Include Page | ||||
---|---|---|---|---|
|
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
These topics are discussed in the "Grouper Client" training series. |
...
No Format |
---|
Grouper Client USAGE:
This program runs queries against grouper ldap and web services
The system exit code will be 0 for success, and not 0 for failure
Output data is printed to stdout, error messages are printed to stderr or logs (configured in grouper.client.properties)
Grouper client webpage: https://wiki.internet2.edu/confluence/display/GrouperWG/Grouper+Client
Arguments are in the format: --argName=argValue
Example argument: --operation=encryptPassword
Example argument(OS dependent): --operation="value with whitespace"
Optional arguments below are in [brackets]
###############################################
## Misc operations
Encrypt passwords for storing passwords in external encrypted files:
java -jar grouperClient.jar --operation=encryptPassword [--dontMask=true|false]
Usage (this message):
java -jar grouperClient.jar
Send file to web service (readOnly is a designation for the always available client):
java -jar grouperClient.jar --operation=sendFile --urlSuffix=groups/aStem:aGroup/members [fileName=theFileName] [fileContents=theFileContents] [--contentType=text/xml] [--labelForLog=addMember] [--indentOutput=false] [--saveResultsToFile=fileName] [--readOnly=true] [--debug=true] [--clientVersion=someVersion]
e.g. java -jar grouperClient.jar --operation=sendFile --fileName="C:/addMember.xml" --urlSuffix=groups/aStem:aGroup/members
###############################################
## LDAP operations
NOTE: CHANGE THIS OR REMOVE IN grouper.client.usage.txt FOR YOUR SCHOOOL'S LDAP QUERIES
pennname to pennid usage:
java -jar grouperClient.jar --operation=pennnameToPennid --pennnameToDecode=pennname [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--debug=true]
e.g.: java -jar grouperClient.jar --operation=pennnameToPennid --pennnameToDecode=jsmith
output: pennid: 12341234
NOTE: CHANGE THIS OR REMOVE IN grouper.client.usage.txt FOR YOUR SCHOOOL'S LDAP QUERIES
pennid to pennname usage:
java -jar grouperClient.jar --operation=pennidToPennkey --pennidToDecode=pennid [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--debug=true]
e.g.: java -jar grouperClient.jar --operation=pennidToPennkey --pennidToDecode=12341234
output: pennname: jsmith
NOTE: CHANGE THIS OR REMOVE IN grouper.client.usage.txt FOR YOUR SCHOOOL'S LDAP QUERIES
hasMember ldap usage:
java -jar grouperClient.jar --operation=hasMemberLdap --groupName=a:b:c --pennnameToCheck=pennkey [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--debug=true]
e.g.: java -jar grouperClient.jar --operation=hasMemberLdap --groupName=penn:myfolder:mygroup --pennnameToCheck=jsmith
output: hasMemberLdap: true
NOTE: CHANGE THIS OR REMOVE IN grouper.client.usage.txt FOR YOUR SCHOOOL'S LDAP QUERIES
getMembers ldap usage:
java -jar grouperClient.jar --operation=getMembersLdap --groupName=a:b:c [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--debug=true]
e.g.: java -jar grouperClient.jar --operation=getMembersLdap --groupName=penn:myfolder:mygroup
output: groupList: jsmith, tsmith, msmith
note: extremely large group lists might not display fully (e.g. over 1000 members)
###############################################
## Web Service operations
addMemberWs web service usage (note: you can replace all members of a group also):
java -jar grouperClient.jar --operation=addMemberWs [--groupName=a:b:c] [--groupUuid=123abc] [--subjectIds=subjId0,subjId1] [--subjectIdentifiers=subjIdent0,subjIdent1] [--subjectSources=source0,source1] [--subjectIdsFile=fileName] [--subjectIdentifiersFile=fileName] [--subjectSourcesFile=fileName] [--defaultSubjectSource=subjectSourceId] [--fieldName=fieldNameToAdd] [--txType=NONE|READ_WRITE_NEW] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--replaceAllExisting=true|false] [--disabledTime=yyyy/mm/dd hh:mi:ss] [--enabledTime=yyyy/mm/dd hh:mi:ss] [--addExternalSubjectIfNotFound=true|false] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=addMemberWs --groupName=aStem:aGroup --subjectIds=12345,23456
output line: Index 0: success: T: code: SUCCESS: 12345
getMembersWs web service usage:
java -jar grouperClient.jar --operation=getMembersWs [--groupNames=a:b:c,a:b:d] [--groupUuids=1234,abcd] [--fieldName=fieldNameToAdd] [--memberFilter=All|Immediate|NonImmediate|Effective|Composite] [--sourceIds=sourceId1,sourceId2] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] [--pointInTimeFrom=yyyy/mm/dd hh:mi:ss] [--pointInTimeTo=yyyy/mm/dd hh:mi:ss]
e.g.: java -jar grouperClient.jar --operation=getMembersWs --groupNames=aStem:aGroup,aStem:aGroup2
output line: GroupIndex 0: success: T: code: SUCCESS: group: aStem:aGroup: subjectIndex: 0: 12345
deleteMemberWs web service usage:
java -jar grouperClient.jar --operation=deleteMemberWs [--groupName=a:b:c] [--groupUuid=abc123] [--subjectIds=subjId0,subjId1] [--subjectIdentifiers=subjIdent0,subjIdent1] [--subjectSources=source0,source1] [--subjectIdsFile=fileName] [--subjectIdentifiersFile=fileName] [--subjectSourcesFile=fileName] [--defaultSubjectSource=subjectSourceId] [--fieldName=fieldNameToAdd] [--txType=NONE|READ_WRITE_NEW] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=deleteMemberWs --groupName=aStem:aGroup --subjectIds=12345,23456
