Initial commit for solr 7.x plugin
git-svn-id: https://svn.apache.org/repos/asf/manifoldcf/integration/solr-7.x/trunk@1809095 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/trunk/CHANGES.txt b/trunk/CHANGES.txt
new file mode 100644
index 0000000..ee7d457
--- /dev/null
+++ b/trunk/CHANGES.txt
@@ -0,0 +1,12 @@
+Apache ManifoldCF Plugin for Apache Solr 6.x change Log
+$Id$
+
+======================= 2.3-dev ======================
+
+CONNECTORS-1338: Upgrade to SolrJ 6.3.0.
+(Shinichiro Abe)
+
+======================= Release 2.2 =====================
+
+Initial commit.
+(Karl Wright)
diff --git a/trunk/DEPENDENCIES.txt b/trunk/DEPENDENCIES.txt
new file mode 100644
index 0000000..eba48be
--- /dev/null
+++ b/trunk/DEPENDENCIES.txt
@@ -0,0 +1,11 @@
+Apache ManifoldCF Plugin for Apache Solr 6.x requires
+---------------------------------------------------
+* JRE 1.8 or above
+* mvn 3.0 or higher
+
+For building and running Apache ManifoldCF Plugin for Apache Solr 6.x:
+------------------------------------------------------------------
+
+* Look at README.txt
+
+
diff --git a/trunk/KEYS b/trunk/KEYS
new file mode 100644
index 0000000..a62d04d
--- /dev/null
+++ b/trunk/KEYS
@@ -0,0 +1,188 @@
+(instructions copied from forrest's KEYS file)
+
+This file contains the PGP keys of various developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Users: pgp < KEYS
+Developers:
+ pgp -kxa <your name> and append it to this file.
+ (pgpk -ll <your name> && pgpk -xa <your name>) >> this file.
+ (gpg --list-sigs <your name>
+ && gpg --armor --export <your name>) >> this file.
+
+----------------------------------------------------------------
+pub 4096R/03824582 2010-11-19
+uid Karl David Wright (CODE SIGNING KEY) <kwright@apache.org>
+sig 3 03824582 2010-11-19 Karl David Wright (CODE SIGNING KEY) <kwright@apache.org>
+sub 4096R/EE82775D 2010-11-19
+sig 03824582 2010-11-19 Karl David Wright (CODE SIGNING KEY) <kwright@apache.org>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.11 (MingW32)
+
+mQINBEzmR2IBEACvDjCt9SU4ma8kcrFitl6fTx3hAWJmosC1OLryVYVQ+g816NaD
+oRgKim6GcYC0wvQEHvlIpEq4xXqKIWhH4xko8wvV619uOqoK+Ca6dI7FzxnBcxQ5
+D0J59zXRikYO0qhNgZqdo+37l6AgaDMbgPUPq0XQO4KCo+XbluCZfRuL5UcbF4H5
+j4mxT3IgnMHtdzaceKP+wruh/Ak18w/6w+5GnE3QYYPGqlnBqPVTWQFjBDL+L9QD
+LWVBgduQQ3YXhDmfZGRBppzklPJeiWwBQH7mZqgjht0aoIvwLVgCgA6S9TRRcUtE
+maefHcGduKhENYgt0I3mWD41VpKLgq6kfbZYg1fCwtXd5If0KxxhsZmBlMGYCwcV
+TBzcBLhktPAFKquM/VCzu3DR8hAYQjYukOYMAAB2PGjaQlP4Rc4/vTQR8CE3oYR6
+pLgnPu8SjUcxomqKPFM1SCAx/BgUpMrWRNNO/0j9hhBlCDnHxxrTsPvMW+uqCHQp
+xNvneIuFPt7TSwcK1Luyoygtoj/3J/2zI9SCXrNJwZZzGfc26Lp4XVaGNEujwLeG
+Ik2EN2dHdcDJWOAv+szk5jgn6G9c0sb9bFCjSNI9yWjZLofTvheKIjC8EBBmB7LD
+FHLcjbCbFYGReBSWenkfcOyEq83vMrCwZ+WgVjdazZVnjCa7GntYIgOpIwARAQAB
+tDlLYXJsIERhdmlkIFdyaWdodCAoQ09ERSBTSUdOSU5HIEtFWSkgPGt3cmlnaHRA
+YXBhY2hlLm9yZz6JAjcEEwEKACEFAkzmR2ICGwMFCwkIBwMFFQoJCAsFFgIDAQAC
+HgECF4AACgkQ/R/wnAOCRYKhvg/+Nr/yGbkx3kEMhbrpco0P2+hM95J1DjihFh/5
+gDeQ5ISTENi9SQt7OBkIDGMS7FyeOXuvGpjrkqjp5PGkc/pTO3Flu/5bJAWNHQGF
+tNv51tJeGeDD8wotLvoJOLJfxZZ42JGww5TmkXqMeKUBOsBB7vqaLEuk8sm/xr0D
+R76b9b5zpcMUlQAA3rgS0Z6BGKE4X9WAmbCo7k0O+k0KNAOoB1WoUrnXKkwDwDQL
+eTOwQujLm7OiRz/nkvXx1YlpXi3u9TNcXArdOWU3HkYduSc2fcaHaj4WfzaX79CQ
+meiJBpYLglWqFaMPZPOgO9g12kMk0DsslvZZkqzcGjCB1yn5DnxgqpLLkzWmclFA
+FBPKmbxMA2iUNy1Kgn+ZhiBRYl1rz0UdTa3sthOn2paTc1IdDHUAubr8qkkfHtYp
+AaIuF+T7iqjs8J1SLhtBxqEJ8FMs9b0vSNWs+UTaXgbmYoaINMePtOgPVQfMU1Mk
+r5v/1DE99C7V0qi37AAdTEBKUKkjlU/gWVKs1dL+te/gl6b6KxyNt3oiTUFApzQP
+r5VVpNrEqWKqUVAzxif4v+iUsmQrnw2pwRCzXgQ9o8DfmqbKjKwwkWrTZMTCaNvw
+L2oT/miX1acMpmtV8Co02++gt439+Aw1ZenvQ+zuHXFglZjhHa68FJj+XtAof0Qf
+xuhLi5i5Ag0ETOZHYgEQAMHgiGeeGT7a+UApO2Wr8AM4vjTXUqnc/HpDdEOVBWMV
+Y28QGaG8MgkUhUMCNel1EHZgHF3PVmty9izrqpUOOIPoD9JBqH903+gkPAorloOA
+UzI4+4IHCSZPrhgU+akhBFfYW1SI/2noF8AUzTZnXamlLMeLaJIJDvHDIaKG6lxf
+hpPx9WGjmLP8Xf0D9WeIdmsJlKxWWBCCnWM9qZfLcrBk+cZhuDJbIPp9edPGu7DB
+qQXrmPTN9XnuRo1fUBhxxlNQ/gEsV/I4mKko+Pgs4bkRGk2b0p7/rkbuAWw9NVX1
++17vOAuP0AuHCDuT7qno4bH1m0zftDqcNyvNl8NphxCyfXljO/hCmujKqPOn1df6
+HpORDy1kKjJeiKWWeaacRwirncwT1AZuri75iUGHCer05yt/PoYRV2fYRw6TKt8g
+lPu/2UbNujGnSOkOthwFuWP6G6SF5oRg+YdkROaC00v7VTfLvCoZ9Rdh0ZhYrwmG
+sW6iJ/AsjSfGR5WtaU+ahliyTZnIUoGND3njgBKiI8E6YFzDs2Lh+nvynv/jmB/X
+1aPxieqXw1a6h/0BsQT/uqY7941XGAdWvSzg5NP6oL+sncjKd2VXVVi/P/dMbs+h
+W+lP4RBxT6elwuzUTUaiYeEmw2WL/A/wdPnQKjVr0HA6twMnzjjOs6AnGn85FlAZ
+ABEBAAGJAh8EGAEKAAkFAkzmR2ICGwwACgkQ/R/wnAOCRYLpOhAAltJjDcRTa2MI
+M45Z7WavWwVaXxbZNyIzOifR431oqyN0bz3C4KaDz2o8Rti9y0wTfS7cgzJFe0mC
+aXU01N7t/pK3IYhf+xe/f+iBZ3JASCGu+H3zLgY7qRm3q441AkPprwVqrGIemUFQ
+qTFiSbRi9/R0OzoY+T0ZILR7eu8EmIDhoBi0aWXlxzxHKikB5SqenZz/x5sbhZcy
+UdvNKe4iB4sfhAwMreBEFH6+/rlUIC8uWTb7IScBzSXj8R9hoAUXAH35T+sTs6nx
+QCW5XzO7YRQEgbaFUOSu3s5a1NVcFyhcDq9ASOOlg0JYNK9hi/UdyXUtAoXhn8WI
+1JD9d1kz6vke2YvXwkp+ntWK6dhHKPzwN2OrHSApOM7+9dLxqT/4buQWB1BXAD2S
+d8521WI9vzEW8qyI3rZhp3OLB5GUTFCw4POFIehKCDhET6gDz0MCYHVaEMBsySfT
+13/2vZd1gEh9BD9QHlrmxqo+gJqpw4q/usKMC3VNzw6appHSzQEfor2lpfx5WYy0
+iiCKmIlos2z+lIy9AarCBqOYjcWHjkYnb6QT1k/HKPuyBV7LMqoVPiQuxgZKqx01
+ZpDvtauiZqH+MMH2qe6n5sXhDQijGwXbAsFiorFj0/kWAEncJGpyI/u6q7GnHNS5
+H4n9zm2v9HW8fqSbQq3Ym8+WQ64+IK0=
+=gEd1
+-----END PGP PUBLIC KEY BLOCK-----
+pub 4096R/FE045966 2009-10-13
+ Key fingerprint = A46D 8682 A850 E44E 4FEC 20EB 8A8A 771F FE04 5966
+uid Grant Ingersoll (CODE SIGNING KEY) <gsingers@apache.org>
+sub 4096R/72F9E0C0 2009-10-13
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.7 (Darwin)
+
+mQINBErU6JEBEACsovhRB+Z8VrdTU76Qxg8u+0WiSaoilsksGgOaphWvWt0b6rA3
+PJSGuDuMJfL+lGqk+aARehiZNbNl0cGYtP4Av/fElTdSr1UlmDeFjG+7Qi7FB6KK
+vAjv4mw+XM05QRTADjpNkDfAEXGPR1GNE7lOfPvNqvAl9YMLHJOBGlVqq5ZZAPHZ
+/R6Cg7+5qHbVJKtPqSxAoPJQwg6ADwDZv9nWZfbp2VwVwBkuVxBCRBPFN+WTFmW/
+k1LSxUIeHqOG9RXo7S/DYddthE0iBzP3yKA5fs3k9zaQZNAjC92Dj/M4oDiIimqG
+DJAO7ixpQY2ug9FB4LtWkyeNRnOM1LKd3TbZNqzZt4TuhCI3C5LAfVoXRPxe4T3n
+4hvWkL/2THSKfC4u0CLGjw41rXhD86YYiIWdvxVezfESzpqZPhBrAZWfx7kB69pq
+8DxWFXCaA31S/L2I6B1ZUmpOhtxg0cDoevipne7jaqRjA7TknOC45+CrpuEkOvQO
+8rwHbtshT/JDFLPfq0ruDH21eV4QYP/JLffDGyEtoRRRr4M2DZCFkOCWIPE0l142
+5mIi0nqMSj1HK5kuwMQoNAf6vF6P6MYyGWJ8nR13CDtFOnjpOpuxZiTQhlb0cqXj
+X4yQBjFim8ztGOnHrlSh25OgeKuiCWiCIuyFGykjX21RtJ/AwiOeMr4zkwARAQAB
+tDhHcmFudCBJbmdlcnNvbGwgKENPREUgU0lHTklORyBLRVkpIDxnc2luZ2Vyc0Bh
+cGFjaGUub3JnPokCNwQTAQoAIQUCStTokQIbAwULCQgHAwUVCgkICwUWAgMBAAIe
+AQIXgAAKCRCKincf/gRZZqcfD/4+zhoLTTpTGRNutTyjPnR85aTuMUVtqYNLjEcF
+PSV7p1OPhsGd3g5iaQtwCMsbWDPRSL+Xvy4/E4D32YjUR026mzAUnICq4Z35TecT
+StIeMadgSwJ0fNvuzBB8jJfUYW6a91D9TZirEC4fRVRL1bnJvmjm0HnGLQa5uGCl
+dUMbR04YXU+5V8S6KbRtLwhiVDD/do6XKeS9PGY941sw9182mLZbIbEcQrNWf8s/
+eOnobosxg5a0WxKfSZgQfNqkkuNlsRbKwI2gSjzAl030r6pWzduvftqFdnoaOBN/
