grouper-users - Re: [grouper-users] Problems with naming privileges
Subject: Grouper Users - Open Discussion List
List archive
- From: Keith Hazelton <>
- To:
- Subject: Re: [grouper-users] Problems with naming privileges
- Date: Sun, 02 Jan 2005 00:14:45 -0600
Fixed my contrib/privmgr/privmgr.java errors. I just needed to add the "type" parameter to the GrouperGroup.load method so it would load groups of specified type (base or naming).
GrouperGroup g = GrouperGroup.load(s, stem, extn, gType)
^^^^^^^
Fixed another error in the if-else block scoping. Now it works as expected. I can set and revoke access and naming privileges.
See updated copies at:
http://arch.doit.wisc.edu/keith/i2/grouper/privmgr/privmgr.java
http://arch.doit.wisc.edu/keith/i2/grouper/privmgr/build.xml
http://arch.doit.wisc.edu/keith/i2/grouper/privmgr/README
Terminal session examples:
java privmgr -v -g -m hazelton -n STEM -s wisc:doit -e arch
Enabling verbose mode
Using extension 'arch'
Enabling grant mode
Enabling grant mode
Will act upon a member `hazelton'
Will act upon naming privilege
Using stem 'wisc:doit'
Using default subjectID
2005-01-01 23:49:55,250 INFO event: Initializing Grouper
Using default subjectTypeID (person)
Looking up subjectID 'GrouperSystem'
2005-01-01 23:50:01,695 INFO event: Started session for 'GrouperSystem'
Started session as GrouperSystem:person
Loaded member GrouperSystem:person
wisc:doit:arch is edu.internet2.middleware.grouper.GrouperGroup@8b095[type=naming,id=15213941-01a6-4589-8bd8-10734baa16cb]
About to attempt grant of privilege. Is it an access privilege, true or false? false
About to attempt grant of naming priv
2005-01-01 23:50:01,924 INFO event: 'GrouperSystem' granted 'STEM' to memberID='d5ae1c17-9225-40dc-8fec-f4f771976991' subjectID='hazelton' on 'wisc:doit:arch'
Granted naming privilege `STEM' to member `hazelton' on group `wisc:doit:arch' of type `naming'
2005-01-01 23:50:01,931 INFO event: Stopped session for 'GrouperSystem'
java privmgr -v -r -m hazelton -n STEM -s wisc:doit -e arch
Enabling verbose mode
Using extension 'arch'
Will act upon a member `hazelton'
Will act upon naming privilege
Enabling revoke mode
Using stem 'wisc:doit'
Using default subjectID
2005-01-01 23:59:49,157 INFO event: Initializing Grouper
Using default subjectTypeID (person)
Looking up subjectID 'GrouperSystem'
2005-01-01 23:59:55,587 INFO event: Started session for 'GrouperSystem'
Started session as GrouperSystem:person
Loaded member GrouperSystem:person
2005-01-01 23:59:55,779 INFO event: 'GrouperSystem' revoked 'STEM' from memberID='d5ae1c17-9225-40dc-8fec-f4f771976991' subjectID='hazelton' on 'wisc:doit:arch'
Revoked naming privilege `STEM' of member `hazelton' on group `wisc:doit:arch' of type `naming'
2005-01-01 23:59:55,785 INFO event: Stopped session for 'GrouperSystem'
-----
--Keith
Keith Hazelton wrote:
Tom Barton wrote:________________________________________________________
Keith Hazelton wrote:
java privmgr -v -g -m hazelton -n STEM -s wisc:doit -e arch
Enabling verbose mode
Using extension 'arch'
Enabling grant mode
Enabling grant mode
Will act upon a member `hazelton'
Will act upon naming privilege
Using stem 'wisc:doit'
Using default subjectID
2005-01-01 16:07:30,440 INFO event: Initializing Grouper
Using default subjectTypeID (person)
Looking up subjectID 'GrouperSystem'
2005-01-01 16:07:36,883 INFO event: Started session for 'GrouperSystem'
Started session as GrouperSystem:person
Loaded member GrouperSystem:person
{NOTE:}
wisc:doit:arch is null
Failed to grant privilege `STEM' to member `hazelton' on group `wisc:doit:arch'
2005-01-01 16:07:36,994 INFO event: Stopped session for 'GrouperSystem'
Can't tell what's happening here, don't know that error message. Might be a bug, blair will need to check it out upon return in 2 days.
That's a message from my new "privmgr.java" contrib item. The method in question starts around line 122:
private static boolean _grantPriv()
The line within _grantPriv that attempts to set the naming privilege is:
Grouper.naming().grant(s, g, m, priv)
Where s is session, g is the group, m is the member, and priv is the privilege ("STEM" or "CREATE")
"g" is supposed to be set by this line:
GrouperGroup g = GrouperGroup.load(s, stem, extn)
_verbose( stem + ":" + extn + " is " + g)
The second line generates the "wisc:doit:arch is null " message above.
So since "g" is null, the code doesn't attempt to call Grouper.naming().grant, but instead prints the "Failed...." message above.
It makes sense that there isn't really a "group" wisc:doit:arch to be loaded since that's just a naming stem. I'm just not sure what to do instead. I'm having great fun learning a bit about Grouper guts, though.
--Keith
<snip>
Tom
Keith Hazelton Senior IT Architect, UW-Madison
(608) 262-0771 Division of Info. Technology
(608) 877-0977 (home) 1210 W. Dayton St., rm. 2164
http://arch.doit.wisc.edu/keith Madison, WI 53706
- Problems with naming privileges, Keith Hazelton, 01/01/2005
- Re: [grouper-users] Problems with naming privileges, Tom Barton, 01/01/2005
- Re: [grouper-users] Problems with naming privileges, Keith Hazelton, 01/01/2005
- Re: [grouper-users] Problems with naming privileges, Keith Hazelton, 01/02/2005
- Re: [grouper-users] Problems with naming privileges, Tom Barton, 01/02/2005
- Re: [grouper-users] Problems with naming privileges, Keith Hazelton, 01/02/2005
- Re: [grouper-users] Problems with naming privileges, Tom Barton, 01/02/2005
- Re: [grouper-users] Problems with naming privileges, Keith Hazelton, 01/02/2005
- Re: [grouper-users] Problems with naming privileges, Keith Hazelton, 01/01/2005
- Re: [grouper-users] Problems with naming privileges, Tom Barton, 01/01/2005
Archive powered by MHonArc 2.6.16.