...
Code Block |
---|
log4j.logger.org.apache.tools.ant = WARN |
Supported Commands
Grouper API methods
...
Code Block |
---|
rsess = GrouperSession.startRootSession(); addGroup("stem1", "path_ID", "groupName"); group = GroupFinder.findByName(rsess, "stem1:path_ID"); group.setDescription("this is the description for groupName"); group.store(); |
...
You can use GroupSave as an alternate way:
...
Command | Description |
---|---|
member.changeSubject(newSubject); | Change the subject of the member object. If the subject is the same, its a no-op. If the new subject does not have a Member object, then the existing member object simply gets new subject information. If the new subject does have a member object, then all objects in the grouper registry which uses the old member, will be updated to the new member. Then the old member object is deleted from the registry |
member.changeSubject(newSubject,!Member.DELETE_OLD_MEMBER); | Change the subject, but dont delete the old member. Do this if the way which deletes the old member doesnt work due to foreign keys. This will do all the work it can, and the rest can be manual |
member.changeSubjectReport(newSubject,Member.DELETE_OLD_MEMBER); | Dont do any of the work, just print a report to the screen of what will be done. Dry-run. |
...
Memberships
Command | Description |
---|---|
addComposite(group name, composite type, left group name, right group name) | Add composite membership. e.g. CompositeType.UNION |
addMember(group name, subject id) | Add member to the members list for the group. |
addMember(group name, subject id, field) | Add member to the specified list for the group. |
delComposite(group name) | Delete composite membership from group |
delMember(group name, subject id) | Delete member from the members list for the group |
delMember(group name, subject id, field) | Delete member from the specified list for the group |
getMembers(group name) | Get members of group |
hasMember(group name, subject id) | Check whether subject is member of the members list |
hasMember(group name, subject id, field) | Check whether subject is member of the specified list |
...
Command | Description |
---|---|
findBadMemberships() | complete findBadMemberships run |
...
XML legacy
Command | Description |
---|---|
xmlFromFile(filename) | Load registry from XML in file |
xmlFromString(xml) | Load registry from XML in string |
xmlFromURL(url) | Load registry from XML at URL |
xmlToFile(filename) | Exports registry to file |
xmlToString() | Exports registry to string. |
xmlUpdateFromFile(filename) | Update registry from XML in file |
xmlUpdateFromString(xml) | Update registry from XML in string |
xmlUpdateFromURL(url) | Update registry from XML at URL |
...
Code Block |
---|
select distinct 'loaderRunOneJob("' || job_name || '");' as script from grouper_loader_log gll where started_time > sysdate-1 and status != 'SUCCESS' and gll.job_name not like 'subjobFor%' and not exists (select 1 from grouper_loader_log gll2 where gll2.started_time > sysdate-1 and gll2.status = 'SUCCESS' and gll2.job_name = gll.job_name) |
...
v1.6+ loader
Command | Description |
---|---|
loaderRunOneJobAttr(attirbuteDef) | Run an attribute definition loader job |
...
No Format |
---|
gsh 4% GSH_DEVEL = true gsh 5% subj = findSubject("SD00125") gsh 6% sess = GrouperSession.start(subj) gsh 7% member = MemberFinder.findBySubject(sess, subj) gsh 8% p(member.getGroups()) group: name='etc:sysadmingroup' displayName='Grouper Administration:SysAdmin Group' uuid='6f77fb36-b466-481a-84a7-7af609f1ad09' |
Misc
Note: you cannot encrypt passwords with GSH since the passwords end up in the GSH history. To encrypt passwords, issue the command:
Membership scripts
Code Block |
---|
# (1) Print tab-separated summary of all group members, and flags for direct, indirect, or both
# Depending on the results, you could use the data to create a scrutinized list of Ids to delete, then import it and delete in a loop
me = SubjectFinder.findByIdentifierAndSource("my-username", "pid", true);
session = GrouperSession.start(me);
// OR: session = GrouperSession.startRootSession(True)
group = GroupFinder.findByName(session, "tmp:my:group", true);
effectiveMembers = group.getEffectiveMembers();
immediateMembers = group.getImmediateMembers();
System.out.println(String.join("\t", "id", "name", "Effective", "Immediate"));
for (Member m: group.getMembers()) {
System.out.print(m.getSubject().getId() + "\t" + m.getSubject().getName() + "\t");
System.out.print(effectiveMembers.contains(m).toString() + "\t");
System.out.println(immediateMembers.contains(m).toString() + "\t");
}
# (2) Get the immediate and effective members for a specific source ("pid" in this example), intersect them to find the redundant ones
# This has a dryRun flag, so you can test first
sources = new HashSet<Source>()
sources.add(SourceManager.getInstance().getSource("pid"))
effectiveUsers = group.getEffectiveMembers(Group.getDefaultList(), sources, null)
immediateUsers = group.getImmediateMembers(Group.getDefaultList(), sources, null)
# use retainAll() to find the intersection; i.e., users both as effective and immediate member
immediateUsers.retainAll(effectiveUsers)
System.out.println("There are " + immediateUsers.size() + " users having both direct + indirect memberships");
dryRun = true
for (Member m: immediateUsers) {
if (dryRun) {
System.out.println("Ok to delete " + m.getSubject().getId());
} else {
System.out.println("Deleting " + m.getSubject().getId());
group.deleteMember(m, false);
}
}
|
Misc
Note: you cannot encrypt passwords with GSH since the passwords end up in the GSH history. To encrypt passwords, issue the command:
No Format |
---|
C:\mchyzer\isc\dev\grouper-qs-1.2.0\grouper>java -jar lib\morphString.jar
Enter the location of morphString.properties: conf |
No Format |
C:\mchyzer\isc\dev\grouper-qs-1.2.0\grouper>java -jar lib\morphString.jar
Enter the location of morphString.properties: conf/morphString.properties
Type the string to encrypt (note: pasting might echo it back):
The encrypted string is: ca8a15be4ad0fb45c6f1b3ca0cfd9c9e
|
...
