Class to processes data received on servlet interface, extracts the payload
and passes it to EsbListener for processing, returning an http result
code and human readable result string to calling client
T or F, if this is a search by id or identifier, with no source, or the external source,
and the subject is not found, then add an external subject (if the user is allowed
T or F, if this is a search by id or identifier, with no source, or the external source,
and the subject is not found, then add an external subject (if the user is allowed
if processing permissions, you can filter out either redundant permissions (find best in set),
or do that and filter out redundant roles (if flattening roles) (find best in set).
if processing permissions, you can filter out either redundant permissions (find best in set),
or do that and filter out redundant roles (if flattening roles) (find best in set).
Meant to be delegate from GrouperService which has the same params (and names)
with enums translated (for Simple objects like Field) for each Javadoc viewing.
Retrieve the member object for this subject, do not create if not there
Note: this is not a javabean property because we dont want it in the web service
T or F, if this is a search by id or identifier, with no source, or the external source,
and the subject is not found, then add an external subject (if the user is allowed
T or F, if this is a search by id or identifier, with no source, or the external source,
and the subject is not found, then add an external subject (if the user is allowed
if processing permissions, you can filter out either redundant permissions (find best in set),
or do that and filter out redundant roles (if flattening roles) (find best in set).
if processing permissions, you can filter out either redundant permissions (find best in set),
or do that and filter out redundant roles (if flattening roles) (find best in set).
name of param: ws.act.as.cache.seconds
cache the decision to allow a user to actAs another, so it doesnt have to be calculated each time
defaults to 30 minutes:
name of param
# Web service users who are in the following group can use the actAs field to act as someone else
# You can put multiple groups separated by commas.
name of param for add member web service max, default is 1000000
# Max number of subjects to be able to pass to addMember service,
default is 1000000 ws.add.member.subjects.max = 20000
name of param: ws.client.user.group.cache.minutes
cache the decision to allow a user to user web services, so it doesnt have to be calculated each time
defaults to 30 minutes:
name of param: ws.client.user.group.name
If there is an entry here for group name, then all web service client
users must be in this group (before the actAs)
e.g.
name of param for delete member web service max, default is 1000000
# Max number of subjects to be able to pass to deleteMember service,
default is 1000000 ws.delete.member.subjects.max = 20000
name of param for get groups web service max, default is 1000000
# Max number of subjects to be able to pass to getGroups service,
default is 1000000 ws.get.groups.subjects.max = 20000
name of param for group attribute, max groups to be able to view/edit attributes at once,
default is 1000000
# Max number of subjects to be able to pass to addMember service,
default is 1000000 ws.group.save.max = 20000
name of param for group delete, max groups to be able to delete at once,
default is 1000000
# Max number of groups to be able to pass to groupDelete service,
default is 1000000 ws.group.delete.max = 20000
name of param for group save, max groups to be able to save at once,
default is 1000000
# Max number of groups to be able to pass to groupSave service,
default is 1000000 ws.group.save.max = 20000
name of param for has member web service max, default is 1000000
# Max number of subjects to be able to pass to addMember service,
default is 1000000 ws.has.member.subjects.max = 20000
name of param: ws.logged.in.subject.default.source
if you have subject namespace overlap (or not), set the default subject
source to lookup the user if none specified in user name
name of param for member change subject web service max, default is 1000000
# Max number of members to pass to memberChangeSubject,
default is 1000000 ws.member.change.subject.max = 20000
name of param: ws.rest.default.response.content.type
if the request has no content type (http params), and the response content type is not
specified in the url, then put it here.
to provide rampart authentication, Class must implement the interface:
edu.internet2.middleware.grouper.ws.security.GrouperWssecAuthentication
class must be fully qualified.
name of param for stem delete, max stems to be able to delete at once,
default is 1000000
# Max number of stems to be able to pass to stemDelete service,
default is 1000000 ws.stem.delete.max = 20000
name of param for stem save, max stems to be able to save at once,
default is 1000000
# Max number of stems to be able to pass to stemSave service,
default is 1000000 ws.stem.save.max = 20000
name of param for subject result attribute names when extended data is requested
# subject result attribute names when extended data is requested (comma separated)
default is name, description
note, these will be in addition to ws.subject.result.attribute.names
name of param for save privileges web service max, default is 1000000
# Max number of subjects to be able to pass to savePrivileges service,
default is 1000000 ws.view.or.edit.privileges.subjects.max = 20000
implement this interface and provide the class to the classpath and grouper-ws.properties
to override the default of httpServletRequest.getUserPrincipal();
for non-Rampart authentication
if user is not found, throw a runtime exception.
results for the get memberships call, or the get memberships lite call
result code:
code of the result for this group overall
SUCCESS: means everything ok
GROUP_NOT_FOUND: cant find the group
INVALID_QUERY: bad inputs
EXCEPTION: something bad happened
results for the get memberships call, or the get memberships lite call
result code:
code of the result for this group overall
SUCCESS: means everything ok
GROUP_NOT_FOUND: cant find the group
INVALID_QUERY: bad inputs
EXCEPTION: something bad happened
basic kerberos authentication for grouper, settings are specified in grouper-ws.properties
note: this can be used for rest and soap, though it is not a bastion of security:
1.