grouper-users - RE: AssignGrouperPrivileges in GrouperClient
Subject: Grouper Users - Open Discussion List
List archive
- From: Chris Hyzer <>
- To: Paul Gazda <>, "" <>
- Subject: RE: AssignGrouperPrivileges in GrouperClient
- Date: Sat, 2 Jan 2010 03:24:22 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
|
Ø Chris, Ø I see that you currently have only
GcAssignGrouperPrivilegesLite in GrouperClient 1.4.1. Are you planning to add a
GcAssignGrouperPrivileges that will allow assignment of privileges to more than
one subject in a single invocation? Ø Paul Gazda This is done for 1.6.0. Note, we just switched from CVS to
subversion (more details to follow soon), so the links in the web service docs
are not current or will not work. Fyi here are the svn urls: http://anonsvn.internet2.edu/svn/i2mi
or http://anonsvn.internet2.edu/cgi-bin/viewvc.cgi/i2mi/ Non-lite privilege management: https://bugs.internet2.edu/jira/browse/GRP-242 https://spaces.internet2.edu/display/GrouperWG/v1.6.0+Add+or+remove+grouper+privileges Let me know asap if this design needs changes. Here is the ws method: /** * <pre> * assign a privilege for a user/group/type/name combo * e.g. POST /grouperPrivileges * </pre> * @param clientVersion is the version of the client. Must be
in GrouperWsVersion, e.g. v1_3_000 * @param wsSubjectLookups are the subjects to assign the
privileges to, looked up by subjectId or identifier * @param wsGroupLookup if this is a group privilege, this is
the group * @param wsStemLookup if this is a stem privilege, this is
the stem * @param replaceAllExisting * optional: T or F (default), if the existing
privilege assignments for this object should be * replaced * @param actAsSubjectLookup optional: is the subject to act
as (if proxying). * @param privilegeType (e.g. "access" for groups
and "naming" for stems) * @param privilegeNames (e.g. for groups: read, view, update,
admin, optin, optout. e.g. for stems: * stem, create) * @param allowed is T to allow this privilege, F to deny this
privilege * @param includeSubjectDetail * T|F, for if the extended subject information
should be * returned (anything more than just the id) * @param subjectAttributeNames are the additional subject
attributes (data) to return. * If blank, whatever is configured in the
grouper-ws.properties will be sent (comma separated) * @param includeGroupDetail T or F as for if group detail should
be included * @param txType is the GrouperTransactionType for the
request. If blank, defaults to * NONE (will finish as much as possible). Generally the only
values for this param that make sense * are NONE (or blank), and READ_WRITE_NEW. * @param params * optional: reserved for future use * @return the result of one member query */ public static WsAssignGrouperPrivilegesResults
assignGrouperPrivileges( final GrouperWsVersion clientVersion, final WsSubjectLookup[] wsSubjectLookups, final WsGroupLookup wsGroupLookup, final WsStemLookup wsStemLookup, final PrivilegeType privilegeType, final Privilege[]
privilegeNames, final boolean allowed, final boolean replaceAllExisting, GrouperTransactionType
txType, final WsSubjectLookup actAsSubjectLookup, final boolean includeSubjectDetail, final String[]
subjectAttributeNames, final boolean includeGroupDetail, final WsParam[] params)
{ Here is a sample: ######################################### ## ## HTTP request sample (could be formatted for view by ## indenting or changing dates or other data) ## ######################################### POST /grouper-ws/servicesRest/v1_5_000/grouperPrivileges HTTP/1.1 Connection: close Authorization: Basic xxxxxxxxxxxxxxxxx== User-Agent: Jakarta Commons-HttpClient/3.1 Host: localhost:8092 Content-Length: 771 Content-Type: text/xml; charset=UTF-8 <WsRestAssignGrouperPrivilegesRequest> <replaceAllExisting>F</replaceAllExisting> <allowed>T</allowed> <clientVersion>v1_5_000</clientVersion> <wsGroupLookup> <groupName>aStem:aGroup</groupName> </wsGroupLookup> <privilegeType>access</privilegeType> <privilegeNames> <string>update</string> <string>read</string> </privilegeNames> <wsSubjectLookups> <WsSubjectLookup> <subjectId>test.subject.0</subjectId> <subjectIdentifier></subjectIdentifier> <subjectSourceId>jdbc</subjectSourceId> </WsSubjectLookup> <WsSubjectLookup> <subjectId></subjectId>
<subjectIdentifier>id.test.subject.1</subjectIdentifier> <subjectSourceId></subjectSourceId> </WsSubjectLookup> </wsSubjectLookups> <actAsSubjectLookup> <subjectId>GrouperSystem</subjectId> </actAsSubjectLookup> </WsRestAssignGrouperPrivilegesRequest> ######################################### ## ## HTTP response sample (could be formatted for view by ## indenting or changing dates or other data) ## ######################################### HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=xxxxxxxxxxxxxxxxxxxxxxxx;