output line: Index 0: success: T: code: SUCCESS: 12345
hasMemberWs web service usage:
java -jar grouperClient.jar --operation=hasMemberWs [--groupName=a:b:c] [groupUuid=123abc] [--subjectIds=subjId0,subjId1] [--subjectIdentifiers=subjIdent0,subjIdent1] [--subjectSources=source0,source1] [--subjectIdsFile=fileName] [--subjectIdentifiersFile=fileName] [--subjectSourcesFile=fileName] [--defaultSubjectSource=subjectSourceId] [--fieldName=fieldNameToAdd] [--memberFilter=GcMemberFilter] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] [--pointInTimeFrom=yyyy/mm/dd hh:mi:ss] [--pointInTimeTo=yyyy/mm/dd hh:mi:ss]
e.g.: java -jar grouperClient.jar --operation=hasMemberWs --groupName=aStem:aGroup --subjectIds=12345,23456
output line: Index 0: success: T: code: IS_MEMBER: 12345: true
getGroupsWs web service usage:
java -jar grouperClient.jar --operation=getGroupsWs [--subjectIds=subjId0,subjId1] [--subjectIdentifiers=subjIdent0,subjIdent1] [--subjectSources=source0,source1] [--subjectIdsFile=fileName] [--subjectIdentifiersFile=fileName] [--subjectSourcesFile=fileName] [--defaultSubjectSource=subjectSourceId] [--memberFilter=GcMemberFilter] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] [--scope=some:folder:] [--stemName=stemNameToSearchIn] [--stemUuid=stemUuidToSearchIn] [--stemScope=ONE_LEVEL|ALL_IN_SUBTREE] [--enabled=A|T|F] [--pageSize=100] [--pageNumber=1] [--sortString=displayName] [--ascending=true|false] [--fieldName=members] [--pointInTimeFrom=yyyy/mm/dd hh:mi:ss] [--pointInTimeTo=yyyy/mm/dd hh:mi:ss]
e.g.: java -jar grouperClient.jar --operation=getGroupsWs --subjectIds=12345,23456
output line: SubjectIndex 0: success: T: code: SUCCESS: subject: 12345: groupIndex: 0: aStem:aGroup2
groupSaveWs web service usage:
java -jar grouperClient.jar --operation=groupSaveWs --name=a:b:c [--includeGroupDetail=true] [--txType=NONE|READ_WRITE_NEW] [--saveMode=INSERT_OR_UPDATE|INSERT|UPDATE] [--groupLookupName=a:b:c] [--groupLookupUuid=sd87f-dsf87-sdf89-df78f] [--description=theDescription] [--displayExtension=theDisplayExtension] [--createParentStemsIfNotExist=true|false] [--typeOfGroup=group|role|entity] [--attributeName0=someName] [--attributeValue0=someValue] [--attributeNameX=xthName] [--attributeValueX=xthValue] [--compositeType=COMPLEMENT|INTERSECTION|UNION] [--leftGroupName=compositeLeft] [--rightGroupName=compositeRight] [--groupDetailParamName0=paramName] [--groupDetailParamValue0=paramValue] [--groupDetailParamNameX=xthName] [--groupDetailParamNameX=xthValue] [--typeNames=namesOfGroupTypes] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=groupSaveWs --name=aStem:aGroup
output: Success: T: code: SUCCESS_INSERTED: aStem:aGroup
stemSaveWs web service usage:
java -jar grouperClient.jar --operation=stemSaveWs --name=groupName [--txType=NONE|READ_WRITE_NEW] [--saveMode=INSERT_OR_UPDATE|INSERT|UPDATE] [--stemLookupName=theName] [--stemLookupUuid=theUuid] [--description=theDescription] [--displayExtension=theDisplayExtension] [--createParentStemsIfNotExist=true|false] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=stemSaveWs --name=aStem:someStem
output: Success: T: code: SUCCESS_INSERTED: aStem:someStem
groupDeleteWs web service usage:
java -jar grouperClient.jar --operation=groupDeleteWs --groupNames=groupName0,groupName1 [--txType=NONE|READ_WRITE_NEW] [--includeGroupDetail=true|false] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=groupDeleteWs --groupNames=aStem:aGroup0,aStem:aGroup1
output line: Index 0: success: T: code: SUCCESS: aStem:aGroup0
stemDeleteWs web service usage:
java -jar grouperClient.jar --operation=stemDeleteWs --stemNames=a:b,a:c [--txType=NONE|READ_WRITE_NEW] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=stemDeleteWs --stemNames=aStem:aStem0,aStem:aStem1
output line: Index 0: success: T: code: SUCCESS: aStem:aStem0
getGrouperPrivilegesLiteWs web service usage
java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs [--groupName=a:b:c] [--stemName=a:b] [--privilegeName=admin|view|read|optin|optout|update|stem|create|etc] [--privilegeType=access|naming|etc] [--subjectId=subjId0] [--subjectIdentifier=subjIdent0] [--subjectSource=source0] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --groupName=aStem:aGroup --subjectId=test.subject.0
output line: Index 0: success: T: code: SUCCESS: group: aStem:aGroup: subject: test.subject.0: access: admin
assignGrouperPrivilegesWs web service usage
java -jar grouperClient.jar --operation=assignGrouperPrivilegesWs --privilegeNames=admin|view|read|optin|optout|update|stem|create|etc (comma separated) --allowed=true|false [--groupName=a:b:c] [--stemName=a:b] [--privilegeType=access|naming|etc] [--subjectIds=subjId0,subjId1] [--subjectIdentifiers=subjIdent0,subjIdent1] [--subjectSources=source0,source1] [--txType=NONE|READ_WRITE_NEW] [--replaceAllExisting=true|false] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=assignGrouperPrivilegesWs --groupName=aStem:aGroup --subjectIds=test.subject.0,test.subject.1 --privilegeNames=admin,update --allowed=true
