[MNT-20764] Searches fail for users who are members of groups where the authorityName contains double quotes Created: 10-Jul-19  Updated: 21-May-20  Resolved: 04-May-20

Status: Closed
Project: Service Packs and Hot Fixes
Component/s: ACS REST API, Search and Indexing (non-UI)
Affects Version/s: 5.2, 6.1, Search Services
Fix Version/s: 6.1.N, 7.0.N, 6.2.1

Type: Service Pack Request
Reporter: Michael Chillman Assignee: Closed Bugs (Inactive)
Resolution: Fixed Votes: 0
Labels: repo-backlog, triaged
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relates to MNT-20040 People REST API based on nodeRef or ... Closed
Bug Priority:
Category 3
ACT Numbers:


Premier Customer:
Sprint: Team 3 - Sprint 2, Team 3 - Sprint 3, Team 3 - Sprint 4, Team 3 - Sprint 5, Team 3 - Spint 6, Team 3 - Sprint 7
Work Funnel End: 2020-05
Story Points: 8
Epic Link: Customer Request bucket for ACS 6.2.1
Delivery Team: Team 3


The ACS REST API and also the AuthorityService allows for the creation of groups where the group id (authorityName) can contain double quotes. When a user is assigned to groups where the authorityName contains double quotes all searches performed against the Search Services by that user fail.

ACS 6.1
Search Services 1.3.0

Actions Performed:
Created a group using the Public REST API for the creation of where the id contains a double quote

{ "id": "mytest\"group", "displayName": "mytestgroup", "isRoot": true }

Assigned a user (testyone) as member of ‘mytest"group’

Executed the following search as the testyone user

{ "query": "Alfresco*" }


Expected Result:
The search returns the expected results

Actual Result:
An error is returned

{ "errorKey": "framework.exception.ApiDefault", "statusCode": 500, "briefSummary": "06100056 Request failed 500 /solr/alfresco/afts?wt=json&fl=DBID%2Cscore&rows=100&df=TEXT&start=0&locale=en_US&alternativeDic=DEFAULT_DICTIONARY&fq=%7B%21afts%7DAUTHORITY_FILTER_FROM_JSON&fq=%7B%21afts%7DTENANT_FILTER_FROM_JSON", "stackTrace": "For security reasons the stack trace is no longer displayed, but the property is kept for previous versions", "descriptionURL": "https://api-explorer.alfresco.com", "logId": "368d1597-a7b0-4cc1-9e6d-4ba3d1ece24c" }

When the testyone user logs into Share a blank page is displayed
When the testyone user logs into the Digital Workspace searches fail
The following error looks to be generated in the solr.log when executing queries by the testyone user:
2019-07-10 13:55:59.192 ERROR (qtp915349526-19) [ x:alfresco] o.a.s.h.RequestHandlerBase org.alfresco.service.namespace.NamespaceException: Namespace prefix group is not mapped to a namespace URI
at org.alfresco.service.namespace.QName.createQName(QName.java:109)
at org.alfresco.service.namespace.QName.createQName(QName.java:131)
at org.alfresco.repo.search.impl.parsers.AlfrescoFunctionEvaluationContext.getLuceneFieldName(AlfrescoFunctionEvaluationContext.java:346)
at org.alfresco.solr.AlfrescoSolr4FunctionEvaluationContext.getLuceneFieldName(AlfrescoSolr4FunctionEvaluationContext.java:59)
at org.alfresco.repo.search.impl.querymodel.impl.lucene.functions.LuceneFTSTerm.addComponent(LuceneFTSTerm.java:75)
at org.alfresco.repo.search.impl.querymodel.impl.lucene.LuceneFunctionalConstraint.addComponent(LuceneFunctionalConstraint.java:63)
at org.alfresco.repo.search.impl.querymodel.impl.lucene.LuceneDisjunction.addComponent(LuceneDisjunction.java:71)
at org.alfresco.repo.search.impl.querymodel.impl.lucene.LuceneConjunction.addComponent(LuceneConjunction.java:71)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
at java.base/java.lang.Thread.run(Thread.java:834)

Generated at Fri Apr 23 12:25:30 BST 2021 using Jira 7.13.15#713015-sha1:7c5ddd2c3e1709974ae9c48c17df8edd3919fe2c.