+yNM1BghAhXmb/hxjuQa0x+xan15/lY5FwDX1bdnZcEI0KHJ/FIPFgk59XJVnZYH/
+tRI6jqmxQvdliA9q6rt/ctZAYaOhmXI28eeLCmdnZKUZjiG1ORYC0tIYdOYc/nXP
+NqryDaa2OD2rMy8BM5tfQ/Om/6kavDqn/m8x0jLLuOne5Umeste3yTZ3pbJWc5GF
+izOCX0FualpLXNBWt3jCooSaj5Gx92pFgoanbtI91ouVNsC24eKOJZYibKLP5fuH
+B1sNvtPcWE3e99qOzVnolHjbDX4KzXCW+yFad714kK1vdAlDvqIt2OuEuQFggZHS
+5G5FbGjgqFUG5D0uckBmu/8lZ82YW2yhuQosa5EOMwChG1sqtsYuddbifFF78AM4
+vYnmKohGBBARCgAGBQJK1OocAAoJEMsDFRmoZ+ixVg4An0MfyRmOv0tA8/UibzyK
+KPrzo1aeAKCIV+M3L+gPT9yJ9843HxyBWL+j6bkCDQRK1OiRARAApG7lRX08hPq5
+7KRRUsK6GChneFeZZNNI35VpFQHPe8y/4ej7Ydnr37otEjIvd+14p0M+PF6igCIm
+IGp2dg57PFfoOVW+apoudAtBpWkdBSjMJQ4pCoLwyv/HSXKW6QxMZeO5OBdT4iAg
+AT36M2m/lpv5wC7g7SUJDusyFPuYtMtxAkj6TUPTFJBS4+FzhrNBoCXxILDKh0AE
+N9Sslm37tC7Le84PkiI/k0C//KqNZFQ11Cazyf0CuQKj4gLtkfBTaDenlsufAKNI
+M2pkIxtLNpx93Gcay2lVKD9Dv2i4EmQID7Vt6fZ2CP+60K7CnepLhapkfWa9Rk71
+7fqLIlXCFYdWEmuT614dnDuuuRfm12ZqT3GAx9F0elZ2yv4DrXnW1F60ASJuFnDf
+RYcbTmw2VVoDiAo2al4uoE7a2yjyv7PExB65k0Uj0n1V4PF413np3r/WLSWBxxNu
+9K8oV0KZI/UxvhMULGI23ryNTZAsoi3E44lZ0EUrJTWMRvLuewQdNpNLmlo30HNL
+VTyoIlWbzhsu4ejKVqLBs/Q9M92c/Um6FJM5owkiGBEvnRtGGWhf89RonCncwg2g
+i/rk91TTKnhGpYv3tenLjZ6qmlgMgT+KUrElqrLv02kD3xZ7+2zwhaLYWFlZN6wr
+xXlA/FDOEz3tChqG+41Vf8W26+QnC98AEQEAAYkCHwQYAQoACQUCStTokQIbDAAK
+CRCKincf/gRZZgzbEACfLTy+6afsT4wAgKYdlc+6w3bBqFnDzoG0JRIrUsVhEnjB
+xhl+RZA9XMkPvw5iAeNOWSU+SoPz8hGrv3tkGJXqfeThOAB5IVDDW8FDmm57/sl4
+2m09B+QHZ7Buw56OD90GoCSm1otkbaIUjoMTbuQxTRb1qykVHO4AgLReaeMb9jqu
+hqwxyzGzWMqVR01olgvCkSDrooYjA1ltQ84JrJhic5+zdQq1XYIv0dTPP3CcrFcy
+b6pVx+Y31hK9f0EXoNZv6Ekg6B5L7LUleB3XdCL+jI1eWlQ3DTE7+OkVcehpyygc
+JFgPVm/0KMPkHTa3Fw55YWbcrwAKGv5fWSj852pbaW/GNgDAiay0MPExEYey2cu5
+Pi8dUOmJoqcznBt9qQrrmRNWPRa1Gu9vowM9m90+jtU+Tlxo104tj8gKWVngnPhn
+v1VPKPblEwJfuqC3DQh3XWzs3AwjKLXXfwznF7slqBRT48BwdLsietnovoTsZXYg
+7ks2s/QxklWisZUxrhpZTNeA/WQKxyXwiN2sKxulwjd1PnAz5DeFQWKDNZHyHP+T
+1cqtTc96tSwb2XW3iA2uZlD4aTkrOmm3FKbauC/rFmCjkpvwpvqcIdpib4M2DgNx
+zAZ2cJnxw3f57qc9Yh5qvhDUephwOAlAy8ekc1AmX14F+mwYE3GjcqeGdEbLNw==
+=GLHu
+-----END PGP PUBLIC KEY BLOCK-----
+pub 4096R/3D7558E5 2014-04-15
+uid Ahmet Arslan (CODE SIGNING KEY) <iorixxx@apache.org>
+sig 3 3D7558E5 2014-04-15 Ahmet Arslan (CODE SIGNING KEY) <iorixxx@apache.org>
+sub 4096R/55C9450F 2014-04-15
+sig 3D7558E5 2014-04-15 Ahmet Arslan (CODE SIGNING KEY) <iorixxx@apache.org>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQINBFNNk30BEAC06STETxE0u7EiJ5ZirlpnnFTKWvSjX4kyNUvX69C5fy0MjA7K
+DH//dygA1HxVHq4jKyhrm6U3WqSyKOHos39C3h4DeZZ0uNrmhfjHC5Wj0DeVkzmu
+mKpIho6EDFsLl25slQA9ptvZ3XEf5Gx0554yq+363F9Z7JEyeMM7AQQ1L19NjzKe
+IKMP6TQmo7u7dCn2gcAvpW2IFwaw1yQOw7+KpDcUSXTjmVv8FfdvtScTwWyjkNp/
+ZI5aTuAmLZofIiX/PHRAgvnuxzbqY3PCzCwvPSO5/KyiIceK6PoSfFnKxbbbHSgS
+eofl7HKw9tga4I2GzR0LVAduV90w2yUwqq2UtP/e1SU4ATkvoEYMMHphmcGLGs1I
+/mymyzT9A8WuH2ReeoUkRHF+DaePivlOyyyvO1BodwVdqzQmqOXAt0QMapSXSzdo
+/mrEXD2BSyDpE6hbrtIe+4YzFTgxr6OsjyCk7KHBlYynEVWl7BqXHQPva7bQ8u64
+jvzf6IhdslixZ/pvJGrc0/BYInbS1vVXtSiU7uJvnVzAFGfyf4bKrhRFuOVXEcUk
+B4g8Ut9xmrBC/9qh5XzG0CUh6yogqA70iOSut/zZ/C/EfcvMJ6HdtkI/5tfVF89B
+h/qtnw74ne0yA/fyGgrqOwELtJ+YMgNUguFZupNaaZMuiY35RkVrzYprSwARAQAB
+tDRBaG1ldCBBcnNsYW4gKENPREUgU0lHTklORyBLRVkpIDxpb3JpeHh4QGFwYWNo
+ZS5vcmc+iQI3BBMBCAAhBQJTTZN9AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheA
+AAoJECF+KNk9dVjlU00P/2dEBa9s4jvS0Oiy01Yj6WJz0lxlQD8/OYMpaySxYKr6
+VE0jwUBzbByZPOx/MJ+YPmrwj89O02GJKb6mHhI9vSR7q4eofw2myV19RFezlqrR
+X4oL3rmuGQ1SfY1pL6Zqlqiw072fm+hz/V800OWO7/d+dEUA8iI/LjQbxAiOjijX
+hxAiSHvqO7wyoUgYglhgh6vXIkV9xdBVvqcU8YRlL3FoABMfhgW4MjkWyQxHEjgr
++zUZh2aE0LBuj79U5ALLzjUh9uRfTQata/Mrs9CNiIVRfK/0eGJzAMTf/rIdVrgE
+8J/MbqercwHYlsOjcoOd6uqnI7w+Ily3p3GMqvYmlPnSRIpvTL/8XfH0zIBoUHNH
+qfrbMS9Es6wOomVp7QAYhFbchYIXn2M8zlou7SC7+u6PJkVYUzPNKuDbtbG8sCP2
+LUV9gXsVXwgZLwKiXUOB39O6Hy+u3XSNGX9xK+7KCS/HkADOeAHU29PKIxptxYoS
+kWDxSrnpgOreWRa501/CofZJU9jhuauOJWQDbg7Qv8IC6QrkfAT53u5r2D662qRx
+weaP13BRaXrYezNG3Nvh1SP/2P4lQc0rZCdYCa/cC/uw3u4xPECxuYdNWmKMecIz
+99EQCECwTNVvLnRxkdbJDy0wvikwWbneCu2T3ariJgygb36dlLJ0CU2m+sJGTW8/
+uQINBFNNk30BEACvL/LLUOf9zhDEXHzb4N9CIWDQr4RKTAwFf0+g5VFxYZiPDhod
+GZ2cXxGS6GSxxlL9g/hF1puC9k8lHkSn9WQ6zqlXkZIBGsgQgb23Dqj1FJhk4ULd
+eO6WUXiFoSm6hGL69xgy7SjTOAB37cqtBkSfcnx9DlZ5ZT3YKiM1ezAqN84Af9Dp
+WNVRdh3u1moCaUwQyIq3YOVYMZQ6adQ7pMOK1C+3gkA+vvfVrbQY/51KfZ8pUZOn
+kWrH9kxoRoyWFG1Xip0yG7vfLpmfPzArw4MkJYqyivlh5EURIgMPHUgPN9SdAK7n
+IBPK5Q1Nz0DA6AkfAK5k0DZxMj9UAGzuKX/Acrb9dYO5wGkw2FDjAsaL+APIOngF
+IRZDjlGgOdt2bEwe1b6EsoIQ2Ct0jBSFAYGX4k59PmKYeucOizvUpI3HOlDrSqbL
+QJ6chTEP1CNOTyLRbIPskUEfO8W7zxePNZLytCqd5rpuomSWela0h2ZqgYzcKOpG
+N1FRbguhIrIbNomJ723aocgM2QE2DEV/RGWZ/RXr9ALk4zwKrLrO7T3fPWq0cqa5
+MOyeSLlzehrK4bPRTnjaUnNjjA/Yk6VjrUPdysjp9BYn1RitCm1Z8sCqetd0Zuzw
+fd2j6dvlQ5D8z2Y4ASlBZQTljsIpep0bboDgDyLDSF8wwGrtUSXZLyJ50wARAQAB
+iQIfBBgBCAAJBQJTTZN9AhsMAAoJECF+KNk9dVjlrIAP/08Sbm4vgwBC2qWsfH0/
+LP4j3xx1DBpoFfXAie5V6diUSIjsQTB8vLF1WAGjCzwUyfB/53hBAVwx2fglylfQ
+SMxgURLtBEC9zm7eRrEVJO4uUyHZSgNtAlf+sKlV4A5Ix9NLje2B7808yU5PuGB/
+rAw6kMrhCJvjuXqWS1A4Lgw+H6gOMZ8m9iomPEb2Gvtnf9yE7S96B9ZE3yrVCpAj
+8HRjhW5Sbaf2BKmAs0k5ejIjGG1/IF6Nwch5Ig2YoBEMq5BYCAlMZxGx7FWlfIiW
+5HJDSET4XvJ59ztsQPIf5k+5HwEqLi3rG2eoA5ITgrylucXx/09KZi/QYj4EFPAH
+aY9mIhZX77halI9BLBkCezzCIo/30E7OtSKWzpFOseXOiNfrHLrjD95sdOm0us4Z
+yuX2c7YuhfVXPI73mHqQt3ThadniH0a/HJ4+g4ll06Qi+OxoY+4rljlwsK9sJ0NF
+G0ba71P1RAUqQT893RMBV7fVocHH72RMZqj1OBFc2ooXGF37nH+EA3fVoFMgKnDH
+kdbJThdxKZ938WUsk6zWP0XD5N4Kj07o/xOK9k1HU+cYDxtD77hphXhJFDSUXzxD
+Pm7NsfA29wLXsd3ZZZiS3y3JmVJeyyBimFKtyVBKC97hVrMLpNkdn6fM3k2HrFCL
+OWUgArPPt7zCcZpWTJCZOvhy
+=qHkm
+-----END PGP PUBLIC KEY BLOCK-----
\ No newline at end of file
diff --git a/trunk/LICENSE.txt b/trunk/LICENSE.txt
new file mode 100644
index 0000000..66a27ec
--- /dev/null
+++ b/trunk/LICENSE.txt
@@ -0,0 +1,177 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
diff --git a/trunk/NOTICE.txt b/trunk/NOTICE.txt
new file mode 100644
index 0000000..77be96e
--- /dev/null
+++ b/trunk/NOTICE.txt
@@ -0,0 +1,5 @@
+Apache ManifoldCF Plugin for Apache Solr 6.x
+Copyright 2010-2017 The Apache Software Foundation
+
+This product includes software developed by
+The Apache Software Foundation (http://www.apache.org/).
diff --git a/trunk/README.txt b/trunk/README.txt
new file mode 100644
index 0000000..dab6460
--- /dev/null
+++ b/trunk/README.txt
@@ -0,0 +1,231 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+Compatibility
+------------
+
+This version of this component is fully functional with Apache ManifoldCF 1.6 and
+above. It is backwards compatible with earlier versions as well, except for the fact
+that two additional Solr fields are required for this plugin to work.
