Date: Fri, 29 Mar 2024 10:42:05 +0000 (UTC) Message-ID: <1923806601.7851.1711708925403@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7850_397265291.1711708925402" ------=_Part_7850_397265291.1711708925402 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
These to= pics are discussed in the "Grouper Client" training series.
Grouper Client is a client for Grouper LDAP and Web Services. See architectural diagram= .
As of Grouper v. 2.1, there is also a Failover Client= and a Discovery Client.
Here is a detailed diagram showing the Grouper Client:
First your web service's sources.xml needs to return the subject attribu= te. I had to make a column in my jdbc source of PENNNAME (Oracle jdbc= metadata makes this always UPPER)
You can specify to return pennnames as the subject attributes, and you c= an use them in your output template:
C:\temp>java -jar grouperClient.jar --operation=3DgetMembersWs --gr= oupNames=3Dtest:testGroup --subjectAttributeNames=3DPENNNAME --outputTempla= te=3D${wsSubject.attributeValues[0]}$newline$ bwh mchyzer
BTW: you can show this on the UI in the custom/media.properties entry: s= ubject.attributes.order.pennperson=3Dname,description,subjectType,id,PENNNA= ME
First you need to understand that in the grouper.client.properties file = you can mask "subjectId" and "subjectIdentifier" with terms used at your in= stitution. So you have custom commands. For Penn we can do:
You can use the built in pennkey support in Penn's grouper client (needs= custom configuration over the generic Grouper download):
C:\temp>java -jar grouperClient.jar --operation=3DhasMemberWs --gro= upName=3Dtest:testGroup --pennKeys=3Dmchyzer,bwh Index 0: success: T: code: IS_MEMBER: 10099999: true Index 1: success: T: code: IS_MEMBER: 10099998: true
This is due to our grouper.client.properties settings:
#note: you will see documentation in the grouper.client.example.proper= ties grouperClient.alias.subjectIds =3D pennIds grouperClient.alias.subjectIdentifiers =3D pennKeys grouperClient.alias.subjectId =3D pennId grouperClient.alias.subjectIdentifier =3D pennKey grouperClient.alias.SubjectId =3D PennId grouperClient.alias.SubjectIdentifier =3D PennKey
If you didn't have this customization, you can simply look by subject id= entifier:
C:\temp>java -jar grouperClient.jar --operation=3DhasMemberWs --gro= upName=3Dtest:testGroup --subjectIdentifiers=3Dmchyzer,bwh Index 0: success: T: code: IS_MEMBER: 10099999: true Index 1: success: T: code: IS_MEMBER: 10099998: true
* How can I make a group which has a manual membership list and = requires users to be faculty student or staff?
First off, you need permission to view the facultyStudentStaff group, if= it is not public. Note, the composite arguments shouldnt be necessary, but= until it is fixed, use them and it will work. This makes a group, a system= of record group (where the manual entries go), and the overall group is a = composite intersection of the manual group and the facultyStudentStaff grou= p. Note you need to enable "requireGroups" in your grouper.properties=
C:\temp>java -jar grouperClient.jar --operation=3DgroupSaveWs --nam= e=3Dtest:isc:astt:chris:myGroup --includeGroupDetail=3Dtrue --description= =3D"test group with requiring active facultyStudentStaff" --displayExtensio= n=3D"My test group" --attributeName0=3DrequireAlsoInGroups --attributeValue= 0=3Dpenn:somewhere:facultyStudentStaff --typeNames=3DrequireInGroups --comp= ositeType=3DINTERSECTION --leftGroupName=3Dtest:isc:astt:chris:myGroup_syst= emOfRecord --rightGroupName=3Dpenn:somewhere:facultyStudentStaff Success: T: code: SUCCESS_INSERTED: test:isc:astt:chris:myGroup
