?
>>>>
>>>>
>>>> Karl
>>>>
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <da...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> It is clear that your access tokens have not been actually indexed.
>>>>> But I remember seeing that they were correctly posted to Solr. So now I am
>>>>> confused.
>>>>>
>>>>> Can you please do the following:
>>>>> - Click the "reindex all documents" button in the MCF view page for
>>>>> your output connection
>>>>> - Start your job
>>>>> - Send me the Solr info output about what has been posted
>>>>>
>>>>> When that is done, if what is posted looks correct, you SHOULD have a
>>>>> Solr index that has ACLs in it.
>>>>> If it does not look correct, we will have to go back and look at your
>>>>> connections etc. to see why the acls are not being fetched.
>>>>>
>>>>> Thanks,
>>>>> Karl
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>>> Hi Again,
>>>>>>
>>>>>> I used /query for debugging & using
>>>>>>
>>>>>>
>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>>>>>> <ht...@iwater.ie>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <ht...@iwater.ie>I
>>>>>> could see below results without much information about ACLs.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> "deny_token_document": [
>>>>>>
>>>>>> "SP+KW:DEAD_AUTHORITY"
>>>>>>
>>>>>> ],
>>>>>>
>>>>>> "id": "
>>>>>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>>>>>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>>>>>> ",
>>>>>>
>>>>>> "allow_token_document": [
>>>>>>
>>>>>> "SP+KW:"
>>>>>>
>>>>>> ],
>>>>>>
>>>>>> "content": [
>>>>>>
>>>>>> " \n \n \n \n \n \n \n \n \n \n "
>>>>>>
>>>>>> ],
>>>>>>
>>>>>> "_version_": 1470790301540941800,
>>>>>>
>>>>>> "allow_token_share": [
>>>>>>
>>>>>> "__nosecurity__"
>>>>>>
>>>>>> ],
>>>>>>
>>>>>> "deny_token_share": [
>>>>>>
>>>>>> "__nosecurity__"
>>>>>>
>>>>>> ]
>>>>>> }
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Lalit,
>>>>>>>
>>>>>>> regarding "As i could not see any document in solr query,"
>>>>>>>
>>>>>>> Here is the best practise that I use :
>>>>>>>
>>>>>>> I configure /select request handler (RH) with mcfQParser, intended
>>>>>>> to use in production, default RH.
>>>>>>>
>>>>>>> I also use /query RH without mcfQParser, for debugging purposes.
>>>>>>>
>>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>>>>>
>>>>>>> Ahmet
>>>>>>>
>>>>>>>
>>>>>>> On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>
>>>>>>>
>>>>>>> Thanks Karl,
>>>>>>>
>>>>>>> As i could not see any document in solr query, i used Luke to open
>>>>>>> index and i could see below values for all MCF plugin fields for all
>>>>>>> documents. These are something different from previous values.
>>>>>>>
>>>>>>> allow_token_document = SP+KW:
>>>>>>> allow_token_share = __nosecurity__
>>>>>>> deny_token_document = SP+KW:DEAD_AUTHORITY
>>>>>>> allow_token_share = __nosecurity__
>>>>>>>
>>>>>>> I think something or a lot of things missing here. I am attaching
>>>>>>> zip of solr index(very small one with 10 documents from sharepoint) here.
>>>>>>> Please guide.
>>>>>>>
>>>>>>> Regards.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <da...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Hi Lalit,
>>>>>>>
>>>>>>> Can you show me somehow some of the the ACLs that have been indexed
>>>>>>> with your documents? The only other potential issue might be that your
>>>>>>> repository connection(s) may not be part of the same authority groups as
>>>>>>> your authority connections. In that case, the indexed authority tokens
>>>>>>> will have a different prefix (e.g. SP+KW in one case, something else in the
>>>>>>> other).
>>>>>>>
>>>>>>> Karl
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <
>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>
>>>>>>> Hi Again,
>>>>>>>
>>>>>>> As per Karl's suggestion, i am now converting user from water.com\ljangra
>>>>>>> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>>>>>
>>>>>>>
>>>>>>> <ht...@iwater.ie>
>>>>>>> I can see below ACL.
>>>>>>> AUTHORIZED:SP+K+Conn
>>>>>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>>
>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>>
>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>>
>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>>
>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>>
>>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>>
>>>>>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>>
>>>>>>> Still i am not able to see any results from query
>>>>>>>
>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>>>>>> <ht...@iwater.ie>
>>>>>>> . While debugging query i can see ACL doing fine. So i am confused
>>>>>>> why its now working. Can you please help.
>>>>>>>
>>>>>>> "parsed_filter_queries": [
>>>>>>> "ConstantScore(+((+allow_token_share:__nosecurity__
>>>>>>> +deny_token_share:__nosecurity__)
>>>>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>>>>> +((+allow_token_document:__nosecurity__
>>>>>>> +deny_token_document:__nosecurity__)
>>>>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>>>> ],
>>>>>>>
>>>>>>> Finally solr.log also seems to be fine.
>>>>>>>
>>>>>>> INFO - 2014-06-13 11:38:19.862;
>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>> INFO - 2014-06-13 11:38:19.909;
>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>> authority response AUTHORIZED:SP+K+Conn
>>>>>>> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>>>>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>>>>>
>>>>>>> Regards.
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Hi Lalit,
>>>>>>>
>>>>>>> It makes more sense to use appends section rather than defaults
>>>>>>> section when defining mcf query parser plugin in fq parameter.
>>>>>>>
>>>>>>> <lst name="appends">
>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>> </lst>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>
>>>>>>>
>>>>>>> Hi Ahmet,
>>>>>>>
>>>>>>> I have configured solrconfig.xml as per your suggestion.
>>>>>>>
>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>> <!-- default values for query parameters can be specified, these
>>>>>>> will be overridden by parameters in the request
>>>>>>> -->
>>>>>>> <lst name="defaults">
>>>>>>> <str name="echoParams">explicit</str>
>>>>>>> <int name="rows">1000</int>
>>>>>>> <str name="df">text</str>
>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>> </lst>
>>>>>>> ....
>>>>>>> </requestHandler>
>>>>>>>
>>>>>>>
>>>>>>> Next i am running a job which indexes sharepoint content in solr but
>>>>>>> when i am searching in solr, i am getting not results & getting
>>>>>>> UNREACHABLEAUTHORITY message.
>>>>>>>
>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>>>>>> commits: num=2
>>>>>>>
>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>>>>>
>>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>>>>>> INFO - 2014-06-12 22:22:29.960;
>>>>>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0
>>>>>>> main
>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>>>>>> requests to Searcher@5ac787b0
>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>>>>>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>>>>>> [collection1] Registered new searcher Searcher@5ac787b0
>>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>>>>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>>>>>> {commit=} 0 265
>>>>>>> INFO - 2014-06-12 22:22:35.663;
>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>>>>>> QTime=0
>>>>>>> INFO - 2014-06-12 22:22:35.741;
>>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>>>>>> INFO - 2014-06-12 22:22:36.960;
>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>>>>>> no-user response (open documents only)
>>>>>>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>>>>>> INFO - 2014-06-12 22:22:40.569;
>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>>> INFO - 2014-06-12 22:22:40.726;
>>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>>>>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>>>>>> [collection1] webapp=/solr path=/select
>>>>>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>>>>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>>>>>
>>>>>>> UNREACHABLEAUTHORITY means name of an authority that was found to be
>>>>>>> unreachable or unusable but i am having same authority working fine in MCF.
>>>>>>>
>>>>>>>
>>>>>>> Please help.
>>>>>>>
>>>>>>> Regards.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Hi Karl,
>>>>>>>
>>>>>>> May be we should use
>>>>>>>
>>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>>
>>>>>>> in
>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>
>>>>>>> To avoid confusion?
>>>>>>>
>>>>>>> What do you think?
>>>>>>>
>>>>>>>
>>>>>>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <
>>>>>>> daddywri@gmail.com> wrote:
>>>>>>>
>>>>>>>
>>>>>>> What does your solrconfig.xml file look like?
>>>>>>> Karl
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <
>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>
>>>>>>> Hi Ahmet,
>>>>>>>
>>>>>>> I tried the way you suggested but its not working. My solr query is
>>>>>>> as below.
>>>>>>>
>>>>>>>
>>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>>>
>>>>>>> Whatever name i am passing as AuthenticatedUserName, it returning
>>>>>>> all results.
>>>>>>>
>>>>>>> I have indexed my documents using mcf-solr plugin using instructions
>>>>>>> @
>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>>>>>> Below are some of ACL stored in solr. Am i missing something?
>>>>>>>
>>>>>>> "_version_": 1470562493875093500,
>>>>>>> "allow_token_share": [
>>>>>>> "__nosecurity__"
>>>>>>> ],
>>>>>>> "deny_token_share": [
>>>>>>> "__nosecurity__"
>>>>>>> ]
>>>>>>> },
>>>>>>> {
>>>>>>> "content_name": "Alfresco-in-an-Hour.pdf"
>>>>>>> "deny_token_document": [
>>>>>>> "SP+Group:DEAD_AUTHORITY"
>>>>>>> ],
>>>>>>> "allow_token_document": [
>>>>>>> "SP+Group:GTest+lalit+Portal+Visitors",
>>>>>>> "SP+Group:GTest+lalit+Portal+Owners",
>>>>>>> "SP+Group:GRestricted+Readers",
>>>>>>> "SP+Group:GTest+lalit+Administrators",
>>>>>>> "SP+Group:GTest+lalit+Portal+Members",
>>>>>>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>>> "SP+Group:GHierarchy+Managers",
>>>>>>> "SP+Group:GApprovers",
>>>>>>> "SP+Group:GViewers",
>>>>>>> "SP+Group:GDesigners"
>>>>>>> ],
>>>>>>> "content_modified_date": "2014-06-04T00:00:00Z",
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> SDD
>>>>>>>
>>>>>>>
>>>>>>> "_version_": 1470564182244982800
>>>>>>> },
>>>>>>> {
>>>>>>> "deny_token_share": [
>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>> ],
>>>>>>> "content_name": "hekko.txt",
>>>>>>> "content_modifier": "iwater.ie\\ljangra",
>>>>>>> "deny_token_document": [
>>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>>> ],
>>>>>>> "id": "
>>>>>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>>>>>> "allow_token_document": [
>>>>>>> "AD+Group:S-1-5-18",
>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>> ],
>>>>>>>
>>>>>>> "allow_token_share": [
>>>>>>> "AD+Group:S-1-1-0",
>>>>>>> "AD+Group:S-1-5-32-544"
>>>>>>> ],
>>>>>>>
>>>>>>>
>>>>>>> CMIS
>>>>>>>
>>>>>>> "allow_token_share": [
>>>>>>> "__nosecurity__"
>>>>>>> ],
>>>>>>> "deny_token_document": [
>>>>>>> "__nosecurity__"
>>>>>>> ],
>>>>>>> "deny_token_share": [
>>>>>>> "__nosecurity__"
>>>>>>> ],
>>>>>>> "allow_token_document": [
>>>>>>> "__nosecurity__"
>>>>>>> ]
>>>>>>>
>>>>>>> Regards.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> As documented here
>>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>>
>>>>>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>>>>>
>>>>>>>
>>>>>>> This is a URL parameter, just like Solr params. Here is an example.
>>>>>>>
>>>>>>>
>>>>>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>>>>>
>>>>>>>
>>>>>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>>
>>>>>>>
>>>>>>> Hi All,
>>>>>>>
>>>>>>> As continuing from
>>>>>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>>>>>> as per Ahmet's suggestion.
>>>>>>>
>>>>>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs
>>>>>>> indexed into solr indexes.
>>>>>>>
>>>>>>> Now i want to write Solr query to put a user's permission details
>>>>>>> into in it which can be compared to ACL stored in solr and only those
>>>>>>> results will be returned to user on which he has been assigned ACL.
>>>>>>>
>>>>>>> How can i do this? Can i use MCF filter below here or do i need to
>>>>>>> write custom query for my need?
>>>>>>>
>>>>>>> <requestHandler name="search" class="solr.SearchHandler"
>>>>>>> default="true">
>>>>>>> <lst name="appends">
>>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>>> </lst>
>>>>>>> </requestHandler>
>>>>>>>
>>>>>>> Please help.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Lalit Jangra.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>> Lalit Jangra.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>> Lalit Jangra.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>> Lalit Jangra.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>> Lalit Jangra.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Lalit Jangra.
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by Karl Wright <da...@gmail.com>.
Hi Lalit,
You are going through the wrong query handler again:
"
http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1":
"\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
"http://testirishwaterportal/irish-water/irish-water/Lists/IW
Annoucements/DispForm.aspx?ID=1": "\n1.0 = (MATCH) MatchAllDocsQuery,
product of:\n 1.0 = queryNorm\n",
"http://testirishwaterportal/irish-water/irish-water/Lists/IW
Annoucements/DispForm.aspx?ID=2": "\n1.0 = (MATCH) MatchAllDocsQuery,
product of:\n 1.0 = queryNorm\n",
"
http://testirishwaterportal/irish-water/DocumentLibrary/serverDetails.xlsx":
"\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
"
http://testirishwaterportal/irish-water/Shared%20Documents/Alfresco-in-an-Hour.pdf":
"\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
"
http://testirishwaterportal/irish-water/Shared%20Documents/alfresco_aiim_2006_05_16.ppt":
"\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
"
http://testirishwaterportal/irish-water/DocumentLibrary/pptexamples.ppt":
"\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
"
http://testirishwaterportal/irish-water/Lists/IW%20Annoucements/Attachments/2/spp.log":
"\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
"
http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/Alfresco-in-an-Hour%20-%20Copy.pdf":
"\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n",
"
http://testirishwaterportal/irish-water/Lists/IWList/Attachments/1/DevCon%20Revenue.pptx":
"\n1.0 = (MATCH) MatchAllDocsQuery, product of:\n 1.0 = queryNorm\n"
The Solr plugin query modification is not happening; it doesn't seem to be
getting applied now. It was earlier, you must have turned it off.
Karl
On Fri, Jun 13, 2014 at 9:56 AM, lalit jangra <la...@gmail.com>
wrote:
> Thanks Karl,
>
> After resetting everything again, now i could see content with ACL posted
> to solr as per your instructions. Thanks again for this.I am attaching
> solr.log.
>
> But still i am not able to see any content using /select query handler &
> attached Select.log for same.
>
> While using /query request handler, i can see results with ACL but
> whatever name i provide, it returns all results so effectively ACL not
> working, attached Query.log for same.
>
> Can you please guide.
>
> Regards.
>
>
> On Fri, Jun 13, 2014 at 1:37 PM, Karl Wright <da...@gmail.com> wrote:
>
>> I wonder if this is a Luke bug?
>> The access tokens might well have a form that Luke doesn't like to
>> display. That is the only thing that's making any sense to me at the
>> moment.
>>
>> Karl
>>
>>
>>
>> On Fri, Jun 13, 2014 at 8:29 AM, Karl Wright <da...@gmail.com> wrote:
>>
>>>
>>> FWIW, your authority setup seems to be working properly, and the query
>>> generator is working properly too. Only the acls are messed up.
>>>
>>> This is the interesting bit:
>>>
>>> "allow_token_document": [
>>>
>>> "SP+KW:"]
>>>
>>>
>>> It looks like a blank access token is being fetched for this list item,
>>> which does not make any sense to me. And yet we saw access tokens before,
>>> correct?
>>>
>>>
>>> Karl
>>>
>>>
>>>
>>> On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <da...@gmail.com> wrote:
>>>
>>>> Hi Lalit,
>>>>
>>>> It is clear that your access tokens have not been actually indexed.
>>>> But I remember seeing that they were correctly posted to Solr. So now I am
>>>> confused.
>>>>
>>>> Can you please do the following:
>>>> - Click the "reindex all documents" button in the MCF view page for
>>>> your output connection
>>>> - Start your job
>>>> - Send me the Solr info output about what has been posted
>>>>
>>>> When that is done, if what is posted looks correct, you SHOULD have a
>>>> Solr index that has ACLs in it.
>>>> If it does not look correct, we will have to go back and look at your
>>>> connections etc. to see why the acls are not being fetched.
>>>>
>>>> Thanks,
>>>> Karl
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <lalit.j.jangra@gmail.com
>>>> > wrote:
>>>>
>>>>> Hi Again,
>>>>>
>>>>> I used /query for debugging & using
>>>>>
>>>>>
>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>>>>> <ht...@iwater.ie>
>>>>>
>>>>>
>>>>>
>>>>> <ht...@iwater.ie>I
>>>>> could see below results without much information about ACLs.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> "deny_token_document": [
>>>>>
>>>>> "SP+KW:DEAD_AUTHORITY"
>>>>>
>>>>> ],
>>>>>
>>>>> "id": "
>>>>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>>>>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>>>>> ",
>>>>>
>>>>> "allow_token_document": [
>>>>>
>>>>> "SP+KW:"
>>>>>
>>>>> ],
>>>>>
>>>>> "content": [
>>>>>
>>>>> " \n \n \n \n \n \n \n \n \n \n "
>>>>>
>>>>> ],
>>>>>
>>>>> "_version_": 1470790301540941800,
>>>>>
>>>>> "allow_token_share": [
>>>>>
>>>>> "__nosecurity__"
>>>>>
>>>>> ],
>>>>>
>>>>> "deny_token_share": [
>>>>>
>>>>> "__nosecurity__"
>>>>>
>>>>> ]
>>>>> }
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <io...@yahoo.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Lalit,
>>>>>>
>>>>>> regarding "As i could not see any document in solr query,"
>>>>>>
>>>>>> Here is the best practise that I use :
>>>>>>
>>>>>> I configure /select request handler (RH) with mcfQParser, intended to
>>>>>> use in production, default RH.
>>>>>>
>>>>>> I also use /query RH without mcfQParser, for debugging purposes.
>>>>>>
>>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>>>>
>>>>>> Ahmet
>>>>>>
>>>>>>
>>>>>> On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>
>>>>>>
>>>>>> Thanks Karl,
>>>>>>
>>>>>> As i could not see any document in solr query, i used Luke to open
>>>>>> index and i could see below values for all MCF plugin fields for all
>>>>>> documents. These are something different from previous values.
>>>>>>
>>>>>> allow_token_document = SP+KW:
>>>>>> allow_token_share = __nosecurity__
>>>>>> deny_token_document = SP+KW:DEAD_AUTHORITY
>>>>>> allow_token_share = __nosecurity__
>>>>>>
>>>>>> I think something or a lot of things missing here. I am attaching zip
>>>>>> of solr index(very small one with 10 documents from sharepoint) here.
>>>>>> Please guide.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <da...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>> Hi Lalit,
>>>>>>
>>>>>> Can you show me somehow some of the the ACLs that have been indexed
>>>>>> with your documents? The only other potential issue might be that your
>>>>>> repository connection(s) may not be part of the same authority groups as
>>>>>> your authority connections. In that case, the indexed authority tokens
>>>>>> will have a different prefix (e.g. SP+KW in one case, something else in the
>>>>>> other).
>>>>>>
>>>>>> Karl
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <
>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>
>>>>>> Hi Again,
>>>>>>
>>>>>> As per Karl's suggestion, i am now converting user from water.com\ljangra
>>>>>> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>>>>
>>>>>>
>>>>>> <ht...@iwater.ie>
>>>>>> I can see below ACL.
>>>>>> AUTHORIZED:SP+K+Conn
>>>>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>>
>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>>
>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>>
>>>>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>>
>>>>>> Still i am not able to see any results from query
>>>>>>
>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>>>>> <ht...@iwater.ie>
>>>>>> . While debugging query i can see ACL doing fine. So i am confused
>>>>>> why its now working. Can you please help.
>>>>>>
>>>>>> "parsed_filter_queries": [
>>>>>> "ConstantScore(+((+allow_token_share:__nosecurity__
>>>>>> +deny_token_share:__nosecurity__)
>>>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>>>> +((+allow_token_document:__nosecurity__
>>>>>> +deny_token_document:__nosecurity__)
>>>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>>> ],
>>>>>>
>>>>>> Finally solr.log also seems to be fine.
>>>>>>
>>>>>> INFO - 2014-06-13 11:38:19.862;
>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>> INFO - 2014-06-13 11:38:19.909;
>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>> authority response AUTHORIZED:SP+K+Conn
>>>>>> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>>>>>> [collection1] webapp=/solr path=/select
>>>>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>>>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com>
>>>>>> wrote:
>>>>>>
>>>>>> Hi Lalit,
>>>>>>
>>>>>> It makes more sense to use appends section rather than defaults
>>>>>> section when defining mcf query parser plugin in fq parameter.
>>>>>>
>>>>>> <lst name="appends">
>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>> </lst>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>
>>>>>>
>>>>>> Hi Ahmet,
>>>>>>
>>>>>> I have configured solrconfig.xml as per your suggestion.
>>>>>>
>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>> <!-- default values for query parameters can be specified, these
>>>>>> will be overridden by parameters in the request
>>>>>> -->
>>>>>> <lst name="defaults">
>>>>>> <str name="echoParams">explicit</str>
>>>>>> <int name="rows">1000</int>
>>>>>> <str name="df">text</str>
>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>> </lst>
>>>>>> ....
