Skip to Content.
Sympa Menu

grouper-users - RE: AssignGrouperPrivileges in GrouperClient

Subject: Grouper Users - Open Discussion List

List archive

RE: AssignGrouperPrivileges in GrouperClient


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Paul Gazda <>, "" <>
  • Subject: RE: AssignGrouperPrivileges in GrouperClient
  • Date: Sat, 2 Jan 2010 03:24:22 -0500
  • Accept-language: en-US
  • Acceptlanguage: en-US

 

Ø  Chris,

Ø  I see that you currently have only GcAssignGrouperPrivilegesLite in GrouperClient 1.4.1. Are you planning to add a GcAssignGrouperPrivileges that will allow assignment of privileges to more than one subject in a single invocation?

Ø  Paul Gazda

 

This is done for 1.6.0.  Note, we just switched from CVS to subversion (more details to follow soon), so the links in the web service docs are not current or will not work.  Fyi here are the svn urls:

 

http://anonsvn.internet2.edu/svn/i2mi or http://anonsvn.internet2.edu/cgi-bin/viewvc.cgi/i2mi/

 

 

Non-lite privilege management:

https://bugs.internet2.edu/jira/browse/GRP-242

 

https://spaces.internet2.edu/display/GrouperWG/v1.6.0+Add+or+remove+grouper+privileges

 

Let me know asap if this design needs changes.

 

Here is the ws method:

 

  /**

   * <pre>

   * assign a privilege for a user/group/type/name combo

   * e.g. POST /grouperPrivileges

   * </pre>

   * @param clientVersion is the version of the client.  Must be in GrouperWsVersion, e.g. v1_3_000

   * @param wsSubjectLookups are the subjects to assign the privileges to, looked up by subjectId or identifier

   * @param wsGroupLookup if this is a group privilege, this is the group

   * @param wsStemLookup if this is a stem privilege, this is the stem

   * @param replaceAllExisting

   *            optional: T or F (default), if the existing privilege assignments for this object should be

   *            replaced

   * @param actAsSubjectLookup optional: is the subject to act as (if proxying).

   * @param privilegeType (e.g. "access" for groups and "naming" for stems)

   * @param privilegeNames (e.g. for groups: read, view, update, admin, optin, optout.  e.g. for stems:

   * stem, create)

   * @param allowed is T to allow this privilege, F to deny this privilege

   * @param includeSubjectDetail

   *            T|F, for if the extended subject information should be

   *            returned (anything more than just the id)

   * @param subjectAttributeNames are the additional subject attributes (data) to return.

   * If blank, whatever is configured in the grouper-ws.properties will be sent (comma separated)

   * @param includeGroupDetail T or F as for if group detail should be included

   * @param txType is the GrouperTransactionType for the request.  If blank, defaults to

   * NONE (will finish as much as possible).  Generally the only values for this param that make sense

   * are NONE (or blank), and READ_WRITE_NEW.

   * @param params

   *            optional: reserved for future use

   * @return the result of one member query

   */

  public static WsAssignGrouperPrivilegesResults assignGrouperPrivileges(

      final GrouperWsVersion clientVersion,

      final WsSubjectLookup[] wsSubjectLookups,

      final WsGroupLookup wsGroupLookup,

      final WsStemLookup wsStemLookup,

      final PrivilegeType privilegeType, final Privilege[] privilegeNames,

      final boolean allowed,

      final boolean replaceAllExisting, GrouperTransactionType txType,

      final WsSubjectLookup actAsSubjectLookup,

      final boolean includeSubjectDetail, final String[] subjectAttributeNames,

      final boolean includeGroupDetail,  final WsParam[] params) {

 

 

Here is a sample:

 

#########################################

##

## HTTP request sample (could be formatted for view by

## indenting or changing dates or other data)

##

#########################################

 

 

POST /grouper-ws/servicesRest/v1_5_000/grouperPrivileges HTTP/1.1

Connection: close

Authorization: Basic xxxxxxxxxxxxxxxxx==

User-Agent: Jakarta Commons-HttpClient/3.1

Host: localhost:8092

Content-Length: 771

Content-Type: text/xml; charset=UTF-8

 

<WsRestAssignGrouperPrivilegesRequest>

  <replaceAllExisting>F</replaceAllExisting>

  <allowed>T</allowed>

  <clientVersion>v1_5_000</clientVersion>

  <wsGroupLookup>

    <groupName>aStem:aGroup</groupName>

  </wsGroupLookup>

  <privilegeType>access</privilegeType>

  <privilegeNames>

    <string>update</string>

    <string>read</string>

  </privilegeNames>

  <wsSubjectLookups>

    <WsSubjectLookup>

      <subjectId>test.subject.0</subjectId>

      <subjectIdentifier></subjectIdentifier>

      <subjectSourceId>jdbc</subjectSourceId>

    </WsSubjectLookup>

    <WsSubjectLookup>

      <subjectId></subjectId>

      <subjectIdentifier>id.test.subject.1</subjectIdentifier>

      <subjectSourceId></subjectSourceId>

    </WsSubjectLookup>

  </wsSubjectLookups>

  <actAsSubjectLookup>

    <subjectId>GrouperSystem</subjectId>

  </actAsSubjectLookup>

</WsRestAssignGrouperPrivilegesRequest>

 

 

#########################################

##

## HTTP response sample (could be formatted for view by

## indenting or changing dates or other data)

##

#########################################

 

 

HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Set-Cookie: JSESSIONID=xxxxxxxxxxxxxxxxxxxxxxxx; Path=/grouper-ws