To use grouper client, you need java 1.5+, the grouperClient.jar, = and the grouper.client.properties file (either in your classpath, or in the= same directory as grouperClient.jar
To use command line, just type this to see usage:
java -jar grouperClient.jar
The usage will be specific to your institution... but here is a sa= mple usage:
Grouper Client USAGE: This program runs queries against grouper ldap and web services The system exit code will be 0 for success, and not 0 for failure Output data is printed to stdout, error messages are printed to stderr or l= ogs (configured in grouper.client.properties) Grouper client webpage: https://wiki.internet2.edu/confluence/display/Group= erWG/Grouper+Client Arguments are in the format: --argName=3DargValue Example argument: --operation=3DencryptPassword Example argument(OS dependent): --operation=3D"value with whitespace" Optional arguments below are in [brackets] ############################################### ## Misc operations Encrypt passwords for storing passwords in external encrypted files: java -jar grouperClient.jar --operation=3DencryptPassword [--dontMask=3Dt= rue|false] Usage (this message): java -jar grouperClient.jar Send file to web service (readOnly is a designation for the always availabl= e client): java -jar grouperClient.jar --operation=3DsendFile --urlSuffix=3Dgroups/a= Stem:aGroup/members [fileName=3DtheFileName] [fileContents=3DtheFileContent= s] [--contentType=3Dtext/xml] [--labelForLog=3DaddMember] [--indentOutput= =3Dfalse] [--saveResultsToFile=3DfileName] [--readOnly=3Dtrue] [--debug=3Dt= rue] [--clientVersion=3DsomeVersion] e.g. java -jar grouperClient.jar --operation=3DsendFile --fileName=3D"C:/= addMember.xml" --urlSuffix=3Dgroups/aStem:aGroup/members ############################################### ## LDAP operations NOTE: CHANGE THIS OR REMOVE IN grouper.client.usage.txt FOR YOUR SCHOOOL'S = LDAP QUERIES pennname to pennid usage: java -jar grouperClient.jar --operation=3DpennnameToPennid --pennnameToDe= code=3Dpennname [--saveResultsToFile=3DfileName] [--outputTemplate=3DsomePa= ttern] [--debug=3Dtrue] e.g.: java -jar grouperClient.jar --operation=3DpennnameToPennid --pennna= meToDecode=3Djsmith output: pennid: 12341234 NOTE: CHANGE THIS OR REMOVE IN grouper.client.usage.txt FOR YOUR SCHOOOL'S = LDAP QUERIES pennid to pennname usage: java -jar grouperClient.jar --operation=3DpennidToPennkey --pennidToDecod= e=3Dpennid [--saveResultsToFile=3DfileName] [--outputTemplate=3DsomePattern= ] [--debug=3Dtrue] e.g.: java -jar grouperClient.jar --operation=3DpennidToPennkey --pennidT= oDecode=3D12341234 output: pennname: jsmith NOTE: CHANGE THIS OR REMOVE IN grouper.client.usage.txt FOR YOUR SCHOOOL'S = LDAP QUERIES hasMember ldap usage: java -jar grouperClient.jar --operation=3DhasMemberLdap --groupName=3Da:b= :c --pennnameToCheck=3Dpennkey [--saveResultsToFile=3DfileName] [--outputTe= mplate=3DsomePattern] [--debug=3Dtrue] e.g.: java -jar grouperClient.jar --operation=3DhasMemberLdap --groupName= =3Dpenn:myfolder:mygroup --pennnameToCheck=3Djsmith output: hasMemberLdap: true NOTE: CHANGE THIS OR REMOVE IN grouper.client.usage.txt FOR YOUR SCHOOOL'S = LDAP QUERIES getMembers ldap usage: java -jar grouperClient.jar --operation=3DgetMembersLdap --groupName=3Da:= b:c [--saveResultsToFile=3DfileName] [--outputTemplate=3DsomePattern] [--de= bug=3Dtrue] e.g.: java -jar grouperClient.jar --operation=3DgetMembersLdap --groupNam= e=3Dpenn:myfolder:mygroup output: groupList: jsmith, tsmith, msmith note: extremely large group lists might not display fully (e.g. over 1000= members) ############################################### ## Web Service operations addMemberWs web service usage (note: you can replace all members of a group= also): java -jar grouperClient.jar --operation=3DaddMemberWs [--groupName=3Da:b:= c] [--groupUuid=3D123abc] [--subjectIds=3DsubjId0,subjId1] [--subjectIdenti= fiers=3DsubjIdent0,subjIdent1] [--subjectSources=3Dsource0,source1] [--subj= ectIdsFile=3DfileName] [--subjectIdentifiersFile=3DfileName] [--subjectSour= cesFile=3DfileName] [--defaultSubjectSource=3DsubjectSourceId] [--fieldName= =3DfieldNameToAdd] [--txType=3DNONE|READ_WRITE_NEW] [--includeGroupDetail= =3Dtrue|false] [--includeSubjectDetail=3Dtrue|false] [--subjectAttributeNam= es=3Dname0,name1] [--replaceAllExisting=3Dtrue|false] [--disabledTime=3Dyyy= y/mm/dd hh:mi:ss] [--enabledTime=3Dyyyy/mm/dd hh:mi:ss] [--addExternalSubje= ctIfNotFound=3Dtrue|false] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdent= ifier=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3Df= ileName] [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--paramVa= lue0=3Dvalue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamValue= ] [--debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DaddMemberWs --groupName= =3DaStem:aGroup --subjectIds=3D12345,23456 output line: Index 0: success: T: code: SUCCESS: 12345 getMembersWs web service usage: java -jar grouperClient.jar --operation=3DgetMembersWs [--groupNames=3Da:= b:c,a:b:d] [--groupUuids=3D1234,abcd] [--fieldName=3DfieldNameToAdd] [--mem= berFilter=3DAll|Immediate|NonImmediate|Effective|Composite] [--sourceIds=3D= sourceId1,sourceId2] [--includeGroupDetail=3Dtrue|false] [--includeSubjectD= etail=3Dtrue|false] [--subjectAttributeNames=3Dname0,name1] [--actAsSubject= Id=3DsubjId] [--actAsSubjectIdentifier=3DsubjIdent] [--actAsSubjectSource= =3Dsource] [--saveResultsToFile=3DfileName] [--outputTemplate=3DsomePattern= ] [--paramName0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3DxthParamN= ame] [--paramValueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersion=3Dso= meVersion] [--pointInTimeFrom=3Dyyyy/mm/dd hh:mi:ss] [--pointInTimeTo=3Dyyy= y/mm/dd hh:mi:ss] e.g.: java -jar grouperClient.jar --operation=3DgetMembersWs --groupNames= =3DaStem:aGroup,aStem:aGroup2 output line: GroupIndex 0: success: T: code: SUCCESS: group: aStem:aGroup= : subjectIndex: 0: 12345 deleteMemberWs web service usage: java -jar grouperClient.jar --operation=3DdeleteMemberWs [--groupName=3Da= :b:c] [--groupUuid=3Dabc123] [--subjectIds=3DsubjId0,subjId1] [--subjectIde= ntifiers=3DsubjIdent0,subjIdent1] [--subjectSources=3Dsource0,source1] [--s= ubjectIdsFile=3DfileName] [--subjectIdentifiersFile=3DfileName] [--subjectS= ourcesFile=3DfileName] [--defaultSubjectSource=3DsubjectSourceId] [--fieldN= ame=3DfieldNameToAdd] [--txType=3DNONE|READ_WRITE_NEW] [--includeGroupDetai= l=3Dtrue|false] [--includeSubjectDetail=3Dtrue|false] [--subjectAttributeNa= mes=3Dname0,name1] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3D= subjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3DfileName]= [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--paramValue0=3Dv= alue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamValue] [--deb= ug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DdeleteMemberWs --groupNam= e=3DaStem:aGroup --subjectIds=3D12345,23456 output line: Index 0: success: T: code: SUCCESS: 