Skip to Content.
Sympa Menu

grouper-users - [grouper-users] configuration files in UI read-only

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] configuration files in UI read-only


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Hyzer, Chris" <>
  • To: " Mailing List" <>
  • Subject: [grouper-users] configuration files in UI read-only
  • Date: Thu, 1 Aug 2019 07:06:10 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=isc.upenn.edu;dmarc=pass action=none header.from=isc.upenn.edu;dkim=pass header.d=isc.upenn.edu;arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bm+PDA/z6wCDBqAA04aU+wCvI10//kj0P9FzQUUn8/M=; b=WnxwZjqXEND6GxJPJV2nCFugVmo9faQu7mNkih8JmpjfbNhWz8yeLMllKCXxub9hr+M4435XgaO3TUqEzYcYMLOddCDU+0gg68IMlt6nSJZ839sFwIrGnTfweByw0sv8o5CKK3SKNaVTyl3l9x489aPuB0YEhqqf7d7x8Z+tQz3joORNupdpIj3inf+pIMuWYm8wY6eBRMsHMYTEn3rmjTstcce+em19bEmcqNZxPyocUYE4HVLIbJOKHaoonsNbx9R4I/J9iTJ2AfnQmrlazbnDNbeBhKMQ5x15Nc9lkCJ9APH2LFBEY0q1hETMuX5AotqdM5Waf2vV5BaJIBbyng==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SNfi/qM2bEEvmVFkA29Ku4EDYa2QKWGmUb3/S2doxl8heoy65DHCWVajBQ0FU4MQS8v4TyrTDSrj63NnqBoe6X31qjNhWf2XYp73yuUBIi+nm5i65qwDWTkMSau2aYaDng8Xu8xIx37eFOUjNyVkgFozbGUR9iKztyv4/XryX6iTe1MUhscGmjCSXd/0QKITXKZjK8VbZbytF0jCgia2bwHY5NC3CeE9PvL+WrScvSoxMqzXH5tBTOn7sS9Vm9/26i7S8DNjjrYY5+ZaCp3O2U2WQZL9W52cbkuM5n0Kq/WReP/B9DhUaGZt03KdLaB8fNf/1wwwJFmeIdrYBOkcdw==

The next step to configuration in the database and UI is a readonly UI screen to see grouper configuration files.  Soon you will be able to import/export database configs, convert from config files to database configs, and edit individual configs from the UI.

 

https://spaces.at.internet2.edu/display/Grouper/Grouper+configuration+in+UI+read-mode

 

This is in 2.4.0 patches: grouper_v2_4_0_api_patch_66, grouper_v2_4_0_ui_patch_39, grouper_v2_4_0_ws_patch_7

 

You must be a sysadmin to view/edit

Quick start

configuration in grouper-ui-ng.base.properties

#######################################

## Configuration in ui

#######################################

 

# allow configuration from ui

# {valueType: "boolean", required: true}

grouperUi.configuration.enabled=true

 

# allow configuration only from these IP ranges, e.g. 1.2.3.4/32 or 2.3.4.5/24, comma separated, leave blank if available from everywhere

# {valueType: "string", multiple: true}

grouperUi.configurationEditor.sourceIpAddresses = 127.0.0.1/32

 

# if the source IP is set by apache or proxy or whatever

# {valueType: "string", sampleValue: "X-FORWARDED-FOR"}

grouperUi.reverseProxyForwardedForHeader =

 

You can:

1.       Disable UI configuration

2.       Open up the source IP address to let a non localhost IP address

3.       List a reverse proxy header where IP address is retrieve from in the incoming HTTP request, e.g. X-FORWARDED-FOR

 

Note: you can set this (or other configs) in the database via GSH

GrouperSession grouperSession = GrouperSession.startRootSession();

edu.internet2.middleware.grouper.cfg.dbConfig.GrouperConfigHibernate grouperConfigHibernate = new edu.internet2.middleware.grouper.cfg.dbConfig.GrouperConfigHibernate();

grouperConfigHibernate.setConfigEncrypted(false);

grouperConfigHibernate.setConfigFileHierarchyDb("INSTITUTION");

grouperConfigHibernate.setConfigFileNameDb("grouper-ui.properties");

grouperConfigHibernate.setConfigKey("grouperUi.configurationEditor.sourceIpAddresses");

grouperConfigHibernate.setConfigValue("1.2.3.4/32");

grouperConfigHibernate.saveOrUpdate();

 

Debug source IP address configuration in log4j.properties

log4j.logger.edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Configure = DEBUG

 

Viewing configuration

https://spaces.at.internet2.edu/download/attachments/154764452/image2019-7-24_11-37-11.png?version=1&modificationDate=1563982631090&api=v2

 

https://spaces.at.internet2.edu/download/attachments/154764452/image2019-7-24_11-44-13.png?version=1&modificationDate=1563983053328&api=v2

 

 

https://spaces.at.internet2.edu/download/attachments/154764452/image2019-7-24_11-45-32.png?version=1&modificationDate=1563983132611&api=v2

 

Features

Property name from property file

https://spaces.at.internet2.edu/download/attachments/154764452/image2019-7-24_11-47-42.png?version=1&modificationDate=1563983262000&api=v2

 

Type of value

https://spaces.at.internet2.edu/download/attachments/154764452/image2019-7-24_11-48-22.png?version=1&modificationDate=1563983302728&api=v2

 

Current processed (if script) value:

https://spaces.at.internet2.edu/download/attachments/154764452/image2019-7-24_11-49-25.png?version=1&modificationDate=1563983365640&api=v2

 

Documentation of configuration property

https://spaces.at.internet2.edu/download/attachments/154764452/image2019-7-24_11-50-12.png?version=1&modificationDate=1563983412730&api=v2

 

Where the configuration is set (which config file or in database).  Also note the default value set in the "base" config file, or configuration metadata

https://spaces.at.internet2.edu/download/attachments/154764452/image2019-7-24_11-55-7.png?version=1&modificationDate=1563983707657&api=v2

 

Mask passwords unless it is a password file, then list the file location

https://spaces.at.internet2.edu/download/attachments/154764452/image2019-7-24_11-58-6.png?version=1&modificationDate=1563983886107&api=v2

 

Changes in config file location

The grouper-ui.base.properties and grouper-ws.base.properties have been moved to the API from the UI and WS.  The new names are grouper-ui-ng.base.properties, and grouper-ws-ng.base.properties.

 


  • [grouper-users] configuration files in UI read-only, Hyzer, Chris, 08/01/2019

Archive powered by MHonArc 2.6.19.

Top of Page