output: Index: 0, success: T, code: SUCCESS_ALLOWED, group: aStem:aGroup, subject: test.subject.0, access: admin
assignGrouperPrivilegesLiteWs web service usage
java -jar grouperClient.jar --operation=assignGrouperPrivilegesLiteWs --privilegeName=admin|view|read|optin|optout|update|stem|create|etc --allowed=true|false [--groupName=a:b:c] [--stemName=a:b] [--privilegeType=access|naming|etc] [--subjectId=subjId0] [--subjectIdentifier=subjIdent0] [--subjectSource=source0] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=assignGrouperPrivilegesLiteWs --groupName=aStem:aGroup --subjectId=test.subject.0 --privilegeName=admin --allowed=true
output: Success: T: code: SUCCESS_ALLOWED: group: aStem:aGroup: subject: test.subject.0: access: admin
findGroupsWs web service usage
java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=AND|MINUS|OR|FIND_BY_APPROXIMATE_ATTRIBUTE|FIND_BY_EXACT_ATTRIBUTE|FIND_BY_GROUP_NAME_APPROXIMATE|FIND_BY_GROUP_NAME_EXACT|FIND_BY_GROUP_UUID|FIND_BY_STEM_NAME|FIND_BY_TYPE|etc [--groupName=a:b:c] [--groupUuid=12as-1234gjth] [--groupNames=a:b,b:c] [--groupUuids=12ab,23cd] [--stemName=aStem:someStem] [--stemUuid=sfds-sds234] [--stemNameScope=ONE_LEVEL|ALL_IN_SUBTREE] [--groupTypeName=someName] [--groupAttributeName=someName] [--groupAttributeValue=someValue] [--includeGroupDetail=true|false] [--sortString=T|F] [--ascending=T|F] [--pageNumber=2] [--pageSize=50] [--typeOfGroups=group,role,entity] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup
output: Index 0: name: aStem:aGroup, displayName: A stem:A Group
Note: to specify group math, use queryFilterType of AND|OR|MINUS, and then specify attribute for the left group with a 0 after attribute name, and 1 for the right group.
e.g.: java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=OR --queryFilterType0=OR --queryFilterType00=FIND_BY_GROUP_NAME_APPROXIMATE --groupName00=aStem:aGroup --queryFilterType01=FIND_BY_GROUP_NAME_APPROXIMATE --groupName01=aStem:aGroup --queryFilterType1=FIND_BY_GROUP_NAME_APPROXIMATE --groupName1=aStem:aGroup
Note: it is not clear which attributes go with which filter types, the rules are in the Java class: WsQueryFilterType
or use trial and error
findStemsWs web service usage
java -jar grouperClient.jar --operation=findStemsWs --stemQueryFilterType=AND|MINUS|OR|FIND_BY_APPROXIMATE_ATTRIBUTE|FIND_BY_PARENT_STEM_NAME|FIND_BY_STEM_NAME|FIND_BY_STEM_NAME_APPROXIMATE|FIND_BY_STEM_UUID|etc [--stemName=a:b:c] [--stemUuid=12as-1234gjth] [--stemNames=a:b,b:c] [--stemUuids=12ab,23cd] [--parentStemName=aStem:someStem] [--parentStemNameScope=ONE_LEVEL|ALL_IN_SUBTREE] [--stemAttributeName=someName] [--stemAttributeValue=someValue] [--sortString=T|F] [--ascending=T|F] [--pageNumber=2] [--pageSize=50] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=findGroupsWs --stemQueryFilterType=FIND_BY_STEM_NAME_APPROXIMATE --stemName=aStem:aGroup
output: Index 0: name: aStem:aStem0, displayName: A stem:A Stem 0
Note: to specify group math, use stemQueryFilterType of AND|OR|MINUS, and then specify attribute for the left stem with a 0 after attribute name, and 1 for the right stem.
e.g.: java -jar grouperClient.jar --operation=findStemsWs --stemQueryFilterType=OR --stemQueryFilterType0=OR --stemQueryFilterType00=FIND_BY_STEM_NAME --stemName00=aStem --stemQueryFilterType01=FIND_BY_STEM_NAME --stemName01=aStem --stemQueryFilterType1=FIND_BY_STEM_NAME --stemName1=aStem
Note: it is not clear which attributes go with which filter types, the rules are in the Java class: WsStemQueryFilterType
or use trial and error
memberChangeSubjectWs web service usage (note: you need to be in the sysAdminGroup or actAs someone who is)
java -jar grouperClient.jar --operation=memberChangeSubjectWs [--oldSubjectId=oldId] [--oldSubjectIdentifier=oldIdent] [--oldSubjectSource=oldSourceId] [--newSubjectId=newId] [--newSubjectIdentifier=newIdent] [--newSubjectSource=newSourceId] [--deleteOldMember=false] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=memberChangeSubjectWs --oldSubjectId=test.subject.0 --newSubjectId=test.subject.1 --actAsSubjectId=GrouperSystem
output: Success: T: code: SUCCESS: oldSubject: test.subject.0, newSubject: test.subject.1
getMembershipsWs web service usage:
java -jar grouperClient.jar --operation=getMembershipsWs [--groupNames=a:b:c,a:b:d] [--groupUuids=1234,abcd] [--subjectIds=subjId0,subjId1] [--subjectIdentifiers=subjIdent0,subjIdent1] [--subjectSources=source0,source1] [--fieldName=fieldNameToAdd] [--memberFilter=All|Immediate|NonImmediate|Effective|Composite] [--sourceIds=sourceId1,sourceId2] [--membershipIds=abc,bcd] [--scope=school:folder:somewhere] [--stemName=a:b:c] [--stemUuid=abc] [--stemScope=ONE_LEVEL|ALL_IN_SUBTREE] [--enabled=A|T|F] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=getMembershipsWs --groupNames=aStem:aGroup,aStem:aGroup2
output line: Index 0: group: aStem:aGroup, subject: 12345, list: members, type: Immediate, enabled: T
Note: subjectSources are the sources for the subjects specified. sourceIds are if you arent specifying subjectIds, and you just want all person memberships for example.
