If you want custom authentication (e.g. pass in a token, and decode it), then implement the interface edu.internet2.middleware.grouper.ws.security.WsCustomAuthentication and configure your fully qualified classname in the grouper-ws.properties.  The default is an implementation of this interface as an example: edu.internet2.middleware.grouper.ws.security.WsGrouperDefaultAuthentication, which just gets the user from the container: httpServletRequest.getUserPrincipal().getName()

 * <pre>
 * implement this interface and provide the class to the classpath and grouper-ws.properties
 * to override the default of httpServletRequest.getUserPrincipal();
 * for non-Rampart authentication
 * if user is not found, throw a runtime exception.  Could be WsInvalidQueryException
 * which is a type of runtime exception (experiment and see what you want the response to 
 * look like)
 * </pre>
public interface WsCustomAuthentication {
   * retrieve the current username (subjectId) from the request object.
   * @param httpServletRequest
   * @return the logged in username (subjectId)
   * @throws WsInvalidQueryException if there is a problem
  public String retrieveLoggedInSubjectId(HttpServletRequest httpServletRequest)
    throws WsInvalidQueryException;

Manage users

Manage users in the implemented system


Note the file locations in the container are listed in the v2.5 container documentation



This is the default provided with container, do not overlay

Should be an empty element

This is the default provided with container, do not overlay

ajp 8009 connector element:        tomcatAuthentication="false"

This is the default provided with container, do not overlay

Tomcat is not doing authn so that attribute needs to be false


# to provide custom authentication (instead of the default httpServletRequest.getUserPrincipal()
# for non-Rampart authentication.  Class must implement the interface:
# edu.internet2.middleware.grouper.ws.security.WsCustomAuthentication
# class must be fully qualified.  e.g. edu.school.whatever.MyAuthenticator
# blank means use default: edu.internet2.middleware.grouper.ws.security.WsGrouperDefaultAuthentication
ws.security.non-rampart.authentication.class = edu.school.edu.authn.WhateverImpl

Overlay the grouper-ws.properties or configure in
the database.  

whateverCustom.jarcopy to:   /opt/grouper/grouperWebapp/WEB-INF/libWsWS jars go in that directory

Do not have any authn directives here

This is the default provided with container, do not overlay