grouper-users - RE: [grouper-users] RE: Restricting access to Grouper UI
Subject: Grouper Users - Open Discussion List
List archive
- From: Gagné Sébastien <>
- To: Gagné Sébastien <>, "Rahul Doshi" <>, "Chris Hyzer" <>, <>
- Subject: RE: [grouper-users] RE: Restricting access to Grouper UI
- Date: Wed, 10 Oct 2012 09:28:47 -0400
Well finally it doesn’t work completely… Patching the GrouperUiFilter as per the JIRA fixes the problem for “native” authentication, but if I use the CAS integration I get an exception : 2012-10-10 09:08:11,798: [http-8080-8] ERROR GrouperUiFilter.doFilter(835) - - UI error java.lang.RuntimeException: Cant find logged in user at edu.internet2.middleware.grouper.ui.GrouperUiFilter.retrieveSubjectLoggedIn(GrouperUiFilter.java:261) at edu.internet2.middleware.grouper.ui.GrouperUiFilter.doFilter(GrouperUiFilter.java:823) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:662) De : [mailto:] De la part de Gagné Sébastien You’re right. I added the patch and I get the error message. Thanks ! De : Rahul Doshi Not sure if the bug https://bugs.internet2.edu/jira/browse/GRP-840 is same. Seems to have been fixed in 2.1.3 Thanks, Rahul From: Gagné Sébastien <> I’m running 2.1.2 API and UI I edited : ui/conf/resources/grouper/media.properties The one in “ui/dist/grouper/WEB-INF/classes/resources/grouper/media.properties” shows the same properties. The “etc:GroupeAccesUI” was manually created in the UI with my grouper sysadmin account. It was not autocreated by GrouperSystem. In this group I only added an admin group that contains a bunch of other admin groups which is where the users actually are. I also tested by adding only one user in the UI group. I tried with a user authenticated by CAS and one in the tomcat’s tomcat-user.xml (<user username="usr_gagns" password="123" roles="grouper_user"/>) I don’t have any error in my logs De : Chris Hyzer [] There have been some issues, though in my tests it seems to work. If someone can debug or give more info that would help. Also, which media.propeties did you try? If not this one, try here: resources/grouper/media.properties (since it could also be a custom one). Which version of Grouper are you on? I did my testing on the latest 2.1 Here is a movie: http://www.youtube.com/watch?v=9bh8VhweTIQ Here is a thread: https://lists.internet2.edu/sympa/arc/grouper-users/2012-09/msg00019.html Thanks, CHris From:On Behalf Of Gagné Sébastien Hi, I tried restricting the access to the Grouper UI to members of a specific group using the following configuration in media.properties, but it doesn’t work : #users must be in this group to be able to login to the UI require.group.for.logins=etc:GroupeAccesUI I rebuilt the UI and I tried with and without CAS integration. Whatever I do, I can log in using any user, even those not in the group and even if the group is empty. Am I missing something ? Is it broken ? Thanks Sébastien Gagné, | Analyste en informatique 514-343-6111 x33844 | Université de Montréal, | Pavillon Roger-Gaudry, local X-100-11 |
- [grouper-users] Restricting access to Grouper UI, Gagné Sébastien, 10/09/2012
- [grouper-users] RE: Restricting access to Grouper UI, Chris Hyzer, 10/09/2012
- [grouper-users] RE: Restricting access to Grouper UI, Gagné Sébastien, 10/09/2012
- Re: [grouper-users] RE: Restricting access to Grouper UI, Rahul Doshi, 10/09/2012
- RE: [grouper-users] RE: Restricting access to Grouper UI, Gagné Sébastien, 10/09/2012
- RE: [grouper-users] RE: Restricting access to Grouper UI, Chris Hyzer, 10/09/2012
- RE: [grouper-users] RE: Restricting access to Grouper UI, Gagné Sébastien, 10/10/2012
- Message not available
- RE: [grouper-users] RE: Restricting access to Grouper UI, Chris Hyzer, 10/10/2012
- RE: [grouper-users] RE: Restricting access to Grouper UI, Gagné Sébastien, 10/10/2012
- Message not available
- RE: [grouper-users] RE: Restricting access to Grouper UI, Gagné Sébastien, 10/09/2012
- Re: [grouper-users] RE: Restricting access to Grouper UI, Rahul Doshi, 10/09/2012
- [grouper-users] RE: Restricting access to Grouper UI, Gagné Sébastien, 10/09/2012
- [grouper-users] RE: Restricting access to Grouper UI, Chris Hyzer, 10/09/2012
Archive powered by MHonArc 2.6.16.