getSubjectsWs web service usage:
java -jar grouperClient.jar --operation=getSubjectsWs [--searchString=someone] [--subjectIds=subjId0,subjId1] [--subjectIdentifiers=subjIdent0,subjIdent1] [--subjectSources=source0,source1] [--fieldName=fieldNameToAdd] [--memberFilter=All|Immediate|NonImmediate|Effective|Composite] [--sourceIds=sourceId1,sourceId2] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--groupName=a:b:c] [--groupUuid=1234] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=getSubjectsWs --subjectIds=subjId0,subjId1
output line: Index 0: success: T, code: SUCCESS, subject: 12345
Note: subjectSources are the sources for the subjects specified. sourceIds are if you arent specifying subjectIds, and you want to filter the searchString
getAttributeAssignmentsWs web service usage:
java -jar grouperClient.jar --operation=getAttributeAssignmentsWs --attributeAssignType=group|member|stem|any_mem|imm_mem|attr_def|any_mem_asgn|attr_def_asgn|group_asgn|imm_mem_asgn|mem_asgn|stem_asgn [--includeAssignmentsOnAssignments=true|false] [--attributeDefNames=a:b,b:c] [--attributeDefUuids=1a,2b] [--attributeDefNameNames=a:b,b:c] [--attributeDefNameUuids=1a,2b] [--ownerAttributeDefNames=a:b,b:c] [--ownerAttributeDefUuids=1a,2b] [--ownerGroupNames=a:b:c,a:b:d] [--ownerGroupUuids=1234,abcd] [--owner0SubjectId=subjId0] [--owner0SubjectIdentifier=subjIdent0] [--owner0SubjectSource=source0] [--ownerMembershipUuids=abc,bcd] [--ownerStemNames=a:b,b:c] [--ownerStemUuids=1a,2b] [--ownerMembershipAny0SubjectId=12] [--ownerMembershipAny0SubjectIdentifier=ab] [--ownerMembershipAny0SourceId=xyz] [--ownerMembershipAny0GroupName=3c] [--ownerMembershipAny0GroupUuid=1a] [--attributeAssignUuids=a1,b2] [--attributeDefValueType=floating|integer|memberId|string|timestamp] [--theValue=123] [--includeAssignmentsFromAssignments=T|F] [--attributeDefType==attr|domain|type|limit|perm] [--assignAssignOwnerAttributeAssignUuids=a1,b2] [--assignAssignOwnerNamesOfAttributeDefs=a:b,b:c] [--assignAssignOwnerUuidsOfAttributeDefs=1a,2b] [--assignAssignOwnerNamesOfAttributeDefNames=a:b,b:c] [--assignAssignOwnerUuidsOfAttributeDefNames=1a,2b] [--assignAssignOwnerActions=read] [--enabled=A|T|F] [--actions=read,write] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=getAttributeAssignmentsWs --attributeAssignType=group --attributeDefNames=test:testAttributeAssignDefNameDef
output line: Index: 0: attributeAssignType: group, owner: test:groupTestAttrAssign, attributeDefNameName: test:testAttributeAssignDefName, action: assign, values: 15,5,5, enabled: T, id: a9c83eeb78c04ae5befcea36272d318c
assignAttributesWs web service usage:
java -jar grouperClient.jar --operation=assignAttributesWs --attributeAssignType=group|member|stem|any_mem|imm_mem|attr_def|group_asgn|mem_asgn|stem_asgn|any_mem_asgn|imm_mem_asgn|attr_def_asgn --attributeAssignOperation=assign_attr|add_attr|remove_attr|replace_attrs [--attributeDefNameNames=a:b,b:c] [--attributeDefNameUuids=1a,2b] [--ownerAttributeDefNames=a:b,b:c] [--ownerAttributeDefUuids=1a,2b] [--ownerGroupNames=a:b:c,a:b:d] [--ownerGroupUuids=1234,abcd] [--owner0SubjectId=subjId0] [--owner0SubjectIdentifier=subjIdent0] [--owner0SubjectSource=source0] [--ownerMembershipUuids=abc,bcd] [--ownerStemNames=a:b,b:c] [--ownerStemUuids=1a,2b] [--ownerMembershipAny0SubjectId=12] [--ownerMembershipAny0SubjectIdentifier=ab] [--ownerMembershipAny0SourceId=xyz] [--ownerMembershipAny0GroupName=3c] [--ownerMembershipAny0GroupUuid=1a] [--ownerAttributeAssignUuids=a1,b2] [--attributeAssignValueOperation=assign_value|add_value|remove_value|replace_values] [--values0Id=a1] [--values0Formatted=hey] [--values0System=there] [--attributeAssignUuids=a:b,b:c] [--actions=read,write] [--assignmentDisabledTime=2010/03/05_17:05:13.123] [--assignmentEnabledTime=2010/03/05_17:05:13.123] [--assignmentNotes=someNotes] [--delegatable=TRUE|FALSE|GRANT] [--attributeDefNamesToReplace=a:b,b:c] [--attributeDefUuidsToReplace=1a,2b] [--actionsToReplace=read,write] [--attributeDefTypesToReplace=attr,perm,limit,domain,type] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=assignAttributesWs --attributeAssignType=group --attributeAssignOperation=assign_attr --attributeDefNameNames=test:testAttributeAssignDefNameDef --ownerGroupNames=a:b:c
output line: Index: 0: attributeAssignType: group, owner: test:groupTestAttrAssign, attributeDefNameName: test:testAttributeAssignDefName, action: assign, values: 15,5,5, enabled: T, id: a9c83eeb78c04ae5befcea36272d318c, changed: T, deleted: F, valuesChanged: F
assignAttributesBatchWs web service usage (X is the assignment entry starting from and incrementing from 0):