+
+
+Instructions for Building Apache ManifoldCF Plugin for Apache Solr 6.x from Source
+------------------------------------------------------------------------------
+
+1. Download the Java SE 8 JDK (Java Development Kit), or greater, from
+ http://www.oracle.com/technetwork/java/index.html.
+ You will need the JDK installed, and the %JAVA_HOME%\bin directory included
+ on your command path. To test this, issue a "java -version" command from your
+ shell and verify that the Java version is 1.8 or greater.
+
+2. Download and install Maven 3.0 or later. Maven installation and configuration
+ instructions can be found here: http://maven.apache.org
+
+3. Building distribution assemblies
+
+ Execute the following command in order to build the distribution assemblies
+
+ mvn clean package assembly:single
+
+ The JAR package can be found in the target folder:
+
+ target/apache-manifoldcf-solr-6.x-plugin-<VERSION>.jar where <VERSION> is the release version
+
+
+Getting Started
+---------------
+
+There are two ways to hook up security to Solr in this package. The first is using
+a Query Parser plugin. The second is using a Search Component. In both cases,
+the first step is to have ManifoldCF installed and running. See:
+http://manifoldcf.apache.org/release/trunk/en_US/how-to-build-and-deploy.html
+
+Then, in order to store the document authorization information you need to add
+'allow' and 'deny' fields for documents, parents, and shares to your Solr
+index. Depending on your schemaFactory setting in solrconfig.xml you have to
+use either the schema.xml file for 'ClassicIndexSchemaFactory' or the schema
+API for 'ManagedIndexSchemaFactory'.
+See section 'Managed Schema Definition in SolrConfig' in the Solr Reference Gude
+https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/apache-solr-ref-guide-6.0.pdf
+
+For schema.xml simply add the following field definitions to the <schema>
+section:
+
+ <field name="allow_token_document" type="string" indexed="true" stored="true"
+ multiValued="true" required="true" default="__nosecurity__"/>
+ <field name="allow_token_parent" type="string" indexed="true" stored="true"
+ multiValued="true" required="true" default="__nosecurity__"/>
+ <field name="allow_token_share" type="string" indexed="true" stored="true"
+ multiValued="true" required="true" default="__nosecurity__"/>
+ <field name="deny_token_document" type="string" indexed="true" stored="true"
+ multiValued="true" required="true" default="__nosecurity__"/>
+ <field name="deny_token_parent" type="string" indexed="true" stored="true"
+ multiValued="true" required="true" default="__nosecurity__"/>
+ <field name="deny_token_share" type="string" indexed="true" stored="true"
+ multiValued="true" required="true" default="__nosecurity__"/>
+
+To define the fields via schema API use the curl command instead:
+
+curl -X POST -H 'Content-type:application/json' --data-binary '{
+ "add-field" : [
+ { "name":"allow_token_document", "type":"string", "indexed":"true",
+ "stored":"true", "multiValued":"true", "required":"true",
+ "default":"__nosecurity__" },
+ { "name":"allow_token_parent", "type":"string", "indexed":"true",
+ "stored":"true", "multiValued":"true", "required":"true",
+ "default":"__nosecurity__" },
+ { "name":"allow_token_share", "type":"string", "indexed":"true",
+ "stored":"true", "multiValued":"true", "required":"true",
+ "default":"__nosecurity__" },
+ { "name":"deny_token_document", "type":"string", "indexed":"true",
+ "stored":"true", "multiValued":"true", "required":"true",
+ "default":"__nosecurity__" },
+ { "name":"deny_token_parent", "type":"string", "indexed":"true",
+ "stored":"true", "multiValued":"true", "required":"true",
+ "default":"__nosecurity__" },
+ { "name":"deny_token_share", "type":"string", "indexed":"true",
+ "stored":"true", "multiValued":"true", "required":"true",
+ "default":"__nosecurity__"}
+]}' http://localhost:8983/solr/<collection_name>/schema
+
+Replace <collection_name> with your core or collection name respectively.
+
+The default value of "__nosecurity__" is mandatory because the queries will be
+rewritten to use all of these 6 fields. If a field is missing in the index then
+you will get no results for your search.
+
+Check the field definitions with
+
+curl http://localhost:8983/solr/<collection_name>/schema/fields
+
+
+Using the Query Parser Plugin
+-----------------------------
+
+To set up the query parser plugin, modify your solrconfig.xml to add the query parser:
+
+ <!-- ManifoldCF document security enforcement component -->
+ <queryParser name="manifoldCFSecurity"
+ class="org.apache.solr.mcf.ManifoldCFQParserPlugin">
+ <str name="AuthorityServiceBaseURL">http://localhost:8345/mcf-authority-service</str>
+ <int name="ConnectionPoolSize">50</int>
+ </queryParser>
+
+Hook up the search component in the solrconfig.xml file wherever you want it, e.g.:
+
+<requestHandler name="/select" class="solr.SearchHandler">
+ <lst name="appends">
+ <str name="fq">{!manifoldCFSecurity}</str>
+ </lst>
+ ...
+</requestHandler>
+
+
+Using the Search Component
+--------------------------
+
+To set up the search component, modify your solrconfig.xml to add the search component:
+
+ <!-- ManifoldCF document security enforcement component -->
+ <searchComponent name="manifoldCFSecurity"
+ class="org.apache.solr.mcf.ManifoldCFSearchComponent">
+ <str name="AuthorityServiceBaseURL">http://localhost:8345/mcf-authority-service</str>
+ <int name="ConnectionPoolSize">50</int>
+ </searchComponent>
+
+Hook up the search component in the solrconfig.xml file wherever you want it, e.g.:
+
+<requestHandler name="/select" class="solr.SearchHandler">
+ <arr name="last-components">
+ <str>manifoldCFSecurity</str>
+ </arr>
+ ...
+</requestHandler>
+
+
+Supplying authenticated usernames and domains
+----------------------------------------------
+
+This component looks for the following parameters in the Solr request object:
+
+AuthenticatedUserName
+AuthenticatedUserDomain
+AuthenticatedUserName_XX
+AuthenticatedUserDomain_XX
+
+At a minimum, AuthenticatedUserName must be present in order for the component to communicate with
+the ManifoldCF Authority Service and obtain user access tokens. In that case, the user identity will consist
+of one user and one authorization domain. If AuthenticatedUserDomain is not set, then the authorization domain
+chosen will be the standard default domain, an empty string.
+
+If you need multiple user/domain tuples for the user identity, you may pass these as parameter pairs starting with
+AuthenticatedUserName_0 and AuthenticatedUserDomain_0, and counting up as high as you like.
+
+Operation in conjunction with mod-authz-annotate
+------------------------------------------------
+
+An optional component of ManifoldCF can be built and deployed as part of Apache - mod-authz-annotate. The
+mod-authz-annotate module obtains the Kerberos principal from the Kerberos tickets present if mod-auth-kerb is used, and uses
+the MCF Authority Service to look up the appropriate access tokens. If you choose to use that architecture,
+you will still need to use this Solr component to modify the user query. All you have to do is the following:
+
+- Make sure you do not set AuthenticatedUserName or AuthenticatedUserName_0 in the request
+- Make sure the HTTP request from Apache to Solr translates all AAAGRP header values into "UserToken" parameters
+ for the Solr request
+
+
+
+Licensing
+---------
+
+Apache ManifoldCF Plugin for Apache Solr 6.x is licensed under the
+Apache License 2.0. See the files called LICENSE.txt and NOTICE.txt
+for more information.
+
+Cryptographic Software Notice
+-----------------------------
+
+This distribution may include software that has been designed for use
+with cryptographic software. The country in which you currently reside
+may have restrictions on the import, possession, use, and/or re-export
+to another country, of encryption software. BEFORE using any encryption
+software, please check your country's laws, regulations and policies
+concerning the import, possession, or use, and re-export of encryption
+software, to see if this is permitted. See <http://www.wassenaar.org/>
+for more information.
+
+The U.S. Government Department of Commerce, Bureau of Industry and
+Security (BIS), has classified this software as Export Commodity
+Control Number (ECCN) 5D002.C.1, which includes information security
+software using or performing cryptographic functions with asymmetric
+algorithms. The form and manner of this Apache Software Foundation
+distribution makes it eligible for export under the License Exception
+ENC Technology Software Unrestricted (TSU) exception (see the BIS
+Export Administration Regulations, Section 740.13) for both object
+code and source code.
+
+The following provides more details on the included software that
+may be subject to export controls on cryptographic software:
+
+ The Apache ManifoldCF Solr 6.x Plugin does not include any
+ implementation or usage of cryptographic software at this time.
