Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Grouper-WS: Access problem with member of wheel group

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Grouper-WS: Access problem with member of wheel group


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Loris Bennett <>, Grouper Users Mailing List <>
  • Subject: RE: [grouper-users] Grouper-WS: Access problem with member of wheel group
  • Date: Fri, 26 Sep 2008 10:19:10 -0400
  • Accept-language: en-US
  • Acceptlanguage: en-US

It takes more than being in the wheel group...

Look at the grouper-ws.properties and see if it makes sense:

#####################

# Web service users who are in the following group can use the actAs field to
act as someone else
# You can put multiple groups separated by commas. e.g. a:b:c, e:f:g
# You can put a single entry as the group the calling user has to be in, and
the grouper the actAs has to be in
# separated by 4 colons
# e.g. if the configured values is: a:b:c, e:f:d :::: r:e:w, x:e:w
# then if the calling user is in a:b:c or x:e:w, then the actAs can be anyone
# if not, then if the calling user is in e:f:d, then the actAs must be in
r:e:w. If multiple rules, then
# if one passes, then it is a success, if they all fail, then fail.
ws.act.as.group = penn:etc:webServiceActAsGroup

#####################

If you make the value of that setting (e.g. penn:etc:webServiceActAsGroup) as
your wheel group (whatever name that is), then it will probably work as you
expect. If you want to clamp down and make another group of actAs users, you
have that opportunity.

Let me know if you have more issues.

Chris

Ps. Also, no matter how garbled the logs look, the more you can forward to
the list, the better...

> -----Original Message-----
> From: Loris Bennett
> [mailto:]
> Sent: Friday, September 26, 2008 8:28 AM
> To: Grouper Users Mailing List
> Subject: [grouper-users] Grouper-WS: Access problem with member of
> wheel group
>
> Hi,
>
> I am trying to create web services client and am having problems saving
> a stem:
>
> java.lang.RuntimeException: Problems seeing is web service user
> 'edu.internet2.middleware.subject.provider.JDBCSubject@dd6ae7'
> can
> actAs
> the other subject:
> 'edu.internet2.middleware.grouper.InternalSubject@f52ed[subjectID=Group
> erSystem,subjectTypeID=application,name=GrouperSystem]'
>
> The log text appears a little garbled, but seems to me to indicate that
> there is some problem with the username being that of a normal user as
> well as a member of the wheel group.
>
> Should this work or can I only use GrouperSystem from the UserDatabase
> realm containing tomcat users?
>
> Loris
> --
> Dr. Loris Bennett
> Computer Centre
> Freie Universit├Ąt Berlin
> Germany




Archive powered by MHonArc 2.6.16.

Top of Page