java -jar grouperClient.jar --operation=assignAttributesBatchWs --entry_X_attributeAssignType=group|member|stem|any_mem|imm_mem|attr_def|group_asgn|mem_asgn|stem_asgn|any_mem_asgn|imm_mem_asgn|attr_def_asgn --entry_X_attributeAssignOperation=assign_attr|add_attr|remove_attr [--entry_X_nameOfAttributeDefName=a:b] [--entry_X_uuidOfAttributeDefName=1a] [--entry_X_ownerNameOfAttributeDef=a:b] [--entry_X_ownerUuidOfAttributeDef=1a] [--entry_X_ownerGroupName=a:b:c] [--entry_X_ownerGroupUuid=1234] [--entry_X_ownerSubjectId=subjId0] [--entry_X_ownerSubjectIdentifier=subjIdent0] [--entry_X_ownerSubjectSource=source0] [--entry_X_ownerMembershipUuid=abc] [--entry_X_ownerStemName=a:b] [--entry_X_ownerStemUuid=1a] [--entry_X_ownerMembershipAnySubjectId=12] [--entry_X_ownerMembershipAnySubjectIdentifier=ab] [--entry_X_ownerMembershipAnySourceId=xyz] [--entry_X_ownerMembershipAnyGroupName=a:b:c] [--entry_X_ownerMembershipAnyGroupUuid=1a] [--entry_X_ownerAttributeAssignUuid=a1] [--entry_X_ownerAttributeAssignBatchIndex=0] [--entry_X_attributeAssignValueOperation=assign_value|add_value|remove_value|replace_values] [--entry_X_values0Id=a1] [--entry_X_values0Formatted=hey] [--entry_X_values0System=there] [--entry_X_attributeAssignUuid=a:b] [--entry_X_action=read] [--entry_X_assignmentDisabledTime=2010/03/05_17:05:13.123] [--entry_X_assignmentEnabledTime=2010/03/05_17:05:13.123] [--entry_X_assignmentNotes=someNotes] [--entry_X_delegatable=TRUE|FALSE|GRANT] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=assignAttributesBatchWs --entry_0_attributeAssignType=group --entry_0_attributeAssignOperation=assign_attr --entry_0_nameOfAttributeDefName=test:testAttributeAssignDefNameDef --entry_0_ownerGroupName=a:b:c --entry_1_attributeAssignType=group --entry_1_attributeAssignOperation=assign_attr --entry_1_nameOfAttributeDefName=test:testAttributeAssignDefNameDef2 --entry_1_ownerGroupName=a:b:c
output line: Index: 0, result: 0: attributeAssignType: group, owner: test:groupTestAttrAssign, attributeDefNameName: test:testAttributeAssignDefName, action: assign, values: 15,5,5, enabled: T, id: a9c83eeb78c04ae5befcea36272d318c, changed: T, deleted: F, valuesChanged: F
getPermissionAssignmentsWs web service usage:
java -jar grouperClient.jar --operation=getPermissionAssignmentsWs [--includeAttributeAssignments=true|false] [--includeAssignmentsOnAssignments=true|false] [--includeAttributeDefNames=true|false] [--includePermissionAssignDetail=true|false] [--attributeDefNames=a:b,b:c] [--attributeDefUuids=1a,2b] [--attributeDefNameNames=a:b,b:c] [--attributeDefNameUuids=1a,2b] [--roleNames=a:b:c,a:b:d] [--roleUuids=1234,abcd] [--subject0SubjectId=subjId0] [--subject0SubjectIdentifier=subjIdent0] [--subject0SubjectSource=source0] [--enabled=A|T|F] [--actions=read,write] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--pointInTimeFrom=yyyy/mm/dd hh:mi:ss] [--pointInTimeTo=yyyy/mm/dd hh:mi:ss] [--immediateOnly=T|F] [--permissionType=role_subject|role] [--permissionProcessor=FILTER_REDUNDANT_PERMISSIONS|FILTER_REDUNDANT_PERMISSIONS_AND_PROCESS_LIMITS|FILTER_REDUNDANT_PERMISSIONS_AND_ROLES|FILTER_REDUNDANT_PERMISSIONS_AND_ROLES_AND_PROCESS_LIMITS|PROCESS_LIMITS] [--limitEnvVarName0=name0] [--limitEnvVarValue0=value0] [--limitEnvVarType0=integer|decimal|date|timestamp|text|boolean|null|emptyString] [--limitEnvVarNameX=xthName] [--limitEnvVarValueX=xthValue] [--limitEnvVarTypeX=xthType] [--includeLimits=T|F] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=getPermissionAssignmentsWs --permissionType=role_subject --attributeDefNames=test:testAttributeAssignDefNameDef
output line: Index: 0: permissionType: role_subject, role: test:someRole, subject: 123456, attributeDefNameName: test:testPermission, action: assign, allowedOverall: T, enabled: T
assignPermissionsWs web service usage:
java -jar grouperClient.jar --operation=assignPermissionsWs --permissionType=role|role_subject --permissionAssignOperation=assign_permission|remove_permission|replace_permissions [--permissionDefNameNames=a:b,b:c] [-permissionDefNameUuids=1a,2b] [--roleNames=a:b:c,a:b:d] [--roleUuids=1234,abcd] [--subjectRole0SubjectId=12] [--subjectRole0SubjectIdentifier=ab] [--subjectRole0SourceId=xyz] [--subjectRole0RoleName=3c] [--subjectRole0RoleUuid=1a] [--attributeAssignUuids=a:b,b:c] [--actions=read,write] [--disallowed=true|false] [--assignmentDisabledTime=2010/03/05_17:05:13.123] [--assignmentEnabledTime=2010/03/05_17:05:13.123] [--assignmentNotes=someNotes] [--delegatable=TRUE|FALSE|GRANT] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--attributeDefNamesToReplace=a:b,b:c] [--attributeDefUuidsToReplace=1a,2b] [--actionsToReplace=read,write] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=assignPermissionsWs --permissionType=role --permissionAssignOperation=assign_permission --permissionDefNameNames=test:testAttributeAssignDefNameDef --roleNames=a:b:c