+
+Contact
+-------
+
+ o For general information visit the main project site at
+ http://manifoldcf.apache.org
+
diff --git a/trunk/pom.xml b/trunk/pom.xml
new file mode 100644
index 0000000..8611111
--- /dev/null
+++ b/trunk/pom.xml
@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.manifoldcf.solr</groupId>
+
+ <name>ManifoldCF Solr 6.x Plugin</name>
+ <artifactId>apache-manifoldcf-solr-6.x-plugin</artifactId>
+ <version>2.3-SNAPSHOT</version>
+ <packaging>jar</packaging>
+ <description>ManifoldCF Plugin for Apache Solr 6.x</description>
+ <inceptionYear>2016</inceptionYear>
+
+ <organization>
+ <name>The Apache Software Foundation</name>
+ <url>http://www.apache.org/</url>
+ </organization>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <solr.version>6.3.0</solr.version>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.solr</groupId>
+ <artifactId>solr-test-framework</artifactId>
+ <version>${solr.version}</version>
+ <type>jar</type>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.solr</groupId>
+ <artifactId>solr-core</artifactId>
+ <version>${solr.version}</version>
+ <type>jar</type>
+ <scope>compile</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <version>1.1.1</version>
+ <type>jar</type>
+ <scope>test</scope>
+ </dependency>
+
+ </dependencies>
+
+ <build>
+
+ <plugins>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.18.1</version>
+ <configuration>
+ <argLine>-Xmx1024m</argLine>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>3.5.1</version>
+ <configuration>
+ <encoding>utf-8</encoding>
+ <source>1.8</source>
+ <target>1.8</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <archive>
+ <manifestEntries>
+ <Specification-Title>${project.name}</Specification-Title>
+ <Specification-Version>${project.version}</Specification-Version>
+ <Specification-Vendor>The Apache Software Foundation</Specification-Vendor>
+ <Implementation-Title>${project.name}</Implementation-Title>
+ <Implementation-Version>${project.version}</Implementation-Version>
+ <Implementation-Vendor>The Apache Software Foundation</Implementation-Vendor>
+ <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+ <url>${project.url}</url>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>2.6</version>
+ <configuration>
+ <descriptors>
+ <descriptor>src/main/assembly/bin.xml</descriptor>
+ <descriptor>src/main/assembly/src.xml</descriptor>
+ </descriptors>
+ <tarLongFileMode>gnu</tarLongFileMode>
+ </configuration>
+ </plugin>
+
+ </plugins>
+ </build>
+
+</project>
diff --git a/trunk/solr/collection1/conf/managed-schema b/trunk/solr/collection1/conf/managed-schema
new file mode 100644
index 0000000..b33ed66
--- /dev/null
+++ b/trunk/solr/collection1/conf/managed-schema
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Solr managed schema - automatically generated - DO NOT EDIT -->
+<schema name="auth" version="1.6">
+ <uniqueKey>id</uniqueKey>
+ <fieldType name="string" class="solr.StrField"/>
+ <field name="allow_token_document" type="string" default="__nosecurity__" multiValued="true" indexed="true" stored="false"/>
+ <field name="allow_token_parent" type="string" default="__nosecurity__" multiValued="true" indexed="true" stored="false"/>
+ <field name="allow_token_share" type="string" default="__nosecurity__" multiValued="true" indexed="true" stored="false"/>
+ <field name="deny_token_document" type="string" default="__nosecurity__" multiValued="true" indexed="true" stored="false"/>
+ <field name="deny_token_parent" type="string" default="__nosecurity__" multiValued="true" indexed="true" stored="false"/>
+ <field name="deny_token_share" type="string" default="__nosecurity__" multiValued="true" indexed="true" stored="false"/>
+ <field name="id" type="string" indexed="true" required="true" stored="true"/>
+</schema>
\ No newline at end of file
diff --git a/trunk/solr/collection1/conf/schema-auth.xml b/trunk/solr/collection1/conf/schema-auth.xml
new file mode 100644
index 0000000..958d104
--- /dev/null
+++ b/trunk/solr/collection1/conf/schema-auth.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<schema name="auth" version="1.6">
+ <types>
+ <fieldType name="string" class="solr.StrField"/>
+ </types>
+ <fields>
+ <field name="id" type="string" indexed="true" stored="true" required="true"/>
+ <!-- MCF Security fields -->
+ <field name="allow_token_document" type="string" indexed="true" stored="false" multiValued="true" default="__nosecurity__"/>
+ <field name="deny_token_document" type="string" indexed="true" stored="false" multiValued="true" default="__nosecurity__"/>
+ <field name="allow_token_share" type="string" indexed="true" stored="false" multiValued="true" default="__nosecurity__"/>
+ <field name="deny_token_share" type="string" indexed="true" stored="false" multiValued="true" default="__nosecurity__"/>
+ <field name="allow_token_parent" type="string" indexed="true" stored="false" multiValued="true" default="__nosecurity__"/>
+ <field name="deny_token_parent" type="string" indexed="true" stored="false" multiValued="true" default="__nosecurity__"/>
+ </fields>
+ <uniqueKey>id</uniqueKey>
+</schema>
diff --git a/trunk/solr/collection1/conf/solrconfig-auth-load.xml b/trunk/solr/collection1/conf/solrconfig-auth-load.xml
new file mode 100644
index 0000000..4811761
--- /dev/null
+++ b/trunk/solr/collection1/conf/solrconfig-auth-load.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<config>
+
+ <luceneMatchVersion>${tests.luceneMatchVersion:LUCENE_CURRENT}</luceneMatchVersion>
+ <jmx />
+
+ <dataDir>${solr.data.dir:}</dataDir>
+
+ <directoryFactory name="DirectoryFactory" class="${solr.directoryFactory:solr.RAMDirectoryFactory}"/>
+
+ <updateHandler class="solr.DirectUpdateHandler2">
+ </updateHandler>
+
+ <!-- test MCF Security Filter settings -->
+ <searchComponent name="mcf-param" class="org.apache.solr.mcf.ManifoldCFSearchComponent" >
+ <str name="AuthorityServiceBaseURL">http://localhost:8346/mcf-as</str>
+ <int name="SocketTimeOut">3000</int>
+ <str name="AllowAttributePrefix">aap-</str>
+ <str name="DenyAttributePrefix">dap-</str>
+ </searchComponent>
+
+ <searchComponent name="mcf" class="org.apache.solr.mcf.ManifoldCFSearchComponent" >
+ <str name="AuthorityServiceBaseURL">http://localhost:8346/mcf-as</str>
+ </searchComponent>
+
+ <requestHandler name="/mcf" class="solr.SearchHandler" startup="lazy">
+ <lst name="invariants">
+ <bool name="mcf">true</bool>
+ </lst>
+ <lst name="defaults">
+ <str name="echoParams">all</str>
+ </lst>
+ <arr name="components">
+ <str>query</str>
+ <str>mcf</str>
+ </arr>
+ </requestHandler>
+
+</config>
diff --git a/trunk/solr/collection1/conf/solrconfig-auth-qparser.xml b/trunk/solr/collection1/conf/solrconfig-auth-qparser.xml
new file mode 100644
index 0000000..f1933d5
--- /dev/null
+++ b/trunk/solr/collection1/conf/solrconfig-auth-qparser.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<config>
+
+ <luceneMatchVersion>${tests.luceneMatchVersion:LUCENE_CURRENT}</luceneMatchVersion>
+ <jmx />
+
+ <dataDir>${solr.data.dir:}</dataDir>
+
+ <directoryFactory name="DirectoryFactory" class="${solr.directoryFactory:solr.RAMDirectoryFactory}"/>
+
+ <updateHandler class="solr.DirectUpdateHandler2">
+ </updateHandler>
+
+ <!-- test MCF Security Filter settings -->
+ <queryParser name="mcf-security_param" class="org.apache.solr.mcf.ManifoldCFQParserPlugin" >
+ <str name="AuthorityServiceBaseURL">http://localhost:8347/mcf-as</str>
+ <int name="SocketTimeOut">3000</int>
+ <str name="AllowAttributePrefix">aap-</str>
+ <str name="DenyAttributePrefix">dap-</str>
+ </queryParser>
+
+ <queryParser name="mcf_security" class="org.apache.solr.mcf.ManifoldCFQParserPlugin" >
+ <str name="AuthorityServiceBaseURL">http://localhost:8347/mcf-as</str>
+ </queryParser>
+
+ <requestHandler name="/mcf" class="solr.SearchHandler" startup="lazy">
+ <lst name="invariants">
+ <bool name="mcf">true</bool>
+ </lst>
+ <lst name="defaults">
+ <str name="echoParams">all</str>
+ </lst>
+ <lst name="appends">
+ <str name="fq">{!mcf_security}</str>
+ </lst>
+ <arr name="components">
+ <str>query</str>
+ </arr>
+ </requestHandler>
+
+</config>
diff --git a/trunk/solr/collection1/conf/solrconfig-auth.xml b/trunk/solr/collection1/conf/solrconfig-auth.xml
new file mode 100644
index 0000000..0f9faec
--- /dev/null
+++ b/trunk/solr/collection1/conf/solrconfig-auth.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<config>
+
+ <luceneMatchVersion>${tests.luceneMatchVersion:LUCENE_CURRENT}</luceneMatchVersion>
+ <jmx />
+
+ <dataDir>${solr.data.dir:}</dataDir>
+
+ <directoryFactory name="DirectoryFactory" class="${solr.directoryFactory:solr.RAMDirectoryFactory}"/>
+
+ <updateHandler class="solr.DirectUpdateHandler2">
+ </updateHandler>
+
+ <!-- test MCF Security Filter settings -->
+ <searchComponent name="mcf-param" class="org.apache.solr.mcf.ManifoldCFSearchComponent" >
+ <str name="AuthorityServiceBaseURL">http://localhost:8345/mcf-as</str>
+ <int name="SocketTimeOut">3000</int>
+ <str name="AllowAttributePrefix">aap-</str>
+ <str name="DenyAttributePrefix">dap-</str>
+ </searchComponent>
+
+ <searchComponent name="mcf" class="org.apache.solr.mcf.ManifoldCFSearchComponent" >
+ </searchComponent>
+
+ <requestHandler name="/mcf" class="solr.SearchHandler" startup="lazy">
+ <lst name="invariants">
+ <bool name="mcf">true</bool>
+ </lst>
+ <lst name="defaults">
+ <str name="echoParams">all</str>
+ </lst>
+ <arr name="components">
+ <str>query</str>
+ <str>mcf</str>
+ </arr>
+ </requestHandler>
+
+</config>
diff --git a/trunk/src/main/assembly/bin.xml b/trunk/src/main/assembly/bin.xml
new file mode 100644
index 0000000..8988d4b
--- /dev/null
+++ b/trunk/src/main/assembly/bin.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<assembly>
+ <id>bin</id>
+ <formats>
+ <format>tar.gz</format>
+ <format>zip</format>
+ </formats>
+
+ <fileSets>
+
+ <fileSet>
+ <directory>target</directory>
+ <outputDirectory/>
+ <fileMode>644</fileMode>
+ <directoryMode>755</directoryMode>
+ <includes>
+ <include>${project.artifactId}-${project.version}.jar</include>
+ </includes>
+ </fileSet>
+
+ <fileSet>
+ <directory>.</directory>
+ <outputDirectory/>
+ <fileMode>644</fileMode>
+ <directoryMode>755</directoryMode>
+ <includes>
+ <include>README.txt</include>
+ <include>LICENSE.txt</include>
+ <include>NOTICE.txt</include>
+ <include>CHANGES.txt</include>
+ <include>DEPENDENCIES.txt</include>
+ </includes>
+ </fileSet>
+ </fileSets>
+</assembly>
diff --git a/trunk/src/main/assembly/src.xml b/trunk/src/main/assembly/src.xml
new file mode 100644
index 0000000..e1724af
--- /dev/null
+++ b/trunk/src/main/assembly/src.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<assembly>
+ <id>src</id>
+ <formats>
+ <format>tar.gz</format>
+ <format>zip</format>
+ </formats>
+ <fileSets>
+ <!-- Release materials -->
+ <fileSet>
+ <directory>.</directory>
+ <outputDirectory/>
+ <fileMode>644</fileMode>
+ <directoryMode>755</directoryMode>
+ <excludes>
+ <exclude>KEYS</exclude>
+ <exclude>**/.*</exclude>
+ <exclude>**/.*/**</exclude>
+ <exclude>**/*.iml/**</exclude>
+ <exclude>**/*.patch/**</exclude>
+ <exclude>**/*.sh/**</exclude>
+ <exclude>**/*.bat/**</exclude>
+ <exclude>**/target/**</exclude>
+ <exclude>**/lib/**</exclude>
+ <exclude>**/data/**</exclude>
+ </excludes>
+ </fileSet>
+ </fileSets>
+</assembly>
diff --git a/trunk/src/main/java/org/apache/solr/mcf/ManifoldCFQParserPlugin.java b/trunk/src/main/java/org/apache/solr/mcf/ManifoldCFQParserPlugin.java
new file mode 100644
index 0000000..49cdc14
--- /dev/null
+++ b/trunk/src/main/java/org/apache/solr/mcf/ManifoldCFQParserPlugin.java
@@ -0,0 +1,431 @@
+/**
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.solr.mcf;
+
+import org.apache.http.ParseException;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.config.SocketConfig;
+import org.apache.http.entity.ContentType;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.lucene.index.*;
+import org.apache.lucene.search.*;
+import org.apache.solr.search.QParserPlugin;
+import org.apache.solr.search.QParser;
+import org.apache.solr.common.params.SolrParams;
+import org.apache.solr.common.util.NamedList;
+import org.apache.solr.request.SolrQueryRequest;
+import org.apache.solr.common.SolrException;
+import org.apache.solr.core.CloseHook;
+import org.apache.solr.core.SolrCore;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.HttpResponse;
+import org.apache.http.util.EntityUtils;
+import org.apache.http.impl.client.DefaultRedirectStrategy;
+import org.slf4j.*;
+
+import java.io.*;
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+import java.util.*;
+import java.net.*;
+
+/**
+* Query parser plugin for ManifoldCF-specific document-level access control.
+*/
+public class ManifoldCFQParserPlugin extends QParserPlugin
+{
+ /** The parameter that is supposed to contain the authenticated user name, possibly including the AD domain */
+ static final public String AUTHENTICATED_USER_NAME = "AuthenticatedUserName";
+ /** The parameter that is supposed to contain the MCF authorization domain, if any */
+ static final public String AUTHENTICATED_USER_DOMAIN = "AuthenticatedUserDomain";
+ /** If there are more than one user/domain, this prefix will allow us to get the users... */
+ static final public String AUTHENTICATED_USER_NAME_PREFIX = "AuthenticatedUserName_";
+ /** If there are more than one user/domain, this prefix will allow us to get the authorization domains... */
+ static final public String AUTHENTICATED_USER_DOMAIN_PREFIX = "AuthenticatedUserDomain_";
+
+ /** This parameter is an array of strings, which contain the tokens to use if there is no authenticated user name.