>>>>>> </requestHandler>
>>>>>>
>>>>>>
>>>>>> Next i am running a job which indexes sharepoint content in solr but
>>>>>> when i am searching in solr, i am getting not results & getting
>>>>>> UNREACHABLEAUTHORITY message.
>>>>>>
>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>>>>> commits: num=2
>>>>>>
>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>>>>
>>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>>>>> INFO - 2014-06-12 22:22:29.960;
>>>>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0
>>>>>> main
>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>>>>> requests to Searcher@5ac787b0
>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>>>>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>>>>> [collection1] Registered new searcher Searcher@5ac787b0
>>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>>>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>>>>> {commit=} 0 265
>>>>>> INFO - 2014-06-12 22:22:35.663;
>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>>>>> QTime=0
>>>>>> INFO - 2014-06-12 22:22:35.741;
>>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>>>>> INFO - 2014-06-12 22:22:36.960;
>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>>>>> no-user response (open documents only)
>>>>>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>>>>> [collection1] webapp=/solr path=/select
>>>>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>>>>> INFO - 2014-06-12 22:22:40.569;
>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>>> to match docs for user '[:ljangra@water.com]'
>>>>>> INFO - 2014-06-12 22:22:40.726;
>>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>>>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>>>>> [collection1] webapp=/solr path=/select
>>>>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>>>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>>>>
>>>>>> UNREACHABLEAUTHORITY means name of an authority that was found to be
>>>>>> unreachable or unusable but i am having same authority working fine in MCF.
>>>>>>
>>>>>>
>>>>>> Please help.
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>> wrote:
>>>>>>
>>>>>> Hi Karl,
>>>>>>
>>>>>> May be we should use
>>>>>>
>>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>>
>>>>>> in
>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>
>>>>>> To avoid confusion?
>>>>>>
>>>>>> What do you think?
>>>>>>
>>>>>>
>>>>>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <
>>>>>> daddywri@gmail.com> wrote:
>>>>>>
>>>>>>
>>>>>> What does your solrconfig.xml file look like?
>>>>>> Karl
>>>>>>
>>>>>>
>>>>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <
>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>
>>>>>> Hi Ahmet,
>>>>>>
>>>>>> I tried the way you suggested but its not working. My solr query is
>>>>>> as below.
>>>>>>
>>>>>>
>>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>>
>>>>>> Whatever name i am passing as AuthenticatedUserName, it returning all
>>>>>> results.
>>>>>>
>>>>>> I have indexed my documents using mcf-solr plugin using instructions
>>>>>> @
>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>>>>> Below are some of ACL stored in solr. Am i missing something?
>>>>>>
>>>>>> "_version_": 1470562493875093500,
>>>>>> "allow_token_share": [
>>>>>> "__nosecurity__"
>>>>>> ],
>>>>>> "deny_token_share": [
>>>>>> "__nosecurity__"
>>>>>> ]
>>>>>> },
>>>>>> {
>>>>>> "content_name": "Alfresco-in-an-Hour.pdf"
>>>>>> "deny_token_document": [
>>>>>> "SP+Group:DEAD_AUTHORITY"
>>>>>> ],
>>>>>> "allow_token_document": [
>>>>>> "SP+Group:GTest+lalit+Portal+Visitors",
>>>>>> "SP+Group:GTest+lalit+Portal+Owners",
>>>>>> "SP+Group:GRestricted+Readers",
>>>>>> "SP+Group:GTest+lalit+Administrators",
>>>>>> "SP+Group:GTest+lalit+Portal+Members",
>>>>>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>> "SP+Group:GHierarchy+Managers",
>>>>>> "SP+Group:GApprovers",
>>>>>> "SP+Group:GViewers",
>>>>>> "SP+Group:GDesigners"
>>>>>> ],
>>>>>> "content_modified_date": "2014-06-04T00:00:00Z",
>>>>>>
>>>>>>
>>>>>>
>>>>>> SDD
>>>>>>
>>>>>>
>>>>>> "_version_": 1470564182244982800
>>>>>> },
>>>>>> {
>>>>>> "deny_token_share": [
>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>> ],
>>>>>> "content_name": "hekko.txt",
>>>>>> "content_modifier": "iwater.ie\\ljangra",
>>>>>> "deny_token_document": [
>>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>>> ],
>>>>>> "id": "
>>>>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>>>>> "allow_token_document": [
>>>>>> "AD+Group:S-1-5-18",
>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>> "AD+Group:S-1-5-32-544"
>>>>>> ],
>>>>>>
>>>>>> "allow_token_share": [
>>>>>> "AD+Group:S-1-1-0",
>>>>>> "AD+Group:S-1-5-32-544"
>>>>>> ],
>>>>>>
>>>>>>
>>>>>> CMIS
>>>>>>
>>>>>> "allow_token_share": [
>>>>>> "__nosecurity__"
>>>>>> ],
>>>>>> "deny_token_document": [
>>>>>> "__nosecurity__"
>>>>>> ],
>>>>>> "deny_token_share": [
>>>>>> "__nosecurity__"
>>>>>> ],
>>>>>> "allow_token_document": [
>>>>>> "__nosecurity__"
>>>>>> ]
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com>
>>>>>> wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> As documented here
>>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>
>>>>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>>>>
>>>>>>
>>>>>> This is a URL parameter, just like Solr params. Here is an example.
>>>>>>
>>>>>>
>>>>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>>>>
>>>>>>
>>>>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>>
>>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> As continuing from
>>>>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>>>>> as per Ahmet's suggestion.
>>>>>>
>>>>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs
>>>>>> indexed into solr indexes.
>>>>>>
>>>>>> Now i want to write Solr query to put a user's permission details
>>>>>> into in it which can be compared to ACL stored in solr and only those
>>>>>> results will be returned to user on which he has been assigned ACL.
>>>>>>
>>>>>> How can i do this? Can i use MCF filter below here or do i need to
>>>>>> write custom query for my need?
>>>>>>
>>>>>> <requestHandler name="search" class="solr.SearchHandler"
>>>>>> default="true">
>>>>>> <lst name="appends">
>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>> </lst>
>>>>>> </requestHandler>
>>>>>>
>>>>>> Please help.
>>>>>>
>>>>>> Regards,
>>>>>> Lalit Jangra.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Lalit Jangra.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Lalit Jangra.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Lalit Jangra.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Lalit Jangra.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Lalit Jangra.
>>>>>
>>>>
>>>>
>>>
>>
>
>
> --
> Regards,
> Lalit Jangra.
>
Re: How to query for content with ACLs?
Posted by lalit jangra <la...@gmail.com>.
Thanks Karl,
After resetting everything again, now i could see content with ACL posted
to solr as per your instructions. Thanks again for this.I am attaching
solr.log.
But still i am not able to see any content using /select query handler &
attached Select.log for same.
While using /query request handler, i can see results with ACL but whatever
name i provide, it returns all results so effectively ACL not working,
attached Query.log for same.
Can you please guide.
Regards.
On Fri, Jun 13, 2014 at 1:37 PM, Karl Wright <da...@gmail.com> wrote:
> I wonder if this is a Luke bug?
> The access tokens might well have a form that Luke doesn't like to
> display. That is the only thing that's making any sense to me at the
> moment.
>
> Karl
>
>
>
> On Fri, Jun 13, 2014 at 8:29 AM, Karl Wright <da...@gmail.com> wrote:
>
>>
>> FWIW, your authority setup seems to be working properly, and the query
>> generator is working properly too. Only the acls are messed up.
>>
>> This is the interesting bit:
>>
>> "allow_token_document": [
>>
>> "SP+KW:"]
>>
>>
>> It looks like a blank access token is being fetched for this list item,
>> which does not make any sense to me. And yet we saw access tokens before,
>> correct?
>>
>>
>> Karl
>>
>>
>>
>> On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <da...@gmail.com> wrote:
>>
>>> Hi Lalit,
>>>
>>> It is clear that your access tokens have not been actually indexed. But
>>> I remember seeing that they were correctly posted to Solr. So now I am
>>> confused.
>>>
>>> Can you please do the following:
>>> - Click the "reindex all documents" button in the MCF view page for your
>>> output connection
>>> - Start your job
>>> - Send me the Solr info output about what has been posted
>>>
>>> When that is done, if what is posted looks correct, you SHOULD have a
>>> Solr index that has ACLs in it.
>>> If it does not look correct, we will have to go back and look at your
>>> connections etc. to see why the acls are not being fetched.
>>>
>>> Thanks,
>>> Karl
>>>
>>>
>>> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <la...@gmail.com>
>>> wrote:
>>>
>>>> Hi Again,
>>>>
>>>> I used /query for debugging & using
>>>>
>>>>
>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>>>> <ht...@iwater.ie>
>>>>
>>>>
>>>>
>>>> <ht...@iwater.ie>I
>>>> could see below results without much information about ACLs.
>>>>
>>>>
>>>>
>>>>
>>>> "deny_token_document": [
>>>>
>>>> "SP+KW:DEAD_AUTHORITY"
>>>>
>>>> ],
>>>>
>>>> "id": "
>>>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>>>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>>>> ",
>>>>
>>>> "allow_token_document": [
>>>>
>>>> "SP+KW:"
>>>>
>>>> ],
>>>>
>>>> "content": [
>>>>
>>>> " \n \n \n \n \n \n \n \n \n \n "
>>>>
>>>> ],
>>>>
>>>> "_version_": 1470790301540941800,
>>>>
>>>> "allow_token_share": [
>>>>
>>>> "__nosecurity__"
>>>>
>>>> ],
>>>>
>>>> "deny_token_share": [
>>>>
>>>> "__nosecurity__"
>>>>
>>>> ]
>>>> }
>>>>
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <io...@yahoo.com>
>>>> wrote:
>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> regarding "As i could not see any document in solr query,"
>>>>>
>>>>> Here is the best practise that I use :
>>>>>
>>>>> I configure /select request handler (RH) with mcfQParser, intended to
>>>>> use in production, default RH.
>>>>>
>>>>> I also use /query RH without mcfQParser, for debugging purposes.
>>>>>
>>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>>>
>>>>> Ahmet
>>>>>
>>>>>
>>>>> On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>>
>>>>> Thanks Karl,
>>>>>
>>>>> As i could not see any document in solr query, i used Luke to open
>>>>> index and i could see below values for all MCF plugin fields for all
>>>>> documents. These are something different from previous values.
>>>>>
>>>>> allow_token_document = SP+KW:
>>>>> allow_token_share = __nosecurity__
>>>>> deny_token_document = SP+KW:DEAD_AUTHORITY
>>>>> allow_token_share = __nosecurity__
>>>>>
>>>>> I think something or a lot of things missing here. I am attaching zip
>>>>> of solr index(very small one with 10 documents from sharepoint) here.
>>>>> Please guide.
>>>>>
>>>>> Regards.
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <da...@gmail.com>
>>>>> wrote:
>>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> Can you show me somehow some of the the ACLs that have been indexed
>>>>> with your documents? The only other potential issue might be that your
>>>>> repository connection(s) may not be part of the same authority groups as
>>>>> your authority connections. In that case, the indexed authority tokens
>>>>> will have a different prefix (e.g. SP+KW in one case, something else in the
>>>>> other).
>>>>>
>>>>> Karl
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>> Hi Again,
>>>>>
>>>>> As per Karl's suggestion, i am now converting user from water.com\ljangra
>>>>> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>>>
>>>>>
>>>>> <ht...@iwater.ie>
>>>>> I can see below ACL.
>>>>> AUTHORIZED:SP+K+Conn
>>>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>>
>>>>> Still i am not able to see any results from query
>>>>>
>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>>>> <ht...@iwater.ie>
>>>>> . While debugging query i can see ACL doing fine. So i am confused
>>>>> why its now working. Can you please help.
>>>>>
>>>>> "parsed_filter_queries": [
>>>>> "ConstantScore(+((+allow_token_share:__nosecurity__
>>>>> +deny_token_share:__nosecurity__)
>>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>>> +((+allow_token_document:__nosecurity__
>>>>> +deny_token_document:__nosecurity__)
>>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>>> ],
>>>>>
>>>>> Finally solr.log also seems to be fine.
>>>>>
>>>>> INFO - 2014-06-13 11:38:19.862;
>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>> to match docs for user '[:ljangra@water.com]'
>>>>> INFO - 2014-06-13 11:38:19.909;
>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>> authority response AUTHORIZED:SP+K+Conn
>>>>> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>>>>> [collection1] webapp=/solr path=/select
>>>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>>>
>>>>> Regards.
>>>>>
>>>>>
>>>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com>
>>>>> wrote:
>>>>>
>>>>> Hi Lalit,
>>>>>
>>>>> It makes more sense to use appends section rather than defaults
>>>>> section when defining mcf query parser plugin in fq parameter.
>>>>>
>>>>> <lst name="appends">
>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>> </lst>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>>
>>>>> Hi Ahmet,
>>>>>
>>>>> I have configured solrconfig.xml as per your suggestion.
>>>>>
>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>> <!-- default values for query parameters can be specified, these
>>>>> will be overridden by parameters in the request
>>>>> -->
>>>>> <lst name="defaults">
>>>>> <str name="echoParams">explicit</str>
>>>>> <int name="rows">1000</int>
>>>>> <str name="df">text</str>
>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>> </lst>
>>>>> ....
>>>>> </requestHandler>
>>>>>
>>>>>
>>>>> Next i am running a job which indexes sharepoint content in solr but
>>>>> when i am searching in solr, i am getting not results & getting
>>>>> UNREACHABLEAUTHORITY message.
>>>>>
>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>>>> commits: num=2
>>>>>
>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>>>
>>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>>> INFO - 2014-06-12 22:22:29.944;
>>>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>>>> INFO - 2014-06-12 22:22:29.960;
>>>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0
>>>>> main
>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>>>> requests to Searcher@5ac787b0
>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>>>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>>>> [collection1] Registered new searcher Searcher@5ac787b0
>>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>>> INFO - 2014-06-12 22:22:29.975;
>>>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>>>> {commit=} 0 265
>>>>> INFO - 2014-06-12 22:22:35.663;
>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>>>> QTime=0
>>>>> INFO - 2014-06-12 22:22:35.741;
>>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>>>> INFO - 2014-06-12 22:22:36.960;
>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>>>> no-user response (open documents only)
>>>>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>>>> [collection1] webapp=/solr path=/select
>>>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>>>> INFO - 2014-06-12 22:22:40.569;
>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>>> to match docs for user '[:ljangra@water.com]'
>>>>> INFO - 2014-06-12 22:22:40.726;
>>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>>>> [collection1] webapp=/solr path=/select
>>>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>>>
>>>>> UNREACHABLEAUTHORITY means name of an authority that was found to be
>>>>> unreachable or unusable but i am having same authority working fine in MCF.
>>>>>
>>>>>
>>>>> Please help.
>>>>>
>>>>> Regards.
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com>
>>>>> wrote:
>>>>>
>>>>> Hi Karl,
>>>>>
>>>>> May be we should use
>>>>>
>>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>>
>>>>> in
>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>
>>>>> To avoid confusion?
>>>>>
>>>>> What do you think?
>>>>>
>>>>>
>>>>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>
>>>>> What does your solrconfig.xml file look like?
>>>>> Karl
>>>>>
>>>>>
>>>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>> Hi Ahmet,
>>>>>
>>>>> I tried the way you suggested but its not working. My solr query is as
>>>>> below.
>>>>>
>>>>>
>>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>
>>>>> Whatever name i am passing as AuthenticatedUserName, it returning all
>>>>> results.
>>>>>
>>>>> I have indexed my documents using mcf-solr plugin using instructions @
>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>>>> Below are some of ACL stored in solr. Am i missing something?
>>>>>
>>>>> "_version_": 1470562493875093500,
>>>>> "allow_token_share": [
>>>>> "__nosecurity__"
>>>>> ],
>>>>> "deny_token_share": [
>>>>> "__nosecurity__"
>>>>> ]
>>>>> },
>>>>> {
>>>>> "content_name": "Alfresco-in-an-Hour.pdf"
>>>>> "deny_token_document": [
>>>>> "SP+Group:DEAD_AUTHORITY"
>>>>> ],
>>>>> "allow_token_document": [
>>>>> "SP+Group:GTest+lalit+Portal+Visitors",
>>>>> "SP+Group:GTest+lalit+Portal+Owners",
>>>>> "SP+Group:GRestricted+Readers",
>>>>> "SP+Group:GTest+lalit+Administrators",
>>>>> "SP+Group:GTest+lalit+Portal+Members",
>>>>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>> "SP+Group:GHierarchy+Managers",
>>>>> "SP+Group:GApprovers",
>>>>> "SP+Group:GViewers",
>>>>> "SP+Group:GDesigners"
>>>>> ],
>>>>> "content_modified_date": "2014-06-04T00:00:00Z",
>>>>>
>>>>>
>>>>>
>>>>> SDD
>>>>>
>>>>>
>>>>> "_version_": 1470564182244982800
>>>>> },
>>>>> {
>>>>> "deny_token_share": [
>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>> ],
>>>>> "content_name": "hekko.txt",
>>>>> "content_modifier": "iwater.ie\\ljangra",
>>>>> "deny_token_document": [
>>>>> "AD+Group:DEAD_AUTHORITY"
>>>>> ],
>>>>> "id": "
>>>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>>>> "allow_token_document": [
>>>>> "AD+Group:S-1-5-18",
>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>> "AD+Group:S-1-5-32-544"
>>>>> ],
>>>>>
>>>>> "allow_token_share": [
>>>>> "AD+Group:S-1-1-0",
>>>>> "AD+Group:S-1-5-32-544"
>>>>> ],
>>>>>
>>>>>
>>>>> CMIS
>>>>>
>>>>> "allow_token_share": [
>>>>> "__nosecurity__"
>>>>> ],
>>>>> "deny_token_document": [
>>>>> "__nosecurity__"
>>>>> ],
>>>>> "deny_token_share": [
>>>>> "__nosecurity__"
>>>>> ],
>>>>> "allow_token_document": [
>>>>> "__nosecurity__"
>>>>> ]
>>>>>
>>>>> Regards.
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com>
>>>>> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> As documented here
>>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>
>>>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>>>
>>>>>
>>>>> This is a URL parameter, just like Solr params. Here is an example.
>>>>>
>>>>>
>>>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>>>
>>>>>
>>>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>>>> lalit.j.jangra@gmail.com> wrote:
>>>>>
>>>>>
>>>>> Hi All,
>>>>>
>>>>> As continuing from
>>>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>>>> as per Ahmet's suggestion.
>>>>>
>>>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
>>>>> into solr indexes.
>>>>>
>>>>> Now i want to write Solr query to put a user's permission details into
>>>>> in it which can be compared to ACL stored in solr and only those results
>>>>> will be returned to user on which he has been assigned ACL.
>>>>>
>>>>> How can i do this? Can i use MCF filter below here or do i need to
>>>>> write custom query for my need?
>>>>>
>>>>> <requestHandler name="search" class="solr.SearchHandler"
>>>>> default="true">
>>>>> <lst name="appends">
>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>> </lst>
>>>>> </requestHandler>
>>>>>
>>>>> Please help.
>>>>>
>>>>> Regards,
>>>>> Lalit Jangra.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Lalit Jangra.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Lalit Jangra.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Lalit Jangra.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Lalit Jangra.
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Lalit Jangra.
>>>>
>>>
>>>
>>
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by Karl Wright <da...@gmail.com>.
I wonder if this is a Luke bug?
The access tokens might well have a form that Luke doesn't like to
display. That is the only thing that's making any sense to me at the
moment.
Karl
On Fri, Jun 13, 2014 at 8:29 AM, Karl Wright <da...@gmail.com> wrote:
>
> FWIW, your authority setup seems to be working properly, and the query
> generator is working properly too. Only the acls are messed up.
>
> This is the interesting bit:
>
> "allow_token_document": [
>
> "SP+KW:"]
>
>
> It looks like a blank access token is being fetched for this list item,
> which does not make any sense to me. And yet we saw access tokens before,
> correct?
>
>
> Karl
>
>
>
> On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <da...@gmail.com> wrote:
>
>> Hi Lalit,
>>
>> It is clear that your access tokens have not been actually indexed. But
>> I remember seeing that they were correctly posted to Solr. So now I am
>> confused.
>>
>> Can you please do the following:
>> - Click the "reindex all documents" button in the MCF view page for your
>> output connection
>> - Start your job
>> - Send me the Solr info output about what has been posted
>>
>> When that is done, if what is posted looks correct, you SHOULD have a
>> Solr index that has ACLs in it.
>> If it does not look correct, we will have to go back and look at your
>> connections etc. to see why the acls are not being fetched.
>>
>> Thanks,
>> Karl
>>
>>
>> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <la...@gmail.com>
>> wrote:
>>
>>> Hi Again,
>>>
>>> I used /query for debugging & using
>>>
>>>
>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>>> <ht...@iwater.ie>
>>>
>>>
>>>
>>> <ht...@iwater.ie>I
>>> could see below results without much information about ACLs.
