Date: Fri, 29 Mar 2024 07:35:53 +0000 (UTC) Message-ID: <1591631639.7631.1711697753897@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7630_1840318898.1711697753896" ------=_Part_7630_1840318898.1711697753896 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
https://spaces.at.internet2.edu/display/Grouper/Provisioning+Cons= umer
We recently went live with our identity management system based on Group=
er 1.6.3, and we made some modification to handle deploying Grouper to mult=
iple environments.
Our goal was to allow the exact same Grouper JAR and WAR files to be dep=
loyed to any environment. We would then add environment-specific conf=
iguration files to a consistent location on each server, separated from the=
Grouper deployment location, so that fresh deployments would not overwrite=
these files. Any settings found in the environment-specific configur=
ation files will override settings found in the default configuration files=
. This is similar in concept to how morphstring allows passwords to b=
e externalized.
We identified six locations that needed to handle these externalized set= tings:
1) grouper.properties
2) grouper-loader.properties
3) grouper.hibernate.properties
4) sources.xml
5) log4j.properties
6) web.xml for the CAS contrib plugin for Grouper UI
The first 3 are handled by GrouperUtil.java.
The fourth is handled by SoruceManager.java (part of subject.jar).
Log4J was straight-forward using JVM options.
The UI=E2=80=99s web.xml was a little trickier.
To achieve our goal, we made the following modifications to Grouper:
1) Create a custom sub-class of java.util.Properties which can load mult= iple properties files. One file contains default settings, and the ot= her contains environment-specific =E2=80=9Coverride=E2=80=9D settings. = ; Our custom properties file also has the ability to internally (and invisi= bly) handle encrypted property values using Jasypt (to achieve a similar go= al as morphstring).
2) Modify GrouperUtil.java to use our custom Properties class instead of= the default.
3) Modify SourceManager.java (part of subject.jar) to also load an overl= ay file, and changed the XML parsing slightly so that it properly merges th= e overlay settings before initializing sources.
4) We used the =E2=80=9C-D=E2=80=9D option on the JVM command line to pa= ss environment-specific variables for use in log4j.properties.
5) Since we use CAS for authentication, we wrapped the CAS filter in a d=
elegating filter.* The delegating filter creates a proxy of the filter init=
-params, allowing variable values to be pulled from external sources using =
the standard ${} syntax.
*Basic code for creating a delegating filter that allows externalizing o= f init-params can be found here:= http://www.coderanch.com/t/79094/Websphere/environment-variable-referance-W= eb-xml