+ * It's meant to work with mod_authz_annotate,
+ * running under Apache */
+ static final public String USER_TOKENS = "UserTokens";
+
+ /** Special token for null security fields */
+ static final public String NOSECURITY_TOKEN = "__nosecurity__";
+
+ /** A logger we can use */
+ private static final Logger LOG = LoggerFactory.getLogger(ManifoldCFQParserPlugin.class);
+
+ // Member variables
+ String authorityBaseURL = null;
+ String fieldAllowDocument = null;
+ String fieldDenyDocument = null;
+ String fieldAllowShare = null;
+ String fieldDenyShare = null;
+ String fieldAllowParent = null;
+ String fieldDenyParent = null;
+ int connectionTimeOut;
+ int socketTimeOut;
+ final Integer connectionManagerSynchronizer = 0;
+ PoolingHttpClientConnectionManager httpConnectionManager = null;
+ HttpClient client = null;
+ int poolSize;
+
+ public ManifoldCFQParserPlugin()
+ {
+ super();
+ }
+
+ @Override
+ public void init(NamedList args)
+ {
+ authorityBaseURL = (String)args.get("AuthorityServiceBaseURL");
+ if (authorityBaseURL == null)
+ authorityBaseURL = "http://localhost:8345/mcf-authority-service";
+ Integer cTimeOut = (Integer)args.get("ConnectionTimeOut");
+ connectionTimeOut = cTimeOut == null ? 60000 : cTimeOut;
+ Integer timeOut = (Integer)args.get("SocketTimeOut");
+ socketTimeOut = timeOut == null ? 300000 : timeOut;
+ String allowAttributePrefix = (String)args.get("AllowAttributePrefix");
+ String denyAttributePrefix = (String)args.get("DenyAttributePrefix");
+ if (allowAttributePrefix == null)
+ allowAttributePrefix = "allow_token_";
+ if (denyAttributePrefix == null)
+ denyAttributePrefix = "deny_token_";
+ fieldAllowDocument = allowAttributePrefix+"document";
+ fieldDenyDocument = denyAttributePrefix+"document";
+ fieldAllowShare = allowAttributePrefix+"share";
+ fieldDenyShare = denyAttributePrefix+"share";
+ fieldAllowParent = allowAttributePrefix+"parent";
+ fieldDenyParent = denyAttributePrefix+"parent";
+ Integer connectionPoolSize = (Integer)args.get("ConnectionPoolSize");
+ poolSize = (connectionPoolSize==null)?50:connectionPoolSize;
+ }
+
+ protected void initializeClient(SolrCore core)
+ {
+ synchronized (connectionManagerSynchronizer)
+ {
+ if (client == null)
+ {
+ // Initialize the connection pool
+ httpConnectionManager = new PoolingHttpClientConnectionManager();
+ httpConnectionManager.setMaxTotal(poolSize);
+ httpConnectionManager.setDefaultMaxPerRoute(poolSize);
+ httpConnectionManager.setDefaultSocketConfig(SocketConfig.custom()
+ .setTcpNoDelay(true)
+ .setSoTimeout(socketTimeOut)
+ .build());
+
+ RequestConfig.Builder requestBuilder = RequestConfig.custom()
+ .setCircularRedirectsAllowed(true)
+ .setSocketTimeout(socketTimeOut)
+ .setStaleConnectionCheckEnabled(true)
+ .setExpectContinueEnabled(true)
+ .setConnectTimeout(connectionTimeOut)
+ .setConnectionRequestTimeout(socketTimeOut);
+
+ HttpClientBuilder clientBuilder = HttpClients.custom()
+ .setConnectionManager(httpConnectionManager)
+ .disableAutomaticRetries()
+ .setDefaultRequestConfig(requestBuilder.build())
+ .setRedirectStrategy(new DefaultRedirectStrategy());
+
+ client = clientBuilder.build();
+
+ core.addCloseHook(new CloseHandler());
+ }
+ }
+ }
+
+ @Override
+ public QParser createParser(String qstr, SolrParams localParams, SolrParams params, SolrQueryRequest req)
+ {
+ initializeClient(req.getCore());
+ return new ManifoldCFQueryParser(qstr,localParams,params,req);
+ }
+
+ protected class ManifoldCFQueryParser extends QParser
+ {
+ public ManifoldCFQueryParser(String qstr, SolrParams localParams, SolrParams params, SolrQueryRequest req)
+ {
+ super(qstr,localParams,params,req);
+ }
+
+ @Override
+ /** Create and return the <code>Query</code> object represented by <code>qstr</code>
+ * @see #getQuery()
+ **/
+ public Query parse()
+ {
+ SolrParams params = req.getParams();
+
+ List<String> userAccessTokens;
+
+ // Map from domain to user
+ Map<String,String> domainMap = new HashMap<>();
+
+ // Get the authenticated user name from the parameters
+ String authenticatedUserName = params.get(AUTHENTICATED_USER_NAME);
+ if (authenticatedUserName != null)
+ {
+ String authenticatedUserDomain = params.get(AUTHENTICATED_USER_DOMAIN);
+ if (authenticatedUserDomain == null)
+ authenticatedUserDomain = "";
+ domainMap.put(authenticatedUserDomain, authenticatedUserName);
+ }
+ else
+ {
+ // Look for user names/domains using the prefix
+ int i = 0;
+ while (true)
+ {
+ String userName = params.get(AUTHENTICATED_USER_NAME_PREFIX+i);
+ String domain = params.get(AUTHENTICATED_USER_DOMAIN_PREFIX+i);
+ if (userName == null)
+ break;
+ if (domain == null)
+ domain = "";
+ domainMap.put(domain,userName);
+ i++;
+ }
+ }
+
+ // If this parameter is empty or does not exist, we have to presume this is a guest, and treat them accordingly
+ if (domainMap.size() == 0)
+ {
+ // No authenticated user name.
+ // mod_authz_annotate may be in use upstream, so look for tokens from it.
+ userAccessTokens = new ArrayList<>();
+ String[] passedTokens = params.getParams(USER_TOKENS);
+ if (passedTokens == null)
+ {
+ // Only return 'public' documents (those with no security tokens at all)
+ LOG.info("Default no-user response (open documents only)");
+ }
+ else
+ {
+ // Only return 'public' documents (those with no security tokens at all)
+ LOG.info("Group tokens received from caller");
+ userAccessTokens.addAll(Arrays.asList(passedTokens));
+ }
+ }
+ else
+ {
+ if(LOG.isInfoEnabled()){
+ StringBuilder sb = new StringBuilder("[");
+ boolean first = true;
+ for (String domain : domainMap.keySet())
+ {
+ if (!first)
+ sb.append(",");
+ else
+ first = false;
+ sb.append(domain).append(":").append(domainMap.get(domain));
+ }
+ sb.append("]");
+ LOG.info("Trying to match docs for user '"+sb.toString()+"'");
+ }
+ // Valid authenticated user name. Look up access tokens for the user.
+ // Check the configuration arguments for validity
+ if (authorityBaseURL == null)
+ {
+ throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Error initializing ManifoldCFSecurityFilter component: 'AuthorityServiceBaseURL' init parameter required");
+ }
+ try
+ {
+ userAccessTokens = getAccessTokens(domainMap);
+ }
+ catch (IOException e)
+ {
+ LOG.error("IO exception communicating with MCF authority service: "+e.getMessage(),e);
+ throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "IO exception communicating with MCF authority service: "+e.getMessage());
+ }
+ }
+
+ BooleanQuery.Builder bq = new BooleanQuery.Builder();
+ //bf.setMaxClauseCount(100000);
+
+ Query allowShareOpen = new TermQuery(new Term(fieldAllowShare,NOSECURITY_TOKEN));
+ Query denyShareOpen = new TermQuery(new Term(fieldDenyShare,NOSECURITY_TOKEN));
+ Query allowParentOpen = new TermQuery(new Term(fieldAllowParent,NOSECURITY_TOKEN));
+ Query denyParentOpen = new TermQuery(new Term(fieldDenyParent,NOSECURITY_TOKEN));
+ Query allowDocumentOpen = new TermQuery(new Term(fieldAllowDocument,NOSECURITY_TOKEN));
+ Query denyDocumentOpen = new TermQuery(new Term(fieldDenyDocument,NOSECURITY_TOKEN));
+
+ if (userAccessTokens.size() == 0)
+ {
+ // Only open documents can be included.
+ // That query is:
+ // (fieldAllowShare is empty AND fieldDenyShare is empty AND fieldAllowDocument is empty AND fieldDenyDocument is empty)
+ // We're trying to map to: -(fieldAllowShare:*) , which should be pretty efficient in Solr because it is negated. If this turns out not to be so, then we should
+ // have the SolrConnector inject a special token into these fields when they otherwise would be empty, and we can trivially match on that token.
+ bq.add(allowShareOpen,BooleanClause.Occur.MUST);
+ bq.add(denyShareOpen,BooleanClause.Occur.MUST);
+ bq.add(allowParentOpen,BooleanClause.Occur.MUST);
+ bq.add(denyParentOpen,BooleanClause.Occur.MUST);
+ bq.add(allowDocumentOpen,BooleanClause.Occur.MUST);
+ bq.add(denyDocumentOpen,BooleanClause.Occur.MUST);
+ }
+ else
+ {
+ // Extend the query appropriately for each user access token.
+ bq.add(calculateCompleteSubquery(fieldAllowShare,fieldDenyShare,allowShareOpen,denyShareOpen,userAccessTokens),
+ BooleanClause.Occur.MUST);
+ bq.add(calculateCompleteSubquery(fieldAllowParent,fieldDenyParent,allowParentOpen,denyParentOpen,userAccessTokens),
+ BooleanClause.Occur.MUST);
+ bq.add(calculateCompleteSubquery(fieldAllowDocument,fieldDenyDocument,allowDocumentOpen,denyDocumentOpen,userAccessTokens),
+ BooleanClause.Occur.MUST);
+ }
+
+ return new ConstantScoreQuery(bq.build());
+ }
+
+ /** Calculate a complete subclause, representing something like:
+ * ((fieldAllowShare is empty AND fieldDenyShare is empty) OR fieldAllowShare HAS token1 OR fieldAllowShare HAS token2 ...)
+ * AND fieldDenyShare DOESN'T_HAVE token1 AND fieldDenyShare DOESN'T_HAVE token2 ...
+ */
+ protected Query calculateCompleteSubquery(String allowField, String denyField, Query allowOpen, Query denyOpen, List<String> userAccessTokens)
+ {
+ BooleanQuery.Builder bq = new BooleanQuery.Builder();
+ BooleanQuery.setMaxClauseCount(1000000);
+
+ // Add the empty-acl case
+ BooleanQuery.Builder subUnprotectedClause = new BooleanQuery.Builder();
+ subUnprotectedClause.add(allowOpen,BooleanClause.Occur.MUST);
+ subUnprotectedClause.add(denyOpen,BooleanClause.Occur.MUST);
+ bq.add(subUnprotectedClause.build(),BooleanClause.Occur.SHOULD);
+ for (String accessToken : userAccessTokens)
+ {
+ bq.add(new TermQuery(new Term(allowField,accessToken)),BooleanClause.Occur.SHOULD);
+ bq.add(new TermQuery(new Term(denyField,accessToken)),BooleanClause.Occur.MUST_NOT);
+ }
+ return bq.build();
+ }
+
+ // Protected methods
+
+ /** Get access tokens given a username */
+ protected List<String> getAccessTokens(Map<String,String> domainMap)
+ throws IOException
+ {
+ // We can make this more complicated later, with support for https etc., but this is enough to demonstrate how it all should work.
+ StringBuilder urlBuffer = new StringBuilder(authorityBaseURL);
+ urlBuffer.append("/UserACLs");
+ int i = 0;
+ for (String domain : domainMap.keySet())
+ {
+ if (i == 0)
+ urlBuffer.append("?");
+ else
+ urlBuffer.append("&");
+ // For backwards compatibility, handle the singleton case specially
+ if (domainMap.size() == 1 && domain.length() == 0)
+ {
+ urlBuffer.append("username=").append(URLEncoder.encode(domainMap.get(domain),"utf-8"));
+ }
+ else
+ {
+ urlBuffer.append("username_").append(Integer.toString(i)).append("=").append(URLEncoder.encode(domainMap.get(domain),"utf-8")).append("&")
+ .append("domain_").append(Integer.toString(i)).append("=").append(URLEncoder.encode(domain,"utf-8"));
+ }
+ i++;
+ }
+ String theURL = urlBuffer.toString();
+
+ HttpGet method = new HttpGet(theURL);
+ try
+ {
+ HttpResponse httpResponse = client.execute(method);
+ int rval = httpResponse.getStatusLine().getStatusCode();
+ if (rval != 200)
+ {
+ String response = EntityUtils.toString(httpResponse.getEntity(), StandardCharsets.UTF_8);
+ throw new SolrException(SolrException.ErrorCode.SERVER_ERROR,"Couldn't fetch user's access tokens from ManifoldCF authority service: "+Integer.toString(rval)+"; "+response);
+ }
+
+ try(InputStream is = httpResponse.getEntity().getContent())
+ {
+ Charset charSet;
+ try
+ {
+ ContentType ct = ContentType.get(httpResponse.getEntity());
+ if (ct == null)
+ charSet = StandardCharsets.UTF_8;
+ else
+ charSet = ct.getCharset();
+ }catch (ParseException e){
+ charSet = StandardCharsets.UTF_8;
+ }
+
+ try( Reader r = new InputStreamReader(is,charSet); BufferedReader br = new BufferedReader(r)) {
+ // Read the tokens, one line at a time. If any authorities are down, we have no current way to note that, but someday we will.