X-Grouper-resultCode: SUCCESS

X-Grouper-success: T

X-Grouper-resultCode2: NONE

Content-Type: text/xml;charset=UTF-8

Date: Thu, 31 Dec 2009 17:31:46 GMT

Connection: close

 

<WsAssignGrouperPrivilegesResults>

  <resultMetadata>

    <resultCode>SUCCESS</resultCode>

    <resultMessage>No subjects were passed in, Success for: clientVersion: v1_5_000, wsSubjects: Array size: 2: [0]: WsSubjectLookup[subjectId=test.subject.0,subjectIdentifier=,subjectSourceId=j..., group: WsGroupLookup[groupName=aStem:aGroup], stem: null, privilege: ACCESS-Array size: 2: [0]: update

[1]: read

, allowed? true, actAsSubject: WsSubjectLookup[subjectId=GrouperSystem], replaceAllExisting: false

, params: nullNo subjects were passed in, Success for: clientVersion: v1_5_000, wsSubjects: Array size: 2: [0]: WsSubjectLookup[subjectId=test.subject.0,subjectIdentifier=,subjectSourceId=j..., group: WsGroupLookup[groupName=aStem:aGroup], stem: null, privilege: ACCESS-Array size: 2: [0]: update

[1]: read

, allowed? true, actAsSubject: WsSubjectLookup[subjectId=GrouperSystem], replaceAllExisting: false

, params: null</resultMessage>

    <success>T</success>

  </resultMetadata>

  <responseMetadata>

    <millis>612</millis>

    <serverVersion>v1_6_000</serverVersion>

  </responseMetadata>

  <wsGroup>

    <extension>aGroup</extension>

    <displayExtension>a group</displayExtension>

    <description>a group description</description>

    <displayName>a stem:a group</displayName>

    <name>aStem:aGroup</name>

    <uuid>78e0da78368c4764b7c08db81d0db2bc</uuid>

  </wsGroup>

  <results>

    <WsAssignGrouperPrivilegesResult>

      <resultMetadata>

        <resultCode>SUCCESS_ALLOWED</resultCode>

      </resultMetadata>

      <privilegeName>update</privilegeName>

      <privilegeType>access</privilegeType>

      <wsSubject>

        <identifierLookup></identifierLookup>

        <resultCode>SUCCESS</resultCode>

        <success>T</success>

        <id>test.subject.0</id>

        <name>my name is test.subject.0</name>

        <sourceId>jdbc</sourceId>

      </wsSubject>

    </WsAssignGrouperPrivilegesResult>

    <WsAssignGrouperPrivilegesResult>

      <resultMetadata>

        <resultCode>SUCCESS_ALLOWED</resultCode>

      </resultMetadata>

      <privilegeName>update</privilegeName>

      <privilegeType>access</privilegeType>

      <wsSubject>

        <resultCode>SUCCESS</resultCode>

        <success>T</success>

        <id>test.subject.1</id>

        <name>my name is test.subject.1</name>

        <sourceId>jdbc</sourceId>

      </wsSubject>

    </WsAssignGrouperPrivilegesResult>

    <WsAssignGrouperPrivilegesResult>

      <resultMetadata>

        <resultCode>SUCCESS_ALLOWED</resultCode>

      </resultMetadata>

      <privilegeName>read</privilegeName>

      <privilegeType>access</privilegeType>

      <wsSubject>

        <identifierLookup></identifierLookup>

        <resultCode>SUCCESS</resultCode>

        <success>T</success>

        <id>test.subject.0</id>

        <name>my name is test.subject.0</name>

        <sourceId>jdbc</sourceId>

      </wsSubject>

    </WsAssignGrouperPrivilegesResult>

    <WsAssignGrouperPrivilegesResult>

      <resultMetadata>

        <resultCode>SUCCESS_ALLOWED</resultCode>

      </resultMetadata>

      <privilegeName>read</privilegeName>

      <privilegeType>access</privilegeType>

      <wsSubject>

        <resultCode>SUCCESS</resultCode>

        <success>T</success>

        <id>test.subject.1</id>

        <name>my name is test.subject.1</name>

        <sourceId>jdbc</sourceId>

      </wsSubject>

    </WsAssignGrouperPrivilegesResult>

  </results>

</WsAssignGrouperPrivilegesResults>

 

 

###############################

 

There is also a client operation:

 

assignGrouperPrivilegesWs web service usage

  java -jar grouperClient.jar --operation=assignGrouperPrivilegesWs --privilegeNames=admin|view|read|optin|optout|update|stem|create|etc (comma separated) --allowed=true|false [--groupName=a:b:c] [--stemName=a:b] [--privilegeType=access|naming|etc] [--subjectIds=subjId0,subjId1] [--subjectIdentifiers=subjIdent0,subjIdent1] [--subjectSources=source0,source1] [--txType=GcTransactionType] [--replaceAllExisting=true|false] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]

  e.g.: java -jar grouperClient.jar --operation=assignGrouperPrivilegesWs --groupName=aStem:aGroup --subjectIds=test.subject.0,test.subject.1 --privilegeNames=admin,update --allowed=true

  output: Index: 0, success: T, code: SUCCESS_ALLOWED, group: aStem:aGroup, subject: test.subject.0, access: admin

 

Chris

 

 

From: Paul Gazda [mailto:]
Sent: Monday, March 02, 2009 7:27 PM
To: Chris Hyzer;
Subject: AssignGrouperPrivileges in GrouperClient

 

Chris,

I see that you currently have only GcAssignGrouperPrivilegesLite in GrouperClient 1.4.1. Are you planning to add a GcAssignGrouperPrivileges that will allow assignment of privileges to more than one subject in a single invocation?

 

Paul Gazda




Archive powered by MHonArc 2.6.16.

Top of Page