If you want custom authentication (e.g. pass in a token, and decode it), then implement the interface edu.internet2.middleware.grouper.ws.security.WsCustomAuthentication and configure your fully qualified classname in the grouper-ws.properties. The default is an implementation of this interface as an example: edu.internet2.middleware.grouper.ws.security.WsGrouperDefaultAuthentication, which just gets the user from the container: httpServletRequest.getUserPrincipal().getName()
/** * <pre> * implement this interface and provide the class to the classpath and grouper-ws.properties * to override the default of httpServletRequest.getUserPrincipal(); * for non-Rampart authentication * * if user is not found, throw a runtime exception. Could be WsInvalidQueryException * which is a type of runtime exception (experiment and see what you want the response to * look like) * * </pre> */ public interface WsCustomAuthentication { /** * retrieve the current username (subjectId) from the request object. * @param httpServletRequest * @return the logged in username (subjectId) * @throws WsInvalidQueryException if there is a problem */ public String retrieveLoggedInSubjectId(HttpServletRequest httpServletRequest) throws WsInvalidQueryException; }
Manage users
Manage users in the implemented system
Configure
Note the file locations in the container are listed in the v2.5 container documentation
File | Value | Description |
---|---|---|
grouper.hibernate.properties | grouper.is.ws.basicAuthn=false | This is the default provided with container, do not overlay |
web.xml | Should be an empty element | This is the default provided with container, do not overlay |
server.xml | ajp 8009 connector element: tomcatAuthentication="false" | This is the default provided with container, do not overlay Tomcat is not doing authn so that attribute needs to be false |
grouper-ws.properties | # to provide custom authentication (instead of the default httpServletRequest.getUserPrincipal() # for non-Rampart authentication. Class must implement the interface: # edu.internet2.middleware.grouper.ws.security.WsCustomAuthentication # class must be fully qualified. e.g. edu.school.whatever.MyAuthenticator # blank means use default: edu.internet2.middleware.grouper.ws.security.WsGrouperDefaultAuthentication ws.security.non-rampart.authentication.class = edu.school.edu.authn.WhateverImpl | Overlay the grouper-ws.properties or configure in |
whateverCustom.jar | copy to: /opt/grouper/grouperWebapp/WEB-INF/libWs | WS jars go in that directory |
grouper-www.conf | Do not have any authn directives here | This is the default provided with container, do not overlay |