+ List<String> tokenList = new ArrayList<>();
+ while (true) {
+ String line = br.readLine();
+ if (line == null)
+ break;
+ if (line.startsWith("TOKEN:")) {
+ tokenList.add(line.substring("TOKEN:".length()));
+ } else {
+ // It probably says something about the state of the authority(s) involved, so log it
+ LOG.info("Saw authority response " + line);
+ }
+ }
+ return tokenList;
+ }
+ }
+ }
+ finally
+ {
+ method.abort();
+ }
+ }
+ }
+
+ /** CloseHook implementation.
+ */
+ protected class CloseHandler extends CloseHook
+ {
+ public CloseHandler()
+ {
+ }
+
+ @Override
+ public void preClose(SolrCore core)
+ {
+ }
+
+ @Override
+ public void postClose(SolrCore core)
+ {
+ synchronized (connectionManagerSynchronizer)
+ {
+ // Close the connection pool
+ if (httpConnectionManager != null)
+ {
+ httpConnectionManager.shutdown();
+ httpConnectionManager = null;
+ client = null;
+ }
+ }
+ }
+
+ }
+
+}
\ No newline at end of file
diff --git a/trunk/src/main/java/org/apache/solr/mcf/ManifoldCFSearchComponent.java b/trunk/src/main/java/org/apache/solr/mcf/ManifoldCFSearchComponent.java
new file mode 100644
index 0000000..8af4fdc
--- /dev/null
+++ b/trunk/src/main/java/org/apache/solr/mcf/ManifoldCFSearchComponent.java
@@ -0,0 +1,472 @@
+/**
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.solr.mcf;
+
+import org.apache.http.ParseException;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.config.SocketConfig;
+import org.apache.http.entity.ContentType;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.lucene.index.*;
+import org.apache.lucene.search.*;
+import org.apache.solr.common.SolrException;
+import org.apache.solr.common.params.CommonParams;
+import org.apache.solr.common.params.ShardParams;
+import org.apache.solr.common.params.SolrParams;
+import org.apache.solr.common.util.NamedList;
+import org.apache.solr.handler.component.ResponseBuilder;
+import org.apache.solr.handler.component.SearchComponent;
+import org.apache.solr.core.CloseHook;
+import org.apache.solr.util.plugin.SolrCoreAware;
+import org.apache.solr.core.SolrCore;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.HttpResponse;
+import org.apache.http.util.EntityUtils;
+import org.apache.http.impl.client.DefaultRedirectStrategy;
+import org.slf4j.*;
+
+import java.io.*;
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+import java.util.*;
+import java.net.*;
+
+/**
+* SearchComponent plugin for ManifoldCF-specific document-level access control.
+* Configuration is under the SolrACLSecurity name.
+*/
+public class ManifoldCFSearchComponent extends SearchComponent implements SolrCoreAware
+{
+ /** The component name */
+ static final public String COMPONENT_NAME = "mcf";
+ /** The parameter that is supposed to contain the authenticated user name, possibly including the AD domain */
+ static final public String AUTHENTICATED_USER_NAME = "AuthenticatedUserName";
+ /** The parameter that is supposed to contain the MCF authorization domain, if any */
+ static final public String AUTHENTICATED_USER_DOMAIN = "AuthenticatedUserDomain";
+ /** If there are more than one user/domain, this prefix will allow us to get the users... */
+ static final public String AUTHENTICATED_USER_NAME_PREFIX = "AuthenticatedUserName_";
+ /** If there are more than one user/domain, this prefix will allow us to get the authorization domains... */
+ static final public String AUTHENTICATED_USER_DOMAIN_PREFIX = "AuthenticatedUserDomain_";
+
+ /** This parameter is an array of strings, which contain the tokens to use if there is no authenticated user name.
+ * It's meant to work with mod_authz_annotate,
+ * running under Apache */
+ static final public String USER_TOKENS = "UserTokens";
+
+ /** Special token for null security fields */
+ static final public String NOSECURITY_TOKEN = "__nosecurity__";
+
+ /** The queries that we will not attempt to interfere with */
+ static final private String[] globalAllowed = { "solrpingquery" };
+
+ /** A logger we can use */
+ private static final Logger LOG = LoggerFactory.getLogger(ManifoldCFSearchComponent.class);
+
+ // Member variables
+ String authorityBaseURL = null;
+ String fieldAllowDocument = null;
+ String fieldDenyDocument = null;
+ String fieldAllowShare = null;
+ String fieldDenyShare = null;
+ String fieldAllowParent = null;
+ String fieldDenyParent = null;
+ int connectionTimeOut;
+ int socketTimeOut;
+ PoolingHttpClientConnectionManager httpConnectionManager = null;
+ HttpClient client = null;
+ int poolSize;
+
+ public ManifoldCFSearchComponent()
+ {
+ super();
+ }
+
+ @Override
+ public void init(NamedList args)
+ {
+ super.init(args);
+ authorityBaseURL = (String)args.get("AuthorityServiceBaseURL");
+ if (authorityBaseURL == null)
+ {
+ LOG.info("USING DEFAULT BASE URL!!");
+ authorityBaseURL = "http://localhost:8345/mcf-authority-service";
+ }
+ Integer cTimeOut = (Integer)args.get("ConnectionTimeOut");
+ connectionTimeOut = cTimeOut == null ? 60000 : cTimeOut;
+ Integer timeOut = (Integer)args.get("SocketTimeOut");
+ socketTimeOut = timeOut == null ? 300000 : timeOut;
+ String allowAttributePrefix = (String)args.get("AllowAttributePrefix");
+ String denyAttributePrefix = (String)args.get("DenyAttributePrefix");
+ if (allowAttributePrefix == null)
+ allowAttributePrefix = "allow_token_";
+ if (denyAttributePrefix == null)
+ denyAttributePrefix = "deny_token_";
+ fieldAllowDocument = allowAttributePrefix+"document";
+ fieldDenyDocument = denyAttributePrefix+"document";
+ fieldAllowShare = allowAttributePrefix+"share";
+ fieldDenyShare = denyAttributePrefix+"share";
+ fieldAllowParent = allowAttributePrefix+"parent";
+ fieldDenyParent = denyAttributePrefix+"parent";
+ Integer connectionPoolSize = (Integer)args.get("ConnectionPoolSize");
+ poolSize = (connectionPoolSize==null)?50:connectionPoolSize;
+
+ // Initialize the connection pool
+ httpConnectionManager = new PoolingHttpClientConnectionManager();
+ httpConnectionManager.setMaxTotal(poolSize);
+ httpConnectionManager.setDefaultMaxPerRoute(poolSize);
+ httpConnectionManager.setDefaultSocketConfig(SocketConfig.custom()
+ .setTcpNoDelay(true)
+ .setSoTimeout(socketTimeOut)
+ .build());
+
+ RequestConfig.Builder requestBuilder = RequestConfig.custom()
+ .setCircularRedirectsAllowed(true)
+ .setSocketTimeout(socketTimeOut)
+ .setStaleConnectionCheckEnabled(true)
+ .setExpectContinueEnabled(true)
+ .setConnectTimeout(connectionTimeOut)
+ .setConnectionRequestTimeout(socketTimeOut);
+
+ HttpClientBuilder clientBuilder = HttpClients.custom()
+ .setConnectionManager(httpConnectionManager)
+ .disableAutomaticRetries()
+ .setDefaultRequestConfig(requestBuilder.build())
+ .setRedirectStrategy(new DefaultRedirectStrategy());
+
+ client = clientBuilder.build();
+
+ }
+
+ @Override
+ public void prepare(ResponseBuilder rb) throws IOException
+ {
+ SolrParams params = rb.req.getParams();
+ if (!params.getBool(COMPONENT_NAME, true) || params.get(ShardParams.SHARDS) != null)
+ return;
+
+ // Log that we got here
+ //LOG.info("prepare() entry params:\n" + params + "\ncontext: " + rb.req.getContext());
+
+ String qry = params.get(CommonParams.Q);
+ if (qry != null)
+ {
+ //Check global allowed searches
+ for (String ga : globalAllowed)
+ {
+ if (qry.equalsIgnoreCase(ga.trim()))
+ // Allow this query through unchanged
+ return;
+ }
+ }
+
+ List<String> userAccessTokens;
+
+ // Map from domain to user
+ Map<String,String> domainMap = new HashMap<>();
+
+ // Get the authenticated user name from the parameters
+ String authenticatedUserName = params.get(AUTHENTICATED_USER_NAME);
+ if (authenticatedUserName != null)
+ {
+ String authenticatedUserDomain = params.get(AUTHENTICATED_USER_DOMAIN);
+ if (authenticatedUserDomain == null)
+ authenticatedUserDomain = "";
+ domainMap.put(authenticatedUserDomain, authenticatedUserName);
+ }
+ else
+ {
+ // Look for user names/domains using the prefix
+ int i = 0;
+ while (true)
+ {
+ String userName = params.get(AUTHENTICATED_USER_NAME_PREFIX+i);
+ String domain = params.get(AUTHENTICATED_USER_DOMAIN_PREFIX+i);
+ if (userName == null)
+ break;
+ if (domain == null)
+ domain = "";
+ domainMap.put(domain,userName);
+ i++;
+ }
+ }
+
+ // If this parameter is empty or does not exist, we have to presume this is a guest, and treat them accordingly
+ if (domainMap.size() == 0)
+ {
+ // No authenticated user name.
+ // mod_authz_annotate may be in use upstream, so look for tokens from it.
+ userAccessTokens = new ArrayList<>();
+ String[] passedTokens = params.getParams(USER_TOKENS);
+ if (passedTokens == null)
+ {
+ // Only return 'public' documents (those with no security tokens at all)
+ LOG.info("Default no-user response (open documents only)");
+ }
+ else
+ {
+ // Only return 'public' documents (those with no security tokens at all)
+ LOG.info("Group tokens received from caller");
+ userAccessTokens.addAll(Arrays.asList(passedTokens));
+ }
+ }
+ else
+ {
+ if(LOG.isInfoEnabled()){
+ StringBuilder sb = new StringBuilder("[");
+ boolean first = true;
+ for (String domain : domainMap.keySet())
+ {
+ if (!first)
+ sb.append(",");
+ else
+ first = false;
+ sb.append(domain).append(":").append(domainMap.get(domain));
+ }
+ sb.append("]");
+ LOG.info("Trying to match docs for user '"+sb.toString()+"'");
+ }
+ // Valid authenticated user name. Look up access tokens for the user.
+ // Check the configuration arguments for validity
+ if (authorityBaseURL == null)
+ {
+ throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Error initializing ManifoldCFSecurityFilter component: 'AuthorityServiceBaseURL' init parameter required");
+ }
+ userAccessTokens = getAccessTokens(domainMap);
+ }
+
+ BooleanQuery.Builder bq = new BooleanQuery.Builder();
+ //bf.setMaxClauseCount(100000);
+
+ Query allowShareOpen = new TermQuery(new Term(fieldAllowShare,NOSECURITY_TOKEN));
+ Query denyShareOpen = new TermQuery(new Term(fieldDenyShare,NOSECURITY_TOKEN));
+ Query allowParentOpen = new TermQuery(new Term(fieldAllowParent,NOSECURITY_TOKEN));
+ Query denyParentOpen = new TermQuery(new Term(fieldDenyParent,NOSECURITY_TOKEN));
+ Query allowDocumentOpen = new TermQuery(new Term(fieldAllowDocument,NOSECURITY_TOKEN));
+ Query denyDocumentOpen = new TermQuery(new Term(fieldDenyDocument,NOSECURITY_TOKEN));
+
+ if (userAccessTokens.size() == 0)
+ {
+ // Only open documents can be included.
+ // That query is:
+ // (fieldAllowShare is empty AND fieldDenyShare is empty AND fieldAllowDocument is empty AND fieldDenyDocument is empty)
+ // We're trying to map to: -(fieldAllowShare:*) , which should be pretty efficient in Solr because it is negated. If this turns out not to be so, then we should
+ // have the SolrConnector inject a special token into these fields when they otherwise would be empty, and we can trivially match on that token.
+ bq.add(allowShareOpen,BooleanClause.Occur.MUST);
+ bq.add(denyShareOpen,BooleanClause.Occur.MUST);
+ bq.add(allowParentOpen,BooleanClause.Occur.MUST);
+ bq.add(denyParentOpen,BooleanClause.Occur.MUST);
+ bq.add(allowDocumentOpen,BooleanClause.Occur.MUST);
+ bq.add(denyDocumentOpen,BooleanClause.Occur.MUST);
+ }
+ else
+ {
+ // Extend the query appropriately for each user access token.
