Package edu.internet2.middleware.grouper.hooks.examples
package edu.internet2.middleware.grouper.hooks.examples
This package contains working hooks examples which can be cloned and tweaked
-
ClassDescriptionAssignReadOnlyAdminPrivilege adds the read privileges for the newly created groups to self (this group's subject)assign READ to an admins group based on attribute assignment to a parent folder configure in grouper.properties: hooks.group.class=edu.internet2.middleware.grouper.hooks.examples.AssignReadonlyAdminPrivilegeGroupHook hooks.membership.class=edu.internet2.middleware.grouper.hooks.examples.AssignReadonlyAdminPrivilegeVetoMembershipHook grouper.readonlyAdminEnforced.attributeDefName = a:b:c:reaodnlyAdmin grouper.readonlyAdminEnforced.groupName = c:d:readonlyAdmins setup objects in GSH: grouperSession = GrouperSession.startRootSession(); String attributeFolderName = "a:b:c"; attributeDef = new AttributeDefSave(grouperSession).assignName(attributeFolderName + ":readonlyAdminDef").assignToStem(true).assignAttributeDefType(AttributeDefType.attr).assignCreateParentStemsIfNotExist(true).assignValueType(AttributeDefValueType.marker).save(); attributeDef.getAttributeDefActionDelegate().configureActionList("assign"); attributeDefName = new AttributeDefNameSave(grouperSession, attributeDef).assignName(attributeFolderName + ":readonlyAdmin").assignCreateParentStemsIfNotExist(true).save(); groupAdmin = new GroupSave(grouperSession).assignName("c:d:readonlyAdmins").assignCreateParentStemsIfNotExist(true).save(); make a group to test: stem = new StemSave(grouperSession).assignName("l:m").assignCreateParentStemsIfNotExist(true).save(); stem.getAttributeDelegate().assignAttribute(attributeDefName); groupSub = new GroupSave(grouperSession).assignName("l:m:n:o").assignCreateParentStemsIfNotExist(true).save(); groupNotSub = new GroupSave(grouperSession).assignName("l:p").assignCreateParentStemsIfNotExist(true).save();If you want the group or groups in a folder to allow opt out to anyone in group, then configure this hook in grouper.properties: hooks.group.class=edu.internet2.middleware.grouper.hooks.examples.AssignSelfOptOutGroupPrivilegeHook hooks.membership.class=edu.internet2.middleware.grouper.hooks.examples.AssignSelfOptOutMembershipPrivilegeRevocationVetoHook configure an attribute to assign to groups or folders in grouper.properties grouper.optOutRequired.attributeDefName = a:b:c:assignOptOut https://bugs.internet2.edu/jira/browse/GRP-1197 grouperSession = GrouperSession.startRootSession(); String attributeFolderName = "a:b:c"; attributeDef = new AttributeDefSave(grouperSession).assignName(attributeFolderName + ":assignOptOutDef").assignToStem(true).assignAttributeDefType(AttributeDefType.attr).assignCreateParentStemsIfNotExist(true).assignValueType(AttributeDefValueType.marker).save(); attributeDef.getAttributeDefActionDelegate().configureActionList("assign"); attributeDefName = new AttributeDefNameSave(grouperSession, attributeDef).assignName(attributeFolderName + ":assignOptOut").assignCreateParentStemsIfNotExist(true).save(); Test it out stem = new StemSave(grouperSession).assignName("j:k").assignCreateParentStemsIfNotExist(true).save(); stem.getAttributeDelegate().assignAttribute(attributeDefName); groupSub = new GroupSave(grouperSession).assignName("j:k:l:m").assignCreateParentStemsIfNotExist(true).save();If you want the group or groups in a folder to allow opt out to anyone in group, then configure this hook in grouper.properties: hooks.group.class=edu.internet2.middleware.grouper.hooks.examples.AssignSelfOptOutGroupPrivilegeHook hooks.membership.class=edu.internet2.middleware.grouper.hooks.examples.AssignSelfOptOutMembershipPrivilegeRevocationVetoHook configure an attribute to assign to groups or folders in grouper.properties grouper.optOutRequired.attributeDefName = a:b:c:assignOptOut https://bugs.internet2.edu/jira/browse/GRP-1197 grouperSession = GrouperSession.startRootSession(); String attributeFolderName = "a:b:c"; attributeDef = new AttributeDefSave(grouperSession).assignName(attributeFolderName + ":assignOptOutDef").assignToStem(true).assignAttributeDefType(AttributeDefType.attr).assignCreateParentStemsIfNotExist(true).assignValueType(AttributeDefValueType.marker).save(); attributeDef.getAttributeDefActionDelegate().configureActionList("assign"); attributeDefName = new AttributeDefNameSave(grouperSession, attributeDef).assignName(attributeFolderName + ":assignOptOut").assignCreateParentStemsIfNotExist(true).save(); Test it out stem = new StemSave(grouperSession).assignName("j:k").assignCreateParentStemsIfNotExist(true).save(); stem.getAttributeDelegate().assignAttribute(attributeDefName); groupSub = new GroupSave(grouperSession).assignName("j:k:l:m").assignCreateParentStemsIfNotExist(true).save();this will only run after grouper is started upbuilt in hook to grouper, which is turned on when it is configured in the grouper.properties.built in hook to grouper, which is turned on when it is configured in the grouper.properties.built in hook to grouper, which is turned on when it is configured in the grouper.properties.built in hook to grouper, which is turned on when it is configured in the grouper.properties.test implementation of group hooks for test.built in hook to grouper, which is turned on when it is configured in the grouper.properties.built in hook to grouper, which is turned on when it is configured in the grouper.properties.built in hook to grouper, which is turned on when it is configured in the grouper.properties.built in hook to grouper, which is turned on when it is configured in the grouper.properties.Fire on attribute assign value changes, validate the rules and set the answer in "valid" T|F attribute valuetest implementation of group hooks for testthis is just an example compile this class using the Grouper jar on classpath: javac -cp grouper-2.6.5.jar GroupLdapUniqueHook.java put the classfile in the container: /opt/grouper/grouperWebapp/WEB-INF/classes/GroupLdapUniqueHook.class register the class in grouper.properties: hooks.group.class=GroupLdapUniqueHookbuilt in hook to grouper, which is turned on when it is configured in the grouper.properties.built in hook to grouper, which is turned on when it is configured in the grouper.properties.built in hook to grouper, which is turned on when it is configured in the grouper.properties.built in hook to grouper, which is turned on when it is configured in the grouper.properties.built in hook to grouper, which is turned on when it is configured in the grouper.properties.hook to prevent ldap provisioning by setting an attribute on the group.Hook allows only sysadmins to add every entity to group or privilegesHook allows only one membership in a folder at a timetest implementation of group hooks for testgroup hook to put message on screenHook allows only one membership in a folder at a timebuilt in hook to grouper, which is turned on when it is configured in the grouper.properties.built in hook to grouper, which is turned on when it is configured in the grouper.properties.When attribute defs are created or saved, make sure there are no name conflicts with other object typesWhen attribute def names are created or saved, make sure there are no name conflicts with other object typesWhen groups are created or saved, make sure there are no name conflicts with other object typesWhen folders are created or saved, make sure there are no name conflicts with other object types