Kirk Liemohn is a Principal Software Engineer at ThreeWill. He has over 20 years of software development experience with most of that time spent in software consulting.
I learned something yesterday while trying to understand a client issue with MOSS search.
With the work we did with the SharePoint Connector for Confluence, we created functionality to let you search Confluence from SharePoint. A lot of this work used out of the box features with MOSS 2007 Enterprise Search. However, we did have to create custom configuration screens to allow the user to create a crawl rule that used forms based authentication (FBA). In addition, we needed to create a custom security trimmer because crawling web sites does not allow for the indexing of ACLs.
What I learned yesterday was something interesting with the security trimmer. I knew that custom security trimmers are executed when an end user performs a query as opposed to when the search engine crawls and indexes the content. What I didn’t know is that simply viewing scopes within the search administration interfaces will also execute the security trimmer.
Within your shared service provider (SSP), you can view the scopes as shown below:
In my test environment, I had only crawled the “TW Confluence” content source which had an associated “TW Confluence” scope as shown above. My total index had 104 items, but no items were showing up in the scopes. I was expecting to see counts for both “All Sites” and “TW Confluence”.
What was happening was that simply viewing this page invokes the security trimmer assigned to my crawl rule for all items in the index that map to the crawl rule. In the case of the SharePoint Connector for Confluence security trimmer, it needs to ask Confluence if the current user has access to each URL. Unfortunately, if the security trimmer is invoked from the shared service provider (as it is done in this case) it does not know how to connect to Confluence because that configuration is available within a typical site collection, not within a SSP.
Interestingly, there is also a way to view scopes from within a typical site collection:
As you can see here, we do have counts for our “All Sites” and “TW Confluence” scopes. Once again, our security trimmer is executed when viewing this page, but this time it is able to find configuration data on how to connect to Confluence. The count of 9 is much less than what is in the index because the current user does not have access to all of the URLs; access to them was denied by the custom security trimmer.
Note that the only way I knew for sure that the security trimmer runs in these cases is through some tracing capability we have had in the product for quite some time.
If you have more interest in learning more about the SharePoint Connector for Confluence, check out the links above or visit http://www.atlassian.com/en/software/confluence-sharepoint-connector. If you are in the Atlanta area and want to learn more about MOSS 2007 Enterprise Search, keep an eye on our Event Calendar for upcoming presentations.