+ bq.add(calculateCompleteSubquery(fieldAllowShare,fieldDenyShare,allowShareOpen,denyShareOpen,userAccessTokens),
+ BooleanClause.Occur.MUST);
+ bq.add(calculateCompleteSubquery(fieldAllowParent,fieldDenyParent,allowParentOpen,denyParentOpen,userAccessTokens),
+ BooleanClause.Occur.MUST);
+ bq.add(calculateCompleteSubquery(fieldAllowDocument,fieldDenyDocument,allowDocumentOpen,denyDocumentOpen,userAccessTokens),
+ BooleanClause.Occur.MUST);
+ }
+
+ // Concatenate with the user's original query.
+ List<Query> list = rb.getFilters();
+ if (list == null)
+ {
+ list = new ArrayList<>();
+ rb.setFilters(list);
+ }
+ list.add(new ConstantScoreQuery(bq.build()));
+ }
+
+ @Override
+ public void process(ResponseBuilder rb) throws IOException
+ {
+ //LOG.info("process() called");
+ }
+
+ /** Calculate a complete subclause, representing something like:
+ * ((fieldAllowShare is empty AND fieldDenyShare is empty) OR fieldAllowShare HAS token1 OR fieldAllowShare HAS token2 ...)
+ * AND fieldDenyShare DOESN'T_HAVE token1 AND fieldDenyShare DOESN'T_HAVE token2 ...
+ */
+ protected Query calculateCompleteSubquery(String allowField, String denyField, Query allowOpen, Query denyOpen, List<String> userAccessTokens)
+ {
+ BooleanQuery.Builder bq = new BooleanQuery.Builder();
+ BooleanQuery.setMaxClauseCount(1000000);
+
+ // Add the empty-acl case
+ BooleanQuery.Builder subUnprotectedClause = new BooleanQuery.Builder();
+ subUnprotectedClause.add(allowOpen,BooleanClause.Occur.MUST);
+ subUnprotectedClause.add(denyOpen,BooleanClause.Occur.MUST);
+ bq.add(subUnprotectedClause.build(),BooleanClause.Occur.SHOULD);
+ for (String accessToken : userAccessTokens)
+ {
+ bq.add(new TermQuery(new Term(allowField,accessToken)),BooleanClause.Occur.SHOULD);
+ bq.add(new TermQuery(new Term(denyField,accessToken)),BooleanClause.Occur.MUST_NOT);
+ }
+ return bq.build();
+ }
+
+ //---------------------------------------------------------------------------------
+ // SolrInfoMBean
+ //---------------------------------------------------------------------------------
+ @Override
+ public String getDescription()
+ {
+ return "ManifoldCF Solr security enforcement plugin";
+ }
+
+ @Override
+ public String getVersion()
+ {
+ return "$Revision$";
+ }
+
+ @Override
+ public Category getCategory()
+ {
+ return Category.QUERYHANDLER;
+ }
+
+ @Override
+ public String getSource()
+ {
+ return "$URL$";
+ }
+
+ @Override
+ public void inform(SolrCore core)
+ {
+ core.addCloseHook(new CloseHandler());
+ }
+
+ // Protected methods
+
+ /** Get access tokens given a username */
+ protected List<String> getAccessTokens(Map<String,String> domainMap)
+ throws IOException
+ {
+ // We can make this more complicated later, with support for https etc., but this is enough to demonstrate how it all should work.
+ StringBuilder urlBuffer = new StringBuilder(authorityBaseURL);
+ urlBuffer.append("/UserACLs");
+ int i = 0;
+ for (String domain : domainMap.keySet())
+ {
+ if (i == 0)
+ urlBuffer.append("?");
+ else
+ urlBuffer.append("&");
+ // For backwards compatibility, handle the singleton case specially
+ if (domainMap.size() == 1 && domain.length() == 0)
+ {
+ urlBuffer.append("username=").append(URLEncoder.encode(domainMap.get(domain),"utf-8"));
+ }
+ else
+ {
+ urlBuffer.append("username_").append(Integer.toString(i)).append("=").append(URLEncoder.encode(domainMap.get(domain),"utf-8")).append("&")
+ .append("domain_").append(Integer.toString(i)).append("=").append(URLEncoder.encode(domain,"utf-8"));
+ }
+ i++;
+ }
+ String theURL = urlBuffer.toString();
+
+ HttpGet method = new HttpGet(theURL);
+ try
+ {
+ HttpResponse httpResponse = client.execute(method);
+ int rval = httpResponse.getStatusLine().getStatusCode();
+ if (rval != 200)
+ {
+ String response = EntityUtils.toString(httpResponse.getEntity(), StandardCharsets.UTF_8);
+ throw new SolrException(SolrException.ErrorCode.SERVER_ERROR,"Couldn't fetch user's access tokens from ManifoldCF authority service: "+Integer.toString(rval)+"; "+response);
+ }
+
+ try(InputStream is = httpResponse.getEntity().getContent())
+ {
+ Charset charSet;
+ try
+ {
+ ContentType ct = ContentType.get(httpResponse.getEntity());
+ if (ct == null)
+ charSet = StandardCharsets.UTF_8;
+ else
+ charSet = ct.getCharset();
+ }catch (ParseException e){
+ charSet = StandardCharsets.UTF_8;
+ }
+
+
+ try(Reader r = new InputStreamReader(is,charSet); BufferedReader br = new BufferedReader(r))
+ {
+ // Read the tokens, one line at a time. If any authorities are down, we have no current way to note that, but someday we will.
+ List<String> tokenList = new ArrayList<>();
+ while (true)
+ {
+ String line = br.readLine();
+ if (line == null)
+ break;
+ if (line.startsWith("TOKEN:"))
+ {
+ tokenList.add(line.substring("TOKEN:".length()));
+ }
+ else
+ {
+ // It probably says something about the state of the authority(s) involved, so log it
+ LOG.info("Saw authority response "+line);
+ }
+ }
+ return tokenList;
+ }
+ }
+ }
+ finally
+ {
+ method.abort();
+ }
+ }
+
+ /** CloseHook implementation.
+ */
+ protected class CloseHandler extends CloseHook
+ {
+ public CloseHandler()
+ {
+ }
+
+ @Override
+ public void preClose(SolrCore core)
+ {
+ }
+
+ @Override
+ public void postClose(SolrCore core)
+ {
+ // Close the connection pool
+ if (httpConnectionManager != null)
+ {
+ httpConnectionManager.shutdown();
+ httpConnectionManager = null;
+ client = null;
+ }
+ }
+
+ }
+
+}
\ No newline at end of file
diff --git a/trunk/src/test/java/org/apache/solr/mcf/ManifoldCFQParserPluginTest.java b/trunk/src/test/java/org/apache/solr/mcf/ManifoldCFQParserPluginTest.java
new file mode 100644
index 0000000..17d4018
--- /dev/null
+++ b/trunk/src/test/java/org/apache/solr/mcf/ManifoldCFQParserPluginTest.java
@@ -0,0 +1,186 @@
+/**
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package org.apache.solr.mcf;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.solr.SolrTestCaseJ4;
+import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import org.eclipse.jetty.server.handler.ContextHandlerCollection;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.servlet.ServletHolder;
+
+@SuppressSSL
+public class ManifoldCFQParserPluginTest extends SolrTestCaseJ4 {
+
+ static MockMCFAuthorityService service;
+
+ @BeforeClass
+ public static void beforeClass() throws Exception {
+ initCore("solrconfig-auth-qparser.xml","schema-auth.xml");
+ service = new MockMCFAuthorityService();
+ service.start();
+
+ // | share | document
+ // |--------------|--------------
+ // | allow | deny | allow | deny
+ // ------------+-------+------+-------+------
+ // da12 | | | 1, 2 |
+ // ------------+-------+------+-------+------
+ // da13-dd3 | | | 1,3 | 3
+ // ------------+-------+------+-------+------
+ // sa123-sd13 | 1,2,3 | 1, 3 | |
+ // ------------+-------+------+-------+------
+ // sa3-sd1-da23| 3 | 1 | 2,3 |
+ // ------------+-------+------+-------+------
+ // notoken | | | |
+ // ------------+-------+------+-------+------
+ //
+ assertU(adoc("id", "da12", "allow_token_document", "token1", "allow_token_document", "token2"));
+ assertU(adoc("id", "da13-dd3", "allow_token_document", "token1", "allow_token_document", "token3", "deny_token_document", "token3"));
+ assertU(adoc("id", "sa123-sd13", "allow_token_share", "token1", "allow_token_share", "token2", "allow_token_share", "token3", "deny_token_share", "token1", "deny_token_share", "token3"));
+ assertU(adoc("id", "sa3-sd1-da23", "allow_token_document", "token2", "allow_token_document", "token3", "allow_token_share", "token3", "deny_token_share", "token1"));
+ assertU(adoc("id", "notoken"));
+ assertU(commit());
+ }
+
+ @AfterClass
+ public static void afterClass() throws Exception {
+ service.stop();
+ }
+
+ @Test
+ public void testNullUsers() throws Exception {
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id"),
+ "//*[@numFound='1']",
+ "//result/doc[1]/str[@name='id'][.='notoken']");
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "anonymous"),
+ "//*[@numFound='1']",
+ "//result/doc[1]/str[@name='id'][.='notoken']");
+ }
+
+ // da12
+ // da13-dd3
+ // sa123-sd13
+ // sa3-sd1-da23
+ // notoken
+ @Test
+ public void testAuthUsers() throws Exception {
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "user1"),
+ "//*[@numFound='3']",
+ "//result/doc[1]/str[@name='id'][.='da12']",
+ "//result/doc[2]/str[@name='id'][.='da13-dd3']",
+ "//result/doc[3]/str[@name='id'][.='notoken']");
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "user2"),
+ "//*[@numFound='3']",
+ "//result/doc[1]/str[@name='id'][.='da12']",
+ "//result/doc[2]/str[@name='id'][.='da13-dd3']",
+ "//result/doc[3]/str[@name='id'][.='notoken']");
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "user3"),
+ "//*[@numFound='2']",
+ "//result/doc[1]/str[@name='id'][.='da12']",
+ "//result/doc[2]/str[@name='id'][.='notoken']");
+ }
+
+ // da12
+ // da13-dd3
+ // sa123-sd13
+ // sa3-sd1-da23
+ // notoken
+ @Test
+ public void testUserTokens() throws Exception {
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "UserTokens", "token1"),
+ "//*[@numFound='3']",
+ "//result/doc[1]/str[@name='id'][.='da12']",
+ "//result/doc[2]/str[@name='id'][.='da13-dd3']",
+ "//result/doc[3]/str[@name='id'][.='notoken']");
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "UserTokens", "token2"),
+ "//*[@numFound='3']",
+ "//result/doc[1]/str[@name='id'][.='da12']",
+ "//result/doc[2]/str[@name='id'][.='sa123-sd13']",
+ "//result/doc[3]/str[@name='id'][.='notoken']");
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "UserTokens", "token3"),
+ "//*[@numFound='2']",
+ "//result/doc[1]/str[@name='id'][.='sa3-sd1-da23']",
+ "//result/doc[2]/str[@name='id'][.='notoken']");
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "UserTokens", "token2", "UserTokens", "token3"),
+ "//*[@numFound='3']",
+ "//result/doc[1]/str[@name='id'][.='da12']",
+ "//result/doc[2]/str[@name='id'][.='sa3-sd1-da23']",
+ "//result/doc[3]/str[@name='id'][.='notoken']");
+ }
+
+ static class MockMCFAuthorityService {
+
+ Server server;
+
+ public MockMCFAuthorityService() {
+ server = new Server(8347);
+ ContextHandlerCollection contexts = new ContextHandlerCollection();
+ server.setHandler(contexts);
+
+ ServletContextHandler asContext = new ServletContextHandler(contexts,"/mcf-as",ServletContextHandler.SESSIONS);
+ asContext.addServlet(new ServletHolder(new UserACLServlet()), "/UserACLs");
+ contexts.addHandler(asContext);
+ }
+
+ public void start() throws Exception {
+ server.start();
+ }
+
+ public void stop() throws Exception {
+ server.stop();
+ }
+
+ // username | tokens rewarded
+ // ---------+-------------------------------
+ // null | (no tokens)
+ // user1 | token1
+ // user2 | token1, token2
+ // user3 | token1, token2, token3
+ public static class UserACLServlet extends HttpServlet {
+ @Override
+ public void service(HttpServletRequest req, HttpServletResponse res)
+ throws IOException {
+ String user = req.getParameter("username");
+ res.setStatus(HttpServletResponse.SC_OK);