>>>
>>>
>>>
>>>
>>> "deny_token_document": [
>>>
>>> "SP+KW:DEAD_AUTHORITY"
>>>
>>> ],
>>>
>>> "id": "
>>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>>> ",
>>>
>>> "allow_token_document": [
>>>
>>> "SP+KW:"
>>>
>>> ],
>>>
>>> "content": [
>>>
>>> " \n \n \n \n \n \n \n \n \n \n "
>>>
>>> ],
>>>
>>> "_version_": 1470790301540941800,
>>>
>>> "allow_token_share": [
>>>
>>> "__nosecurity__"
>>>
>>> ],
>>>
>>> "deny_token_share": [
>>>
>>> "__nosecurity__"
>>>
>>> ]
>>> }
>>>
>>>
>>>
>>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <io...@yahoo.com>
>>> wrote:
>>>
>>>> Hi Lalit,
>>>>
>>>> regarding "As i could not see any document in solr query,"
>>>>
>>>> Here is the best practise that I use :
>>>>
>>>> I configure /select request handler (RH) with mcfQParser, intended to
>>>> use in production, default RH.
>>>>
>>>> I also use /query RH without mcfQParser, for debugging purposes.
>>>>
>>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>>
>>>> Ahmet
>>>>
>>>>
>>>> On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>>> lalit.j.jangra@gmail.com> wrote:
>>>>
>>>>
>>>> Thanks Karl,
>>>>
>>>> As i could not see any document in solr query, i used Luke to open
>>>> index and i could see below values for all MCF plugin fields for all
>>>> documents. These are something different from previous values.
>>>>
>>>> allow_token_document = SP+KW:
>>>> allow_token_share = __nosecurity__
>>>> deny_token_document = SP+KW:DEAD_AUTHORITY
>>>> allow_token_share = __nosecurity__
>>>>
>>>> I think something or a lot of things missing here. I am attaching zip
>>>> of solr index(very small one with 10 documents from sharepoint) here.
>>>> Please guide.
>>>>
>>>> Regards.
>>>>
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <da...@gmail.com>
>>>> wrote:
>>>>
>>>> Hi Lalit,
>>>>
>>>> Can you show me somehow some of the the ACLs that have been indexed
>>>> with your documents? The only other potential issue might be that your
>>>> repository connection(s) may not be part of the same authority groups as
>>>> your authority connections. In that case, the indexed authority tokens
>>>> will have a different prefix (e.g. SP+KW in one case, something else in the
>>>> other).
>>>>
>>>> Karl
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <lalit.j.jangra@gmail.com
>>>> > wrote:
>>>>
>>>> Hi Again,
>>>>
>>>> As per Karl's suggestion, i am now converting user from water.com\ljangra
>>>> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>>
>>>>
>>>> <ht...@iwater.ie>
>>>> I can see below ACL.
>>>> AUTHORIZED:SP+K+Conn
>>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>>
>>>> Still i am not able to see any results from query
>>>>
>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>>> <ht...@iwater.ie>
>>>> . While debugging query i can see ACL doing fine. So i am confused why
>>>> its now working. Can you please help.
>>>>
>>>> "parsed_filter_queries": [
>>>> "ConstantScore(+((+allow_token_share:__nosecurity__
>>>> +deny_token_share:__nosecurity__)
>>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>>> +((+allow_token_document:__nosecurity__
>>>> +deny_token_document:__nosecurity__)
>>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>>> ],
>>>>
>>>> Finally solr.log also seems to be fine.
>>>>
>>>> INFO - 2014-06-13 11:38:19.862;
>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>> to match docs for user '[:ljangra@water.com]'
>>>> INFO - 2014-06-13 11:38:19.909;
>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>> authority response AUTHORIZED:SP+K+Conn
>>>> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>>>> [collection1] webapp=/solr path=/select
>>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>>
>>>> Regards.
>>>>
>>>>
>>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com>
>>>> wrote:
>>>>
>>>> Hi Lalit,
>>>>
>>>> It makes more sense to use appends section rather than defaults section
>>>> when defining mcf query parser plugin in fq parameter.
>>>>
>>>> <lst name="appends">
>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>> </lst>
>>>>
>>>>
>>>>
>>>>
>>>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>>> lalit.j.jangra@gmail.com> wrote:
>>>>
>>>>
>>>> Hi Ahmet,
>>>>
>>>> I have configured solrconfig.xml as per your suggestion.
>>>>
>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>> <!-- default values for query parameters can be specified, these
>>>> will be overridden by parameters in the request
>>>> -->
>>>> <lst name="defaults">
>>>> <str name="echoParams">explicit</str>
>>>> <int name="rows">1000</int>
>>>> <str name="df">text</str>
>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>> </lst>
>>>> ....
>>>> </requestHandler>
>>>>
>>>>
>>>> Next i am running a job which indexes sharepoint content in solr but
>>>> when i am searching in solr, i am getting not results & getting
>>>> UNREACHABLEAUTHORITY message.
>>>>
>>>> INFO - 2014-06-12 22:22:29.944;
>>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>>> commits: num=2
>>>>
>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>>
>>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>> INFO - 2014-06-12 22:22:29.944;
>>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>>> INFO - 2014-06-12 22:22:29.960;
>>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0
>>>> main
>>>> INFO - 2014-06-12 22:22:29.975;
>>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>> INFO - 2014-06-12 22:22:29.975;
>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>>> requests to Searcher@5ac787b0
>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>> INFO - 2014-06-12 22:22:29.975;
>>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>>> [collection1] Registered new searcher Searcher@5ac787b0
>>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>> INFO - 2014-06-12 22:22:29.975;
>>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>>> {commit=} 0 265
>>>> INFO - 2014-06-12 22:22:35.663;
>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>>> QTime=0
>>>> INFO - 2014-06-12 22:22:35.741;
>>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>>> INFO - 2014-06-12 22:22:36.960;
>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>>> no-user response (open documents only)
>>>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>>> [collection1] webapp=/solr path=/select
>>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>>> INFO - 2014-06-12 22:22:40.569;
>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>>> to match docs for user '[:ljangra@water.com]'
>>>> INFO - 2014-06-12 22:22:40.726;
>>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>>> [collection1] webapp=/solr path=/select
>>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>>
>>>> UNREACHABLEAUTHORITY means name of an authority that was found to be
>>>> unreachable or unusable but i am having same authority working fine in MCF.
>>>>
>>>>
>>>> Please help.
>>>>
>>>> Regards.
>>>>
>>>>
>>>>
>>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com>
>>>> wrote:
>>>>
>>>> Hi Karl,
>>>>
>>>> May be we should use
>>>>
>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>
>>>> in
>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>
>>>> To avoid confusion?
>>>>
>>>> What do you think?
>>>>
>>>>
>>>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com>
>>>> wrote:
>>>>
>>>>
>>>> What does your solrconfig.xml file look like?
>>>> Karl
>>>>
>>>>
>>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <lalit.j.jangra@gmail.com
>>>> > wrote:
>>>>
>>>> Hi Ahmet,
>>>>
>>>> I tried the way you suggested but its not working. My solr query is as
>>>> below.
>>>>
>>>>
>>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>
>>>> Whatever name i am passing as AuthenticatedUserName, it returning all
>>>> results.
>>>>
>>>> I have indexed my documents using mcf-solr plugin using instructions @
>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>>> Below are some of ACL stored in solr. Am i missing something?
>>>>
>>>> "_version_": 1470562493875093500,
>>>> "allow_token_share": [
>>>> "__nosecurity__"
>>>> ],
>>>> "deny_token_share": [
>>>> "__nosecurity__"
>>>> ]
>>>> },
>>>> {
>>>> "content_name": "Alfresco-in-an-Hour.pdf"
>>>> "deny_token_document": [
>>>> "SP+Group:DEAD_AUTHORITY"
>>>> ],
>>>> "allow_token_document": [
>>>> "SP+Group:GTest+lalit+Portal+Visitors",
>>>> "SP+Group:GTest+lalit+Portal+Owners",
>>>> "SP+Group:GRestricted+Readers",
>>>> "SP+Group:GTest+lalit+Administrators",
>>>> "SP+Group:GTest+lalit+Portal+Members",
>>>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>>> "SP+Group:GHierarchy+Managers",
>>>> "SP+Group:GApprovers",
>>>> "SP+Group:GViewers",
>>>> "SP+Group:GDesigners"
>>>> ],
>>>> "content_modified_date": "2014-06-04T00:00:00Z",
>>>>
>>>>
>>>>
>>>> SDD
>>>>
>>>>
>>>> "_version_": 1470564182244982800
>>>> },
>>>> {
>>>> "deny_token_share": [
>>>> "AD+Group:DEAD_AUTHORITY"
>>>> ],
>>>> "content_name": "hekko.txt",
>>>> "content_modifier": "iwater.ie\\ljangra",
>>>> "deny_token_document": [
>>>> "AD+Group:DEAD_AUTHORITY"
>>>> ],
>>>> "id": "
>>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>>> "allow_token_document": [
>>>> "AD+Group:S-1-5-18",
>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>> "AD+Group:S-1-5-32-544"
>>>> ],
>>>>
>>>> "allow_token_share": [
>>>> "AD+Group:S-1-1-0",
>>>> "AD+Group:S-1-5-32-544"
>>>> ],
>>>>
>>>>
>>>> CMIS
>>>>
>>>> "allow_token_share": [
>>>> "__nosecurity__"
>>>> ],
>>>> "deny_token_document": [
>>>> "__nosecurity__"
>>>> ],
>>>> "deny_token_share": [
>>>> "__nosecurity__"
>>>> ],
>>>> "allow_token_document": [
>>>> "__nosecurity__"
>>>> ]
>>>>
>>>> Regards.
>>>>
>>>>
>>>>
>>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com>
>>>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> As documented here
>>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>
>>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>>
>>>>
>>>> This is a URL parameter, just like Solr params. Here is an example.
>>>>
>>>>
>>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>>
>>>>
>>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>>> lalit.j.jangra@gmail.com> wrote:
>>>>
>>>>
>>>> Hi All,
>>>>
>>>> As continuing from
>>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>>> as per Ahmet's suggestion.
>>>>
>>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
>>>> into solr indexes.
>>>>
>>>> Now i want to write Solr query to put a user's permission details into
>>>> in it which can be compared to ACL stored in solr and only those results
>>>> will be returned to user on which he has been assigned ACL.
>>>>
>>>> How can i do this? Can i use MCF filter below here or do i need to
>>>> write custom query for my need?
>>>>
>>>> <requestHandler name="search" class="solr.SearchHandler" default="true">
>>>> <lst name="appends">
>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>> </lst>
>>>> </requestHandler>
>>>>
>>>> Please help.
>>>>
>>>> Regards,
>>>> Lalit Jangra.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Lalit Jangra.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Lalit Jangra.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Lalit Jangra.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Lalit Jangra.
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>
>>
>
Re: How to query for content with ACLs?
Posted by Karl Wright <da...@gmail.com>.
FWIW, your authority setup seems to be working properly, and the query
generator is working properly too. Only the acls are messed up.
This is the interesting bit:
"allow_token_document": [
"SP+KW:"]
It looks like a blank access token is being fetched for this list item,
which does not make any sense to me. And yet we saw access tokens before,
correct?
Karl
On Fri, Jun 13, 2014 at 8:22 AM, Karl Wright <da...@gmail.com> wrote:
> Hi Lalit,
>
> It is clear that your access tokens have not been actually indexed. But I
> remember seeing that they were correctly posted to Solr. So now I am
> confused.
>
> Can you please do the following:
> - Click the "reindex all documents" button in the MCF view page for your
> output connection
> - Start your job
> - Send me the Solr info output about what has been posted
>
> When that is done, if what is posted looks correct, you SHOULD have a Solr
> index that has ACLs in it.
> If it does not look correct, we will have to go back and look at your
> connections etc. to see why the acls are not being fetched.
>
> Thanks,
> Karl
>
>
> On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <la...@gmail.com>
> wrote:
>
>> Hi Again,
>>
>> I used /query for debugging & using
>>
>>
>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>> <ht...@iwater.ie>
>>
>>
>>
>> <ht...@iwater.ie>I
>> could see below results without much information about ACLs.
>>
>>
>>
>>
>> "deny_token_document": [
>>
>> "SP+KW:DEAD_AUTHORITY"
>>
>> ],
>>
>> "id": "
>> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
>> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
>> ",
>>
>> "allow_token_document": [
>>
>> "SP+KW:"
>>
>> ],
>>
>> "content": [
>>
>> " \n \n \n \n \n \n \n \n \n \n "
>>
>> ],
>>
>> "_version_": 1470790301540941800,
>>
>> "allow_token_share": [
>>
>> "__nosecurity__"
>>
>> ],
>>
>> "deny_token_share": [
>>
>> "__nosecurity__"
>>
>> ]
>> }
>>
>>
>>
>> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>
>>> Hi Lalit,
>>>
>>> regarding "As i could not see any document in solr query,"
>>>
>>> Here is the best practise that I use :
>>>
>>> I configure /select request handler (RH) with mcfQParser, intended to
>>> use in production, default RH.
>>>
>>> I also use /query RH without mcfQParser, for debugging purposes.
>>>
>>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>>
>>> Ahmet
>>>
>>>
>>> On Friday, June 13, 2014 2:30 PM, lalit jangra <
>>> lalit.j.jangra@gmail.com> wrote:
>>>
>>>
>>> Thanks Karl,
>>>
>>> As i could not see any document in solr query, i used Luke to open index
>>> and i could see below values for all MCF plugin fields for all documents.
>>> These are something different from previous values.
>>>
>>> allow_token_document = SP+KW:
>>> allow_token_share = __nosecurity__
>>> deny_token_document = SP+KW:DEAD_AUTHORITY
>>> allow_token_share = __nosecurity__
>>>
>>> I think something or a lot of things missing here. I am attaching zip of
>>> solr index(very small one with 10 documents from sharepoint) here. Please
>>> guide.
>>>
>>> Regards.
>>>
>>>
>>>
>>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <da...@gmail.com>
>>> wrote:
>>>
>>> Hi Lalit,
>>>
>>> Can you show me somehow some of the the ACLs that have been indexed with
>>> your documents? The only other potential issue might be that your
>>> repository connection(s) may not be part of the same authority groups as
>>> your authority connections. In that case, the indexed authority tokens
>>> will have a different prefix (e.g. SP+KW in one case, something else in the
>>> other).
>>>
>>> Karl
>>>
>>>
>>>
>>>
>>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <la...@gmail.com>
>>> wrote:
>>>
>>> Hi Again,
>>>
>>> As per Karl's suggestion, i am now converting user from water.com\ljangra
>>> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>>
>>>
>>> <ht...@iwater.ie>
>>> I can see below ACL.
>>> AUTHORIZED:SP+K+Conn
>>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>>
>>> Still i am not able to see any results from query
>>>
>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>>> <ht...@iwater.ie>
>>> . While debugging query i can see ACL doing fine. So i am confused why
>>> its now working. Can you please help.
>>>
>>> "parsed_filter_queries": [
>>> "ConstantScore(+((+allow_token_share:__nosecurity__
>>> +deny_token_share:__nosecurity__)
>>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>>> +((+allow_token_document:__nosecurity__
>>> +deny_token_document:__nosecurity__)
>>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>> ],
>>>
>>> Finally solr.log also seems to be fine.
>>>
>>> INFO - 2014-06-13 11:38:19.862;
>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>> to match docs for user '[:ljangra@water.com]'
>>> INFO - 2014-06-13 11:38:19.909;
>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>> authority response AUTHORIZED:SP+K+Conn
>>> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>>> [collection1] webapp=/solr path=/select
>>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>>> ljangra@water.com} hits=0 status=0 QTime=47
>>>
>>> Regards.
>>>
>>>
>>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com>
>>> wrote:
>>>
>>> Hi Lalit,
>>>
>>> It makes more sense to use appends section rather than defaults section
>>> when defining mcf query parser plugin in fq parameter.
>>>
>>> <lst name="appends">
>>> <str name="fq">{!manifoldCFSecurity}</str>
>>> </lst>
>>>
>>>
>>>
>>>
>>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>> lalit.j.jangra@gmail.com> wrote:
>>>
>>>
>>> Hi Ahmet,
>>>
>>> I have configured solrconfig.xml as per your suggestion.
>>>
>>> <requestHandler name="/select" class="solr.SearchHandler">
>>> <!-- default values for query parameters can be specified, these
>>> will be overridden by parameters in the request
>>> -->
>>> <lst name="defaults">
>>> <str name="echoParams">explicit</str>
>>> <int name="rows">1000</int>
>>> <str name="df">text</str>
>>> <str name="fq">{!manifoldCFSecurity}</str>
>>> </lst>
>>> ....
>>> </requestHandler>
>>>
>>>
>>> Next i am running a job which indexes sharepoint content in solr but
>>> when i am searching in solr, i am getting not results & getting
>>> UNREACHABLEAUTHORITY message.
>>>
>>> INFO - 2014-06-12 22:22:29.944;
>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>> commits: num=2
>>>
>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>
>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>> INFO - 2014-06-12 22:22:29.944;
>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>> INFO - 2014-06-12 22:22:29.960;
>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0 main
>>> INFO - 2014-06-12 22:22:29.975;
>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>> INFO - 2014-06-12 22:22:29.975;
>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>> requests to Searcher@5ac787b0
>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>> INFO - 2014-06-12 22:22:29.975;
>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>> [collection1] Registered new searcher Searcher@5ac787b0
>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>> INFO - 2014-06-12 22:22:29.975;
>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>> {commit=} 0 265
>>> INFO - 2014-06-12 22:22:35.663;
>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>> QTime=0
>>> INFO - 2014-06-12 22:22:35.741;
>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>> INFO - 2014-06-12 22:22:36.960;
>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>> no-user response (open documents only)
>>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>> [collection1] webapp=/solr path=/select
>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>> INFO - 2014-06-12 22:22:40.569;
>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>> to match docs for user '[:ljangra@water.com]'
>>> INFO - 2014-06-12 22:22:40.726;
>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>> [collection1] webapp=/solr path=/select
>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>
>>> UNREACHABLEAUTHORITY means name of an authority that was found to be
>>> unreachable or unusable but i am having same authority working fine in MCF.
>>>
>>>
>>> Please help.
>>>
>>> Regards.
>>>
>>>
>>>
>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>>
>>> Hi Karl,
>>>
>>> May be we should use
>>>
>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>
>>> in
>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>
>>> To avoid confusion?
>>>
>>> What do you think?
>>>
>>>
>>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com>
>>> wrote:
>>>
>>>
>>> What does your solrconfig.xml file look like?
>>> Karl
>>>
>>>
>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com>
>>> wrote:
>>>
>>> Hi Ahmet,
>>>
>>> I tried the way you suggested but its not working. My solr query is as
>>> below.
>>>
>>>
>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>
>>> Whatever name i am passing as AuthenticatedUserName, it returning all
>>> results.
>>>
>>> I have indexed my documents using mcf-solr plugin using instructions @
>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>> Below are some of ACL stored in solr. Am i missing something?
>>>
>>> "_version_": 1470562493875093500,
>>> "allow_token_share": [
>>> "__nosecurity__"
>>> ],
>>> "deny_token_share": [
>>> "__nosecurity__"
>>> ]
>>> },
>>> {
>>> "content_name": "Alfresco-in-an-Hour.pdf"
>>> "deny_token_document": [
>>> "SP+Group:DEAD_AUTHORITY"
>>> ],
>>> "allow_token_document": [
>>> "SP+Group:GTest+lalit+Portal+Visitors",
>>> "SP+Group:GTest+lalit+Portal+Owners",
>>> "SP+Group:GRestricted+Readers",
>>> "SP+Group:GTest+lalit+Administrators",
>>> "SP+Group:GTest+lalit+Portal+Members",
>>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>> "SP+Group:GHierarchy+Managers",
>>> "SP+Group:GApprovers",
>>> "SP+Group:GViewers",
>>> "SP+Group:GDesigners"
>>> ],
>>> "content_modified_date": "2014-06-04T00:00:00Z",
>>>
>>>
>>>
>>> SDD
>>>
>>>
>>> "_version_": 1470564182244982800
>>> },
>>> {
>>> "deny_token_share": [
>>> "AD+Group:DEAD_AUTHORITY"
>>> ],
>>> "content_name": "hekko.txt",
>>> "content_modifier": "iwater.ie\\ljangra",
>>> "deny_token_document": [
>>> "AD+Group:DEAD_AUTHORITY"
>>> ],
>>> "id": "
>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>> "allow_token_document": [
>>> "AD+Group:S-1-5-18",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>> "AD+Group:S-1-5-32-544"
>>> ],
>>>
>>> "allow_token_share": [
>>> "AD+Group:S-1-1-0",
>>> "AD+Group:S-1-5-32-544"
>>> ],
>>>
>>>
>>> CMIS
>>>
>>> "allow_token_share": [
>>> "__nosecurity__"
>>> ],
>>> "deny_token_document": [
>>> "__nosecurity__"
>>> ],
>>> "deny_token_share": [
>>> "__nosecurity__"
>>> ],
>>> "allow_token_document": [
>>> "__nosecurity__"
>>> ]
>>>
>>> Regards.
