Hi,
Have a look in the solr index at the object you are trying to view
where <OBJECT_ID> is replaced with the objects id (generally visible in the url when trying to look at it).
for example, in the url:
<OBJECT_ID> is 11c7f81fe9c2177963c048f3953237bf
You are specifically looking for the security_filter, security_exception, and the owner fields.
For example one of our objects has:
<arr name="security_filter">
<str>guest</str>
</arr>
(it would seem it does not have security_exception and owner set)
You then want to look at the home/logs/main.log file for the SolrSearcher queries that ReDBoX is running.
The following log snippets are for a user with the "librarian" role provided by shibboleth
Shbboleth log:
2013-04-11 16:22:23,664 TRACE hibbolethRoleManager Entry Count: 0 Size: 1
2013-04-11 16:22:23,664 TRACE Shibboleth Role Manager: SimpleShibbolethRoleManager provided the roles: [librarian]
2013-04-11 16:22:23,664 DEBUG Shibboleth Role List: [librarian]
Viewing home:
==> home/logs/main.log <==
2013-04-11 16:21:31,566 DEBUG SolrSearcher URL:
http://localhost:9000/solr/fascinator/select, POSTDATA:[name=q, value=*:*, name=facet, value=true, name=facet.field, value=workflow_step, name=wt, value=json, name=fq, value=item_type:"object", name=fq, value=-display_type:attachment, name=fq, value=, name=fq, value=(security_filter:("librarian" OR "guest")) OR (security_exception:"AAAAAAAAAAAAAAAA") OR (owner:"AAAAAAAAAAAAAAAA"), name=rows, value=0]
Viewing the Object (which gives access denied):
==> home/logs/main.log <==
2013-04-11 16:22:23,664 DEBUG SolrSearcher URL:
http://localhost:9000/solr/fascinator/select, POSTDATA:[name=q, value=id:"7da2c958e91195d1ad29d63146bf26ad", name=wt, value=json, name=fq, value=item_type:"object", name=fq, value=-display_type:attachment, name=fq, value=owner:qTdNYp0PwBh83G44I05Rtb9HXdI OR security_filter:(librarian)]
The following log snippets are for a user with the "librarian" and the "guest" role provided by shibboleth
2013-04-11 16:31:05,891 main TRACE hibbolethRoleManager Entry Count: 0 Size: 1
2013-04-11 16:31:05,891 main TRACE Shibboleth Role Manager: SimpleShibbolethRoleManager provided the roles: [librarian, guest]
2013-04-11 16:31:05,892 main DEBUG Shibboleth Role List: [librarian, guest]
==> home/logs/main.log <==
2013-04-11 16:29:36,663 main DEBUG SolrSearcher URL:
http://localhost:9000/solr/fascinator/select, POSTDATA:[name=q, value=*:*, name=facet, value=true, name=facet.field, value=workflow_step, name=wt, value=json, name=fq, value=item_type:"object", name=fq, value=-display_type:attachment, name=fq, value=, name=fq, value=(security_filter:("librarian" OR "guest" OR "guest")) OR (security_exception:"AAAAAAAAAAAAAAAA") OR (owner:"AAAAAAAAAAAAAAAA"), name=rows, value=0]
Viewing the Object (which gives access granted):
==> home/logs/main.log <==
2013-04-11 16:32:46,484 main DEBUG SolrSearcher URL:
http://localhost:9000/solr/fascinator/select, POSTDATA:[name=q, value=id:"7da2c958e91195d1ad29d63146bf26ad", name=wt, value=json, name=fq, value=item_type:"object", name=fq, value=-display_type:attachment, name=fq, value=owner:qTdNYp0PwBh83G44I05Rtb9HXdI OR security_filter:(librarian OR guest)]
You need to get the queries to match you security_filer or owner values.
Viewing these log files is how I debug these kinds of issues.
Hope that helps.
Nigel.