Path=/grouper-ws X-Grouper-resultCode: SUCCESS X-Grouper-success: T X-Grouper-resultCode2: NONE Content-Type: text/xml;charset=UTF-8 Date: Thu, 31 Dec 2009 17:31:46 GMT Connection: close <WsAssignGrouperPrivilegesResults> <resultMetadata> <resultCode>SUCCESS</resultCode> <resultMessage>No subjects were passed in, Success
for: clientVersion: v1_5_000, wsSubjects: Array size: 2: [0]:
WsSubjectLookup[subjectId=test.subject.0,subjectIdentifier=,subjectSourceId=j...,
group: WsGroupLookup[groupName=aStem:aGroup], stem: null, privilege:
ACCESS-Array size: 2: [0]: update [1]: read , allowed? true, actAsSubject: WsSubjectLookup[subjectId=GrouperSystem],
replaceAllExisting: false , params: nullNo subjects were passed in, Success for:
clientVersion: v1_5_000, wsSubjects: Array size: 2: [0]:
WsSubjectLookup[subjectId=test.subject.0,subjectIdentifier=,subjectSourceId=j...,
group: WsGroupLookup[groupName=aStem:aGroup], stem: null, privilege:
ACCESS-Array size: 2: [0]: update [1]: read , allowed? true, actAsSubject:
WsSubjectLookup[subjectId=GrouperSystem], replaceAllExisting: false , params: null</resultMessage> <success>T</success> </resultMetadata> <responseMetadata> <millis>612</millis> <serverVersion>v1_6_000</serverVersion> </responseMetadata> <wsGroup> <extension>aGroup</extension> <displayExtension>a group</displayExtension> <description>a group description</description> <displayName>a stem:a group</displayName> <name>aStem:aGroup</name> <uuid>78e0da78368c4764b7c08db81d0db2bc</uuid> </wsGroup> <results> <WsAssignGrouperPrivilegesResult> <resultMetadata> <resultCode>SUCCESS_ALLOWED</resultCode> </resultMetadata> <privilegeName>update</privilegeName> <privilegeType>access</privilegeType> <wsSubject> <identifierLookup></identifierLookup> <resultCode>SUCCESS</resultCode> <success>T</success> <id>test.subject.0</id> <name>my name is test.subject.0</name> <sourceId>jdbc</sourceId> </wsSubject> </WsAssignGrouperPrivilegesResult> <WsAssignGrouperPrivilegesResult> <resultMetadata> <resultCode>SUCCESS_ALLOWED</resultCode> </resultMetadata> <privilegeName>update</privilegeName> <privilegeType>access</privilegeType> <wsSubject> <resultCode>SUCCESS</resultCode> <success>T</success> <id>test.subject.1</id> <name>my name is test.subject.1</name> <sourceId>jdbc</sourceId> </wsSubject> </WsAssignGrouperPrivilegesResult> <WsAssignGrouperPrivilegesResult> <resultMetadata> <resultCode>SUCCESS_ALLOWED</resultCode> </resultMetadata> <privilegeName>read</privilegeName> <privilegeType>access</privilegeType> <wsSubject> <identifierLookup></identifierLookup> <resultCode>SUCCESS</resultCode> <success>T</success> <id>test.subject.0</id> <name>my name is test.subject.0</name> <sourceId>jdbc</sourceId> </wsSubject> </WsAssignGrouperPrivilegesResult> <WsAssignGrouperPrivilegesResult> <resultMetadata> <resultCode>SUCCESS_ALLOWED</resultCode> </resultMetadata> <privilegeName>read</privilegeName> <privilegeType>access</privilegeType> <wsSubject> <resultCode>SUCCESS</resultCode> <success>T</success> <id>test.subject.1</id> <name>my name is test.subject.1</name> <sourceId>jdbc</sourceId> </wsSubject> </WsAssignGrouperPrivilegesResult> </results> </WsAssignGrouperPrivilegesResults> ############################### There is also a client operation: assignGrouperPrivilegesWs web service usage java -jar grouperClient.jar
--operation=assignGrouperPrivilegesWs
--privilegeNames=admin|view|read|optin|optout|update|stem|create|etc (comma
separated) --allowed=true|false [--groupName=a:b:c] [--stemName=a:b]
[--privilegeType=access|naming|etc] [--subjectIds=subjId0,subjId1]
[--subjectIdentifiers=subjIdent0,subjIdent1] [--subjectSources=source0,source1]
[--txType=GcTransactionType] [--replaceAllExisting=true|false]
[--includeGroupDetail=true|false] [--includeSubjectDetail=true|false]
[--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId]
[--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source]
[--saveResultsToFile=fileName] [--outputTemplate=somePattern]
[--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName]
[--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] e.g.: java -jar grouperClient.jar
--operation=assignGrouperPrivilegesWs --groupName=aStem:aGroup
--subjectIds=test.subject.0,test.subject.1 --privilegeNames=admin,update
--allowed=true output: Index: 0, success: T, code: SUCCESS_ALLOWED, group:
aStem:aGroup, subject: test.subject.0, access: admin Chris From: Paul Gazda
[mailto:] Chris, I see that you currently have
only GcAssignGrouperPrivilegesLite in GrouperClient 1.4.1. Are you planning to
add a GcAssignGrouperPrivileges that will allow assignment of privileges to
more than one subject in a single invocation? Paul Gazda |
- RE: AssignGrouperPrivileges in GrouperClient, Chris Hyzer, 01/02/2010
- RE: AssignGrouperPrivileges in GrouperClient, Paul Gazda, 01/04/2010
- RE: AssignGrouperPrivileges in GrouperClient, Chris Hyzer, 01/04/2010
- RE: AssignGrouperPrivileges in GrouperClient, Paul Gazda, 01/04/2010
Archive powered by MHonArc 2.6.16.