>>>
>>>
>>>
>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>>
>>> Hi,
>>>
>>> As documented here
>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>
>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>
>>>
>>> This is a URL parameter, just like Solr params. Here is an example.
>>>
>>>
>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>
>>>
>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>> lalit.j.jangra@gmail.com> wrote:
>>>
>>>
>>> Hi All,
>>>
>>> As continuing from
>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>> as per Ahmet's suggestion.
>>>
>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
>>> into solr indexes.
>>>
>>> Now i want to write Solr query to put a user's permission details into
>>> in it which can be compared to ACL stored in solr and only those results
>>> will be returned to user on which he has been assigned ACL.
>>>
>>> How can i do this? Can i use MCF filter below here or do i need to
>>> write custom query for my need?
>>>
>>> <requestHandler name="search" class="solr.SearchHandler" default="true">
>>> <lst name="appends">
>>> <str name="fq">{!manifoldCFSecurity}</str>
>>> </lst>
>>> </requestHandler>
>>>
>>> Please help.
>>>
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>
>
Re: How to query for content with ACLs?
Posted by Karl Wright <da...@gmail.com>.
Hi Lalit,
It is clear that your access tokens have not been actually indexed. But I
remember seeing that they were correctly posted to Solr. So now I am
confused.
Can you please do the following:
- Click the "reindex all documents" button in the MCF view page for your
output connection
- Start your job
- Send me the Solr info output about what has been posted
When that is done, if what is posted looks correct, you SHOULD have a Solr
index that has ACLs in it.
If it does not look correct, we will have to go back and look at your
connections etc. to see why the acls are not being fetched.
Thanks,
Karl
On Fri, Jun 13, 2014 at 8:16 AM, lalit jangra <la...@gmail.com>
wrote:
> Hi Again,
>
> I used /query for debugging & using
>
>
> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
> <ht...@iwater.ie>
>
>
>
> <ht...@iwater.ie>I
> could see below results without much information about ACLs.
>
>
>
>
> "deny_token_document": [
>
> "SP+KW:DEAD_AUTHORITY"
>
> ],
>
> "id": "
> http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
> <http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
> ",
>
> "allow_token_document": [
>
> "SP+KW:"
>
> ],
>
> "content": [
>
> " \n \n \n \n \n \n \n \n \n \n "
>
> ],
>
> "_version_": 1470790301540941800,
>
> "allow_token_share": [
>
> "__nosecurity__"
>
> ],
>
> "deny_token_share": [
>
> "__nosecurity__"
>
> ]
> }
>
>
>
> On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>
>> Hi Lalit,
>>
>> regarding "As i could not see any document in solr query,"
>>
>> Here is the best practise that I use :
>>
>> I configure /select request handler (RH) with mcfQParser, intended to use
>> in production, default RH.
>>
>> I also use /query RH without mcfQParser, for debugging purposes.
>>
>> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>>
>> Ahmet
>>
>>
>> On Friday, June 13, 2014 2:30 PM, lalit jangra <
>> lalit.j.jangra@gmail.com> wrote:
>>
>>
>> Thanks Karl,
>>
>> As i could not see any document in solr query, i used Luke to open index
>> and i could see below values for all MCF plugin fields for all documents.
>> These are something different from previous values.
>>
>> allow_token_document = SP+KW:
>> allow_token_share = __nosecurity__
>> deny_token_document = SP+KW:DEAD_AUTHORITY
>> allow_token_share = __nosecurity__
>>
>> I think something or a lot of things missing here. I am attaching zip of
>> solr index(very small one with 10 documents from sharepoint) here. Please
>> guide.
>>
>> Regards.
>>
>>
>>
>> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <da...@gmail.com> wrote:
>>
>> Hi Lalit,
>>
>> Can you show me somehow some of the the ACLs that have been indexed with
>> your documents? The only other potential issue might be that your
>> repository connection(s) may not be part of the same authority groups as
>> your authority connections. In that case, the indexed authority tokens
>> will have a different prefix (e.g. SP+KW in one case, something else in the
>> other).
>>
>> Karl
>>
>>
>>
>>
>> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <la...@gmail.com>
>> wrote:
>>
>> Hi Again,
>>
>> As per Karl's suggestion, i am now converting user from water.com\ljangra
>> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>
>>
>> <ht...@iwater.ie>
>> I can see below ACL.
>> AUTHORIZED:SP+K+Conn
>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>
>> Still i am not able to see any results from query
>>
>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>> <ht...@iwater.ie>
>> . While debugging query i can see ACL doing fine. So i am confused why
>> its now working. Can you please help.
>>
>> "parsed_filter_queries": [
>> "ConstantScore(+((+allow_token_share:__nosecurity__
>> +deny_token_share:__nosecurity__)
>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>> +((+allow_token_document:__nosecurity__
>> +deny_token_document:__nosecurity__)
>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>> ],
>>
>> Finally solr.log also seems to be fine.
>>
>> INFO - 2014-06-13 11:38:19.862;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>> to match docs for user '[:ljangra@water.com]'
>> INFO - 2014-06-13 11:38:19.909;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>> authority response AUTHORIZED:SP+K+Conn
>> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>> [collection1] webapp=/solr path=/select
>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>> ljangra@water.com} hits=0 status=0 QTime=47
>>
>> Regards.
>>
>>
>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com> wrote:
>>
>> Hi Lalit,
>>
>> It makes more sense to use appends section rather than defaults section
>> when defining mcf query parser plugin in fq parameter.
>>
>> <lst name="appends">
>> <str name="fq">{!manifoldCFSecurity}</str>
>> </lst>
>>
>>
>>
>>
>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>> lalit.j.jangra@gmail.com> wrote:
>>
>>
>> Hi Ahmet,
>>
>> I have configured solrconfig.xml as per your suggestion.
>>
>> <requestHandler name="/select" class="solr.SearchHandler">
>> <!-- default values for query parameters can be specified, these
>> will be overridden by parameters in the request
>> -->
>> <lst name="defaults">
>> <str name="echoParams">explicit</str>
>> <int name="rows">1000</int>
>> <str name="df">text</str>
>> <str name="fq">{!manifoldCFSecurity}</str>
>> </lst>
>> ....
>> </requestHandler>
>>
>>
>> Next i am running a job which indexes sharepoint content in solr but when
>> i am searching in solr, i am getting not results & getting
>> UNREACHABLEAUTHORITY message.
>>
>> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
>> SolrDeletionPolicy.onCommit: commits: num=2
>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
>> newest commit generation = 2
>> INFO - 2014-06-12 22:22:29.960;
>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0 main
>> INFO - 2014-06-12 22:22:29.975;
>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>> INFO - 2014-06-12 22:22:29.975;
>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>> requests to Searcher@5ac787b0
>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>> INFO - 2014-06-12 22:22:29.975;
>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>> [collection1] Registered new searcher Searcher@5ac787b0
>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>> INFO - 2014-06-12 22:22:29.975;
>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>> {commit=} 0 265
>> INFO - 2014-06-12 22:22:35.663;
>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>> QTime=0
>> INFO - 2014-06-12 22:22:35.741;
>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>> INFO - 2014-06-12 22:22:36.960;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>> no-user response (open documents only)
>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>> [collection1] webapp=/solr path=/select
>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>> INFO - 2014-06-12 22:22:40.569;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>> to match docs for user '[:ljangra@water.com]'
>> INFO - 2014-06-12 22:22:40.726;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>> [collection1] webapp=/solr path=/select
>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>> ljangra@water.com} hits=0 status=0 QTime=157
>>
>> UNREACHABLEAUTHORITY means name of an authority that was found to be
>> unreachable or unusable but i am having same authority working fine in MCF.
>>
>>
>> Please help.
>>
>> Regards.
>>
>>
>>
>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>
>> Hi Karl,
>>
>> May be we should use
>>
>> <requestHandler name="/select" class="solr.SearchHandler">
>>
>> in
>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>
>> To avoid confusion?
>>
>> What do you think?
>>
>>
>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com>
>> wrote:
>>
>>
>> What does your solrconfig.xml file look like?
>> Karl
>>
>>
>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com>
>> wrote:
>>
>> Hi Ahmet,
>>
>> I tried the way you suggested but its not working. My solr query is as
>> below.
>>
>>
>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>
>> Whatever name i am passing as AuthenticatedUserName, it returning all
>> results.
>>
>> I have indexed my documents using mcf-solr plugin using instructions @
>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>> Below are some of ACL stored in solr. Am i missing something?
>>
>> "_version_": 1470562493875093500,
>> "allow_token_share": [
>> "__nosecurity__"
>> ],
>> "deny_token_share": [
>> "__nosecurity__"
>> ]
>> },
>> {
>> "content_name": "Alfresco-in-an-Hour.pdf"
>> "deny_token_document": [
>> "SP+Group:DEAD_AUTHORITY"
>> ],
>> "allow_token_document": [
>> "SP+Group:GTest+lalit+Portal+Visitors",
>> "SP+Group:GTest+lalit+Portal+Owners",
>> "SP+Group:GRestricted+Readers",
>> "SP+Group:GTest+lalit+Administrators",
>> "SP+Group:GTest+lalit+Portal+Members",
>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>> "SP+Group:GHierarchy+Managers",
>> "SP+Group:GApprovers",
>> "SP+Group:GViewers",
>> "SP+Group:GDesigners"
>> ],
>> "content_modified_date": "2014-06-04T00:00:00Z",
>>
>>
>>
>> SDD
>>
>>
>> "_version_": 1470564182244982800
>> },
>> {
>> "deny_token_share": [
>> "AD+Group:DEAD_AUTHORITY"
>> ],
>> "content_name": "hekko.txt",
>> "content_modifier": "iwater.ie\\ljangra",
>> "deny_token_document": [
>> "AD+Group:DEAD_AUTHORITY"
>> ],
>> "id": "
>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>> "allow_token_document": [
>> "AD+Group:S-1-5-18",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>> "AD+Group:S-1-5-32-544"
>> ],
>>
>> "allow_token_share": [
>> "AD+Group:S-1-1-0",
>> "AD+Group:S-1-5-32-544"
>> ],
>>
>>
>> CMIS
>>
>> "allow_token_share": [
>> "__nosecurity__"
>> ],
>> "deny_token_document": [
>> "__nosecurity__"
>> ],
>> "deny_token_share": [
>> "__nosecurity__"
>> ],
>> "allow_token_document": [
>> "__nosecurity__"
>> ]
>>
>> Regards.
>>
>>
>>
>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>
>> Hi,
>>
>> As documented here
>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>
>> "At a minimum, AuthenticatedUserName must be present in order"
>>
>>
>> This is a URL parameter, just like Solr params. Here is an example.
>>
>>
>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>
>>
>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>> lalit.j.jangra@gmail.com> wrote:
>>
>>
>> Hi All,
>>
>> As continuing from
>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>> as per Ahmet's suggestion.
>>
>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
>> into solr indexes.
>>
>> Now i want to write Solr query to put a user's permission details into in
>> it which can be compared to ACL stored in solr and only those results will
>> be returned to user on which he has been assigned ACL.
>>
>> How can i do this? Can i use MCF filter below here or do i need to
>> write custom query for my need?
>>
>> <requestHandler name="search" class="solr.SearchHandler" default="true">
>> <lst name="appends">
>> <str name="fq">{!manifoldCFSecurity}</str>
>> </lst>
>> </requestHandler>
>>
>> Please help.
>>
>> Regards,
>> Lalit Jangra.
>>
>>
>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>>
>>
>>
>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>>
>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>>
>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>>
>>
>
>
> --
> Regards,
> Lalit Jangra.
>
Re: How to query for content with ACLs?
Posted by lalit jangra <la...@gmail.com>.
Hi Again,
I used /query for debugging & using
http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
<ht...@iwater.ie>
<ht...@iwater.ie>I
could see below results without much information about ACLs.
"deny_token_document": [
"SP+KW:DEAD_AUTHORITY"
],
"id": "http://testhwaterportal/water/Lists/IWList/DispForm.aspx?ID=1
<http://testirishwaterportal/irish-water/irish-water/Lists/IWList/DispForm.aspx?ID=1>
",
"allow_token_document": [
"SP+KW:"
],
"content": [
" \n \n \n \n \n \n \n \n \n \n "
],
"_version_": 1470790301540941800,
"allow_token_share": [
"__nosecurity__"
],
"deny_token_share": [
"__nosecurity__"
]
}
On Fri, Jun 13, 2014 at 12:54 PM, Ahmet Arslan <io...@yahoo.com> wrote:
> Hi Lalit,
>
> regarding "As i could not see any document in solr query,"
>
> Here is the best practise that I use :
>
> I configure /select request handler (RH) with mcfQParser, intended to use
> in production, default RH.
>
> I also use /query RH without mcfQParser, for debugging purposes.
>
> http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
>
> Ahmet
>
>
> On Friday, June 13, 2014 2:30 PM, lalit jangra <la...@gmail.com>
> wrote:
>
>
> Thanks Karl,
>
> As i could not see any document in solr query, i used Luke to open index
> and i could see below values for all MCF plugin fields for all documents.
> These are something different from previous values.
>
> allow_token_document = SP+KW:
> allow_token_share = __nosecurity__
> deny_token_document = SP+KW:DEAD_AUTHORITY
> allow_token_share = __nosecurity__
>
> I think something or a lot of things missing here. I am attaching zip of
> solr index(very small one with 10 documents from sharepoint) here. Please
> guide.
>
> Regards.
>
>
>
> On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <da...@gmail.com> wrote:
>
> Hi Lalit,
>
> Can you show me somehow some of the the ACLs that have been indexed with
> your documents? The only other potential issue might be that your
> repository connection(s) may not be part of the same authority groups as
> your authority connections. In that case, the indexed authority tokens
> will have a different prefix (e.g. SP+KW in one case, something else in the
> other).
>
> Karl
>
>
>
>
> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <la...@gmail.com>
> wrote:
>
> Hi Again,
>
> As per Karl's suggestion, i am now converting user from water.com\ljangra
> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>
>
> <ht...@iwater.ie>
> I can see below ACL.
> AUTHORIZED:SP+K+Conn
> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>
> Still i am not able to see any results from query
>
> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
> <ht...@iwater.ie>
> . While debugging query i can see ACL doing fine. So i am confused why
> its now working. Can you please help.
>
> "parsed_filter_queries": [
> "ConstantScore(+((+allow_token_share:__nosecurity__
> +deny_token_share:__nosecurity__)
> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
> +((+allow_token_document:__nosecurity__
> +deny_token_document:__nosecurity__)
> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
> ],
>
> Finally solr.log also seems to be fine.
>
> INFO - 2014-06-13 11:38:19.862;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
> to match docs for user '[:ljangra@water.com]'
> INFO - 2014-06-13 11:38:19.909;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
> authority response AUTHORIZED:SP+K+Conn
> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
> ljangra@water.com} hits=0 status=0 QTime=47
>
> Regards.
>
>
> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com> wrote:
>
> Hi Lalit,
>
> It makes more sense to use appends section rather than defaults section
> when defining mcf query parser plugin in fq parameter.
>
> <lst name="appends">
> <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
>
>
>
>
> On Friday, June 13, 2014 12:51 AM, lalit jangra <
> lalit.j.jangra@gmail.com> wrote:
>
>
> Hi Ahmet,
>
> I have configured solrconfig.xml as per your suggestion.
>
> <requestHandler name="/select" class="solr.SearchHandler">
> <!-- default values for query parameters can be specified, these
> will be overridden by parameters in the request
> -->
> <lst name="defaults">
> <str name="echoParams">explicit</str>
> <int name="rows">1000</int>
> <str name="df">text</str>
> <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
> ....
> </requestHandler>
>
>
> Next i am running a job which indexes sharepoint content in solr but when
> i am searching in solr, i am getting not results & getting
> UNREACHABLEAUTHORITY message.
>
> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
> SolrDeletionPolicy.onCommit: commits: num=2
> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
> newest commit generation = 2
> INFO - 2014-06-12 22:22:29.960; org.apache.solr.search.SolrIndexSearcher;
> Opening Searcher@5ac787b0 main
> INFO - 2014-06-12 22:22:29.975;
> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener;
> QuerySenderListener sending requests to Searcher@5ac787b0
> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener;
> QuerySenderListener done.
> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
> [collection1] Registered new searcher Searcher@5ac787b0
> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
> INFO - 2014-06-12 22:22:29.975;
> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
> {commit=} 0 265
> INFO - 2014-06-12 22:22:35.663;
> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
> QTime=0
> INFO - 2014-06-12 22:22:35.741;
> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
> INFO - 2014-06-12 22:22:36.960;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
> no-user response (open documents only)
> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
> INFO - 2014-06-12 22:22:40.569;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
> to match docs for user '[:ljangra@water.com]'
> INFO - 2014-06-12 22:22:40.726;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
> ljangra@water.com} hits=0 status=0 QTime=157
>
> UNREACHABLEAUTHORITY means name of an authority that was found to be
> unreachable or unusable but i am having same authority working fine in MCF.
>
>
> Please help.
>
> Regards.
>
>
>
> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>
> Hi Karl,
>
> May be we should use
>
> <requestHandler name="/select" class="solr.SearchHandler">
>
> in
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>
> To avoid confusion?
>
> What do you think?
>
>
> On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com>
> wrote:
>
>
> What does your solrconfig.xml file look like?
> Karl
>
>
> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com>
> wrote:
>
> Hi Ahmet,
>
> I tried the way you suggested but its not working. My solr query is as
> below.
>
>
> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>
> Whatever name i am passing as AuthenticatedUserName, it returning all
> results.
>
> I have indexed my documents using mcf-solr plugin using instructions @
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
> Below are some of ACL stored in solr. Am i missing something?
>
> "_version_": 1470562493875093500,
> "allow_token_share": [
> "__nosecurity__"
> ],
> "deny_token_share": [
> "__nosecurity__"
> ]
> },
> {
> "content_name": "Alfresco-in-an-Hour.pdf"
> "deny_token_document": [
> "SP+Group:DEAD_AUTHORITY"
> ],
> "allow_token_document": [
> "SP+Group:GTest+lalit+Portal+Visitors",
> "SP+Group:GTest+lalit+Portal+Owners",
> "SP+Group:GRestricted+Readers",
> "SP+Group:GTest+lalit+Administrators",
> "SP+Group:GTest+lalit+Portal+Members",
> "SP+Group:Uc%3A0%28.s%7Ctrue",
> "SP+Group:GHierarchy+Managers",
> "SP+Group:GApprovers",
> "SP+Group:GViewers",
> "SP+Group:GDesigners"
> ],
> "content_modified_date": "2014-06-04T00:00:00Z",
>
>
>
> SDD
>
>
> "_version_": 1470564182244982800
> },
> {
> "deny_token_share": [
> "AD+Group:DEAD_AUTHORITY"
> ],
> "content_name": "hekko.txt",
> "content_modifier": "iwater.ie\\ljangra",
> "deny_token_document": [
> "AD+Group:DEAD_AUTHORITY"
> ],
> "id": "
> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
> "allow_token_document": [
> "AD+Group:S-1-5-18",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
> "AD+Group:S-1-5-32-544"
> ],
>
> "allow_token_share": [
> "AD+Group:S-1-1-0",
> "AD+Group:S-1-5-32-544"
> ],
>
>
> CMIS
>
> "allow_token_share": [
> "__nosecurity__"
> ],
> "deny_token_document": [
> "__nosecurity__"
> ],
> "deny_token_share": [
> "__nosecurity__"
> ],
> "allow_token_document": [
> "__nosecurity__"
> ]
>
> Regards.
>
>
>
> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>
> Hi,
>
> As documented here
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>
> "At a minimum, AuthenticatedUserName must be present in order"
>
>
> This is a URL parameter, just like Solr params. Here is an example.
>
>
> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>
>
> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
> lalit.j.jangra@gmail.com> wrote:
>
>
> Hi All,
>
> As continuing from
> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
> as per Ahmet's suggestion.
>
> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
> into solr indexes.
>
> Now i want to write Solr query to put a user's permission details into in
> it which can be compared to ACL stored in solr and only those results will
> be returned to user on which he has been assigned ACL.
>
> How can i do this? Can i use MCF filter below here or do i need to write
> custom query for my need?
>
> <requestHandler name="search" class="solr.SearchHandler" default="true">
> <lst name="appends">
> <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
> </requestHandler>
>
> Please help.
>
> Regards,
> Lalit Jangra.
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by Ahmet Arslan <io...@yahoo.com>.
Hi Lalit,
regarding "As i could not see any document in solr query,"
Here is the best practise that I use :
I configure /select request handler (RH) with mcfQParser, intended to use in production, default RH.
