Subject: Grouper Developers Forum
- From: Jim Fox <>
- To: Chris Hyzer <>
- Cc: Tom Barton <>, "" <>
- Subject: RE: [grouper-dev] hasMember and subjectNotFound
- Date: Thu, 15 Apr 2010 15:15:34 -0700 (PDT)
Our version of the web service (not quite in production) always tries to create a subject if one is not found, whether by new user logging in or being added to a group. We do this because our subject database lags behind the up-to-date, 'real' source of people. We do this in the web service, though, not in a custom source object.
On Thu, 15 Apr 2010, Chris Hyzer wrote:
Date: Thu, 15 Apr 2010 13:41:44 -0700
From: Chris Hyzer
To: Tom Barton
Subject: RE: [grouper-dev] hasMember and subjectNotFound
Well, in the API you ask if a Subject is in a Group. If you don't have a
Subject, you cant see if it is in a Group. With the web service, you ask if
subjectId ABC is in group BCD. If the subject doesn't exist, the service
returns a failure code, with SUBJECT_NOT_FOUND. I think it should return a
success code of false (not in group), and SUBJECT_NOT_FOUND. i.e. I don't
think it should have to be a recoverable exception, I think it should be a
normal response. Thoughts?
From: Tom Barton
Sent: Thursday, April 15, 2010 4:37 PM
To: Chris Hyzer
Subject: Re: [grouper-dev] hasMember and subjectNotFound
If you are asking for advice on what to do about this within Penn's
implementation, I'd be looking for a way to reduce that 1hr cycle time.
If you are asking for advice on what the grouper toolkit should do when
a user can authenticate but they're unknown as a Subject, that sounds
like what the subjectNotFound exception is meant to signal. Are you
saying that, at present, a client of grouper web services cannot
translate that signal into some reasonable user experience, eg, a nice
"we don't know what you're allowed to do yet" message rather than 150
lines of java exception blather?
Chris Hyzer wrote:
In web services, in a hasMember call, you pass in a SubjectFinder. And
in the SubjectFinder you specify a subject Id or a subject Identifier,
and for either you can also optionally specify a source.
At Penn we have the situation where new Penn People try to use an app,
and the hourly job that copies their user data to Grouper hasn't run
yet, so there is a subject not found exception error thrown from web
services. However, in LDAP I believe it is just returned as a "false"
when the person is not in the system. I think a solution would be to
have a custom source where if a person isn't found, it looks in the data
of record, and if there, adds them to the grouper source table. Another
solution is to have the "hasMember" web service return a SUCCESS-false
when the subject is not found, since the subject is not in the group if
it is not found. I could add an option so that subjectNotFound is an
error if we like.
Do other people want this behavior?
Ps. We have a massaged description field that is searchable that merges
all the various names and affiliations, which is why we don't just go to
the system of record and do the hourly copy...
- hasMember and subjectNotFound, Chris Hyzer, 04/14/2010
Archive powered by MHonArc 2.6.16.