Embed Size (px)
Citation preview
Grouper Training – Admin – Subject API – Part 4
Shilen Patel
Duke University
This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
2
Contents
• Member sorting and searching• Building your own source adapter• Subject filtering and attribute decorator
3
Member Sorting and Searching
• grouper_members table contains additional columns to allow searching and sorting without resolving all subjects.
• Five columns used for sorting and five columns used for searching.
• Different search columns exist since each one may contain different data based on privacy.
• Different sort columns exist to allow sorting using different attributes.
• Columns updated when subject is resolved by id or identifier or when running USDU (for people).
4
Member Sorting and Searching (continued)
• Configure access in grouper.properties. By default, all users can use all columns. For example:security.member.sort.string0.allowOnlyGroup = etc:someGroup
security.member.sort.string1.wheelOnly = true
security.member.search.string0.allowOnlyGroup = etc:someGroup
• Specify default sorting and searching.member.search.defaultIndexOrder=0
member.sort.defaultIndexOrder=0
5
Member Sorting and Searching (continued)
• Example of how to populate columns:
• sort0 = Sort by namesort1 = Sort by last namesort2 = Sort by login idsearch0 = default search for privileged userssearch1 = default search for all other users
sort0 sort1 sort2 search0 search1
person source
displayName sn uid displayName, uid,ou
displayName, uid
group source
displayExtension null null name, displayName, alternateName
name, displayName, alternateName
6
Building your own source adapter
• Implement edu.internet2.middleware.subject.Source • or extend
edu.internet2.middleware.subject.provider.BaseSourceAdapter
• Implement edu.internet2.middleware.subject.Subject • or just use or extend
edu.internet2.middleware.subject.provider.SubjectImpl
7
Subject filtering and attribute decorator
• Implement edu.internet2.middleware.grouper.subj.SubjectCustomizer• or extend
edu.internet2.middleware.grouper.subj.SubjectCustomizerBase• https://spaces.internet2.edu/display/Grouper/
Grouper+subject+filter+and+attribute+decorator
• Configure in grouper.propertiessubjects.customizer.className =
• Subject Filtering• Allows you to secure attribute release.• Edit, remove, or add subject attributes when subjects are resolved.• Extend filterSubjects() method.
• public Set<Subject> filterSubjects(GrouperSession grouperSession, Set<Subject> subjects, String findSubjectsInStemName);
8
Subject filtering and attribute decorator (continued)
• Attribute decorator• Mainly used by Grouper Web Services.• Allows clients to make attribute requests that are not configured in
the Subject API. Your method can verify that the caller is allowed to see the data, run queries to retrieve the data, and add the attributes to the subject(s).
• Extend decorateSubjects() method.• public Set<Subject> decorateSubjects(GrouperSession grouperSession,
Set<Subject> subjects, Collection<String> attributeNamesRequested);
9
Quiz
• Click on the quiz link in the video description to reinforce your knowledge of this topic
Thanks!
Further information:
• Infosheets, mailing lists, wiki, downloads, etc.:www.internet2.edu/grouper
• Grouper demo server:grouperdemo.internet2.edu/
• Grouper Online Training Home:spaces.internet2.edu/x/IIGfAQ
This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. 10