12345 hasMemberWs web service usage: java -jar grouperClient.jar --operation=3DhasMemberWs [--groupName=3Da:b:= c] [groupUuid=3D123abc] [--subjectIds=3DsubjId0,subjId1] [--subjectIdentifi= ers=3DsubjIdent0,subjIdent1] [--subjectSources=3Dsource0,source1] [--subjec= tIdsFile=3DfileName] [--subjectIdentifiersFile=3DfileName] [--subjectSource= sFile=3DfileName] [--defaultSubjectSource=3DsubjectSourceId] [--fieldName= =3DfieldNameToAdd] [--memberFilter=3DGcMemberFilter] [--includeGroupDetail= =3Dtrue|false] [--includeSubjectDetail=3Dtrue|false] [--subjectAttributeNam= es=3Dname0,name1] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3Ds= ubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3DfileName] = [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--paramValue0=3Dva= lue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamValue] [--debu= g=3Dtrue] [--clientVersion=3DsomeVersion] [--pointInTimeFrom=3Dyyyy/mm/dd h= h:mi:ss] [--pointInTimeTo=3Dyyyy/mm/dd hh:mi:ss] e.g.: java -jar grouperClient.jar --operation=3DhasMemberWs --groupName= =3DaStem:aGroup --subjectIds=3D12345,23456 output line: Index 0: success: T: code: IS_MEMBER: 12345: true getGroupsWs web service usage: java -jar grouperClient.jar --operation=3DgetGroupsWs [--subjectIds=3Dsub= jId0,subjId1] [--subjectIdentifiers=3DsubjIdent0,subjIdent1] [--subjectSour= ces=3Dsource0,source1] [--subjectIdsFile=3DfileName] [--subjectIdentifiersF= ile=3DfileName] [--subjectSourcesFile=3DfileName] [--defaultSubjectSource= =3DsubjectSourceId] [--memberFilter=3DGcMemberFilter] [--includeGroupDetail= =3Dtrue|false] [--includeSubjectDetail=3Dtrue|false] [--subjectAttributeNam= es=3Dname0,name1] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3Ds= ubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3DfileName] = [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--paramValue0=3Dva= lue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamValue] [--debu= g=3Dtrue] [--clientVersion=3DsomeVersion] [--scope=3Dsome:folder:] [--stemN= ame=3DstemNameToSearchIn] [--stemUuid=3DstemUuidToSearchIn] [--stemScope=3D= ONE_LEVEL|ALL_IN_SUBTREE] [--enabled=3DA|T|F] [--pageSize=3D100] [--pageNum= ber=3D1] [--sortString=3DdisplayName] [--ascending=3Dtrue|false] [--fieldNa= me=3Dmembers] [--pointInTimeFrom=3Dyyyy/mm/dd hh:mi:ss] [--pointInTimeTo=3D= yyyy/mm/dd hh:mi:ss] e.g.: java -jar grouperClient.jar --operation=3DgetGroupsWs --subjectIds= =3D12345,23456 output line: SubjectIndex 0: success: T: code: SUCCESS: subject: 12345: g= roupIndex: 0: aStem:aGroup2 groupSaveWs web service usage: java -jar grouperClient.jar --operation=3DgroupSaveWs --name=3Da:b:c [--i= ncludeGroupDetail=3Dtrue] [--txType=3DNONE|READ_WRITE_NEW] [--saveMode=3DIN= SERT_OR_UPDATE|INSERT|UPDATE] [--groupLookupName=3Da:b:c] [--groupLookupUui= d=3Dsd87f-dsf87-sdf89-df78f] [--description=3DtheDescription] [--displayExt= ension=3DtheDisplayExtension] [--createParentStemsIfNotExist=3Dtrue|false] = [--typeOfGroup=3Dgroup|role|entity] [--attributeName0=3DsomeName] [--attrib= uteValue0=3DsomeValue] [--attributeNameX=3DxthName] [--attributeValueX=3Dxt= hValue] [--compositeType=3DCOMPLEMENT|INTERSECTION|UNION] [--leftGroupName= =3DcompositeLeft] [--rightGroupName=3DcompositeRight] [--groupDetailParamNa= me0=3DparamName] [--groupDetailParamValue0=3DparamValue] [--groupDetailPara= mNameX=3DxthName] [--groupDetailParamNameX=3DxthValue] [--typeNames=3Dnames= OfGroupTypes] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3Dsubj= Ident] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3DfileName] [--= outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--paramValue0=3Dvalue= 