Include Page | ||||
---|---|---|---|---|
|
Grouper Web Services as of v1.
...
6.0
Introduction
Grouper web services (grouper-ws) is a J2EE web application which exposes common Grouper business logic through SOAP and REST. See FAQ.
...
Note: there is a command line and java API web service client called Grouper Client
To implement a web service client:
...
https://spaces.at.internet2.edu/confluence/download/attachments/3014660/webServicePresentation.pptPresentation about Grouper web services
...
- addMember: assign a member to a group
- If already a member, that is ok
- Accepts batches of members (non-Lite)
- Accepts flag to say that any members not in batch should be removed (e.g. replace list)
- deleteMember: unassign a member from a group
- If not a member, that is ok
- Accepts batches of members (non-Lite)
- getMembers: return the members (including subject data) in a group (from direct or indirect membership)
- Will accept member filter (All, Effective, Immediate, Composite)
- Accepts batches of groups (non-Lite)
- getMemberships: under construction
- Will accept member filter (All, Effective, Immediate, Composite)
- Accepts batches of subjects and groups (non-Lite)
- hasMember: see if a subject is a member of a group
- Will return true or false
- Accepts batches of subject ids or identifers (returns batches of true's / false's) (non-Lite)
- Will accept member filter (All, Effective, etc)
- Can query on field (permission)
- getGroups: list groups for a subject
- Will accept member filter (All, Effective, etc)
- Accepts batches of subjects (non-Lite)
- groupSave
- Create / update a group
- Accepts batches of groups (non-Lite)
- groupDelete
- Delete a group
- Accepts batches of groups (non-Lite)
- getGrouperPrivileges
- View privileges (many combinations of input are acceptable)
- Can view all privileges for the subject, group, stem, specific privilege and combinations thereof
- assignGrouperPrivileges
- Add or remove a privilege for a subject and (group or stem)
- Will not fail if the privilege is already assigned or revoked
- findGroups
- Can query for groups based on name, uuid, parent stem, or a substring query
- Can create complex queries with group match (AND, OR, MINUS) (non-Lite)
- findStems
- Can query for stems based on name, uuid, parent stem, or a substring query
- Can create complex queries with group match (AND, OR, MINUS) (non-Lite)
- stemSave
- Create / update a stem
- Accepts batches of stems (non-Lite)
- stemDelete
- Delete a stem
- Accepts batches (non-Lite)
- memberChangeSubject
- Change the subject of a current member
- Accepts batches (non-Lite)
Features
- assignAttributes
- Assign or remove attributes (new attribute framework) from groups, stems, memberships, members, assignments, etc
- Accepts batches (non-Lite)
- getAttributeAssignments
- Retrieves attribute assignments (new attribute framework) from groups, stems, memberships, members, assignments, etc
- Batch or Lite
- assignPermissions
- Assign or remove permissions from roles or individual subjects (in the context of a role)
- Batch or Lite
- getPermissionAssignments
- Retrieves permission assignments from roles or individual subjects (in the context of a role)
- Batch or Lite
- Get SubjectsgetSubjects
- Lookup or search for subjects and attributes
- Batch or Lite
Features
- API
- Batched operations (e.g. add 100 subjects to a group at once). There is a separate
- Batched operations (e.g. add 100 subjects to a group at once). There is a separate server-side max-in-batch param in the grouper-ws.properties.
- Transaction support (if any fails in one batch request, rollback all in that single batch request)
- Authentication
- Let container or web server handle
o PKI
o http-simple-auth
o Source IP address filtering (TODO) - Custom authenticator
- WS-Security
o PKI
o Kerberos - Proxying. The web service can execute operations based on an underlying user, not the authenticating user. Note the authenticating user must have appropriate permissions
- Let container or web server handle
- Error Handling
- Error codes and error messages are sent in responses, as well as warnings. In batched mode, batches of response codes are returned. In REST, the http status code is used as well.
- Clients
- Grouper will provide a quick start with Java, and it is up to users to create their own clients. The SOAP and REST are based on the HTTP documents, so any programming language will work
- Web Service Implementation
- Apache Axis for SOAP, and home-grown for REST
...
admins
description
displayExtension
displayName
extension
members
name
optins
optouts
readers
requireActiveEmployee
requireAlsoInGroups
updaters
viewers
To do's (post 1.
...
6.0)
...
- investigate backwards compatibility with Axis... discuss options
- add find subject service
- test more
- unit test
- build a client jar back into web services to unit test
- make some params to test stuff... (junit to throw exceptions in the middle of tx?)
- come up with formatter and code style and remove all warnings
- add logging filter
- fix javadoc warnings
- look into axis axis2 1.45, see if error fixed, see if samples/wsdl changes, see about enums
- add move subject service
- add metadata service
- add getGroups with batched groupLookup input
- add batched privilege service, and add more url options to REST
- add back in memberships service
- filter getMember by privileges (find member?)
- in rest add GET starting points with links to resources
- improve auto-toString methods in resultMessage
- look at acegi
- add ip source filtering to grouper
...