Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] RE: Restricting access to Grouper UI

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] RE: Restricting access to Grouper UI

Chronological Thread 
  • From: Gagné Sébastien <>
  • To: Gagné Sébastien <>, "Rahul Doshi" <>, "Chris Hyzer" <>, <>
  • Subject: RE: [grouper-users] RE: Restricting access to Grouper UI
  • Date: Wed, 10 Oct 2012 09:28:47 -0400

Well finally it doesn’t work completely…


Patching the GrouperUiFilter as per the JIRA fixes the problem for “native” authentication, but if I use the CAS integration I get an exception :


2012-10-10 09:08:11,798: [http-8080-8] ERROR GrouperUiFilter.doFilter(835) -  - UI error

java.lang.RuntimeException: Cant find logged in user

        at edu.internet2.middleware.grouper.ui.GrouperUiFilter.retrieveSubjectLoggedIn(

        at edu.internet2.middleware.grouper.ui.GrouperUiFilter.doFilter(

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(

        at org.apache.catalina.core.StandardWrapperValve.invoke(

        at org.apache.catalina.core.StandardContextValve.invoke(

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(

        at org.apache.catalina.core.StandardHostValve.invoke(

        at org.apache.catalina.valves.ErrorReportValve.invoke(

        at org.apache.catalina.core.StandardEngineValve.invoke(

        at org.apache.catalina.connector.CoyoteAdapter.service(

        at org.apache.coyote.http11.Http11Processor.process(

        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(






De : [mailto:] De la part de Gagné Sébastien
Envoyé : 9 octobre 2012 15:50
À : Rahul Doshi; Chris Hyzer;
Objet : RE: [grouper-users] RE: Restricting access to Grouper UI


You’re right. I added the patch and I get the error message.


Thanks !


De : Rahul Doshi
Envoyé : 9 octobre 2012 15:36
À : Gagné Sébastien; Chris Hyzer;
Objet : Re: [grouper-users] RE: Restricting access to Grouper UI


Not sure if the bug is same.  Seems to have been fixed in 2.1.3





From: Gagné Sébastien <>
Date: Tuesday, October 9, 2012 3:29 PM
To: Chris Hyzer <>, "" <>
Subject: [grouper-users] RE: Restricting access to Grouper UI


I’m running 2.1.2 API and UI


I edited : ui/conf/resources/grouper/

The one in “ui/dist/grouper/WEB-INF/classes/resources/grouper/” shows the same properties.


The “etc:GroupeAccesUI” was manually created in the UI with my grouper sysadmin account. It was not autocreated by GrouperSystem. In this group I only added an admin group that contains a bunch of other admin groups which is where the users actually are. I also tested by adding only one user in the UI group.


I tried with a user authenticated by CAS and one in the tomcat’s tomcat-user.xml (<user username="usr_gagns" password="123" roles="grouper_user"/>)


I don’t have any error in my logs


De : Chris Hyzer []
Envoyé : 9 octobre 2012 14:47
À : Gagné Sébastien;
Objet : RE: Restricting access to Grouper UI


There have been some issues, though in my tests it seems to work.  If someone can debug or give more info that would help.  Also, which media.propeties did you try?  If not this one, try here: resources/grouper/   (since it could also be a custom one).  Which version of Grouper are you on?  I did my testing on the latest 2.1


Here is a movie:


Here is a thread:






From:On Behalf Of Gagné Sébastien
Sent: Tuesday, October 09, 2012 2:34 PM
Subject: [grouper-users] Restricting access to Grouper UI



I tried restricting the access to the Grouper UI to members of a specific group using the following configuration in, but it doesn’t work :


#users must be in this group to be able to login to the UI


I rebuilt the UI and I tried with and without CAS integration. Whatever I do, I can log in using any user, even those not in the group and even if the group is empty.


Am I missing something ?  Is it broken ?





Sébastien Gagné,     | Analyste en informatique

514-343-6111 x33844  | Université de Montréal,

                     | Pavillon Roger-Gaudry, local X-100-11


Archive powered by MHonArc 2.6.16.

Top of Page