output line: Index: 0: permissionType: role, owner: a:b:c, permissionDefNameName: test:testAttributeAssignDefName, action: assign, disallowed: T, enabled: T, attributeAssignId: a9c83eeb78c04ae5befcea36272d318c, changed: T, deleted: F
attributeDefNameSaveWs web service usage:
java -jar grouperClient.jar --operation=attributeDefNameSaveWs --name=a:b:c [--saveMode=INSERT_OR_UPDATE|INSERT|UPDATE] [--attributeDefNameLookupName=a:b:c] [--attributeDefNameLookupUuid=sd87f-dsf87-sdf89-df78f] [--description=theDescription] [--displayExtension=theDisplayExtension] [--createParentStemsIfNotExist=true|false] [--uuidOfAttributeDef=sd87f-dsf87-sdf89-df78f] [--nameOfAttributeDef=a:b:c] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=attributeDefNameSave --name=aStem:aGroup
output: Success: T: code: SUCCESS_INSERTED: aStem:aGroup
attributeDefNameDeleteWs web service usage:
java -jar grouperClient.jar --operation=attributeDefNameDeleteWs --attributeDefNameNames=attributeDefNameName0,attributeDefNameName1 [--txType=NONE|READ_WRITE_NEW] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=attributeDefNameDelete --attributeDefNameNames=aStem:anAttributeDefName0,aStem:anAttributeDefName1
output line: Index 0: success: T: code: SUCCESS: aStem:anAttributeDefName0
assignAttributeDefNameInheritanceWs web service usage:
java -jar grouperClient.jar --operation=assignAttributeDefNameInheritanceWs --attributeDefNameName=attributeDefNameName0 --relatedAttributeDefNameNames=relatedName0,relatedName1 --assign=T|F [--replaceAllExisting=T|F] [--txType=NONE|READ_WRITE_NEW] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=assignAttributeDefNameInheritanceWs --attributeDefNameName=aStem:anAttributeDefName0 --relatedAttributeDefNameNames=aStem:anAttributeDefName1 --assign=T
output line: code: SUCCESS, message: Had 1 successful adds, 0 adds which already existed, 0 successful removes, and 0 removes which didnt exist.
findAttributeDefNamesWs web service usage
java -jar grouperClient.jar --operation=findAttributeDefNamesWs [--scope=some:scopeOrTerms] [--splitScope=T|F] [--attributeDefNameNames=a:b,b:c] [--attributeDefNameUuids=12ab,23cd] [--nameOfAttributeDef=a:b:c] [--uuidOfAttributeDef=12fg-34fg] [--attributeAssignType=any_mem|any_mem_asgn|attr_def|attr_def_asgn|group|group_asgn|imm_mem|imm_mem_asgn|mem_asgn|member|stem|stem_asgn] [--attributeDefType=attr|domain|limit|perm|type] [--inheritanceSetRelation=IMPLIED_BY_THIS|IMPLIED_BY_THIS_IMMEDIATE|THAT_IMPLY_THIS|THAT_IMPLY_THIS_IMMEDIATE] [--sortString=name|displayName|extension|displayExtension] [--ascending=T|F] [--pageNumber=2] [--pageSize=50] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=findAttributeDefNamesWs --scope=aStem:
output: Index 0: name: aStem:anAttributeDefName, displayName: A stem:An AttributeDefName
sendMessageWs web service usage
java -jar grouperClient.jar --operation=sendMessageWs --queueType=queue|topic --queueOrTopicName=queue_or_topic_name --messageBody0=test-message-body [--messageBodyX=message body x] [--messagingSystemName=someMessagingSystemName] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion] [--routingKey=routing-key] [--autocreateObjects=T|F]
e.g.: java -jar grouperClient.jar --operation=sendMessageWs --queueType=topic --queueOrTopicName=test-topic3 --messageBody0=test-message-body --messagingSystemName=rabbitMqMessaging --routingKey=test-key --auotcreateObjects=T --paramName0=exchangeType --paramValue0=TOPIC
output line: Success: T, queueOrTopicName=test-topic3, numberOfMessages=1
###############################################
Common options:
--outputTemplate=${index}: ${wsGroup.name}
the output template allow the caller to customize what is displayed in the output from the XML
anything in ${} will be evaluated, and there are different variables available for various operations.
if you pass in --debug=true, it will tell you the xml and the variables you can use. You can drill down
in the variables, e.g. ${wsGroupDeleteResult.wsGroup.name}, you can do operations, e.g. ${index+1},
you can do simple string utilities from GrouperClientUtils or GrouperClientCommonUtils, e.g.
${grouperClientUtils.trimToEmpty(wsGroup.name)}
--debug=true
this will display debug information including the request and response to stderr
--saveResultsToFile=/tmp/somefile.txt
you can save the stdout to a file if you like
--actAsSubjectId=subjId --actAsSubjectIdentifier=subjIdent --actAsSubjectSource=source
if you want to run the operation as a different user than the user who is authenticating
to the web service, then specify the actAsSubjectId or actAsSubjectIdentifier (and optionally
the actAsSubjectSource). You would do this e.g. to run a command as admin, or as a user who
is using the end layer application. Note you need permissions to do this in grouper.