1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamValue] [--debug= =3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DgroupSaveWs --name=3DaSte= m:aGroup output: Success: T: code: SUCCESS_INSERTED: aStem:aGroup stemSaveWs web service usage: java -jar grouperClient.jar --operation=3DstemSaveWs --name=3DgroupName [= --txType=3DNONE|READ_WRITE_NEW] [--saveMode=3DINSERT_OR_UPDATE|INSERT|UPDAT= E] [--stemLookupName=3DtheName] [--stemLookupUuid=3DtheUuid] [--description= =3DtheDescription] [--displayExtension=3DtheDisplayExtension] [--createPare= ntStemsIfNotExist=3Dtrue|false] [--actAsSubjectId=3DsubjId] [--actAsSubject= Identifier=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFil= e=3DfileName] [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--pa= ramValue0=3Dvalue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParam= Value] [--debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DstemSaveWs --name=3DaStem= :someStem output: Success: T: code: SUCCESS_INSERTED: aStem:someStem groupDeleteWs web service usage: java -jar grouperClient.jar --operation=3DgroupDeleteWs --groupNames=3Dgr= oupName0,groupName1 [--txType=3DNONE|READ_WRITE_NEW] [--includeGroupDetail= =3Dtrue|false] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3Dsubj= Ident] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3DfileName] [--= outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--paramValue0=3Dvalue= 1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamValue] [--debug= =3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DgroupDeleteWs --groupName= s=3DaStem:aGroup0,aStem:aGroup1 output line: Index 0: success: T: code: SUCCESS: aStem:aGroup0 stemDeleteWs web service usage: java -jar grouperClient.jar --operation=3DstemDeleteWs --stemNames=3Da:b,= a:c [--txType=3DNONE|READ_WRITE_NEW] [--actAsSubjectId=3DsubjId] [--actAsSu= bjectIdentifier=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--saveResults= ToFile=3DfileName] [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] = [--paramValue0=3Dvalue1] [--paramNameX=3DxthParamName] [--paramValueX=3Dxth= ParamValue] [--debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DstemDeleteWs --stemNames= =3DaStem:aStem0,aStem:aStem1 output line: Index 0: success: T: code: SUCCESS: aStem:aStem0 getGrouperPrivilegesLiteWs web service usage java -jar grouperClient.jar --operation=3DgetGrouperPrivilegesLiteWs [--g= roupName=3Da:b:c] [--stemName=3Da:b] [--privilegeName=3Dadmin|view|read|opt= in|optout|update|stem|create|etc] [--privilegeType=3Daccess|naming|etc] [--= subjectId=3DsubjId0] [--subjectIdentifier=3DsubjIdent0] [--subjectSource=3D= source0] [--includeGroupDetail=3Dtrue|false] [--includeSubjectDetail=3Dtrue= |false] [--subjectAttributeNames=3Dname0,name1] [--actAsSubjectId=3DsubjId]= [--actAsSubjectIdentifier=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--= saveResultsToFile=3DfileName] [--outputTemplate=3DsomePattern] [--paramName= 0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3DxthParamName] [--paramV= alueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DgetGrouperPrivilegesLiteW= s --groupName=3DaStem:aGroup --subjectId=3Dtest.subject.0 output line: Index 0: success: T: code: SUCCESS: group: aStem:aGroup: sub= ject: test.subject.0: access: admin assignGrouperPrivilegesWs web service usage java -jar grouperClient.jar --operation=3DassignGrouperPrivilegesWs --pri= vilegeNames=3Dadmin|view|read|optin|optout|update|stem|create|etc (comma se= parated) --allowed=3Dtrue|false [--groupName=3Da:b:c] [--stemName=3Da:b] [-= -privilegeType=3Daccess|naming|etc] [--subjectIds=3DsubjId0,subjId1] [--sub= jectIdentifiers=3DsubjIdent0,subjIdent1] [--subjectSources=3Dsource0,source= 1] [--txType=3DNONE|READ_WRITE_NEW] [--replaceAllExisting=3Dtrue|false] [--= includeGroupDetail=3Dtrue|false] [--includeSubjectDetail=3Dtrue|false] [--s= ubjectAttributeNames=3Dname0,name1] [--actAsSubjectId=3DsubjId] [--actAsSub= jectIdentifier=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsT= oFile=3DfileName] [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [= --paramValue0=3Dvalue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthP= aramValue] [--debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DassignGrouperPrivilegesWs= --groupName=3DaStem:aGroup --subjectIds=3Dtest.subject.0,test.subject.1 --= privilegeNames=3Dadmin,update --allowed=3Dtrue output: Index: 0, success: T, code: SUCCESS_ALLOWED, group: aStem:aGroup,= subject: test.subject.0, access: admin assignGrouperPrivilegesLiteWs web service usage java -jar grouperClient.jar --operation=3DassignGrouperPrivilegesLiteWs -= -privilegeName=3Dadmin|view|read|optin|optout|update|stem|create|etc --allo= wed=3Dtrue|false [--groupName=3Da:b:c] [--stemName=3Da:b] [--privilegeType= =3Daccess|naming|etc] [--subjectId=3DsubjId0] [--subjectIdentifier=3DsubjId= ent0] [--subjectSource=3Dsource0] [--includeGroupDetail=3Dtrue|false] [--in= cludeSubjectDetail=3Dtrue|false] [--subjectAttributeNames=3Dname0,name1] [-= -actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3DsubjIdent] [--actAsSu= bjectSource=3Dsource] [--saveResultsToFile=3DfileName] [--outputTemplate=3D= somePattern] [--paramName0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX= =3DxthParamName] [--paramValueX=3DxthParamValue] [--debug=3Dtrue] [--client= Version=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DassignGrouperPrivilegesLi= teWs --groupName=3DaStem:aGroup --subjectId=3Dtest.subject.0 --privilegeNam= e=3Dadmin --allowed=3Dtrue output: Success: T: code: SUCCESS_ALLOWED: group: aStem:aGroup: subject: = test.subject.0: access: admin findGroupsWs web service usage java -jar grouperClient.jar --operation=3DfindGroupsWs --queryFilterType= =3DAND|MINUS|OR|FIND_BY_APPROXIMATE_ATTRIBUTE|FIND_BY_EXACT_ATTRIBUTE|FIND_= BY_GROUP_NAME_APPROXIMATE|FIND_BY_GROUP_NAME_EXACT|FIND_BY_GROUP_UUID|FIND_= BY_STEM_NAME|FIND_BY_TYPE|etc [--groupName=3Da:b:c] [--groupUuid=3D12as-123= 4gjth] [--groupNames=3Da:b,b:c] [--groupUuids=3D12ab,23cd] [--stemName=3DaS= tem:someStem] [--stemUuid=3Dsfds-sds234] [--stemNameScope=3DONE_LEVEL|ALL_I= N_SUBTREE] [--groupTypeName=3DsomeName] [--groupAttributeName=3DsomeName] [= --groupAttributeValue=3DsomeValue] [--includeGroupDetail=3Dtrue|false] [--s= ortString=3DT|F] [--ascending=3DT|F] [--pageNumber=3D2] [--pageSize=3D50] [= --typeOfGroups=3Dgroup,role,entity] [--actAsSubjectId=3DsubjId] [--actAsSub= jectIdentifier=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--outputTempla= te=3DsomePattern] [--paramName0=3Dname0] [--paramValue0=3Dvalue1] [--paramN= ameX=3DxthParamName] [--paramValueX=3DxthParamValue] [--debug=3Dtrue] [--cl= ientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DfindGroupsWs --queryFilte= rType=3DFIND_BY_GROUP_NAME_APPROXIMATE --groupName=3DaStem:aGroup output: Index 0: name: aStem:aGroup, displayName: A stem:A Group Note: to specify group math, use queryFilterType of AND|OR|MINUS, and the= n specify attribute for the left group