I also use /query RH without mcfQParser, for debugging purposes.
http://localhost:8983/solr/collection1/query?q=*%3A*&wt=json&indent=true&fl=allow*
Ahmet
On Friday, June 13, 2014 2:30 PM, lalit jangra <la...@gmail.com> wrote:
Thanks Karl,
As i could not see any document in solr query, i used Luke to open index and i could see below values for all MCF plugin fields for all documents. These are something different from previous values.
allow_token_document = SP+KW:
allow_token_share = __nosecurity__
deny_token_document = SP+KW:DEAD_AUTHORITY
allow_token_share = __nosecurity__
I think something or a lot of things missing here. I am attaching zip of solr index(very small one with 10 documents from sharepoint) here. Please guide.
Regards.
On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <da...@gmail.com> wrote:
Hi Lalit,
>
>Can you show me somehow some of the the ACLs that have been indexed with your documents? The only other potential issue might be that your repository connection(s) may not be part of the same authority groups as your authority connections. In that case, the indexed authority tokens will have a different prefix (e.g. SP+KW in one case, something else in the other).
>
>Karl
>
>
>
>
>
>
>
>On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <la...@gmail.com> wrote:
>
>Hi Again,
>>
>>As per Karl's suggestion, i am now converting user from water.com\ljangra to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>I can see below ACL.
>>
>>AUTHORIZED:SP+K+Conn
>>TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>
>>
>>Still i am not able to see any results from query
>>http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com . While debugging query i can see ACL doing fine. So i am confused why its now working. Can you please help.
>>
>>
>>
>>"parsed_filter_queries":
[
>>
"ConstantScore(+((+allow_token_share:__nosecurity__
+deny_token_share:__nosecurity__)
allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
-deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
-deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
+((+allow_token_document:__nosecurity__ +deny_token_document:__nosecurity__)
allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
-deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
-deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
-deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>
],
>>
>>
>>Finally solr.log also seems to be fine.
>>
>>
>>INFO
- 2014-06-13 11:38:19.862;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying to
match docs for user '[:ljangra@water.com]'
>>INFO -
2014-06-13 11:38:19.909;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
authority response AUTHORIZED:SP+K+Conn
>>INFO
- 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore; [collection1]
webapp=/solr path=/select params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=ljangra@water.com}
hits=0 status=0 QTime=47
>>Regards.
>>
>>
>>
>>On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com> wrote:
>>
>>Hi Lalit,
>>>
>>>
>>>It makes more sense to use appends section rather than defaults section when defining mcf query parser plugin in fq parameter.
>>>
>>>
>>><lst name="appends">
>>><str name="fq">{!manifoldCFSecurity}</str>
>>></lst>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>On Friday, June 13, 2014 12:51 AM, lalit jangra <la...@gmail.com> wrote:
>>>
>>>
>>>
>>>Hi Ahmet,
>>>
>>>I have configured solrconfig.xml as per your suggestion.
>>>
>>> <requestHandler name="/select" class="solr.SearchHandler">
>>> <!-- default values for query parameters can be specified, these
>>> will be overridden by parameters in the request
>>> -->
>>> <lst name="defaults">
>>> <str name="echoParams">explicit</str>
>>> <int name="rows">1000</int>
>>> <str name="df">text</str>
>>> <str name="fq">{!manifoldCFSecurity}</str>
>>> </lst>
>>>....
>>></requestHandler>
>>>
>>>
>>>Next i am running a job which indexes sharepoint content in solr but when i am searching in solr, i am getting not results & getting UNREACHABLEAUTHORITY message.
>>>
>>>INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit: commits: num=2
>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846; maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846; maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>>INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>>INFO - 2014-06-12 22:22:29.960; org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0 main
>>>INFO - 2014-06-12 22:22:29.975; org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>>INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener; QuerySenderListener sending requests to Searcher@5ac787b0 main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>>INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore; [collection1] Registered new searcher Searcher@5ac787b0 main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>>INFO - 2014-06-12 22:22:29.975; org.apache.solr.update.processor.LogUpdateProcessor; [collection1] webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2} {commit=} 0 265
>>>INFO - 2014-06-12 22:22:35.663; org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0 QTime=0
>>>INFO - 2014-06-12 22:22:35.741; org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>>INFO - 2014-06-12 22:22:36.960; org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default no-user response (open documents only)
>>>INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore; [collection1] webapp=/solr path=/select params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>>INFO - 2014-06-12 22:22:40.569; org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying to match docs for user '[:ljangra@water.com]'
>>>INFO - 2014-06-12 22:22:40.726; org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>>INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore; [collection1] webapp=/solr path=/select params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=ljangra@water.com} hits=0 status=0 QTime=157
>>>
>>>UNREACHABLEAUTHORITY means name of an authority that was found to be unreachable or unusable but i am having same authority working fine in MCF.
>>>
>>>
>>>Please help.
>>>
>>>Regards.
>>>
>>>
>>>
>>>
>>>
>>>
>>>On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>>
>>>Hi Karl,
>>>>
>>>>
>>>>May be we should use
>>>>
>>>>
>>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>>
>>>>
>>>>
>>>>in https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>
>>>>
>>>>To avoid confusion?
>>>>
>>>>
>>>>What do you think?
>>>>
>>>>
>>>>
>>>>On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com> wrote:
>>>>
>>>>
>>>>
>>>>What does your solrconfig.xml file look like?
>>>>Karl
>>>>
>>>>
>>>>
>>>>
>>>>On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com> wrote:
>>>>
>>>>Hi Ahmet,
>>>>>
>>>>>I tried the way you suggested but its not working. My solr query is as below.
>>>>>
>>>>>http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>>>
>>>>>Whatever name i am passing as AuthenticatedUserName, it returning all results.
>>>>>
>>>>>I have indexed my documents using mcf-solr plugin using instructions @ https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt. Below are some of ACL stored in solr. Am i missing something?
>>>>>
>>>>>
>>>>>"_version_":
1470562493875093500,
>>>>>
"allow_token_share": [
>>>>>
"__nosecurity__"
>>>>>
],
>>>>>
"deny_token_share": [
>>>>>
"__nosecurity__"
>>>>>
]
>>>>>
},
>>>>>
{
>>>>>
"content_name": "Alfresco-in-an-Hour.pdf"
>>>>>
"deny_token_document": [
>>>>>
"SP+Group:DEAD_AUTHORITY"
>>>>>
],
>>>>>
"allow_token_document": [
>>>>>
"SP+Group:GTest+lalit+Portal+Visitors",
>>>>>
"SP+Group:GTest+lalit+Portal+Owners",
>>>>>
"SP+Group:GRestricted+Readers",
>>>>>
"SP+Group:GTest+lalit+Administrators",
>>>>>
"SP+Group:GTest+lalit+Portal+Members",
>>>>>
"SP+Group:Uc%3A0%28.s%7Ctrue",
>>>>>
"SP+Group:GHierarchy+Managers",
>>>>>
"SP+Group:GApprovers",
>>>>>
"SP+Group:GViewers",
>>>>>
"SP+Group:GDesigners"
>>>>>
],
>>>>>
"content_modified_date": "2014-06-04T00:00:00Z",
>>>>>
>>>>>
>>>>>
>>>>>
SDD
>>>>>
>>>>>
>>>>>
"_version_": 1470564182244982800
>>>>>
},
>>>>>
{
>>>>>
"deny_token_share": [
>>>>>
"AD+Group:DEAD_AUTHORITY"
>>>>>
],
>>>>>
"content_name": "hekko.txt",
>>>>>
"content_modifier": "iwater.ie\\ljangra",
>>>>>
"deny_token_document": [
>>>>>
"AD+Group:DEAD_AUTHORITY"
>>>>>
],
>>>>>
"id": "file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>>>>
"allow_token_document": [
>>>>>
"AD+Group:S-1-5-18",
>>>>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>>>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>>>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>>>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>>>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>>>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>>>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>>>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>>>>
"AD+Group:S-1-5-32-544"
>>>>>
],
>>>>>
>>>>> "allow_token_share":
[
>>>>>
"AD+Group:S-1-1-0",
>>>>>
"AD+Group:S-1-5-32-544"
>>>>>
],
>>>>>
>>>>>
>>>>>
CMIS
>>>>>
>>>>>
"allow_token_share": [
>>>>>
"__nosecurity__"
>>>>>
],
>>>>>
"deny_token_document": [
>>>>>
"__nosecurity__"
>>>>>
],
>>>>>
"deny_token_share": [
>>>>>
"__nosecurity__"
>>>>>
],
>>>>>
"allow_token_document": [
>>>>>
"__nosecurity__"
>>>>>
]
>>>>>Regards.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>>>>
>>>>>Hi,
>>>>>>
>>>>>>
>>>>>>As documented here https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>>>>
>>>>>>
>>>>>>"At a minimum, AuthenticatedUserName must be present in order"
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>This is a URL parameter, just like Solr params. Here is an example.
>>>>>>
>>>>>>
>>>>>>http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>On Thursday, June 12, 2014 4:28 PM, lalit jangra <la...@gmail.com> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>Hi All,
>>>>>>
>>>>>>As continuing from http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html as per Ahmet's suggestion.
>>>>>>
>>>>>>I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed into solr indexes.
>>>>>>
>>>>>>Now i want to write Solr query to put a user's permission details into in it which can be compared to ACL stored in solr and only those results will be returned to user on which he has been assigned ACL.
>>>>>>
>>>>>>How can i do this? Can i use MCF filter below here or do i need to write custom query for my need?
>>>>>>
>>>>>><requestHandler name="search" class="solr.SearchHandler" default="true">
>>>>>> <lst name="appends">
>>>>>> <str name="fq">{!manifoldCFSecurity}</str>
>>>>>> </lst>
>>>>>></requestHandler>
>>>>>>
>>>>>>Please help.
>>>>>>
>>>>>>
>>>>>>Regards,
>>>>>>Lalit Jangra.
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>--
>>>>>Regards,
>>>>>Lalit Jangra.
>>>>
>>>>
>>>>
>>>
>>>
>>>--
>>>Regards,
>>>Lalit Jangra.
>>>
>>>
>>
>>
>>--
>>Regards,
>>Lalit Jangra.
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by lalit jangra <la...@gmail.com>.
Thanks Karl,
As i could not see any document in solr query, i used Luke to open index
and i could see below values for all MCF plugin fields for all documents.
These are something different from previous values.
allow_token_document = SP+KW:
allow_token_share = __nosecurity__
deny_token_document = SP+KW:DEAD_AUTHORITY
allow_token_share = __nosecurity__
I think something or a lot of things missing here. I am attaching zip of
solr index(very small one with 10 documents from sharepoint) here. Please
guide.
Regards.
On Fri, Jun 13, 2014 at 11:57 AM, Karl Wright <da...@gmail.com> wrote:
> Hi Lalit,
>
> Can you show me somehow some of the the ACLs that have been indexed with
> your documents? The only other potential issue might be that your
> repository connection(s) may not be part of the same authority groups as
> your authority connections. In that case, the indexed authority tokens
> will have a different prefix (e.g. SP+KW in one case, something else in the
> other).
>
> Karl
>
>
>
>
> On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <la...@gmail.com>
> wrote:
>
>> Hi Again,
>>
>> As per Karl's suggestion, i am now converting user from water.com\ljangra
>> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>>
>>
>> <ht...@iwater.ie>
>> I can see below ACL.
>>
>> AUTHORIZED:SP+K+Conn
>>
>> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>>
>> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>>
>> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>>
>> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>>
>>
>> Still i am not able to see any results from query
>>
>>
>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
>> <ht...@iwater.ie>
>> . While debugging query i can see ACL doing fine. So i am confused why
>> its now working. Can you please help.
>>
>>
>> "parsed_filter_queries": [
>>
>> "ConstantScore(+((+allow_token_share:__nosecurity__
>> +deny_token_share:__nosecurity__)
>> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
>> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
>> +((+allow_token_document:__nosecurity__
>> +deny_token_document:__nosecurity__)
>> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
>> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>>
>> ],
>>
>>
>> Finally solr.log also seems to be fine.
>>
>>
>> INFO - 2014-06-13 11:38:19.862;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>> to match docs for user '[:ljangra@water.com]'
>>
>> INFO - 2014-06-13 11:38:19.909;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>> authority response AUTHORIZED:SP+K+Conn
>>
>> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
>> [collection1] webapp=/solr path=/select
>> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
>> ljangra@water.com} hits=0 status=0 QTime=47
>>
>>
>> Regards.
>>
>>
>> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com> wrote:
>>
>>> Hi Lalit,
>>>
>>> It makes more sense to use appends section rather than defaults section
>>> when defining mcf query parser plugin in fq parameter.
>>>
>>> <lst name="appends">
>>> <str name="fq">{!manifoldCFSecurity}</str>
>>> </lst>
>>>
>>>
>>>
>>>
>>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>>> lalit.j.jangra@gmail.com> wrote:
>>>
>>>
>>> Hi Ahmet,
>>>
>>> I have configured solrconfig.xml as per your suggestion.
>>>
>>> <requestHandler name="/select" class="solr.SearchHandler">
>>> <!-- default values for query parameters can be specified, these
>>> will be overridden by parameters in the request
>>> -->
>>> <lst name="defaults">
>>> <str name="echoParams">explicit</str>
>>> <int name="rows">1000</int>
>>> <str name="df">text</str>
>>> <str name="fq">{!manifoldCFSecurity}</str>
>>> </lst>
>>> ....
>>> </requestHandler>
>>>
>>>
>>> Next i am running a job which indexes sharepoint content in solr but
>>> when i am searching in solr, i am getting not results & getting
>>> UNREACHABLEAUTHORITY message.
>>>
>>> INFO - 2014-06-12 22:22:29.944;
>>> org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit:
>>> commits: num=2
>>>
>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>>>
>>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>>> INFO - 2014-06-12 22:22:29.944;
>>> org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
>>> INFO - 2014-06-12 22:22:29.960;
>>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0 main
>>> INFO - 2014-06-12 22:22:29.975;
>>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>>> INFO - 2014-06-12 22:22:29.975;
>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>>> requests to Searcher@5ac787b0
>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>> INFO - 2014-06-12 22:22:29.975;
>>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>>> [collection1] Registered new searcher Searcher@5ac787b0
>>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>>> INFO - 2014-06-12 22:22:29.975;
>>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>>> {commit=} 0 265
>>> INFO - 2014-06-12 22:22:35.663;
>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>>> QTime=0
>>> INFO - 2014-06-12 22:22:35.741;
>>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>>> INFO - 2014-06-12 22:22:36.960;
>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>>> no-user response (open documents only)
>>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>>> [collection1] webapp=/solr path=/select
>>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>>> INFO - 2014-06-12 22:22:40.569;
>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>>> to match docs for user '[:ljangra@water.com]'
>>> INFO - 2014-06-12 22:22:40.726;
>>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>>> [collection1] webapp=/solr path=/select
>>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>>> ljangra@water.com} hits=0 status=0 QTime=157
>>>
>>> UNREACHABLEAUTHORITY means name of an authority that was found to be
>>> unreachable or unusable but i am having same authority working fine in MCF.
>>>
>>>
>>> Please help.
>>>
>>> Regards.
>>>
>>>
>>>
>>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>>
>>> Hi Karl,
>>>
>>> May be we should use
>>>
>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>
>>> in
>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>
>>> To avoid confusion?
>>>
>>> What do you think?
>>>
>>>
>>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com>
>>> wrote:
>>>
>>>
>>> What does your solrconfig.xml file look like?
>>> Karl
>>>
>>>
>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com>
>>> wrote:
>>>
>>> Hi Ahmet,
>>>
>>> I tried the way you suggested but its not working. My solr query is as
>>> below.
>>>
>>>
>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>
>>> Whatever name i am passing as AuthenticatedUserName, it returning all
>>> results.
>>>
>>> I have indexed my documents using mcf-solr plugin using instructions @
>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>> Below are some of ACL stored in solr. Am i missing something?
>>>
>>> "_version_": 1470562493875093500,
>>> "allow_token_share": [
>>> "__nosecurity__"
>>> ],
>>> "deny_token_share": [
>>> "__nosecurity__"
>>> ]
>>> },
>>> {
>>> "content_name": "Alfresco-in-an-Hour.pdf"
>>> "deny_token_document": [
>>> "SP+Group:DEAD_AUTHORITY"
>>> ],
>>> "allow_token_document": [
>>> "SP+Group:GTest+lalit+Portal+Visitors",
>>> "SP+Group:GTest+lalit+Portal+Owners",
>>> "SP+Group:GRestricted+Readers",
>>> "SP+Group:GTest+lalit+Administrators",
>>> "SP+Group:GTest+lalit+Portal+Members",
>>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>> "SP+Group:GHierarchy+Managers",
>>> "SP+Group:GApprovers",
>>> "SP+Group:GViewers",
>>> "SP+Group:GDesigners"
>>> ],
>>> "content_modified_date": "2014-06-04T00:00:00Z",
>>>
>>>
>>>
>>> SDD
>>>
>>>
>>> "_version_": 1470564182244982800
>>> },
>>> {
>>> "deny_token_share": [
>>> "AD+Group:DEAD_AUTHORITY"
>>> ],
>>> "content_name": "hekko.txt",
>>> "content_modifier": "iwater.ie\\ljangra",
>>> "deny_token_document": [
>>> "AD+Group:DEAD_AUTHORITY"
>>> ],
>>> "id": "
>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>> "allow_token_document": [
>>> "AD+Group:S-1-5-18",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>> "AD+Group:S-1-5-32-544"
>>> ],
>>>
>>> "allow_token_share": [
>>> "AD+Group:S-1-1-0",
>>> "AD+Group:S-1-5-32-544"
>>> ],
>>>
>>>
>>> CMIS
>>>
>>> "allow_token_share": [
>>> "__nosecurity__"
>>> ],
>>> "deny_token_document": [
>>> "__nosecurity__"
>>> ],
>>> "deny_token_share": [
>>> "__nosecurity__"
>>> ],
>>> "allow_token_document": [
>>> "__nosecurity__"
>>> ]
>>>
>>> Regards.
>>>
>>>
>>>
>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>>
>>> Hi,
>>>
>>> As documented here
>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>
>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>
>>>
>>> This is a URL parameter, just like Solr params. Here is an example.
>>>
>>>
>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>
>>>
>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>> lalit.j.jangra@gmail.com> wrote:
>>>
>>>
>>> Hi All,
>>>
>>> As continuing from
>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>> as per Ahmet's suggestion.
>>>
>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
>>> into solr indexes.
>>>
>>> Now i want to write Solr query to put a user's permission details into
>>> in it which can be compared to ACL stored in solr and only those results
>>> will be returned to user on which he has been assigned ACL.
>>>
>>> How can i do this? Can i use MCF filter below here or do i need to
>>> write custom query for my need?
>>>
>>> <requestHandler name="search" class="solr.SearchHandler" default="true">
>>> <lst name="appends">
>>> <str name="fq">{!manifoldCFSecurity}</str>
>>> </lst>
>>> </requestHandler>
>>>
>>> Please help.
>>>
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by Karl Wright <da...@gmail.com>.
Hi Lalit,
Can you show me somehow some of the the ACLs that have been indexed with
your documents? The only other potential issue might be that your
repository connection(s) may not be part of the same authority groups as
your authority connections. In that case, the indexed authority tokens
will have a different prefix (e.g. SP+KW in one case, something else in the
other).
Karl
On Fri, Jun 13, 2014 at 6:40 AM, lalit jangra <la...@gmail.com>
wrote:
> Hi Again,
>
> As per Karl's suggestion, i am now converting user from water.com\ljangra
> to ljangra@water.com. Also referring to http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
>
>
> <ht...@iwater.ie>
> I can see below ACL.
>
> AUTHORIZED:SP+K+Conn
>
> TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
>
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
>
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
>
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
>
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
>
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
>
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
>
> TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
>
> TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
>
> TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
>
>
> Still i am not able to see any results from query
>
>
> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
> <ht...@iwater.ie>
> . While debugging query i can see ACL doing fine. So i am confused why
> its now working. Can you please help.
>
>
> "parsed_filter_queries": [
>
> "ConstantScore(+((+allow_token_share:__nosecurity__
> +deny_token_share:__nosecurity__)
> allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> -deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> -deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> -deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
> -deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
> +((+allow_token_document:__nosecurity__
> +deny_token_document:__nosecurity__)
> allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> -deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
> allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> -deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
> allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> -deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
> allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
> -deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
>
> ],
>
>
> Finally solr.log also seems to be fine.
>
>
> INFO - 2014-06-13 11:38:19.862;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
> to match docs for user '[:ljangra@water.com]'
>
> INFO - 2014-06-13 11:38:19.909;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
> authority response AUTHORIZED:SP+K+Conn
>
> INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
> ljangra@water.com} hits=0 status=0 QTime=47
>
>
> Regards.
>
>
> On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com> wrote:
>
>> Hi Lalit,
>>
>> It makes more sense to use appends section rather than defaults section
>> when defining mcf query parser plugin in fq parameter.