--paramName0=name0 --paramValue0=value1 --paramNameX=xthParamName --paramValueX=xthParamValue
you can specify params in name/value pairs if the operation supports it (see grouper
web service documentation for details)
--clientVersion=someVersion
generally this does not need to be changed. This is the version label sent to the web service
which might affect the output from the web service. Not it does not affect the request to the
web service (besides the label), it only affect the response from the web service.
--txType=GcTransactionType
affects how batched operations are executed on the server (e.g. adding multiple subjects to a group)
generally the only values which make sense are to use a large transaction or not: READ_WRITE_NEW, NONE
--includeGroupDetail=true
if applicable, this option will return not only the group's name, but more information such as the
attribuites, types, composite members, etc.
--subjectAttributeNames=a,b,c
if applicable, subjects will be returned from the server with these attributes in a string array
|
...
Get the source release, unzip, cd to the dir
No Format |
---|
ant ##### NOW CUSTOMIZE THE conf/grouper.client.properties, conf/grouper.client.usage.txt, misc/README.txt ant ##### OUTPUT is in dist dir: grouperClient.jar, or grouperClient.institution-1.4.0.tar.gz |
Checkout grouper client:
No Format |
---|
cvs -d:pserver:anoncvs@anoncvs.internet2.edu:/home/cvs/i2mi login cvs -d:pserver:anoncvs@anoncvs.internet2.edu:/home/cvs/i2mi co grouper-misc/grouperClient cd grouper-misc\grouperClient ant ##### NOW CUSTOMIZE THE conf/grouper.client.properties, conf/grouper.client.usage.txt, misc/README.txt ant ##### OUTPUT is in dist dir: grouperClient.jar, or grouperClient.institution-1.4.0.tar.gz |
Now you can zip up the grouperClient.jar, grouper.client.properties, and a README.txt and post on a website for your department users to download. Of course no credentials should be in the zip, the users can fill these in when they are authorized.
Customizing the grouper.client.properties
Here is the example grouper.client.properties
No Format |
---|
# # Grouper client configuration # $Id: grouper.client.example.properties,v 1.3 2008/12/01 07:40:28 mchyzer Exp $ # ######################################## ## LDAP connection settings ######################################## # url of directory, including the base DN (distinguished name) # e.g. ldap://server.school.edu/dc=school,dc=edu # e.g. ldaps://server.school.edu/dc=school,dc=edu grouperClient.ldap.url = # kerberos principal used to connect to ldap grouperClient.ldap.kerberosPrincipal = # password for shared secret authentication to ldap # or you can put a filename with an encrypted password grouperClient.ldap.password = |
The above section is generally for the user, though the url can be filled in when distributing to users
...
No Format |
---|
######################################## ## Web service Connection settings ######################################## # url of web service, should include everything up to the first resource to access # e.g. http://groups.school.edu:8090/grouperWs/servicesRest # e.g. https://groups.school.edu/grouperWs/servicesRest grouperClient.webService.url = # kerberos principal used to connect to web service grouperClient.webService.kerberosPrincipal = # password for shared secret authentication to web service # or you can put a filename with an encrypted password grouperClient.webService.password = |
The above section is generally for users, though the url can be filled in before distributing to users
...
No Format |
---|
######################################## ## Encrypted password settings ######################################## # Put a random alphanumeric string (Case sensitive) for the password encryption. e.g. fh43IRJ4Nf5 # or put a filename where the random alphanumeric string is. # e.g. c:/whatever/key.txt # e.g. sdfklj24lkj34lk34 encrypt.key = # set this to true if you have slashes in your passwords and dont want to look in external files or unencrypt encrypt.disableExternalFileLookup = false |
grouperClient contains a version of i2mi morphString to keep passwords encrypted in external files from the config file (e.g. so the config file can be more safely distributed, or stored in version control)
...
No Format |
---|
######################################## ## Logging ######################################## # For java.util.logging, only for the grouperClient package (not below) # from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING grouperClient.logging.grouperClientOnly.logLevel = WARNING # If you are not using log4j (will use java.util.logging, you can turn logging on which will go to stderr # (if no file specified below). This is default log level # from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING grouperClient.logging.logLevel = WARNING # If you dont want the logging to go to stderr, then put a lot file location here: e.g. f:/temp/grouperClient.log grouperClient.logging.logFile = # if you want ws requests and responses being logged to files, put the directory here. # The grouper client will create subdirs grouperClient.logging.webService.documentDir = # try to indent the xml. If this fails for some reason, or you want the raw xml, # set to false grouperClient.logging.webService.indent = true |
...
Note that the settings the end user is likely to need to to change are up top in the config file. Output templates are central to grouper client, so that the command line output can be parsed easily by clients, or used in other programs. The syntax is Java EL, and uses a version of the jakarta library jexl. In different circumstances different objects are in scope, this needs more documentation and examples, but the point is that you can customize the output to suit your needs, and make sure it will not change with upgrades.
...