+ if(user.equals("user1") || user.equals("user2") || user.equals("user3"))
+ res.getWriter().printf("TOKEN:token1\n");
+ if(user.equals("user2") || user.equals("user3"))
+ res.getWriter().printf("TOKEN:token2\n");
+ if(user.equals("user3"))
+ res.getWriter().printf("TOKEN:token3\n");
+ }
+ }
+ }
+}
diff --git a/trunk/src/test/java/org/apache/solr/mcf/ManifoldCFSCLoadTest.java b/trunk/src/test/java/org/apache/solr/mcf/ManifoldCFSCLoadTest.java
new file mode 100644
index 0000000..09333b6
--- /dev/null
+++ b/trunk/src/test/java/org/apache/solr/mcf/ManifoldCFSCLoadTest.java
@@ -0,0 +1,152 @@
+/**
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package org.apache.solr.mcf;
+
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.solr.SolrTestCaseJ4;
+import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import org.eclipse.jetty.server.handler.ContextHandlerCollection;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.servlet.ServletHolder;
+
+@SuppressSSL
+public class ManifoldCFSCLoadTest extends SolrTestCaseJ4 {
+
+ static MockMCFAuthorityService service;
+
+ @BeforeClass
+ public static void beforeClass() throws Exception {
+ initCore("solrconfig-auth-load.xml","schema-auth.xml");
+ service = new MockMCFAuthorityService();
+ service.start();
+
+ // | share | document
+ // |--------------|--------------
+ // | allow | deny | allow | deny
+ // ------------+-------+------+-------+------
+ // da12 | | | 1, 2 |
+ // ------------+-------+------+-------+------
+ // da13-dd3 | | | 1,3 | 3
+ // ------------+-------+------+-------+------
+ // sa123-sd13 | 1,2,3 | 1, 3 | |
+ // ------------+-------+------+-------+------
+ // sa3-sd1-da23| 3 | 1 | 2,3 |
+ // ------------+-------+------+-------+------
+ // notoken | | | |
+ // ------------+-------+------+-------+------
+ //
+ int i = 0;
+ while (i < 1000)
+ {
+ assertU(adoc("id", "da12-"+i, "allow_token_document", "token1", "allow_token_document", "token2"));
+ assertU(adoc("id", "da13-dd3-"+i, "allow_token_document", "token1", "allow_token_document", "token3", "deny_token_document", "token3"));
+ assertU(adoc("id", "sa123-sd13-"+i, "allow_token_share", "token1", "allow_token_share", "token2", "allow_token_share", "token3", "deny_token_share", "token1", "deny_token_share", "token3"));
+ assertU(adoc("id", "sa3-sd1-da23-"+i, "allow_token_document", "token2", "allow_token_document", "token3", "allow_token_share", "token3", "deny_token_share", "token1"));
+ assertU(adoc("id", "notoken-"+i));
+ i++;
+ }
+ assertU(optimize());
+ assertU(commit());
+ }
+
+ @AfterClass
+ public static void afterClass() throws Exception {
+ service.stop();
+ }
+
+ @Test
+ public void testTimeQueries() throws Exception {
+ int i = 0;
+ long startTime = System.nanoTime();
+ while (i < 1000)
+ {
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "user1"),
+ "//*[@numFound='3000']");
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "user2"),
+ "//*[@numFound='3000']");
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "user3"),
+ "//*[@numFound='2000']");
+
+ i++;
+ }
+ System.out.println("Query time (milliseconds) = " + TimeUnit.NANOSECONDS.toMillis(System.nanoTime()-startTime));
+ }
+
+ static class MockMCFAuthorityService {
+
+ Server server;
+
+ public MockMCFAuthorityService() {
+ server = new Server(8346);
+ ContextHandlerCollection contexts = new ContextHandlerCollection();
+ server.setHandler(contexts);
+
+ ServletContextHandler asContext = new ServletContextHandler(contexts,"/mcf-as",ServletContextHandler.SESSIONS);
+ asContext.addServlet(new ServletHolder(new UserACLServlet()), "/UserACLs");
+ contexts.addHandler(asContext);
+ }
+
+ public void start() throws Exception {
+ server.start();
+ }
+
+ public void stop() throws Exception {
+ server.stop();
+ }
+
+ // username | tokens rewarded
+ // ---------+-------------------------------
+ // null | (no tokens)
+ // user1 | token1
+ // user2 | token1, token2
+ // user3 | token1, token2, token3
+ public static class UserACLServlet extends HttpServlet {
+ @Override
+ public void service(HttpServletRequest req, HttpServletResponse res)
+ throws IOException {
+ String user = req.getParameter("username");
+ res.setStatus(HttpServletResponse.SC_OK);
+ if(user.equals("user1") || user.equals("user2") || user.equals("user3"))
+ res.getWriter().printf("TOKEN:token1\n");
+ if(user.equals("user2") || user.equals("user3"))
+ res.getWriter().printf("TOKEN:token2\n");
+ if(user.equals("user3"))
+ res.getWriter().printf("TOKEN:token3\n");
+ int i = 0;
+ while (i < 100)
+ {
+ res.getWriter().printf("TOKEN:dummy"+i+"\n");
+ i++;
+ }
+ }
+ }
+ }
+}
diff --git a/trunk/src/test/java/org/apache/solr/mcf/ManifoldCFSearchComponentTest.java b/trunk/src/test/java/org/apache/solr/mcf/ManifoldCFSearchComponentTest.java
new file mode 100644
index 0000000..9bbdd95
--- /dev/null
+++ b/trunk/src/test/java/org/apache/solr/mcf/ManifoldCFSearchComponentTest.java
@@ -0,0 +1,197 @@
+/**
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package org.apache.solr.mcf;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.solr.SolrTestCaseJ4;
+import org.apache.solr.SolrTestCaseJ4.SuppressSSL;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import org.eclipse.jetty.server.handler.ContextHandlerCollection;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.servlet.ServletHolder;
+
+@SuppressSSL
+public class ManifoldCFSearchComponentTest extends SolrTestCaseJ4 {
+
+ static MockMCFAuthorityService service;
+
+ @BeforeClass
+ public static void beforeClass() throws Exception {
+ initCore("solrconfig-auth.xml","schema-auth.xml");
+ service = new MockMCFAuthorityService();
+ service.start();
+
+ // | share | document
+ // |--------------|--------------
+ // | allow | deny | allow | deny
+ // ------------+-------+------+-------+------
+ // da12 | | | 1, 2 |
+ // ------------+-------+------+-------+------
+ // da13-dd3 | | | 1,3 | 3
+ // ------------+-------+------+-------+------
+ // sa123-sd13 | 1,2,3 | 1, 3 | |
+ // ------------+-------+------+-------+------
+ // sa3-sd1-da23| 3 | 1 | 2,3 |
+ // ------------+-------+------+-------+------
+ // notoken | | | |
+ // ------------+-------+------+-------+------
+ //
+ assertU(adoc("id", "da12", "allow_token_document", "token1", "allow_token_document", "token2"));
+ assertU(adoc("id", "da13-dd3", "allow_token_document", "token1", "allow_token_document", "token3", "deny_token_document", "token3"));
+ assertU(adoc("id", "sa123-sd13", "allow_token_share", "token1", "allow_token_share", "token2", "allow_token_share", "token3", "deny_token_share", "token1", "deny_token_share", "token3"));
+ assertU(adoc("id", "sa3-sd1-da23", "allow_token_document", "token2", "allow_token_document", "token3", "allow_token_share", "token3", "deny_token_share", "token1"));
+ assertU(adoc("id", "notoken"));
+ assertU(commit());
+ }
+
+ @AfterClass
+ public static void afterClass() throws Exception {
+ service.stop();
+ }
+
+ @Test
+ public void testParameters() throws Exception {
+ ManifoldCFSearchComponent mcfFilter = (ManifoldCFSearchComponent)h.getCore().getSearchComponent("mcf-param");
+ assertEquals("http://localhost:8345/mcf-as", mcfFilter.authorityBaseURL);
+ assertEquals(3000, mcfFilter.socketTimeOut);
+ assertEquals("aap-document", mcfFilter.fieldAllowDocument);
+ assertEquals("dap-document", mcfFilter.fieldDenyDocument);
+ assertEquals("aap-share", mcfFilter.fieldAllowShare);
+ assertEquals("dap-share", mcfFilter.fieldDenyShare);
+ }
+
+ @Test
+ public void testNullUsers() throws Exception {
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id"),
+ "//*[@numFound='1']",
+ "//result/doc[1]/str[@name='id'][.='notoken']");
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "anonymous"),
+ "//*[@numFound='1']",
+ "//result/doc[1]/str[@name='id'][.='notoken']");
+ }
+
+ // da12
+ // da13-dd3
+ // sa123-sd13
+ // sa3-sd1-da23
+ // notoken
+ @Test
+ public void testAuthUsers() throws Exception {
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "user1"),
+ "//*[@numFound='3']",
+ "//result/doc[1]/str[@name='id'][.='da12']",
+ "//result/doc[2]/str[@name='id'][.='da13-dd3']",
+ "//result/doc[3]/str[@name='id'][.='notoken']");
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "user2"),
+ "//*[@numFound='3']",
+ "//result/doc[1]/str[@name='id'][.='da12']",
+ "//result/doc[2]/str[@name='id'][.='da13-dd3']",
+ "//result/doc[3]/str[@name='id'][.='notoken']");
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "AuthenticatedUserName", "user3"),
+ "//*[@numFound='2']",
+ "//result/doc[1]/str[@name='id'][.='da12']",
+ "//result/doc[2]/str[@name='id'][.='notoken']");
+ }
+
+ // da12
+ // da13-dd3
+ // sa123-sd13
+ // sa3-sd1-da23
+ // notoken
+ @Test
+ public void testUserTokens() throws Exception {
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "UserTokens", "token1"),
+ "//*[@numFound='3']",
+ "//result/doc[1]/str[@name='id'][.='da12']",
+ "//result/doc[2]/str[@name='id'][.='da13-dd3']",
+ "//result/doc[3]/str[@name='id'][.='notoken']");
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "UserTokens", "token2"),
+ "//*[@numFound='3']",
+ "//result/doc[1]/str[@name='id'][.='da12']",
+ "//result/doc[2]/str[@name='id'][.='sa123-sd13']",
+ "//result/doc[3]/str[@name='id'][.='notoken']");
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "UserTokens", "token3"),
+ "//*[@numFound='2']",
+ "//result/doc[1]/str[@name='id'][.='sa3-sd1-da23']",
+ "//result/doc[2]/str[@name='id'][.='notoken']");
+
+ assertQ(req("qt", "/mcf", "q", "*:*", "fl", "id", "UserTokens", "token2", "UserTokens", "token3"),
+ "//*[@numFound='3']",
+ "//result/doc[1]/str[@name='id'][.='da12']",
+ "//result/doc[2]/str[@name='id'][.='sa3-sd1-da23']",
+ "//result/doc[3]/str[@name='id'][.='notoken']");
+ }
+
+ static class MockMCFAuthorityService {
+
+ Server server;
+
+ public MockMCFAuthorityService() {
+ server = new Server(8345);
+ ContextHandlerCollection contexts = new ContextHandlerCollection();
+ server.setHandler(contexts);
+
+ ServletContextHandler asContext = new ServletContextHandler(contexts,"/mcf-authority-service",ServletContextHandler.SESSIONS);
+ asContext.addServlet(new ServletHolder(new UserACLServlet()), "/UserACLs");
+ contexts.addHandler(asContext);
+ }
+
+ public void start() throws Exception {
+ server.start();
+ }
+
+ public void stop() throws Exception {
+ server.stop();
+ }
+
+ // username | tokens rewarded
+ // ---------+-------------------------------
+ // null | (no tokens)
+ // user1 | token1
+ // user2 | token1, token2
+ // user3 | token1, token2, token3
+ public static class UserACLServlet extends HttpServlet {
+ @Override
+ public void service(HttpServletRequest req, HttpServletResponse res)
+ throws IOException {
+ String user = req.getParameter("username");
+ res.setStatus(HttpServletResponse.SC_OK);
+ if(user.equals("user1") || user.equals("user2") || user.equals("user3"))
+ res.getWriter().printf("TOKEN:token1\n");
+ if(user.equals("user2") || user.equals("user3"))
+ res.getWriter().printf("TOKEN:token2\n");
+ if(user.equals("user3"))
+ res.getWriter().printf("TOKEN:token3\n");
+ }
+ }
+ }
+}
