Date: Thu, 28 Mar 2024 22:50:37 +0000 (UTC) Message-ID: <391170522.7135.1711666237036@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7134_1470067648.1711666237035" ------=_Part_7134_1470067648.1711666237035 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
In Grouper 2.2+ the main Grouper objects in the database (groups, folder= s, attribute definitions, attribute names) will be assigned unique integers= . These integers can be used, for instance, as UNIX GIDs.
The ID's are not used anywhere else in Grouper, so if you need to adjust= them feel free, though the max index for an object type should never be mo= re than the last index used in the grouper_table_index table (you can incre= ment that).
Some reserved ID's can be stored in memory so that the table does not ne= ed to be accessed for each object creation. By default non-GSH enviro= nments will reserve 10 at a time, and GSH will reserve 1 at a time. I= f Grouper is bounced while ID's are reserved (common case), then those ID's= will never be used. Also, if transactions are rolled back, then id's= will be wasted. Hence the id's are generally sequential and each id = is used, but there will be gaps and they will only be sequential per JVM (e= ven if the reserved size is 1).
The implementation is thread safe per JVM and across JVM's.
You can configure a group whose members are allowed to assign index ID's= on create in the grouper.properties. If this config property is blan= k then anyone can assign index ID's on create
# group= who can assign id index cols (also, wheel or root is allowed) grouper.tableIndex.groupWhoCanAssignIdIndex =3D etc:canAssignIdIndex
The Grouper 2.2 ddl will add large integer columns to the 4 tables: grou= per_groups, grouper_stems, grouper_attribute_def, grouper_attribute_def_nam= e. The DDL will also assign ID's to the existing rows. Note, th= is column is non-null for new deployments of grouper, feel free to add that= constraint to upgrades. There is also a grouper_table_index table wi= th 4 rows which keeps track of which if the last index reserved. Ther= e is a unique index on the id_index col so no rows can have the same index.=
Configure this in the grouper.properties
idIndex= .group.minIndex =3D 10000 idIndex.stem.minIndex =3D 10000 idIndex.attributeDef.minIndex =3D 10000 idIndex.attributeDefName.minIndex =3D 10000 # verify that table indexes are set and the pointers are ok, incurs a bit o= f overhead to grouper startup grouper.tableIndex.verifyOnStartup =3D true # in different circumstances, retrieve a different number of IDs at once. # if it is a system where the JVM is starting and stopping (e.g. GSH), then # dont reserve that many at once grouper.tableIndex.reserveIdsGsh =3D 1 grouper.tableIndex.reserveIdsDefault =3D 10 grouper.tableIndex.reserveIdsLoader =3D 10 grouper.tableIndex.reserveIdsWs =3D 10 grouper.tableIndex.reserveIdsUi =3D 10
On Grouper startup, two things are checked. If there are rows with= null id_indexes, they will be set to id's. If the last reserved inde= x is less than the max index for that object type, it will be updated. &nbs= p;If you do not want to perform these checks on startup, set this in the gr= ouper.properties:
# verif= y that table indexes are set and the pointers are ok, incurs a bit of overh= ead to grouper startup grouper.tableIndex.verifyOnStartup =3D true
ID indexes will export and import (if its a new record and the index isn= t in use already), the last reserved index will be incremented appropriatel= y. Note, if you import and there are other running JVMs, you might wa= nt to bounce them since they have indexes reserved in memory
There are API methods to lookup objects by ID index. e.g. GroupFin= der.findByIdIndexSecure(idIndex, exceptionIfNotFound, queryOptions). = Note, these methods cache by default, but you can stop the caching with que= ryOptions. Also there are: StemFinder.findByIdIndexSecure(), Attribut= eDefFinder.findByIdIndexSecure(), AttributeDefNameFinder.findByIdIndexSecur= e()
The getIdIndex() method returns the assigned idIndex, for example <= /p>
gs =3D = GrouperSession.startRootSession(); group_name =3D "aStem:aGroup" g =3D GroupFinder.findByName(gs, group_name) g.getIdIndex()
ID indexes are added to WS for clients 2.2+ (note, for SOAP you need the= new 2.2 endpoint). These examples are XML, though you could do the s= ame thing with JSON, XHTML, or SOAP.
You can see the ID index on group objects
= <wsGroup> <extension>newGroup5</extension> <name>aStem:newGroup5</name> <idIndex>12345</idIndex> ... </wsGroup>
You can lookup groups to find, or operate on (e.g. add a member to a gro= up)
<wsG= roupLookup> <idIndex>12345</idIndex> </wsGroupLookup>
When creating groups, you can specify the id index (if the user is allow= ed to do so, and the index is not in use).
<wsG= roup> <name>aStem:newGroup5</name> <idIndex>12345</idIndex> ... </wsGroup>
groupSave: lookup a group by idIndex (-groupLookupIdIndex), see the idIndex created, and you can opt= ionally specify the id index when creating a group (if allowed) (-id= Index)
java -j= ar grouperClient.jar --operation=3DgroupSaveWs --name=3Da:b:c [--groupLooku= pIdIndex=3D12345] [--idIndex=3D23456] ...
addMember: add a member to a group by id index
java -j= ar grouperClient.jar --operation=3DaddMemberWs --groupIdIndex=3D12345 --sub= jectIds=3D"test.subject.0,test.subject.1"
getMembers: get members from groups by id index
java -j= ar grouperClient.jar --operation=3DgetMembersWs --groupIdIndexes=3D123435,2= 3456
hasMember: see if has member by id index of group
java -j= ar grouperClient.jar --operation=3DhasMemberWs --groupIdIndex=3D123456 --su= bjectIds=3D"id.test.subject.0,id.test.subject.1"
stemSave: lookup a stem by idIndex, see the idIndex in stems, and option= ally you can specify the id index when creating a stem (if allowed)
java -j= ar grouperClient.jar --operation=3DstemSaveWs --name=3DaStem:newStem5 --idI= ndex=3D12345
findGroups: lookup groups by id index
java -j= ar grouperClient.jar --operation=3DfindGroupsWs --groupIdIndexes=3D12345,23= 456
findStems: lookup stems by id index
java -j= ar grouperClient.jar --operation=3DfindStemsWs --stemIdIndexes=3D12345,2345= 6
getMemberships: constrain the group or stem by id index
getSubjects: constraint the subjects by group id index
getAttributeAssignments: lookup the groups or stems or attribute definit= ions or attribute names by id index
assignAttributes: lookup the groups or stems or attribute definitio= ns or attribute names by id index
assignAttributeBatch: lookup the groups or stems or attribute defin= itions or attribute names by id index
getPermissionAssignments: lookup the roles or attribute definitions or a= ttribute names by id index
assignPermissions: lookup the roles or permission names by id index
attributeDefNameSave: lookup the attribute def name by id index, or assi= gn it on inserts (if allowed)
findAttributeDefNames: lookup attribute def names by id index of the att= ribute definition or name