You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@manifoldcf.apache.org by kw...@apache.org on 2011/09/26 14:19:46 UTC
svn commit: r1175819 - in
/incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf: README.txt
src/java/org/apache/solr/mcf/ManifoldCFSecurityFilter.java
src/test-files/solr/conf/schema-auth.xml
Author: kwright
Date: Mon Sep 26 12:19:45 2011
New Revision: 1175819
URL: http://svn.apache.org/viewvc?rev=1175819&view=rev
Log:
Switch to token-based model, using schema to enforce null field contents
Modified:
incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt
incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/java/org/apache/solr/mcf/ManifoldCFSecurityFilter.java
incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/schema-auth.xml
Modified: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt
URL: http://svn.apache.org/viewvc/incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt?rev=1175819&r1=1175818&r2=1175819&view=diff
==============================================================================
--- incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt (original)
+++ incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/README.txt Mon Sep 26 12:19:45 2011
@@ -7,10 +7,10 @@ Then, you will need to add fields to you
authorization information. There will need to be four of these fields, an 'allow' field for both
documents and shares, and a 'deny' field for both documents and shares. For example:
- <field name="allow_token_document" type="string" indexed="true" stored="false" multiValued="true" required="false"/>
- <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true" required="false"/>
- <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true" required="false"/>
- <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true" required="false"/>
+ <field name="allow_token_document" type="string" indexed="true" stored="false" multiValued="true" required="false" default="__nosecurity__"/>
+ <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true" required="false" default="__nosecurity__"/>
+ <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true" required="false" default="__nosecurity__"/>
+ <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true" required="false" default="__nosecurity__"/>
Next, modify your solrconfig.xml to add the search component:
Modified: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/java/org/apache/solr/mcf/ManifoldCFSecurityFilter.java
URL: http://svn.apache.org/viewvc/incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/java/org/apache/solr/mcf/ManifoldCFSecurityFilter.java?rev=1175819&r1=1175818&r2=1175819&view=diff
==============================================================================
--- incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/java/org/apache/solr/mcf/ManifoldCFSecurityFilter.java (original)
+++ incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/java/org/apache/solr/mcf/ManifoldCFSecurityFilter.java Mon Sep 26 12:19:45 2011
@@ -49,6 +49,9 @@ public class ManifoldCFSecurityFilter ex
* running under Apache */
static final public String USER_TOKENS = "UserTokens";
+ /** Special token for null security fields */
+ static final public String NOSECURITY_TOKEN = "__nosecurity__";
+
/** The queries that we will not attempt to interfere with */
static final private String[] globalAllowed = { "solrpingquery" };
@@ -153,10 +156,10 @@ public class ManifoldCFSecurityFilter ex
BooleanQuery bq = new BooleanQuery();
//bf.setMaxClauseCount(100000);
- Query allowShareOpen = new WildcardQuery(new Term(fieldAllowShare,"*"));
- Query denyShareOpen = new WildcardQuery(new Term(fieldDenyShare,"*"));
- Query allowDocumentOpen = new WildcardQuery(new Term(fieldAllowDocument,"*"));
- Query denyDocumentOpen = new WildcardQuery(new Term(fieldDenyDocument,"*"));
+ Query allowShareOpen = new TermQuery(new Term(fieldAllowShare,NOSECURITY_TOKEN));
+ Query denyShareOpen = new WildcardQuery(new Term(fieldDenyShare,NOSECURITY_TOKEN));
+ Query allowDocumentOpen = new WildcardQuery(new Term(fieldAllowDocument,NOSECURITY_TOKEN));
+ Query denyDocumentOpen = new WildcardQuery(new Term(fieldDenyDocument,NOSECURITY_TOKEN));
if (userAccessTokens.size() == 0)
{
@@ -165,11 +168,10 @@ public class ManifoldCFSecurityFilter ex
// (fieldAllowShare is empty AND fieldDenyShare is empty AND fieldAllowDocument is empty AND fieldDenyDocument is empty)
// We're trying to map to: -(fieldAllowShare:*) , which should be pretty efficient in Solr because it is negated. If this turns out not to be so, then we should
// have the SolrConnector inject a special token into these fields when they otherwise would be empty, and we can trivially match on that token.
- bq.add(new MatchAllDocsQuery(),BooleanClause.Occur.SHOULD);
- bq.add(allowShareOpen,BooleanClause.Occur.MUST_NOT);
- bq.add(denyShareOpen,BooleanClause.Occur.MUST_NOT);
- bq.add(allowDocumentOpen,BooleanClause.Occur.MUST_NOT);
- bq.add(denyDocumentOpen,BooleanClause.Occur.MUST_NOT);
+ bq.add(allowShareOpen,BooleanClause.Occur.MUST);
+ bq.add(denyShareOpen,BooleanClause.Occur.MUST);
+ bq.add(allowDocumentOpen,BooleanClause.Occur.MUST);
+ bq.add(denyDocumentOpen,BooleanClause.Occur.MUST);
}
else
{
@@ -208,8 +210,8 @@ public class ManifoldCFSecurityFilter ex
// Add the empty-acl case
BooleanQuery subUnprotectedClause = new BooleanQuery();
subUnprotectedClause.add(new MatchAllDocsQuery(),BooleanClause.Occur.SHOULD);
- subUnprotectedClause.add(allowOpen,BooleanClause.Occur.MUST_NOT);
- subUnprotectedClause.add(denyOpen,BooleanClause.Occur.MUST_NOT);
+ subUnprotectedClause.add(allowOpen,BooleanClause.Occur.MUST);
+ subUnprotectedClause.add(denyOpen,BooleanClause.Occur.MUST);
bq.add(subUnprotectedClause,BooleanClause.Occur.SHOULD);
for (String accessToken : userAccessTokens)
{
Modified: incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/schema-auth.xml
URL: http://svn.apache.org/viewvc/incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/schema-auth.xml?rev=1175819&r1=1175818&r2=1175819&view=diff
==============================================================================
--- incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/schema-auth.xml (original)
+++ incubator/lcf/upstream/solr/SOLR-1895/solr/contrib/mcf/src/test-files/solr/conf/schema-auth.xml Mon Sep 26 12:19:45 2011
@@ -22,10 +22,10 @@
<fields>
<field name="id" type="string" indexed="true" stored="true" required="true"/>
<!-- MCF Security fields -->
- <field name="allow_token_document" type="string" indexed="true" stored="false" multiValued="true"/>
- <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true"/>
- <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
- <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true"/>
+ <field name="allow_token_document" type="string" indexed="true" stored="false" multiValued="true" default="__nosecurity__"/>
+ <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true" default="__nosecurity__"/>
+ <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true" default="__nosecurity__"/>
+ <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true" default="__nosecurity__"/>
</fields>
<defaultSearchField>id</defaultSearchField>
<uniqueKey>id</uniqueKey>