grouper-dev - always available Grouper service
Subject: Grouper Developers Forum
List archive
- From: Chris Hyzer <>
- To: "" <>
- Subject: always available Grouper service
- Date: Fri, 12 Mar 2010 00:08:46 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
|
Hey, At Penn we have ldap and WS, both are run as highly available,
but not always available (i.e. no single point of failure even for
maintenance). So, I wrote a method I can use from Java which uses the
grouper client and checks one, and if exception then the other (and
configurable which is first, LDAP is better performant, but has a data propagation
delay). Anyways, if anyone is interested I could probably genericize this
somehow and put it in the grouper client. Otherwise, here is an example
of code and a test case. Regards, Chris Ps. Of course swap out the Penn specific stuff (e.g. the
config param method), for your own code… /** * see if member of group,
either in ws or ldap * @param groupName * @param pennKey * @return if member of
group. note, the grouper username needs read access to the group */ public static boolean isMemberOfGroup(String
groupName, String pennKey) { boolean checkLdapFirst
= FastContext.fastContext().getParamBooleanSafe("fastCheckPennGroupsLdapFirst", false); if
(checkLdapFirst) { try {
return isMemberOfGroupLdap(groupName,
pennKey); } catch
(RuntimeException e) {
log.error("Non
fatal error in ldap, will try WS next: " + groupName + ", " + pennKey, e); } } try { return isMemberOfGroupWs(groupName,
pennKey); } catch
(RuntimeException e) { if
(checkLdapFirst) {
//this
isnt good, we already checked ldap, now WS cant work either... rethrow
throw new
RuntimeException("Problem in WS lookup (after ldap problem): " + groupName + ", " + pennKey, e); } log.error("Non
fatal error in WS, will try LDAP next: " + groupName + ", " + pennKey, e); //check WS
first... lets try ldap try {
return isMemberOfGroupLdap(groupName,
pennKey); } catch
(RuntimeException e2) {
//this
isnt good, we already checked WS, now ldap cant work either... rethrow
throw new
RuntimeException("Problem in ldap lookup (after WS problem): " + groupName + ", " + pennKey, e2); } } } /** when testing, simulate a
problem */ static boolean testingProblemInPennGroupsLdap = false; /** * see if member of a
group via ldap * @param groupName * @param pennKey * @return true if
member of group in ldap */ public static boolean
isMemberOfGroupLdap(String groupName, String pennKey) { if (testingProblemInPennGroupsLdap) { throw new
RuntimeException("Simulating problem with ldap"); } String result =
GrouperClient.ldapSearchAttribute(
FastExternalUtils5.toMap("operation", "hasMemberLdap", "groupName", groupName,
"pennnameToCheck", pennKey, "outputTemplate", "${resultBoolean}"),
new
HashMap<String, String>(), "hasMemberLdap"); result = StringUtils.trim(result); result = StringUtils.equals("null", result) ? null : result; boolean resultBoolean =
FastBooleanUtils.booleanValue(result, false); if (log.isDebug()) { log.debug("Is
" + pennKey + " a member via LDAP of group:
" + groupName + "? " + resultBoolean + ", " + result); } return resultBoolean; } /** when testing, simulate a
problem */ static boolean testingProblemInPennGroupsWs = false; /** * see if member of a
group via ws * @param groupName * @param pennKey * @return true if
member of group in ws */ public static boolean
isMemberOfGroupWs(String groupName, String pennKey) { if (testingProblemInPennGroupsWs) { throw new
RuntimeException("Simulating problem with ws"); } WsHasMemberResults
wsHasMemberResults = new GcHasMember().assignGroupName(groupName)
.addSubjectLookup(new WsSubjectLookup(null, "pennperson",
pennKey)).execute(); String resultCode =
wsHasMemberResults.getResults()[0].getResultMetadata().getResultCode(); boolean result =
StringUtils.equals("IS_MEMBER", resultCode); if (log.isDebug()) { log.debug("Is
" + pennKey + " a member via WS of group:
" + groupName + "? " + result + ", " + resultCode); } return result; } ## Test case /** * */ public void
testIsMemberOfGroup() { try { assertTrue(PennCommunityUtils.isMemberOfGroupWs("test:testGroup", "mchyzer")); assertTrue(PennCommunityUtils.isMemberOfGroupLdap("test:testGroup", "mchyzer")); assertFalse(PennCommunityUtils.isMemberOfGroupWs("test:testGroup", "beck")); assertFalse(PennCommunityUtils.isMemberOfGroupLdap("test:testGroup", "beck"));
PennCommunityUtils.testingProblemInPennGroupsLdap = true;
FastConfig.getProgrammaticParamsMap().put("fastCheckPennGroupsLdapFirst", new String[]{"true"}); try {
PennCommunityUtils.isMemberOfGroupLdap("test:testGroup", "mchyzer");
fail("Shouldnt fail in ldap method"); } catch (Exception e) {
//good } assertTrue(PennCommunityUtils.isMemberOfGroup("test:testGroup", "mchyzer")); assertFalse(PennCommunityUtils.isMemberOfGroup("test:testGroup", "beck"));
PennCommunityUtils.testingProblemInPennGroupsLdap = false;
PennCommunityUtils.testingProblemInPennGroupsWs = true;
FastConfig.getProgrammaticParamsMap().put("fastCheckPennGroupsLdapFirst", new String[]{"false"}); try {
PennCommunityUtils.isMemberOfGroupWs("test:testGroup", "mchyzer");
fail("Shouldnt fail in ws method"); } catch (Exception e) {
//good } assertTrue(PennCommunityUtils.isMemberOfGroup("test:testGroup", "mchyzer")); assertFalse(PennCommunityUtils.isMemberOfGroup("test:testGroup", "beck")); //set both to
true, should fail
PennCommunityUtils.testingProblemInPennGroupsLdap = true; try {
PennCommunityUtils.isMemberOfGroup("test:testGroup", "mchyzer");
fail("Shouldnt fail in ws method"); } catch (Exception e) {
//good } } finally {
PennCommunityUtils.testingProblemInPennGroupsLdap = false;
PennCommunityUtils.testingProblemInPennGroupsWs = false;
FastConfig.getProgrammaticParamsMap().remove("fastCheckPennGroupsLdapFirst"); } } |
- always available Grouper service, Chris Hyzer, 03/12/2010
Archive powered by MHonArc 2.6.16.