Code Block |
---|
grouperSession = GrouperSession.startRootSession(); group = GroupFinder.findByName(grouperSession, "test:testGroup3", true); for (membership : group.getImmediateMemberships()) {membership.delete();} group.delete(); |
...
See the WIKI for running the Grouper Report manually
...
Code Block |
---|
attributeDefName = AttributeDefNameFinder.findByName("school:attr:students:artsAndSciences", true); group.getAttributeDelegate().retrieveAssignments(attributeDefName); |
...
Rules
In Grouper 2.3 the UI can delete inherited privileges rules.
...
Code Block |
---|
GrouperSession grouperSession = GrouperSession.startRootSession(); AttributeAssign attributeAssign = AttributeAssignFinder.findById("b629bd8170964663be507968752f4f17", true); attributeAssign.delete(); |
Grouper Builtin Messaging
...
Code Block |
---|
//note, or whatever user should be sending the messages grouperSession = GrouperSession.startRootSession(); //send message to queue GrouperMessagingEngine.send(new GrouperMessageSendParam().assignGrouperMessageSystemName(GrouperBuiltinMessagingSystem.BUILTIN_NAME).assignQueueType(GrouperMessageQueueType.queue).assignQueueOrTopicName("queueName").addMessageBody("Some message body")); //send message to topic GrouperMessagingEngine.send(new GrouperMessageSendParam().assignGrouperMessageSystemName(GrouperBuiltinMessagingSystem.BUILTIN_NAME).assignQueueType(GrouperMessageQueueType.topic).assignQueueOrTopicName("queueName").addMessageBody("Some message body")); //receive messages GrouperMessageReceiveResult grouperMessageReceiveResult = GrouperMessagingEngine.receive(new GrouperMessageReceiveParam().assignGrouperMessageSystemName(GrouperBuiltinMessagingSystem.BUILTIN_NAME).assignQueueName(queueName)); Collection<GrouperMessage> grouperMessages = grouperMessageReceiveResult.getGrouperMessages(); //acknowledge message as processed GrouperMessagingEngine.acknowledge(new GrouperMessageAcknowledgeParam().assignAcknowledgeType(GrouperMessageAcknowledgeType.mark_as_processed).assignQueueName("abc").addGrouperMessage(grouperMessage).assignGrouperMessageSystemName(GrouperBuiltinMessagingSystem.BUILTIN_NAME)); //acknowledge message as return to queue (receive next time ask for messages) GrouperMessagingEngine.acknowledge(new GrouperMessageAcknowledgeParam().assignAcknowledgeType(GrouperMessageAcknowledgeType.return_to_queue).assignQueueName("abc").addGrouperMessage(grouperMessage).assignGrouperMessageSystemName(GrouperBuiltinMessagingSystem.BUILTIN_NAME)); //acknowledge message as return to queue (receive after other messages on the queue) GrouperMessagingEngine.acknowledge(new GrouperMessageAcknowledgeParam().assignAcknowledgeType(GrouperMessageAcknowledgeType.return_to_end_of_queue).assignQueueName("abc").addGrouperMessage(grouperMessage).assignGrouperMessageSystemName(GrouperBuiltinMessagingSystem.BUILTIN_NAME)); //acknowledge message send to another queue or topic (e.g. dead letter queue, dlq) GrouperMessagingEngine.acknowledge(new GrouperMessageAcknowledgeParam().assignAcknowledgeType(GrouperMessageAcknowledgeType.send_to_another_queue).assignQueueName("abc").addGrouperMessage(grouperMessage).assignGrouperMessageSystemName(GrouperBuiltinMessagingSystem.BUILTIN_NAME).assignAnotherQueueParam(new GrouperMessageQueueParam().assignQueueOrTopicName("dlq").assignQueueType(GrouperMessageQueueType.queue)); |
...
sdf