You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

This Grouper enhancement facilitates secure subject attribute release.  This could be used to protect FERPA information, create private subdomains of Grouper where users from one might not be able to see subjects in another, or attributes which can only be seen by certain subjects.

In Grouper v2.0- there is no subject attribute security (unless it is baked into the custom subject source).

This is an interface point which can be implemented in Java to retrieve more attributes about a subject (i.e. attributes which may require another query, or security, or attributes not always needed when subjects are resolved).  When you implement this interface you should try to only use one (or few) queries, since this will be called a lot (for filters at least).

Implement the interface SubjectCustomizer by extending the class: edu.internet2.middleware.grouper.subj.SubjectCustomizerBase

/**
 * add the ability to decorate a list of subjects with more attributes.
 * note, while you are decorating, you can check security to see if the
 * groupersession is allowed to see those attributes
 * @author mchyzer
 *
 */
public interface SubjectCustomizer {

  /**
   * decorate subjects based on attributes requested
   * @param grouperSession
   * @param subjects
   * @param attributeNamesRequested
   * @return the subjects if same set, or make a new set
   */
  public Set<Subject> decorateSubjects(GrouperSession grouperSession, Set<Subject> subjects, Collection<String> attributeNamesRequested);
  
  /**
   * you can edit the subjects (or replace), but you shouldnt remove them
   * @param grouperSession
   * @param subjects
   * @return the subjects if same set, or make a new set
   */
  public Set<Subject> filterSubjects(GrouperSession grouperSession, Set<Subject> subjects);
 
  
}

Configure this in the grouper.properties:

# customize subjects by implementing this interface: edu.internet2.middleware.grouper.subj.SubjectCustomizer
# or extending this class: edu.internet2.middleware.grouper.subj.SubjectCustomizerBase (recommended)
# note the instance will be reused to make sure it is threadsafe
subjects.customizer.className = 

Note that the filter and decorator are batched for performance reasons, which is also why this is not configured in the subject source

The filterSubjects() method is called on each SubjectFinder call.  The decorateSubjects() is called when web services resolve subjects

There are two ways to protect data.  

1. You can change the data to protect it, the user will see the subject, but might only see the netId instead of the name.  Or it could just say (protected-data)

2. You could remove the subject from the results and the user will not know the subject exists

Here is an example of hiding names of students to users who arent allowed to see them:

package edu.internet2.middleware.grouper.subj;

import java.util.LinkedHashSet;
import java.util.Set;

import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.membership.GroupMembershipResult;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import edu.internet2.middleware.subject.provider.SubjectImpl;

/**
 * 
 * @author mchyzer
 *
 */
public class SubjectCustomizerForDecoratorTesting extends SubjectCustomizerBase {

  /** student (protected data) group name */
  private static final String STUDENT_GROUP_NAME = "apps:subjectSecurity:groups:student";
  /** privileged employee group name */
  private static final String PRIVILEGED_EMPLOYEE_GROUP_NAME = "apps:subjectSecurity:groups:privilegedEmployee";

  /**
   * @see SubjectCustomizer#filterSubjects(GrouperSession, Set)
   */
  @Override
  public Set<Subject> filterSubjects(GrouperSession grouperSession, Set<Subject> subjects) {
    
    //nothing to do if no results
    if (GrouperUtil.length(subjects) == 0) {
      return subjects;
    }
    
    //get results in one query
    GroupMembershipResult groupMembershipResult = calculateMemberships(subjects, IncludeGrouperSessionSubject.TRUE, 
        GrouperUtil.toSet(STUDENT_GROUP_NAME,PRIVILEGED_EMPLOYEE_GROUP_NAME));
    
    //see if the user is privileged
    boolean grouperSessionIsPrivileged = groupMembershipResult.hasMembership(PRIVILEGED_EMPLOYEE_GROUP_NAME, grouperSession.getSubject());
    
    //if so, we are done, they can see stuff
    if (grouperSessionIsPrivileged) {
      return subjects;
    }
    
    //loop through the subjects and see which are students, change their name and description to be their netId, with no other attributes
    Set<Subject> results = new LinkedHashSet<Subject>();
    for (Subject subject : subjects) {
      if (groupMembershipResult.hasMembership(STUDENT_GROUP_NAME, subject)) {
        String netId = subject.getAttributeValue("netId");
        Subject replacementSubject = new SubjectImpl(subject.getId(), netId, netId, subject.getTypeName(), subject.getSourceId());
        results.add(replacementSubject);
      } else {
        results.add(subject);
      }
    }
    return results;
  }

  
  
}

Here is an example where extra attributes are securely retrieved

sdf

sdf

  • No labels