Grouper Users - Open Discussion List

["Redman, Chad" <>]

I traced through the source to try to explain these observations. I learned a lot along the way.

 

Indeed, the SubjectNotFoundException error is what you will see if you don't have the default "jdbc" connection in your subject.properties/sources.xml. You should see this in your startup if it's there:

 

subject.properties jdbc source id:   jdbc: <the same connection string as in grouper hibernate properties)

 

As Jeffrey and Carey noted, the addUser and findUser act strangely. The addUser method doesn't use the subject sources; it uses a special RegistrySubject class to insert the record directly into the GROUPER.SUBJECT table. In doing this, it also sets up the skeleton of an actual Subject object. But it doesn't know the source of the subject, since it isn't looking at the defined sources. That's why you can still add users even though the source isn't defined. That's also why the sourceId gets printed as "null" when created -- it doesn't know which source (if any) corresponds to the grouper.subject table it's using.

 

The findSubject works on subject sources as defined in subject.properties or sources.xml. If you just call findUser(id), it will search all the sources. Note that there may a bug in the latest gsh. The call findUser(id, source) ignores the source, so it will still look in all sources. For now, you can call findUser(id, null, source) which does work for a specific source.

 

-Chad

 

 

From: [mailto:] On Behalf Of Hyzer, Chris
Sent: Thursday, December 06, 2018 7:35 AM
To: Black, Carey M. <>; Crawford, Jeffrey <>; Grouper-Users <>
Subject: [grouper-users] RE: Grouper Shell and AddSubject

 

By default there is a jdbc source which reads the subject and subjectattribute tables.  If you don’t have it in your source anymore then you wont be able to find it.  For groups it should work. 

 

Do you have something like this in grouper-ws.properties?

 

 

# if you have subject namespace overlap (or not), set the default subject

# sources (comma-separated) to lookup the user if none specified in user name

ws.logged.in.subject.default.source = g:gsa

 

# prepend to the userid this value (e.g. if using local entities, might be:    etc:servicePrincipals:   )

ws.security.prependToUserIdForSubjectLookup = some:path:to:principals

 

 

There is no way to delete the “jdbc” default subject source subjects.  We can add that at some point.  Deleting from DB is the way to go.

 

Thanks

Chris

 

 

From: <> On Behalf Of Black, Carey M.
Sent: Wednesday, December 05, 2018 11:31 PM
To: Crawford, Jeffrey <>; Grouper-Users <>
Subject: [grouper-users] RE: Grouper Shell and AddSubject

 

Jeffrey,

 

I got to say that I don’t know why grouper is doing what it is doing for either of us on this one. And that is different, maybe, than what it is doing for you.

And given that I am doing what you are doing for WebService accounts, I am very interested in understanding what is not working. L

 

( I am using v 2.3. You did not say what version your using.  Maybe your upgraded from 2.3 to 2.4? )

 

But maybe this will help.

 

 

groovy:000> findSubject("grouper-testUser2");

ERROR edu.internet2.middleware.subject.SubjectNotFoundException:

subject not found: grouper-testUser2

        at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.thereCanOnlyBeOne (SourcesXmlResolver.java:486)

        at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.findByIdOrIdentifier (SourcesXmlResolver.java:527)

        at edu.internet2.middleware.grouper.subj.CachingResolver.findByIdOrIdentifier (CachingResolver.java:377)

        at edu.internet2.middleware.grouper.subj.ValidatingResolver.findByIdOrIdentifier (ValidatingResolver.java:203)

        at edu.internet2.middleware.grouper.SubjectFinder.findByIdOrIdentifier (SubjectFinder.java:316)

        at edu.internet2.middleware.grouper.app.gsh.findSubject.invoke (findSubject.java:154)

        at edu.internet2.middleware.grouper.app.gsh.findSubject$invoke.call (Unknown Source)

        at groovysh_evaluate.findSubject (groovysh_evaluate:4)

        at groovysh_evaluate.findSubject (groovysh_evaluate)

 

groovy:000> addSubject("grouper-testUser2", "application", "grouper-testUser2");

===> Subject id: grouper-testUser2, sourceId: null, name: grouper-testUser2

 

groovy:000> findSubject("grouper-testUser2");

===> Subject id: grouper-testUser2, sourceId: jdbc, name: grouper-testUser2

 

I note that the addSubject returns “sourceId: null”.

Yet it appears to have stuffed the user into “sourceId: jdbc”.

 

And when I go look in the Subject table in the DB… yep. There it is.

 

 

Just a wag:

 

Maybe you did something to your jdbc source?

Maybe the jdbc source was not converted/upgraded properly?

 

 

And while we are on the “subject”, ( Ugh… bad puns are everywhere )  can anyone point at a Grouper API to “removeSubject()” ?

                Yea.. SQL should get the job done, but their could be application caches, details, and quarks Oh my.  

                If you can add then you should be able to remove too. IMHO [ In my hopeful opinion]

 

--

Carey Matthew

 

From: <> On Behalf Of Crawford, Jeffrey
Sent: Wednesday, December 5, 2018 6:42 PM
To: Grouper-Users <>
Subject: [grouper-users] Grouper Shell and AddSubject

 

Greetings,

 

We’ve been having issue with the grouper Web Service finding the service accounts since we upgraded. Originally the web service accounts were created as groups, and the web service basic auth seemed to work fine. My guess is that over time it was no longer possible to bind a basic auth REMOTE_USER to a group entity. So I thought I would create an application local identity and just make it a member of the original group we created as a migration step.

 

However I was trying to create a local entity. I used the Grouper shell to create a service account, but after creating it and trying to access it via findSubject, It doesn’t find the account I just created:

 

groovy:000> addSubject("grouper-wsuser", "application", "grouper-wsuser");

===> Subject id: grouper-wsuser-iamucla, sourceId: null, name: grouper-wsuser

groovy:000> findSubject("grouper-wsuser");

ERROR edu.internet2.middleware.subject.SubjectNotFoundException:

subject not found: grouper-wsuser

        at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.thereCanOnlyBeOne (SourcesXmlResolver.java:486)

        at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.findByIdOrIdentifier (SourcesXmlResolver.java:527)

        at edu.internet2.middleware.grouper.subj.CachingResolver.findByIdOrIdentifier (CachingResolver.java:406)

        at edu.internet2.middleware.grouper.subj.ValidatingResolver.findByIdOrIdentifier (ValidatingResolver.java:203)

        at edu.internet2.middleware.grouper.SubjectFinder.findByIdOrIdentifier (SubjectFinder.java:316)

        at edu.internet2.middleware.grouper.app.gsh.findSubject.invoke (findSubject.java:154)

        at edu.internet2.middleware.grouper.app.gsh.findSubject$invoke.call (Unknown Source)

        at groovysh_evaluate.findSubject (groovysh_evaluate:4)

        at groovysh_evaluate.findSubject (groovysh_evaluate)