>>
>> <lst name="appends">
>> <str name="fq">{!manifoldCFSecurity}</str>
>> </lst>
>>
>>
>>
>>
>> On Friday, June 13, 2014 12:51 AM, lalit jangra <
>> lalit.j.jangra@gmail.com> wrote:
>>
>>
>> Hi Ahmet,
>>
>> I have configured solrconfig.xml as per your suggestion.
>>
>> <requestHandler name="/select" class="solr.SearchHandler">
>> <!-- default values for query parameters can be specified, these
>> will be overridden by parameters in the request
>> -->
>> <lst name="defaults">
>> <str name="echoParams">explicit</str>
>> <int name="rows">1000</int>
>> <str name="df">text</str>
>> <str name="fq">{!manifoldCFSecurity}</str>
>> </lst>
>> ....
>> </requestHandler>
>>
>>
>> Next i am running a job which indexes sharepoint content in solr but when
>> i am searching in solr, i am getting not results & getting
>> UNREACHABLEAUTHORITY message.
>>
>> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
>> SolrDeletionPolicy.onCommit: commits: num=2
>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
>> newest commit generation = 2
>> INFO - 2014-06-12 22:22:29.960;
>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0 main
>> INFO - 2014-06-12 22:22:29.975;
>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>> INFO - 2014-06-12 22:22:29.975;
>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>> requests to Searcher@5ac787b0
>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>> INFO - 2014-06-12 22:22:29.975;
>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>> [collection1] Registered new searcher Searcher@5ac787b0
>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>> INFO - 2014-06-12 22:22:29.975;
>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>> {commit=} 0 265
>> INFO - 2014-06-12 22:22:35.663;
>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>> QTime=0
>> INFO - 2014-06-12 22:22:35.741;
>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>> INFO - 2014-06-12 22:22:36.960;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>> no-user response (open documents only)
>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>> [collection1] webapp=/solr path=/select
>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>> INFO - 2014-06-12 22:22:40.569;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>> to match docs for user '[:ljangra@water.com]'
>> INFO - 2014-06-12 22:22:40.726;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>> [collection1] webapp=/solr path=/select
>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>> ljangra@water.com} hits=0 status=0 QTime=157
>>
>> UNREACHABLEAUTHORITY means name of an authority that was found to be
>> unreachable or unusable but i am having same authority working fine in MCF.
>>
>>
>> Please help.
>>
>> Regards.
>>
>>
>>
>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>
>> Hi Karl,
>>
>> May be we should use
>>
>> <requestHandler name="/select" class="solr.SearchHandler">
>>
>> in
>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>
>> To avoid confusion?
>>
>> What do you think?
>>
>>
>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com>
>> wrote:
>>
>>
>> What does your solrconfig.xml file look like?
>> Karl
>>
>>
>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com>
>> wrote:
>>
>> Hi Ahmet,
>>
>> I tried the way you suggested but its not working. My solr query is as
>> below.
>>
>>
>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>
>> Whatever name i am passing as AuthenticatedUserName, it returning all
>> results.
>>
>> I have indexed my documents using mcf-solr plugin using instructions @
>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>> Below are some of ACL stored in solr. Am i missing something?
>>
>> "_version_": 1470562493875093500,
>> "allow_token_share": [
>> "__nosecurity__"
>> ],
>> "deny_token_share": [
>> "__nosecurity__"
>> ]
>> },
>> {
>> "content_name": "Alfresco-in-an-Hour.pdf"
>> "deny_token_document": [
>> "SP+Group:DEAD_AUTHORITY"
>> ],
>> "allow_token_document": [
>> "SP+Group:GTest+lalit+Portal+Visitors",
>> "SP+Group:GTest+lalit+Portal+Owners",
>> "SP+Group:GRestricted+Readers",
>> "SP+Group:GTest+lalit+Administrators",
>> "SP+Group:GTest+lalit+Portal+Members",
>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>> "SP+Group:GHierarchy+Managers",
>> "SP+Group:GApprovers",
>> "SP+Group:GViewers",
>> "SP+Group:GDesigners"
>> ],
>> "content_modified_date": "2014-06-04T00:00:00Z",
>>
>>
>>
>> SDD
>>
>>
>> "_version_": 1470564182244982800
>> },
>> {
>> "deny_token_share": [
>> "AD+Group:DEAD_AUTHORITY"
>> ],
>> "content_name": "hekko.txt",
>> "content_modifier": "iwater.ie\\ljangra",
>> "deny_token_document": [
>> "AD+Group:DEAD_AUTHORITY"
>> ],
>> "id": "
>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>> "allow_token_document": [
>> "AD+Group:S-1-5-18",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>> "AD+Group:S-1-5-32-544"
>> ],
>>
>> "allow_token_share": [
>> "AD+Group:S-1-1-0",
>> "AD+Group:S-1-5-32-544"
>> ],
>>
>>
>> CMIS
>>
>> "allow_token_share": [
>> "__nosecurity__"
>> ],
>> "deny_token_document": [
>> "__nosecurity__"
>> ],
>> "deny_token_share": [
>> "__nosecurity__"
>> ],
>> "allow_token_document": [
>> "__nosecurity__"
>> ]
>>
>> Regards.
>>
>>
>>
>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>
>> Hi,
>>
>> As documented here
>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>
>> "At a minimum, AuthenticatedUserName must be present in order"
>>
>>
>> This is a URL parameter, just like Solr params. Here is an example.
>>
>>
>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>
>>
>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>> lalit.j.jangra@gmail.com> wrote:
>>
>>
>> Hi All,
>>
>> As continuing from
>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>> as per Ahmet's suggestion.
>>
>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
>> into solr indexes.
>>
>> Now i want to write Solr query to put a user's permission details into in
>> it which can be compared to ACL stored in solr and only those results will
>> be returned to user on which he has been assigned ACL.
>>
>> How can i do this? Can i use MCF filter below here or do i need to
>> write custom query for my need?
>>
>> <requestHandler name="search" class="solr.SearchHandler" default="true">
>> <lst name="appends">
>> <str name="fq">{!manifoldCFSecurity}</str>
>> </lst>
>> </requestHandler>
>>
>> Please help.
>>
>> Regards,
>> Lalit Jangra.
>>
>>
>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>>
>>
>>
>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>>
>>
>
>
> --
> Regards,
> Lalit Jangra.
>
Re: How to query for content with ACLs?
Posted by lalit jangra <la...@gmail.com>.
Hi Again,
As per Karl's suggestion, i am now converting user from water.com\ljangra
to ljangra@water.com. Also referring to
http://localhost:8345/mcf-authority-service/UserACLs?username=ljangra@water.com
<ht...@iwater.ie>
I can see below ACL.
AUTHORIZED:SP+K+Conn
TOKEN:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
TOKEN:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
TOKEN:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
TOKEN:SP+KW:Uc%3A0%21.s%7Cwindows
Still i am not able to see any results from query
http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&debugQuery=true&AuthenticatedUserName=ljangra@water.com
<ht...@iwater.ie>
. While debugging query i can see ACL doing fine. So i am confused why its
now working. Can you please help.
"parsed_filter_queries": [
"ConstantScore(+((+allow_token_share:__nosecurity__
+deny_token_share:__nosecurity__)
allow_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
-deny_token_share:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
allow_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
-deny_token_share:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
allow_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
-deny_token_share:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
allow_token_share:SP+KW:Uc%3A0%21.s%7Cwindows
-deny_token_share:SP+KW:Uc%3A0%21.s%7Cwindows)
+((+allow_token_document:__nosecurity__
+deny_token_document:__nosecurity__)
allow_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
-deny_token_document:SP+KW:Ui%3A0%23.w%7Ciwater.ie%255cljangra
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-32-545
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-15263
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-513
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-13472
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-3182
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1619
allow_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
-deny_token_document:SP+KW:Uc%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-1813
allow_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
-deny_token_document:SP+KW:Ui%3A0%2B.w%7Cs-1-5-21-2630432783-15384281-2988178474-12149
allow_token_document:SP+KW:Uc%3A0%21.s%7Cwindows
-deny_token_document:SP+KW:Uc%3A0%21.s%7Cwindows))"
],
Finally solr.log also seems to be fine.
INFO - 2014-06-13 11:38:19.862;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
to match docs for user '[:ljangra@water.com]'
INFO - 2014-06-13 11:38:19.909;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
authority response AUTHORIZED:SP+K+Conn
INFO - 2014-06-13 11:38:19.909; org.apache.solr.core.SolrCore;
[collection1] webapp=/solr path=/select
params={indent=true&q=*:*&_=1402655899834&wt=json&AuthenticatedUserName=
ljangra@water.com} hits=0 status=0 QTime=47
Regards.
On Fri, Jun 13, 2014 at 12:13 AM, Ahmet Arslan <io...@yahoo.com> wrote:
> Hi Lalit,
>
> It makes more sense to use appends section rather than defaults section
> when defining mcf query parser plugin in fq parameter.
>
> <lst name="appends">
> <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
>
>
>
>
> On Friday, June 13, 2014 12:51 AM, lalit jangra <
> lalit.j.jangra@gmail.com> wrote:
>
>
> Hi Ahmet,
>
> I have configured solrconfig.xml as per your suggestion.
>
> <requestHandler name="/select" class="solr.SearchHandler">
> <!-- default values for query parameters can be specified, these
> will be overridden by parameters in the request
> -->
> <lst name="defaults">
> <str name="echoParams">explicit</str>
> <int name="rows">1000</int>
> <str name="df">text</str>
> <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
> ....
> </requestHandler>
>
>
> Next i am running a job which indexes sharepoint content in solr but when
> i am searching in solr, i am getting not results & getting
> UNREACHABLEAUTHORITY message.
>
> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
> SolrDeletionPolicy.onCommit: commits: num=2
> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
> newest commit generation = 2
> INFO - 2014-06-12 22:22:29.960; org.apache.solr.search.SolrIndexSearcher;
> Opening Searcher@5ac787b0 main
> INFO - 2014-06-12 22:22:29.975;
> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener;
> QuerySenderListener sending requests to Searcher@5ac787b0
> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener;
> QuerySenderListener done.
> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
> [collection1] Registered new searcher Searcher@5ac787b0
> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
> INFO - 2014-06-12 22:22:29.975;
> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
> {commit=} 0 265
> INFO - 2014-06-12 22:22:35.663;
> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
> QTime=0
> INFO - 2014-06-12 22:22:35.741;
> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
> INFO - 2014-06-12 22:22:36.960;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
> no-user response (open documents only)
> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
> INFO - 2014-06-12 22:22:40.569;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
> to match docs for user '[:ljangra@water.com]'
> INFO - 2014-06-12 22:22:40.726;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
> ljangra@water.com} hits=0 status=0 QTime=157
>
> UNREACHABLEAUTHORITY means name of an authority that was found to be
> unreachable or unusable but i am having same authority working fine in MCF.
>
>
> Please help.
>
> Regards.
>
>
>
> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>
> Hi Karl,
>
> May be we should use
>
> <requestHandler name="/select" class="solr.SearchHandler">
>
> in
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>
> To avoid confusion?
>
> What do you think?
>
>
> On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com>
> wrote:
>
>
> What does your solrconfig.xml file look like?
> Karl
>
>
> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com>
> wrote:
>
> Hi Ahmet,
>
> I tried the way you suggested but its not working. My solr query is as
> below.
>
>
> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>
> Whatever name i am passing as AuthenticatedUserName, it returning all
> results.
>
> I have indexed my documents using mcf-solr plugin using instructions @
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
> Below are some of ACL stored in solr. Am i missing something?
>
> "_version_": 1470562493875093500,
> "allow_token_share": [
> "__nosecurity__"
> ],
> "deny_token_share": [
> "__nosecurity__"
> ]
> },
> {
> "content_name": "Alfresco-in-an-Hour.pdf"
> "deny_token_document": [
> "SP+Group:DEAD_AUTHORITY"
> ],
> "allow_token_document": [
> "SP+Group:GTest+lalit+Portal+Visitors",
> "SP+Group:GTest+lalit+Portal+Owners",
> "SP+Group:GRestricted+Readers",
> "SP+Group:GTest+lalit+Administrators",
> "SP+Group:GTest+lalit+Portal+Members",
> "SP+Group:Uc%3A0%28.s%7Ctrue",
> "SP+Group:GHierarchy+Managers",
> "SP+Group:GApprovers",
> "SP+Group:GViewers",
> "SP+Group:GDesigners"
> ],
> "content_modified_date": "2014-06-04T00:00:00Z",
>
>
>
> SDD
>
>
> "_version_": 1470564182244982800
> },
> {
> "deny_token_share": [
> "AD+Group:DEAD_AUTHORITY"
> ],
> "content_name": "hekko.txt",
> "content_modifier": "iwater.ie\\ljangra",
> "deny_token_document": [
> "AD+Group:DEAD_AUTHORITY"
> ],
> "id": "
> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
> "allow_token_document": [
> "AD+Group:S-1-5-18",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
> "AD+Group:S-1-5-32-544"
> ],
>
> "allow_token_share": [
> "AD+Group:S-1-1-0",
> "AD+Group:S-1-5-32-544"
> ],
>
>
> CMIS
>
> "allow_token_share": [
> "__nosecurity__"
> ],
> "deny_token_document": [
> "__nosecurity__"
> ],
> "deny_token_share": [
> "__nosecurity__"
> ],
> "allow_token_document": [
> "__nosecurity__"
> ]
>
> Regards.
>
>
>
> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>
> Hi,
>
> As documented here
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>
> "At a minimum, AuthenticatedUserName must be present in order"
>
>
> This is a URL parameter, just like Solr params. Here is an example.
>
>
> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>
>
> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
> lalit.j.jangra@gmail.com> wrote:
>
>
> Hi All,
>
> As continuing from
> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
> as per Ahmet's suggestion.
>
> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
> into solr indexes.
>
> Now i want to write Solr query to put a user's permission details into in
> it which can be compared to ACL stored in solr and only those results will
> be returned to user on which he has been assigned ACL.
>
> How can i do this? Can i use MCF filter below here or do i need to write
> custom query for my need?
>
> <requestHandler name="search" class="solr.SearchHandler" default="true">
> <lst name="appends">
> <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
> </requestHandler>
>
> Please help.
>
> Regards,
> Lalit Jangra.
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by Ahmet Arslan <io...@yahoo.com>.
Hi Lalit,
It makes more sense to use appends section rather than defaults section when defining mcf query parser plugin in fq parameter.
<lst name="appends">
<str name="fq">{!manifoldCFSecurity}</str>
</lst>
On Friday, June 13, 2014 12:51 AM, lalit jangra <la...@gmail.com> wrote:
Hi Ahmet,
I have configured solrconfig.xml as per your suggestion.
<requestHandler name="/select" class="solr.SearchHandler">
<!-- default values for query parameters can be specified, these
will be overridden by parameters in the request
-->
<lst name="defaults">
<str name="echoParams">explicit</str>
<int name="rows">1000</int>
<str name="df">text</str>
<str name="fq">{!manifoldCFSecurity}</str>
</lst>
....
</requestHandler>
Next i am running a job which indexes sharepoint content in solr but when i am searching in solr, i am getting not results & getting UNREACHABLEAUTHORITY message.
INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy; SolrDeletionPolicy.onCommit: commits: num=2
commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846; maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846; maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy; newest commit generation = 2
INFO - 2014-06-12 22:22:29.960; org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0 main
INFO - 2014-06-12 22:22:29.975; org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener; QuerySenderListener sending requests to Searcher@5ac787b0 main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore; [collection1] Registered new searcher Searcher@5ac787b0 main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
INFO - 2014-06-12 22:22:29.975; org.apache.solr.update.processor.LogUpdateProcessor; [collection1] webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2} {commit=} 0 265
INFO - 2014-06-12 22:22:35.663; org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0 QTime=0
INFO - 2014-06-12 22:22:35.741; org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
INFO - 2014-06-12 22:22:36.960; org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default no-user response (open documents only)
INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore; [collection1] webapp=/solr path=/select params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
INFO - 2014-06-12 22:22:40.569; org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying to match docs for user '[:ljangra@water.com]'
INFO - 2014-06-12 22:22:40.726; org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw authority response UNREACHABLEAUTHORITY:SsharepointAuthority
INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore; [collection1] webapp=/solr path=/select params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=ljangra@water.com} hits=0 status=0 QTime=157
UNREACHABLEAUTHORITY means name of an authority that was found to be unreachable or unusable but i am having same authority working fine in MCF.
Please help.
Regards.
On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com> wrote:
Hi Karl,
>
>
>May be we should use
>
>
> <requestHandler name="/select" class="solr.SearchHandler">
>
>
>
>in https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>
>
>To avoid confusion?
>
>
>What do you think?
>
>
>
>On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com> wrote:
>
>
>
>What does your solrconfig.xml file look like?
>Karl
>
>
>
>
>On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com> wrote:
>
>Hi Ahmet,
>>
>>I tried the way you suggested but its not working. My solr query is as below.
>>
>>http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>
>>Whatever name i am passing as AuthenticatedUserName, it returning all results.
>>
>>I have indexed my documents using mcf-solr plugin using instructions @ https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt. Below are some of ACL stored in solr. Am i missing something?
>>
>>
>>"_version_":
1470562493875093500,
>>
"allow_token_share": [
>>
"__nosecurity__"
>>
],
>>
"deny_token_share": [
>>
"__nosecurity__"
>>
]
>>
},
>>
{
>>
"content_name": "Alfresco-in-an-Hour.pdf"
>>
"deny_token_document": [
>>
"SP+Group:DEAD_AUTHORITY"
>>
],
>>
"allow_token_document": [
>>
"SP+Group:GTest+lalit+Portal+Visitors",
>>
"SP+Group:GTest+lalit+Portal+Owners",
>>
"SP+Group:GRestricted+Readers",
>>
"SP+Group:GTest+lalit+Administrators",
>>
"SP+Group:GTest+lalit+Portal+Members",
>>
"SP+Group:Uc%3A0%28.s%7Ctrue",
>>
"SP+Group:GHierarchy+Managers",
>>
"SP+Group:GApprovers",
>>
"SP+Group:GViewers",
>>
"SP+Group:GDesigners"
>>
],
>>
"content_modified_date": "2014-06-04T00:00:00Z",
>>
>>
>>
>>
SDD
>>
>>
>>
"_version_": 1470564182244982800
>>
},
>>
{
>>
"deny_token_share": [
>>
"AD+Group:DEAD_AUTHORITY"
>>
],
>>
"content_name": "hekko.txt",
>>
"content_modifier": "iwater.ie\\ljangra",
>>
"deny_token_document": [
>>
"AD+Group:DEAD_AUTHORITY"
>>
],
>>
"id": "file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>
"allow_token_document": [
>>
"AD+Group:S-1-5-18",
>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>
"AD+Group:S-1-5-32-544"
>>
],
>>
>> "allow_token_share":
[
>>
"AD+Group:S-1-1-0",
>>
"AD+Group:S-1-5-32-544"
>>
],
>>
>>
>>
CMIS
>>
>>
"allow_token_share": [
>>
"__nosecurity__"
>>
],
>>
"deny_token_document": [
>>
"__nosecurity__"
>>
],
>>
"deny_token_share": [
>>
"__nosecurity__"
>>
],
>>
"allow_token_document": [
>>
"__nosecurity__"
>>
]
>>Regards.
>>
>>
>>
>>
>>
>>
>>On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>
>>Hi,
>>>
>>>
>>>As documented here https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>
>>>
>>>"At a minimum, AuthenticatedUserName must be present in order"
>>>
>>>
>>>
>>>
>>>This is a URL parameter, just like Solr params. Here is an example.
>>>
>>>
>>>http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>>
>>>
>>>
>>>
>>>On Thursday, June 12, 2014 4:28 PM, lalit jangra <la...@gmail.com> wrote:
>>>
>>>
>>>
>>>Hi All,
>>>
>>>As continuing from http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html as per Ahmet's suggestion.
>>>
>>>I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed into solr indexes.
>>>
>>>Now i want to write Solr query to put a user's permission details into in it which can be compared to ACL stored in solr and only those results will be returned to user on which he has been assigned ACL.
>>>
>>>How can i do this? Can i use MCF filter below here or do i need to write custom query for my need?
>>>
>>><requestHandler name="search" class="solr.SearchHandler" default="true">
>>> <lst name="appends">
>>> <str name="fq">{!manifoldCFSecurity}</str>
>>> </lst>
>>></requestHandler>
>>>
>>>Please help.
>>>
>>>
>>>Regards,
>>>Lalit Jangra.
>>>
>>>
>>
>>
>>--
>>Regards,
>>Lalit Jangra.
>
>
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by Karl Wright <da...@gmail.com>.
Hi Lalit,
Your user is not in the expected form:
AuthenticatedUserName=iater.com\ljangra
The sharepoint/Native authority (and most authorities) expects it to be of
the form: user@domain
You can map from one form to the other using the Regexp mapper.
It's easy to see whether your authority is doing the right thing with the
given input. curl
http://localhost:8345/mcf-authority-service/UserACLs?username=blah will
exercise the authority service and return tokens.
