You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@manifoldcf.apache.org by Phillip Rhodes <mo...@gmail.com> on 2017/12/02 10:50:53 UTC
SOLVED (was: Re: ManifoldCF + Alfresco + Solr security filtering problem)
OK, got it. I went back and re-read the chapter from the MCF in
Action book on all this and poked around in the code for the
AuthorityServlet and finally realized that the list of tokens returned
is the union of the set returned by all the different authorities in
play. And I had seen before that the Null authority returns a token
of the form
TOKEN:Domain:username
so I added a Null authority to my MCF setup and now testuser1 sees all
72 documents, but a fictitious user sees only the 65 that are public.
So in that regard, this is working.
I'm not sure if this is what you're *supposed* to do or not though.
So if anyone could shed any more light on this, it would be
appreciated.
I have another, semi-related question, but I'll post it in another
thread. And probably later, it's bed-time here. :-)
Phil
Re: SOLVED (was: Re: ManifoldCF + Alfresco + Solr security filtering problem)
Posted by Karl Wright <da...@gmail.com>.
That's not what you are supposed to do. It really does sound like there's
a misalignment between the Alfresco authority connector and the Alfresco
authorization model. Let's see if we can fix this.
Karl
On Sat, Dec 2, 2017 at 5:50 AM, Phillip Rhodes <mo...@gmail.com>
wrote:
> OK, got it. I went back and re-read the chapter from the MCF in
> Action book on all this and poked around in the code for the
> AuthorityServlet and finally realized that the list of tokens returned
> is the union of the set returned by all the different authorities in
> play. And I had seen before that the Null authority returns a token
> of the form
>
> TOKEN:Domain:username
>
> so I added a Null authority to my MCF setup and now testuser1 sees all
> 72 documents, but a fictitious user sees only the 65 that are public.
> So in that regard, this is working.
>
> I'm not sure if this is what you're *supposed* to do or not though.
> So if anyone could shed any more light on this, it would be
> appreciated.
>
>
> I have another, semi-related question, but I'll post it in another
> thread. And probably later, it's bed-time here. :-)
>
>
> Phil
>