TIER Authz demo on grouper demo server (use chrome recommended).  User/pass:   email the list to get access


Generic TIER authz server:


Grouper implementation of a back end:


Build those to jars, put it in grouper 2.2

Put in the config files:


Add  tierApiAuthz.server.properties:

# Server type in the service meta.  e.g. Grouper WS 2.1.23
tierApiAuthzServer.serverType = Grouper WS 2.2.2

tierApiAuthzServer.servletUrl = http://localhost:8089/grouperWs/tierApiAuthz

# groups member logic, implement edu.internet2.middleware.tierApiAuthzServer.interfaces.AsasApiGroupsMemberInterface
tierApiAuthzServer.interface.groupsMember = edu.internet2.middleware.grouperTierApiAuth.interfaces.GtaasGroupsMemberInterfaceImpl

## Client configuration
# dir where dirs can hold client configs.  Files could be in this dir or in a subdir
tierApiAuthzServer.clientConfigDir = /opt/tomcats/tomcat_i/clients



Add grouperTierApiAuthz.server.properties which is blank

Add this to the web.xml

    <filter-name>TIER API authz server filter</filter-name>
  <!-- Map the filter to a Servlet or URL -->
    <filter-name>TIER API authz server filter</filter-name>
    <display-name>TIER API authz Servlet</display-name>

<!-- optional if you need this, configure appropriately -->
      <web-resource-name>Web services</web-resource-name>

Client configuration

Each client can have its own configuration to define which fields to return etc

Set the directory where the client configs are in tierApiAuthz.server.properties

tierApiAuthzServer.clientConfigDir = C:\\Users\\mchyzer\\Documents\\GitHub\\grouper_v2_2\\grouper-misc\\tierApiAuthzServer\\clients


Have a base config e.g. clients/common/baseClient.properties

# properties shared among all clients
# The tier api server uses Configuration Overlays (documented on wiki)
# By default the configuration is read from authzStandardApi.server.base.properties
# (which should not be edited), and the authzStandardApi.server.properties overlays
# the base settings.  See the tierApiAuthz.server.base.properties for the possible
# settings that can be applied to the tierApiAuthz.server.properties
## Config chaining hierarchy

# comma separated config files that override each other (files on the right override the left)
# each should start with file: or classpath:
# e.g. classpath:someFile.server.example.properties, file:c:/something/myconfig.properties
#tierClient.config.hierarchy = classpath:someFile.server.base.properties, classpath:someFile.server.properties
# this needs to be in each client config file
# seconds between checking to see if the config files are updated
#tierClient.config.secondsBetweenUpdateChecks = 60

## Client config

# set this for a non helper config, which specifies which users it is applicable for
# tierClient.users = 
# show exception stack in response
tierClient.showExceptionStack = false

## Generic operations

# show name in get group member
tierClient.generic.showName = true

## Get group member operation

# show name in get group member: true, false, or inherit from tierClient.generic.showName
tierClient.getGroupMember.showName = inherit

You can have generic overrides for all clients, e.g. clients/common/baseClientCustom.properties

tierClient.showExceptionStack = false

Each client can have its own config or you can share among clients, e.g. clients/GrouperSystem/GrouperSystem.properties

# comma separated config files that override each other (files on the right override the left)
# each should start with file: or classpath:
# e.g. classpath:someFile.server.example.properties, file:c:/something/myconfig.properties
tierClient.config.hierarchy = file:C:\\Users\\mchyzer\\Documents\\GitHub\\grouper_v2_2\\grouper-misc\\tierApiAuthzServer\\clients\\common\\baseClient.properties, file:C:\\Users\\mchyzer\\Documents\\GitHub\\grouper_v2_2\\grouper-misc\\tierApiAuthzServer\\clients\\common\\baseClientCustom.properties, file:C:\\Users\\mchyzer\\Documents\\GitHub\\grouper_v2_2\\grouper-misc\\tierApiAuthzServer\\clients\\GrouperSystem\\GrouperSystem.properties
# this needs to be in each client config file
# seconds between checking to see if the config files are updated
tierClient.config.secondsBetweenUpdateChecks = 60

## Client config

# set this for a non helper config, which specifies which users it is applicable for, comma separated
tierClient.users = GrouperSystem





Add this to log4j.properties to get request logging

log4j.appender.tierApiAuthz_requestLog                           = org.apache.log4j.DailyRollingFileAppender
log4j.appender.tierApiAuthz_requestLog.File                      = /some/folder/tierApiAuthz_request.log
log4j.appender.tierApiAuthz_requestLog.DatePattern               = '.'yyyy-MM-dd
log4j.appender.tierApiAuthz_requestLog.layout                    = org.apache.log4j.PatternLayout
log4j.appender.tierApiAuthz_requestLog.layout.ConversionPattern  = %d{ISO8601}: %m%n
log4j.logger.edu.internet2.middleware.tierApiAuthzServer.logging.TaasRequestLog = DEBUG, tierApiAuthz_requestLog