Karl
On Thu, Jun 12, 2014 at 6:45 PM, lalit jangra <la...@gmail.com>
wrote:
> After updating my authority connection to consider user@domain.com , all
> these error are removed & i am able to to authorizaiton in logs as below.
>
> But still in solr query i am not able to see any results using url
>
> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
>
> INFO - 2014-06-12 23:40:13.289; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402612812515&wt=json&AuthenticatedUserName=
> iater.com\ljangra} hits=0 status=0 QTime=594
>
> INFO - 2014-06-12 23:40:30.352;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
> to match docs for user '[:ljangra@water.com]'
>
> INFO - 2014-06-12 23:40:31.024;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
> authority response AUTHORIZED:SP+A+C
>
> INFO - 2014-06-12 23:40:31.024; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402612830253&wt=json&AuthenticatedUserName=
> ljangra@water.com} hits=0 status=0 QTime=672
>
>
> Regards.
>
>
>
>
>
>
>
> On Thu, Jun 12, 2014 at 10:51 PM, lalit jangra <la...@gmail.com>
> wrote:
>
>> Hi Ahmet,
>>
>> I have configured solrconfig.xml as per your suggestion.
>>
>>
>> <requestHandler name="/select" class="solr.SearchHandler">
>> <!-- default values for query parameters can be specified, these
>> will be overridden by parameters in the request
>> -->
>> <lst name="defaults">
>> <str name="echoParams">explicit</str>
>> <int name="rows">1000</int>
>> <str name="df">text</str>
>>
>> <str name="fq">{!manifoldCFSecurity}</str>
>> </lst>
>> ....
>> </requestHandler>
>>
>>
>> Next i am running a job which indexes sharepoint content in solr but when
>> i am searching in solr, i am getting not results & getting
>> UNREACHABLEAUTHORITY message.
>>
>> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
>> SolrDeletionPolicy.onCommit: commits: num=2
>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
>> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
>> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
>> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
>> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
>> newest commit generation = 2
>> INFO - 2014-06-12 22:22:29.960;
>> org.apache.solr.search.SolrIndexSearcher; Opening Searcher@5ac787b0 main
>> INFO - 2014-06-12 22:22:29.975;
>> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
>> INFO - 2014-06-12 22:22:29.975;
>> org.apache.solr.core.QuerySenderListener; QuerySenderListener sending
>> requests to Searcher@5ac787b0
>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>> INFO - 2014-06-12 22:22:29.975;
>> org.apache.solr.core.QuerySenderListener; QuerySenderListener done.
>> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
>> [collection1] Registered new searcher Searcher@5ac787b0
>> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
>> INFO - 2014-06-12 22:22:29.975;
>> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
>> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
>> {commit=} 0 265
>> INFO - 2014-06-12 22:22:35.663;
>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
>> QTime=0
>> INFO - 2014-06-12 22:22:35.741;
>> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
>> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
>> INFO - 2014-06-12 22:22:36.960;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
>> no-user response (open documents only)
>> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
>> [collection1] webapp=/solr path=/select
>> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
>> INFO - 2014-06-12 22:22:40.569;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
>> to match docs for user '[:ljangra@water.com]'
>> INFO - 2014-06-12 22:22:40.726;
>> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
>> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
>> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
>> [collection1] webapp=/solr path=/select
>> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
>> ljangra@water.com} hits=0 status=0 QTime=157
>>
>> UNREACHABLEAUTHORITY means name of an authority that was found to be
>> unreachable or unusable but i am having same authority working fine in MCF.
>>
>>
>> Please help.
>>
>> Regards.
>>
>>
>>
>> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>
>>> Hi Karl,
>>>
>>> May be we should use
>>>
>>> <requestHandler name="/select" class="solr.SearchHandler">
>>>
>>> in
>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>
>>> To avoid confusion?
>>>
>>> What do you think?
>>>
>>>
>>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com>
>>> wrote:
>>>
>>>
>>> What does your solrconfig.xml file look like?
>>> Karl
>>>
>>>
>>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com>
>>> wrote:
>>>
>>> Hi Ahmet,
>>>
>>> I tried the way you suggested but its not working. My solr query is as
>>> below.
>>>
>>>
>>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>>
>>> Whatever name i am passing as AuthenticatedUserName, it returning all
>>> results.
>>>
>>> I have indexed my documents using mcf-solr plugin using instructions @
>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>>> Below are some of ACL stored in solr. Am i missing something?
>>>
>>> "_version_": 1470562493875093500,
>>> "allow_token_share": [
>>> "__nosecurity__"
>>> ],
>>> "deny_token_share": [
>>> "__nosecurity__"
>>> ]
>>> },
>>> {
>>> "content_name": "Alfresco-in-an-Hour.pdf"
>>> "deny_token_document": [
>>> "SP+Group:DEAD_AUTHORITY"
>>> ],
>>> "allow_token_document": [
>>> "SP+Group:GTest+lalit+Portal+Visitors",
>>> "SP+Group:GTest+lalit+Portal+Owners",
>>> "SP+Group:GRestricted+Readers",
>>> "SP+Group:GTest+lalit+Administrators",
>>> "SP+Group:GTest+lalit+Portal+Members",
>>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>> "SP+Group:GHierarchy+Managers",
>>> "SP+Group:GApprovers",
>>> "SP+Group:GViewers",
>>> "SP+Group:GDesigners"
>>> ],
>>> "content_modified_date": "2014-06-04T00:00:00Z",
>>>
>>>
>>>
>>> SDD
>>>
>>>
>>> "_version_": 1470564182244982800
>>> },
>>> {
>>> "deny_token_share": [
>>> "AD+Group:DEAD_AUTHORITY"
>>> ],
>>> "content_name": "hekko.txt",
>>> "content_modifier": "iwater.ie\\ljangra",
>>> "deny_token_document": [
>>> "AD+Group:DEAD_AUTHORITY"
>>> ],
>>> "id": "
>>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>> "allow_token_document": [
>>> "AD+Group:S-1-5-18",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>> "AD+Group:S-1-5-32-544"
>>> ],
>>>
>>> "allow_token_share": [
>>> "AD+Group:S-1-1-0",
>>> "AD+Group:S-1-5-32-544"
>>> ],
>>>
>>>
>>> CMIS
>>>
>>> "allow_token_share": [
>>> "__nosecurity__"
>>> ],
>>> "deny_token_document": [
>>> "__nosecurity__"
>>> ],
>>> "deny_token_share": [
>>> "__nosecurity__"
>>> ],
>>> "allow_token_document": [
>>> "__nosecurity__"
>>> ]
>>>
>>> Regards.
>>>
>>>
>>>
>>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>>
>>> Hi,
>>>
>>> As documented here
>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>
>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>
>>>
>>> This is a URL parameter, just like Solr params. Here is an example.
>>>
>>>
>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>
>>>
>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>> lalit.j.jangra@gmail.com> wrote:
>>>
>>>
>>> Hi All,
>>>
>>> As continuing from
>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>> as per Ahmet's suggestion.
>>>
>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
>>> into solr indexes.
>>>
>>> Now i want to write Solr query to put a user's permission details into
>>> in it which can be compared to ACL stored in solr and only those results
>>> will be returned to user on which he has been assigned ACL.
>>>
>>> How can i do this? Can i use MCF filter below here or do i need to
>>> write custom query for my need?
>>>
>>> <requestHandler name="search" class="solr.SearchHandler" default="true">
>>> <lst name="appends">
>>> <str name="fq">{!manifoldCFSecurity}</str>
>>> </lst>
>>> </requestHandler>
>>>
>>> Please help.
>>>
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
Re: How to query for content with ACLs?
Posted by lalit jangra <la...@gmail.com>.
After updating my authority connection to consider user@domain.com , all
these error are removed & i am able to to authorizaiton in logs as below.
But still in solr query i am not able to see any results using url
http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@water.com
INFO - 2014-06-12 23:40:13.289; org.apache.solr.core.SolrCore;
[collection1] webapp=/solr path=/select
params={indent=true&q=*:*&_=1402612812515&wt=json&AuthenticatedUserName=
iater.com\ljangra} hits=0 status=0 QTime=594
INFO - 2014-06-12 23:40:30.352;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
to match docs for user '[:ljangra@water.com]'
INFO - 2014-06-12 23:40:31.024;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
authority response AUTHORIZED:SP+A+C
INFO - 2014-06-12 23:40:31.024; org.apache.solr.core.SolrCore;
[collection1] webapp=/solr path=/select
params={indent=true&q=*:*&_=1402612830253&wt=json&AuthenticatedUserName=
ljangra@water.com} hits=0 status=0 QTime=672
Regards.
On Thu, Jun 12, 2014 at 10:51 PM, lalit jangra <la...@gmail.com>
wrote:
> Hi Ahmet,
>
> I have configured solrconfig.xml as per your suggestion.
>
>
> <requestHandler name="/select" class="solr.SearchHandler">
> <!-- default values for query parameters can be specified, these
> will be overridden by parameters in the request
> -->
> <lst name="defaults">
> <str name="echoParams">explicit</str>
> <int name="rows">1000</int>
> <str name="df">text</str>
>
> <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
> ....
> </requestHandler>
>
>
> Next i am running a job which indexes sharepoint content in solr but when
> i am searching in solr, i am getting not results & getting
> UNREACHABLEAUTHORITY message.
>
> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
> SolrDeletionPolicy.onCommit: commits: num=2
> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
> commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
> lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
> maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
> INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
> newest commit generation = 2
> INFO - 2014-06-12 22:22:29.960; org.apache.solr.search.SolrIndexSearcher;
> Opening Searcher@5ac787b0 main
> INFO - 2014-06-12 22:22:29.975;
> org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener;
> QuerySenderListener sending requests to Searcher@5ac787b0
> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener;
> QuerySenderListener done.
> INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
> [collection1] Registered new searcher Searcher@5ac787b0
> main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
> INFO - 2014-06-12 22:22:29.975;
> org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
> webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
> {commit=} 0 265
> INFO - 2014-06-12 22:22:35.663;
> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
> path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
> QTime=0
> INFO - 2014-06-12 22:22:35.741;
> org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
> path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
> INFO - 2014-06-12 22:22:36.960;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
> no-user response (open documents only)
> INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
> INFO - 2014-06-12 22:22:40.569;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
> to match docs for user '[:ljangra@water.com]'
> INFO - 2014-06-12 22:22:40.726;
> org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
> authority response UNREACHABLEAUTHORITY:SsharepointAuthority
> INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
> [collection1] webapp=/solr path=/select
> params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
> ljangra@water.com} hits=0 status=0 QTime=157
>
> UNREACHABLEAUTHORITY means name of an authority that was found to be
> unreachable or unusable but i am having same authority working fine in MCF.
>
>
> Please help.
>
> Regards.
>
>
>
> On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>
>> Hi Karl,
>>
>> May be we should use
>>
>> <requestHandler name="/select" class="solr.SearchHandler">
>>
>> in
>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>
>> To avoid confusion?
>>
>> What do you think?
>>
>>
>> On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com>
>> wrote:
>>
>>
>> What does your solrconfig.xml file look like?
>> Karl
>>
>>
>> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com>
>> wrote:
>>
>> Hi Ahmet,
>>
>> I tried the way you suggested but its not working. My solr query is as
>> below.
>>
>>
>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>
>> Whatever name i am passing as AuthenticatedUserName, it returning all
>> results.
>>
>> I have indexed my documents using mcf-solr plugin using instructions @
>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>> Below are some of ACL stored in solr. Am i missing something?
>>
>> "_version_": 1470562493875093500,
>> "allow_token_share": [
>> "__nosecurity__"
>> ],
>> "deny_token_share": [
>> "__nosecurity__"
>> ]
>> },
>> {
>> "content_name": "Alfresco-in-an-Hour.pdf"
>> "deny_token_document": [
>> "SP+Group:DEAD_AUTHORITY"
>> ],
>> "allow_token_document": [
>> "SP+Group:GTest+lalit+Portal+Visitors",
>> "SP+Group:GTest+lalit+Portal+Owners",
>> "SP+Group:GRestricted+Readers",
>> "SP+Group:GTest+lalit+Administrators",
>> "SP+Group:GTest+lalit+Portal+Members",
>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>> "SP+Group:GHierarchy+Managers",
>> "SP+Group:GApprovers",
>> "SP+Group:GViewers",
>> "SP+Group:GDesigners"
>> ],
>> "content_modified_date": "2014-06-04T00:00:00Z",
>>
>>
>>
>> SDD
>>
>>
>> "_version_": 1470564182244982800
>> },
>> {
>> "deny_token_share": [
>> "AD+Group:DEAD_AUTHORITY"
>> ],
>> "content_name": "hekko.txt",
>> "content_modifier": "iwater.ie\\ljangra",
>> "deny_token_document": [
>> "AD+Group:DEAD_AUTHORITY"
>> ],
>> "id": "
>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>> "allow_token_document": [
>> "AD+Group:S-1-5-18",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>> "AD+Group:S-1-5-32-544"
>> ],
>>
>> "allow_token_share": [
>> "AD+Group:S-1-1-0",
>> "AD+Group:S-1-5-32-544"
>> ],
>>
>>
>> CMIS
>>
>> "allow_token_share": [
>> "__nosecurity__"
>> ],
>> "deny_token_document": [
>> "__nosecurity__"
>> ],
>> "deny_token_share": [
>> "__nosecurity__"
>> ],
>> "allow_token_document": [
>> "__nosecurity__"
>> ]
>>
>> Regards.
>>
>>
>>
>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>
>> Hi,
>>
>> As documented here
>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>
>> "At a minimum, AuthenticatedUserName must be present in order"
>>
>>
>> This is a URL parameter, just like Solr params. Here is an example.
>>
>>
>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>
>>
>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>> lalit.j.jangra@gmail.com> wrote:
>>
>>
>> Hi All,
>>
>> As continuing from
>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>> as per Ahmet's suggestion.
>>
>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
>> into solr indexes.
>>
>> Now i want to write Solr query to put a user's permission details into in
>> it which can be compared to ACL stored in solr and only those results will
>> be returned to user on which he has been assigned ACL.
>>
>> How can i do this? Can i use MCF filter below here or do i need to
>> write custom query for my need?
>>
>> <requestHandler name="search" class="solr.SearchHandler" default="true">
>> <lst name="appends">
>> <str name="fq">{!manifoldCFSecurity}</str>
>> </lst>
>> </requestHandler>
>>
>> Please help.
>>
>> Regards,
>> Lalit Jangra.
>>
>>
>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>>
>>
>>
>>
>
>
> --
> Regards,
> Lalit Jangra.
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by lalit jangra <la...@gmail.com>.
Hi Ahmet,
I have configured solrconfig.xml as per your suggestion.
<requestHandler name="/select" class="solr.SearchHandler">
<!-- default values for query parameters can be specified, these
will be overridden by parameters in the request
-->
<lst name="defaults">
<str name="echoParams">explicit</str>
<int name="rows">1000</int>
<str name="df">text</str>
<str name="fq">{!manifoldCFSecurity}</str>
</lst>
....
</requestHandler>
Next i am running a job which indexes sharepoint content in solr but when i
am searching in solr, i am getting not results & getting
UNREACHABLEAUTHORITY message.
INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
SolrDeletionPolicy.onCommit: commits: num=2
commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_1,generation=1}
commit{dir=NRTCachingDirectory(org.apache.lucene.store.MMapDirectory@C:\solr-4.6.0\example\solr\collection1\data\index
lockFactory=org.apache.lucene.store.NativeFSLockFactory@3971846;
maxCacheMB=48.0 maxMergeSizeMB=4.0),segFN=segments_2,generation=2}
INFO - 2014-06-12 22:22:29.944; org.apache.solr.core.SolrDeletionPolicy;
newest commit generation = 2
INFO - 2014-06-12 22:22:29.960; org.apache.solr.search.SolrIndexSearcher;
Opening Searcher@5ac787b0 main
INFO - 2014-06-12 22:22:29.975;
org.apache.solr.update.DirectUpdateHandler2; end_commit_flush
INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener;
QuerySenderListener sending requests to Searcher@5ac787b0
main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.QuerySenderListener;
QuerySenderListener done.
INFO - 2014-06-12 22:22:29.975; org.apache.solr.core.SolrCore;
[collection1] Registered new searcher Searcher@5ac787b0
main{StandardDirectoryReader(segments_2:3:nrt _0(4.6):C10)}
INFO - 2014-06-12 22:22:29.975;
org.apache.solr.update.processor.LogUpdateProcessor; [collection1]
webapp=/solr path=/update/extract params={commit=true&wt=xml&version=2.2}
{commit=} 0 265
INFO - 2014-06-12 22:22:35.663;
org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
path=/admin/cores params={indexInfo=false&_=1402608155643&wt=json} status=0
QTime=0
INFO - 2014-06-12 22:22:35.741;
org.apache.solr.servlet.SolrDispatchFilter; [admin] webapp=null
path=/admin/info/system params={_=1402608155681&wt=json} status=0 QTime=15
INFO - 2014-06-12 22:22:36.960;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Default
no-user response (open documents only)
INFO - 2014-06-12 22:22:36.976; org.apache.solr.core.SolrCore;
[collection1] webapp=/solr path=/select
params={indent=true&q=*:*&_=1402608156947&wt=json} hits=0 status=0 QTime=16
INFO - 2014-06-12 22:22:40.569;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Trying
to match docs for user '[:ljangra@water.com]'
INFO - 2014-06-12 22:22:40.726;
org.apache.solr.mcf.ManifoldCFQParserPlugin$ManifoldCFQueryParser; Saw
authority response UNREACHABLEAUTHORITY:SsharepointAuthority
INFO - 2014-06-12 22:22:40.726; org.apache.solr.core.SolrCore;
[collection1] webapp=/solr path=/select
params={indent=true&q=*:*&_=1402608160548&wt=json&AuthenticatedUserName=
ljangra@water.com} hits=0 status=0 QTime=157
UNREACHABLEAUTHORITY means name of an authority that was found to be
unreachable or unusable but i am having same authority working fine in MCF.
Please help.
Regards.
On Thu, Jun 12, 2014 at 9:26 PM, Ahmet Arslan <io...@yahoo.com> wrote:
> Hi Karl,
>
> May be we should use
>
> <requestHandler name="/select" class="solr.SearchHandler">
>
> in
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>
> To avoid confusion?
>
> What do you think?
>
>
> On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com>
> wrote:
>
>
> What does your solrconfig.xml file look like?
> Karl
>
>
> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com>
> wrote:
>
> Hi Ahmet,
>
> I tried the way you suggested but its not working. My solr query is as
> below.
>
>
> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>
> Whatever name i am passing as AuthenticatedUserName, it returning all
> results.
>
> I have indexed my documents using mcf-solr plugin using instructions @
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
> Below are some of ACL stored in solr. Am i missing something?
>
> "_version_": 1470562493875093500,
> "allow_token_share": [
> "__nosecurity__"
> ],
> "deny_token_share": [
> "__nosecurity__"
> ]
> },
> {
> "content_name": "Alfresco-in-an-Hour.pdf"
> "deny_token_document": [
> "SP+Group:DEAD_AUTHORITY"
> ],
> "allow_token_document": [
> "SP+Group:GTest+lalit+Portal+Visitors",
> "SP+Group:GTest+lalit+Portal+Owners",
> "SP+Group:GRestricted+Readers",
> "SP+Group:GTest+lalit+Administrators",
> "SP+Group:GTest+lalit+Portal+Members",
> "SP+Group:Uc%3A0%28.s%7Ctrue",
> "SP+Group:GHierarchy+Managers",
> "SP+Group:GApprovers",
> "SP+Group:GViewers",
> "SP+Group:GDesigners"
> ],
> "content_modified_date": "2014-06-04T00:00:00Z",
>
>
>
> SDD
>
>
> "_version_": 1470564182244982800
> },
> {
> "deny_token_share": [
> "AD+Group:DEAD_AUTHORITY"
> ],
> "content_name": "hekko.txt",
> "content_modifier": "iwater.ie\\ljangra",
> "deny_token_document": [
> "AD+Group:DEAD_AUTHORITY"
> ],
> "id": "
> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
> "allow_token_document": [
> "AD+Group:S-1-5-18",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
> "AD+Group:S-1-5-32-544"
> ],
>
> "allow_token_share": [
> "AD+Group:S-1-1-0",
> "AD+Group:S-1-5-32-544"
> ],
>
>
> CMIS
>
> "allow_token_share": [
> "__nosecurity__"
> ],
> "deny_token_document": [
> "__nosecurity__"
> ],
> "deny_token_share": [
> "__nosecurity__"
> ],
> "allow_token_document": [
> "__nosecurity__"
> ]
>
> Regards.
>
>
>
> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>
> Hi,
>
> As documented here
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>
> "At a minimum, AuthenticatedUserName must be present in order"
>
>
> This is a URL parameter, just like Solr params. Here is an example.
>
>
> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>
>
> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
> lalit.j.jangra@gmail.com> wrote:
>
>
> Hi All,
>
> As continuing from
> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
> as per Ahmet's suggestion.