No Format |
---|
####################################### ## ldap queries ####################################### # operation name ldapSearchAttribute.operationName.0 = pennnameToPennid ldapSearchAttribute.ldapName.0 = ou=pennnames ldapSearchAttribute.matchingAttributes.0 = pennname ldapSearchAttribute.matchingAttributeLabels.0 = pennnameToDecode ldapSearchAttribute.returningAttributes.0 = pennid ldapSearchAttribute.outputTemplate.0 = pennid: ${pennid} ldapSearchAttribute.resultType.0 = STRING ldapSearchAttribute.operationName.1 = pennidToPennname ldapSearchAttribute.ldapName.1 = ou=pennnames ldapSearchAttribute.matchingAttributes.1 = pennid ldapSearchAttribute.matchingAttributeLabels.1 = pennidToDecode ldapSearchAttribute.returningAttributes.1 = pennname ldapSearchAttribute.outputTemplate.1 = pennname: ${pennname} ldapSearchAttribute.resultType.1 = STRING ldapSearchAttribute.operationName.2 = hasMemberLdap ldapSearchAttribute.ldapName.2 = ou=groups ldapSearchAttribute.matchingAttributes.2 = cn, hasMember ldapSearchAttribute.matchingAttributeLabels.2 = groupName, pennnameToCheck ldapSearchAttribute.returningAttributes.2 = cn ldapSearchAttribute.outputTemplate.2 = isInGroup: ${resultBoolean} ldapSearchAttribute.resultType.2 = BOOLEAN ldapSearchAttribute.operationName.3 = getMembersLdap ldapSearchAttribute.ldapName.3 = ou=groups ldapSearchAttribute.matchingAttributes.3 = cn ldapSearchAttribute.matchingAttributeLabels.3 = groupName ldapSearchAttribute.returningAttributes.3 = hasMember ldapSearchAttribute.outputTemplate.3 = ${resultString}$newline$ ldapSearchAttribute.resultType.3 = STRING_LIST |
The LDAP API is very generic. Right now simple attribute lookups are supported, checking to see if there is an attribute match, or listing a multi-valued attribute. More documentation is needed here, and perhaps more options, let us know what you need for ldap access.
...
No Format |
---|
######################################## ## Authentication settings ######################################## # user prefix grouperClient.ldap.user.prefix = uid= # user suffix grouperClient.ldap.user.suffix = ,ou=entities,dc=upenn,dc=edu # config name for the ldap user name between prefix and suffix grouperClient.ldap.user.label = kerberosPrincipal # config name for the webService user name between prefix and suffix grouperClient.webService.user.label = kerberosPrincipal #version of the output, as we upgrade the client, we will maintain previous output versions grouperClient.output.version = 1.4.0 |
...
The timeouts and client version are stored here. If you want to ignore some XML that clients send that is not valid (e.g. if the service has changed, and there are old clients), then you can specify here. Also you can call out any specific properties in objects to ignore (inbound or outbound)
...
No Format |
---|
######################################## ## Misc ######################################## # if there are extra command line args, should we fail or just log? grouperClient.failOnExtraCommandLineArgs = true # you can have aliases for subjectId and subjectIdentifer in command line args # (though subjectId will still be allowed, but you cant pass both) # if this value is pennIds, then e.g. for addMemberWs, you can use --pennIds=123,234 # instead of --subjectIds=123,345 grouperClient.alias.subjectIds = # if this value is pennKeys, then e.g. for addMemberWs, you can use --pennKeys=abc,bcd # instead of --subjectIdentifiers=abc,bcd grouperClient.alias.subjectIdentifiers = # if this value is pennId, then e.g. for getGrouperPrivilegesLite, you can use --pennId=123 # instead of --subjectId=123 grouperClient.alias.subjectId = # if this value is pennKey, then e.g. for getGrouperPrivilegesLite, you can use --pennKey=abc # instead of --subjectIdentifiers=abc grouperClient.alias.subjectIdentifier = # if this value is PennId, then e.g. for addMemberWs, you can use --actAsPennId=123 # instead of --actAsSubjectId=abc,bcd grouperClient.alias.SubjectId = # if this value is PennKey, then e.g. for addMemberWs, you can use --actAsPennKey=abc # instead of --actAsSubjectIdentifier=abc grouperClient.alias.SubjectIdentifier = # this should probably be changed to UTF-8 for international charsets... for US it can be: ISO-8859-1 grouperClient.default.fileEncoding = ISO-8859-1 |
If an invalid option is passed in, should it throw an error?
Also, you can put aliases on arguments that are for subjectId and subjectIdentifier. This means that this alternate argument name can be used instead of subjectId and subjectIdentifier. You can use either the alias or the original name, but not both at the same time. The examples above show what we are doing at Penn, where subjectId is pennId, and subjectIdentifier is pennKey.
...
So, if you want to print out some variables, you can use the objects available, and drill down by looking at what is available in the xml:
No Format |
---|
C:\grouper>java -jar grouperClient.jar --operation=addMemberWs --groupName=aStem:aGroup --subjectIds=test.subject.0 --outputTemplate="sourceId: ${wsAddMemberResult.wsSubject.sourceId}, uuid: ${wsGroupAssigned.uuid}" sourceId: jdbc, uuid: 01a1d70c-df7c-4ffa-b6ed-f90fa7c37f6b C:\grouper> |
...
No Format |
---|
/** * @see edu.internet2.middleware.grouperClient.ClientOperation#operate(edu.internet2.middleware.grouperClient.OperationParams) */ public String operate(OperationParams operationParams) { Map<String, String> argMap = operationParams.getArgMap(); Map<String, String> argMapNotUsed = operationParams.getArgMapNotUsed(); //get params from command line String serviceName = GrouperClientUtils.argMapString(argMap, argMapNotUsed, "serviceName", true); String cookie = GrouperClientUtils.argMapString(argMap, argMapNotUsed, "cosignCookie", true); //get params from grouper.client.properties String keyStorePath = GrouperClientUtils.propertiesValue("cosign.keyStorePath", true); ... etc, execute the logic, and return the result which should be printed to screen or written to file |
* Build with: ant
Call the operation from the command line:
No Format C:\grouperClient\dist\institution\grouperClient.institution-1.4.0>java -jar grouperClient.jar --operation=cosignDecode --serviceName=cosign-isc-whatever-0 --cosignCookie=0mmN5ZwyJukNxxxxxxxxx 203-PennNet ID mchyzer 203-8-digit PennID 123456 203-Timestamp 1111111111 203 IP Address 1.2.3.4 C:\grouperClient\dist\institution\grouperClient.institution-1.4.0>
sdf
Misc
If you don't want to validate the SSL (e.g. self signed certificate) follow these instructions in grouperClient.properties
...