>
> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
> into solr indexes.
>
> Now i want to write Solr query to put a user's permission details into in
> it which can be compared to ACL stored in solr and only those results will
> be returned to user on which he has been assigned ACL.
>
> How can i do this? Can i use MCF filter below here or do i need to write
> custom query for my need?
>
> <requestHandler name="search" class="solr.SearchHandler" default="true">
> <lst name="appends">
> <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
> </requestHandler>
>
> Please help.
>
> Regards,
> Lalit Jangra.
>
>
>
>
>
> --
> Regards,
> Lalit Jangra.
>
>
>
>
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by Ahmet Arslan <io...@yahoo.com>.
Hi Karl,
May be we should use
<requestHandler name="/select" class="solr.SearchHandler">
in https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
To avoid confusion?
What do you think?
On Thursday, June 12, 2014 11:12 PM, Karl Wright <da...@gmail.com> wrote:
What does your solrconfig.xml file look like?
Karl
On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com> wrote:
Hi Ahmet,
>
>I tried the way you suggested but its not working. My solr query is as below.
>
>http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>
>Whatever name i am passing as AuthenticatedUserName, it returning all results.
>
>I have indexed my documents using mcf-solr plugin using instructions @ https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt. Below are some of ACL stored in solr. Am i missing something?
>
>
>"_version_":
1470562493875093500,
>
"allow_token_share": [
>
"__nosecurity__"
>
],
>
"deny_token_share": [
>
"__nosecurity__"
>
]
>
},
>
{
>
"content_name": "Alfresco-in-an-Hour.pdf"
>
"deny_token_document": [
>
"SP+Group:DEAD_AUTHORITY"
>
],
>
"allow_token_document": [
>
"SP+Group:GTest+lalit+Portal+Visitors",
>
"SP+Group:GTest+lalit+Portal+Owners",
>
"SP+Group:GRestricted+Readers",
>
"SP+Group:GTest+lalit+Administrators",
>
"SP+Group:GTest+lalit+Portal+Members",
>
"SP+Group:Uc%3A0%28.s%7Ctrue",
>
"SP+Group:GHierarchy+Managers",
>
"SP+Group:GApprovers",
>
"SP+Group:GViewers",
>
"SP+Group:GDesigners"
>
],
>
"content_modified_date": "2014-06-04T00:00:00Z",
>
>
>
>
SDD
>
>
>
"_version_": 1470564182244982800
>
},
>
{
>
"deny_token_share": [
>
"AD+Group:DEAD_AUTHORITY"
>
],
>
"content_name": "hekko.txt",
>
"content_modifier": "iwater.ie\\ljangra",
>
"deny_token_document": [
>
"AD+Group:DEAD_AUTHORITY"
>
],
>
"id": "file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>
"allow_token_document": [
>
"AD+Group:S-1-5-18",
>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>
"AD+Group:S-1-5-32-544"
>
],
>
> "allow_token_share":
[
>
"AD+Group:S-1-1-0",
>
"AD+Group:S-1-5-32-544"
>
],
>
>
>
CMIS
>
>
"allow_token_share": [
>
"__nosecurity__"
>
],
>
"deny_token_document": [
>
"__nosecurity__"
>
],
>
"deny_token_share": [
>
"__nosecurity__"
>
],
>
"allow_token_document": [
>
"__nosecurity__"
>
]
>Regards.
>
>
>
>
>
>
>On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>
>Hi,
>>
>>
>>As documented here https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>
>>
>>"At a minimum, AuthenticatedUserName must be present in order"
>>
>>
>>
>>
>>This is a URL parameter, just like Solr params. Here is an example.
>>
>>
>>http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>
>>
>>
>>
>>On Thursday, June 12, 2014 4:28 PM, lalit jangra <la...@gmail.com> wrote:
>>
>>
>>
>>Hi All,
>>
>>As continuing from http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html as per Ahmet's suggestion.
>>
>>I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed into solr indexes.
>>
>>Now i want to write Solr query to put a user's permission details into in it which can be compared to ACL stored in solr and only those results will be returned to user on which he has been assigned ACL.
>>
>>How can i do this? Can i use MCF filter below here or do i need to write custom query for my need?
>>
>><requestHandler name="search" class="solr.SearchHandler" default="true">
>> <lst name="appends">
>> <str name="fq">{!manifoldCFSecurity}</str>
>> </lst>
>></requestHandler>
>>
>>Please help.
>>
>>
>>Regards,
>>Lalit Jangra.
>>
>>
>
>
>--
>Regards,
>Lalit Jangra.
Re: How to query for content with ACLs?
Posted by lalit jangra <la...@gmail.com>.
HI Karl,
Attached is my solrconfif.xml. I am using <queryParser
name="manifoldCFSecurity"...> to for mcf-solr plugin.
Regards.
On Thu, Jun 12, 2014 at 9:12 PM, Karl Wright <da...@gmail.com> wrote:
> What does your solrconfig.xml file look like?
> Karl
>
>
> On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com>
> wrote:
>
>> Hi Ahmet,
>>
>> I tried the way you suggested but its not working. My solr query is as
>> below.
>>
>>
>> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>>
>> Whatever name i am passing as AuthenticatedUserName, it returning all
>> results.
>>
>> I have indexed my documents using mcf-solr plugin using instructions @
>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
>> Below are some of ACL stored in solr. Am i missing something?
>>
>> "_version_": 1470562493875093500,
>>
>> "allow_token_share": [
>>
>> "__nosecurity__"
>>
>> ],
>>
>> "deny_token_share": [
>>
>> "__nosecurity__"
>>
>> ]
>>
>> },
>>
>> {
>>
>> "content_name": "Alfresco-in-an-Hour.pdf"
>>
>> "deny_token_document": [
>>
>> "SP+Group:DEAD_AUTHORITY"
>>
>> ],
>>
>> "allow_token_document": [
>>
>> "SP+Group:GTest+lalit+Portal+Visitors",
>>
>> "SP+Group:GTest+lalit+Portal+Owners",
>>
>> "SP+Group:GRestricted+Readers",
>>
>> "SP+Group:GTest+lalit+Administrators",
>>
>> "SP+Group:GTest+lalit+Portal+Members",
>>
>> "SP+Group:Uc%3A0%28.s%7Ctrue",
>>
>> "SP+Group:GHierarchy+Managers",
>>
>> "SP+Group:GApprovers",
>>
>> "SP+Group:GViewers",
>>
>> "SP+Group:GDesigners"
>>
>> ],
>>
>> "content_modified_date": "2014-06-04T00:00:00Z",
>>
>>
>>
>>
>>
>>
>>
>> SDD
>>
>>
>>
>>
>>
>> "_version_": 1470564182244982800
>>
>> },
>>
>> {
>>
>> "deny_token_share": [
>>
>> "AD+Group:DEAD_AUTHORITY"
>>
>> ],
>>
>> "content_name": "hekko.txt",
>>
>> "content_modifier": "iwater.ie\\ljangra",
>>
>> "deny_token_document": [
>>
>> "AD+Group:DEAD_AUTHORITY"
>>
>> ],
>>
>> "id": "
>> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>>
>> "allow_token_document": [
>>
>> "AD+Group:S-1-5-18",
>>
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>>
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>>
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>>
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>>
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>>
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>>
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>>
>> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>>
>> "AD+Group:S-1-5-32-544"
>>
>> ],
>>
>>
>>
>> "allow_token_share": [
>>
>> "AD+Group:S-1-1-0",
>>
>> "AD+Group:S-1-5-32-544"
>>
>> ],
>>
>>
>>
>>
>>
>> CMIS
>>
>>
>>
>> "allow_token_share": [
>>
>> "__nosecurity__"
>>
>> ],
>>
>> "deny_token_document": [
>>
>> "__nosecurity__"
>>
>> ],
>>
>> "deny_token_share": [
>>
>> "__nosecurity__"
>>
>> ],
>>
>> "allow_token_document": [
>>
>> "__nosecurity__"
>>
>> ]
>>
>> Regards.
>>
>>
>>
>> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>>
>>> Hi,
>>>
>>> As documented here
>>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>>
>>> "At a minimum, AuthenticatedUserName must be present in order"
>>>
>>>
>>> This is a URL parameter, just like Solr params. Here is an example.
>>>
>>>
>>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>>
>>>
>>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>>> lalit.j.jangra@gmail.com> wrote:
>>>
>>>
>>> Hi All,
>>>
>>> As continuing from
>>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>>> as per Ahmet's suggestion.
>>>
>>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
>>> into solr indexes.
>>>
>>> Now i want to write Solr query to put a user's permission details into
>>> in it which can be compared to ACL stored in solr and only those results
>>> will be returned to user on which he has been assigned ACL.
>>>
>>> How can i do this? Can i use MCF filter below here or do i need to
>>> write custom query for my need?
>>>
>>> <requestHandler name="search" class="solr.SearchHandler" default="true">
>>> <lst name="appends">
>>> <str name="fq">{!manifoldCFSecurity}</str>
>>> </lst>
>>> </requestHandler>
>>>
>>> Please help.
>>>
>>> Regards,
>>> Lalit Jangra.
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Lalit Jangra.
>>
>
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by Karl Wright <da...@gmail.com>.
What does your solrconfig.xml file look like?
Karl
On Thu, Jun 12, 2014 at 2:58 PM, lalit jangra <la...@gmail.com>
wrote:
> Hi Ahmet,
>
> I tried the way you suggested but its not working. My solr query is as
> below.
>
>
> http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
>
> Whatever name i am passing as AuthenticatedUserName, it returning all
> results.
>
> I have indexed my documents using mcf-solr plugin using instructions @
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
> Below are some of ACL stored in solr. Am i missing something?
>
> "_version_": 1470562493875093500,
>
> "allow_token_share": [
>
> "__nosecurity__"
>
> ],
>
> "deny_token_share": [
>
> "__nosecurity__"
>
> ]
>
> },
>
> {
>
> "content_name": "Alfresco-in-an-Hour.pdf"
>
> "deny_token_document": [
>
> "SP+Group:DEAD_AUTHORITY"
>
> ],
>
> "allow_token_document": [
>
> "SP+Group:GTest+lalit+Portal+Visitors",
>
> "SP+Group:GTest+lalit+Portal+Owners",
>
> "SP+Group:GRestricted+Readers",
>
> "SP+Group:GTest+lalit+Administrators",
>
> "SP+Group:GTest+lalit+Portal+Members",
>
> "SP+Group:Uc%3A0%28.s%7Ctrue",
>
> "SP+Group:GHierarchy+Managers",
>
> "SP+Group:GApprovers",
>
> "SP+Group:GViewers",
>
> "SP+Group:GDesigners"
>
> ],
>
> "content_modified_date": "2014-06-04T00:00:00Z",
>
>
>
>
>
>
>
> SDD
>
>
>
>
>
> "_version_": 1470564182244982800
>
> },
>
> {
>
> "deny_token_share": [
>
> "AD+Group:DEAD_AUTHORITY"
>
> ],
>
> "content_name": "hekko.txt",
>
> "content_modifier": "iwater.ie\\ljangra",
>
> "deny_token_document": [
>
> "AD+Group:DEAD_AUTHORITY"
>
> ],
>
> "id": "
> file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
>
> "allow_token_document": [
>
> "AD+Group:S-1-5-18",
>
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
>
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
>
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
>
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
>
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
>
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
>
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
>
> "AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
>
> "AD+Group:S-1-5-32-544"
>
> ],
>
>
>
> "allow_token_share": [
>
> "AD+Group:S-1-1-0",
>
> "AD+Group:S-1-5-32-544"
>
> ],
>
>
>
>
>
> CMIS
>
>
>
> "allow_token_share": [
>
> "__nosecurity__"
>
> ],
>
> "deny_token_document": [
>
> "__nosecurity__"
>
> ],
>
> "deny_token_share": [
>
> "__nosecurity__"
>
> ],
>
> "allow_token_document": [
>
> "__nosecurity__"
>
> ]
>
> Regards.
>
>
>
> On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
>
>> Hi,
>>
>> As documented here
>> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>>
>> "At a minimum, AuthenticatedUserName must be present in order"
>>
>>
>> This is a URL parameter, just like Solr params. Here is an example.
>>
>>
>> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>>
>>
>> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
>> lalit.j.jangra@gmail.com> wrote:
>>
>>
>> Hi All,
>>
>> As continuing from
>> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
>> as per Ahmet's suggestion.
>>
>> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
>> into solr indexes.
>>
>> Now i want to write Solr query to put a user's permission details into in
>> it which can be compared to ACL stored in solr and only those results will
>> be returned to user on which he has been assigned ACL.
>>
>> How can i do this? Can i use MCF filter below here or do i need to
>> write custom query for my need?
>>
>> <requestHandler name="search" class="solr.SearchHandler" default="true">
>> <lst name="appends">
>> <str name="fq">{!manifoldCFSecurity}</str>
>> </lst>
>> </requestHandler>
>>
>> Please help.
>>
>> Regards,
>> Lalit Jangra.
>>
>>
>>
>
>
> --
> Regards,
> Lalit Jangra.
>
Re: How to query for content with ACLs?
Posted by Ahmet Arslan <io...@yahoo.com>.
Hi,
You attached manifoldCFSecurity query parser plugin into a request handler names 'search' but you are querying '/select'
Please add appends section to <requestHandler name="/select" class="solr.SearchHandler">
Ahmet
On Thursday, June 12, 2014 9:58 PM, lalit jangra <la...@gmail.com> wrote:
Hi Ahmet,
I tried the way you suggested but its not working. My solr query is as below.
http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
Whatever name i am passing as AuthenticatedUserName, it returning all results.
I have indexed my documents using mcf-solr plugin using instructions @ https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt. Below are some of ACL stored in solr. Am i missing something?
"_version_":
1470562493875093500,
"allow_token_share": [
"__nosecurity__"
],
"deny_token_share": [
"__nosecurity__"
]
},
{
"content_name": "Alfresco-in-an-Hour.pdf"
"deny_token_document": [
"SP+Group:DEAD_AUTHORITY"
],
"allow_token_document": [
"SP+Group:GTest+lalit+Portal+Visitors",
"SP+Group:GTest+lalit+Portal+Owners",
"SP+Group:GRestricted+Readers",
"SP+Group:GTest+lalit+Administrators",
"SP+Group:GTest+lalit+Portal+Members",
"SP+Group:Uc%3A0%28.s%7Ctrue",
"SP+Group:GHierarchy+Managers",
"SP+Group:GApprovers",
"SP+Group:GViewers",
"SP+Group:GDesigners"
],
"content_modified_date": "2014-06-04T00:00:00Z",
SDD
"_version_": 1470564182244982800
},
{
"deny_token_share": [
"AD+Group:DEAD_AUTHORITY"
],
"content_name": "hekko.txt",
"content_modifier": "iwater.ie\\ljangra",
"deny_token_document": [
"AD+Group:DEAD_AUTHORITY"
],
"id": "file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
"allow_token_document": [
"AD+Group:S-1-5-18",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
"AD+Group:S-1-5-32-544"
],
"allow_token_share":
[
"AD+Group:S-1-1-0",
"AD+Group:S-1-5-32-544"
],
CMIS
"allow_token_share": [
"__nosecurity__"
],
"deny_token_document": [
"__nosecurity__"
],
"deny_token_share": [
"__nosecurity__"
],
"allow_token_document": [
"__nosecurity__"
]
Regards.
On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
Hi,
>
>
>As documented here https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>
>
>"At a minimum, AuthenticatedUserName must be present in order"
>
>
>
>
>This is a URL parameter, just like Solr params. Here is an example.
>
>
>http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
>
>
>
>
>On Thursday, June 12, 2014 4:28 PM, lalit jangra <la...@gmail.com> wrote:
>
>
>
>Hi All,
>
>As continuing from http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html as per Ahmet's suggestion.
>
>I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed into solr indexes.
>
>Now i want to write Solr query to put a user's permission details into in it which can be compared to ACL stored in solr and only those results will be returned to user on which he has been assigned ACL.
>
>How can i do this? Can i use MCF filter below here or do i need to write custom query for my need?
>
><requestHandler name="search" class="solr.SearchHandler" default="true">
> <lst name="appends">
> <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
></requestHandler>
>
>Please help.
>
>
>Regards,
>Lalit Jangra.
>
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by lalit jangra <la...@gmail.com>.
Hi Ahmet,
I tried the way you suggested but its not working. My solr query is as
below.
http://localhost:8983/solr/collection1/select?q=*%3A*&wt=json&indent=true&AuthenticatedUserName=ljangra@domain.entp
Whatever name i am passing as AuthenticatedUserName, it returning all
results.
I have indexed my documents using mcf-solr plugin using instructions @
https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt.
Below are some of ACL stored in solr. Am i missing something?
"_version_": 1470562493875093500,
"allow_token_share": [
"__nosecurity__"
],
"deny_token_share": [
"__nosecurity__"
]
},
{
"content_name": "Alfresco-in-an-Hour.pdf"
"deny_token_document": [
"SP+Group:DEAD_AUTHORITY"
],
"allow_token_document": [
"SP+Group:GTest+lalit+Portal+Visitors",
"SP+Group:GTest+lalit+Portal+Owners",
"SP+Group:GRestricted+Readers",
"SP+Group:GTest+lalit+Administrators",
"SP+Group:GTest+lalit+Portal+Members",
"SP+Group:Uc%3A0%28.s%7Ctrue",
"SP+Group:GHierarchy+Managers",
"SP+Group:GApprovers",
"SP+Group:GViewers",
"SP+Group:GDesigners"
],
"content_modified_date": "2014-06-04T00:00:00Z",
SDD
"_version_": 1470564182244982800
},
{
"deny_token_share": [
"AD+Group:DEAD_AUTHORITY"
],
"content_name": "hekko.txt",
"content_modifier": "iwater.ie\\ljangra",
"deny_token_document": [
"AD+Group:DEAD_AUTHORITY"
],
"id": "
file://///10.231.82.15/AlfrescoInstallers/manifoldtest/hekko.txt",
"allow_token_document": [
"AD+Group:S-1-5-18",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12088",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12147",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12148",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12149",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12150",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-12217",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-15154",
"AD+Group:S-1-5-21-2630432783-15384281-2988178474-8005",
"AD+Group:S-1-5-32-544"
],
"allow_token_share": [
"AD+Group:S-1-1-0",
"AD+Group:S-1-5-32-544"
],
CMIS
"allow_token_share": [
"__nosecurity__"
],
"deny_token_document": [
"__nosecurity__"
],
"deny_token_share": [
"__nosecurity__"
],
"allow_token_document": [
"__nosecurity__"
]
Regards.
On Thu, Jun 12, 2014 at 3:01 PM, Ahmet Arslan <io...@yahoo.com> wrote:
> Hi,
>
> As documented here
> https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
>
> "At a minimum, AuthenticatedUserName must be present in order"
>
>
> This is a URL parameter, just like Solr params. Here is an example.
>
>
> http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
> <http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&debugQuery=true&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type>
>
>
> On Thursday, June 12, 2014 4:28 PM, lalit jangra <
> lalit.j.jangra@gmail.com> wrote:
>
>
> Hi All,
>
> As continuing from
> http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html
> as per Ahmet's suggestion.
>
> I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed
> into solr indexes.
>
> Now i want to write Solr query to put a user's permission details into in
> it which can be compared to ACL stored in solr and only those results will
> be returned to user on which he has been assigned ACL.
>
> How can i do this? Can i use MCF filter below here or do i need to write
> custom query for my need?
>
> <requestHandler name="search" class="solr.SearchHandler" default="true">
> <lst name="appends">
> <str name="fq">{!manifoldCFSecurity}</str>
> </lst>
> </requestHandler>
>
> Please help.
>
> Regards,
> Lalit Jangra.
>
>
>
--
Regards,
Lalit Jangra.
Re: How to query for content with ACLs?
Posted by Ahmet Arslan <io...@yahoo.com>.
Hi,
As documented here https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk/README.txt
"At a minimum, AuthenticatedUserName must be present in order"
This is a URL parameter, just like Solr params. Here is an example.
http://localhost:8983/solr/documents/select?q=*%3A*&wt=xml&AuthenticatedUserName=ahmet@g-b.entp&facet=on&facet.field=Content-Type
On Thursday, June 12, 2014 4:28 PM, lalit jangra <la...@gmail.com> wrote:
Hi All,
As continuing from http://lucene.472066.n3.nabble.com/How-to-query-for-content-with-ACLs-td4141402.html as per Ahmet's suggestion.
I have setup mcf-solr4x-plugin in MCF 1.5.1 and i can see ACLs indexed into solr indexes.
Now i want to write Solr query to put a user's permission details into in it which can be compared to ACL stored in solr and only those results will be returned to user on which he has been assigned ACL.
How can i do this? Can i use MCF filter below here or do i need to write custom query for my need?
<requestHandler name="search" class="solr.SearchHandler" default="true">
<lst name="appends">
<str name="fq">{!manifoldCFSecurity}</str>
</lst>
</requestHandler>
Please help.
Regards,
Lalit Jangra.