with a 0 after attribute name, and 1= for the right group. e.g.: java -jar grouperClient.jar --operation=3DfindGroupsWs --queryFilte= rType=3DOR --queryFilterType0=3DOR --queryFilterType00=3DFIND_BY_GROUP_NAME= _APPROXIMATE --groupName00=3DaStem:aGroup --queryFilterType01=3DFIND_BY_GRO= UP_NAME_APPROXIMATE --groupName01=3DaStem:aGroup --queryFilterType1=3DFIND_= BY_GROUP_NAME_APPROXIMATE --groupName1=3DaStem:aGroup Note: it is not clear which attributes go with which filter types, the ru= les are in the Java class: WsQueryFilterType or use trial and error findStemsWs web service usage java -jar grouperClient.jar --operation=3DfindStemsWs --stemQueryFilterTy= pe=3DAND|MINUS|OR|FIND_BY_APPROXIMATE_ATTRIBUTE|FIND_BY_PARENT_STEM_NAME|FI= ND_BY_STEM_NAME|FIND_BY_STEM_NAME_APPROXIMATE|FIND_BY_STEM_UUID|etc [--stem= Name=3Da:b:c] [--stemUuid=3D12as-1234gjth] [--stemNames=3Da:b,b:c] [--stemU= uids=3D12ab,23cd] [--parentStemName=3DaStem:someStem] [--parentStemNameScop= e=3DONE_LEVEL|ALL_IN_SUBTREE] [--stemAttributeName=3DsomeName] [--stemAttri= buteValue=3DsomeValue] [--sortString=3DT|F] [--ascending=3DT|F] [--pageNumb= er=3D2] [--pageSize=3D50] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdenti= fier=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--outputTemplate=3DsomeP= attern] [--paramName0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3Dxth= ParamName] [--paramValueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersio= n=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DfindGroupsWs --stemQueryF= ilterType=3DFIND_BY_STEM_NAME_APPROXIMATE --stemName=3DaStem:aGroup output: Index 0: name: aStem:aStem0, displayName: A stem:A Stem 0 Note: to specify group math, use stemQueryFilterType of AND|OR|MINUS, and= then specify attribute for the left stem with a 0 after attribute name, an= d 1 for the right stem. e.g.: java -jar grouperClient.jar --operation=3DfindStemsWs --stemQueryFi= lterType=3DOR --stemQueryFilterType0=3DOR --stemQueryFilterType00=3DFIND_BY= _STEM_NAME --stemName00=3DaStem --stemQueryFilterType01=3DFIND_BY_STEM_NAME= --stemName01=3DaStem --stemQueryFilterType1=3DFIND_BY_STEM_NAME --stemName= 1=3DaStem Note: it is not clear which attributes go with which filter types, the ru= les are in the Java class: WsStemQueryFilterType or use trial and error memberChangeSubjectWs web service usage (note: you need to be in the sysAdm= inGroup or actAs someone who is) java -jar grouperClient.jar --operation=3DmemberChangeSubjectWs [--oldSub= jectId=3DoldId] [--oldSubjectIdentifier=3DoldIdent] [--oldSubjectSource=3Do= ldSourceId] [--newSubjectId=3DnewId] [--newSubjectIdentifier=3DnewIdent] [-= -newSubjectSource=3DnewSourceId] [--deleteOldMember=3Dfalse] [--actAsSubjec= tId=3DsubjId] [--actAsSubjectIdentifier=3DsubjIdent] [--actAsSubjectSource= =3Dsource] [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--param= Value0=3Dvalue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamVal= ue] [--debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DmemberChangeSubjectWs --o= ldSubjectId=3Dtest.subject.0 --newSubjectId=3Dtest.subject.1 --actAsSubject= Id=3DGrouperSystem output: Success: T: code: SUCCESS: oldSubject: test.subject.0, newSubject= : test.subject.1 getMembershipsWs web service usage: java -jar grouperClient.jar --operation=3DgetMembershipsWs [--groupNames= =3Da:b:c,a:b:d] [--groupUuids=3D1234,abcd] [--subjectIds=3DsubjId0,subjId1]= [--subjectIdentifiers=3DsubjIdent0,subjIdent1] [--subjectSources=3Dsource0= ,source1] [--fieldName=3DfieldNameToAdd] [--memberFilter=3DAll|Immediate|No= nImmediate|Effective|Composite] [--sourceIds=3DsourceId1,sourceId2] [--memb= ershipIds=3Dabc,bcd] [--scope=3Dschool:folder:somewhere] [--stemName=3Da:b:= c] [--stemUuid=3Dabc] [--stemScope=3DONE_LEVEL|ALL_IN_SUBTREE] [--enabled= =3DA|T|F] [--includeGroupDetail=3Dtrue|false] [--includeSubjectDetail=3Dtru= e|false] [--subjectAttributeNames=3Dname0,name1] [--actAsSubjectId=3DsubjId= ] [--actAsSubjectIdentifier=3DsubjIdent] [--actAsSubjectSource=3Dsource] [-= -saveResultsToFile=3DfileName] [--outputTemplate=3DsomePattern] [--paramNam= e0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3DxthParamName] [--param= ValueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DgetMembershipsWs --groupN= ames=3DaStem:aGroup,aStem:aGroup2 output line: Index 0: group: aStem:aGroup, subject: 12345, list: members,= type: Immediate, enabled: T Note: subjectSources are the sources for the subjects specified. sourceI= ds are if you arent specifying subjectIds, and you just want all person mem= berships for example. getSubjectsWs web service usage: java -jar grouperClient.jar --operation=3DgetSubjectsWs [--searchString= =3Dsomeone] [--subjectIds=3DsubjId0,subjId1] [--subjectIdentifiers=3DsubjId= ent0,subjIdent1] [--subjectSources=3Dsource0,source1] [--fieldName=3DfieldN= ameToAdd] [--memberFilter=3DAll|Immediate|NonImmediate|Effective|Composite]= [--sourceIds=3DsourceId1,sourceId2] [--includeGroupDetail=3Dtrue|false] [-= -includeSubjectDetail=3Dtrue|false] [--subjectAttributeNames=3Dname0,name1]= [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3DsubjIdent] [--actA= sSubjectSource=3Dsource] [--groupName=3Da:b:c] [--groupUuid=3D1234] [--save= ResultsToFile=3DfileName] [--outputTemplate=3DsomePattern] [--paramName0=3D= name0] [--paramValue0=3Dvalue1] [--paramNameX=3DxthParamName] [--paramValue= X=3DxthParamValue] [--debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DgetSubjectsWs --subjectId= s=3DsubjId0,subjId1 output line: Index 0: success: T, code: SUCCESS, subject: 12345 Note: subjectSources are the sources for the subjects specified. sourceI= ds are if you arent specifying subjectIds, and you want to filter the searc= hString getAttributeAssignmentsWs web service usage: java -jar grouperClient.jar --operation=3DgetAttributeAssignmentsWs --att= ributeAssignType=3Dgroup|member|stem|any_mem|imm_mem|attr_def|any_mem_asgn|= attr_def_asgn|group_asgn|imm_mem_asgn|mem_asgn|stem_asgn [--includeAssignme= ntsOnAssignments=3Dtrue|false] [--attributeDefNames=3Da:b,b:c] [--attribute= DefUuids=3D1a,2b] [--attributeDefNameNames=3Da:b,b:c] [--attributeDefNameUu= ids=3D1a,2b] [--ownerAttributeDefNames=3Da:b,b:c] [--ownerAttributeDefUuids= =3D1a,2b] [--ownerGroupNames=3Da:b:c,a:b:d] [--ownerGroupUuids=3D1234,abcd]= [--owner0SubjectId=3DsubjId0] [--owner0SubjectIdentifier=3DsubjIdent0] [--= owner0SubjectSource=3Dsource0] [--ownerMembershipUuids=3Dabc,bcd] [--ownerS= temNames=3Da:b,b:c] [--ownerStemUuids=3D1a,2b] [--ownerMembershipAny0Subjec= tId=3D12] [--ownerMembershipAny0SubjectIdentifier=3Dab] [--ownerMembershipA= ny0SourceId=3Dxyz] [--ownerMembershipAny0GroupName=3D3c] [--ownerMembership= Any0GroupUuid=3D1a] [--attributeAssignUuids=3Da1,b2] [--attributeDefValueTy= pe=3Dfloating|integer|memberId|string|timestamp] [--theValue=3D123] [--incl= udeAssignmentsFromAssignments=3DT|F] [--attributeDefType=3D=3Dattr|domain|t= ype|limit|perm] [--assignAssignOwnerAttributeAssignUuids=3Da1,b2] [--assign= AssignOwnerNamesOfAttributeDefs=3Da:b,b:c] [--assignAssignOwnerUuidsOfAttri= buteDefs=3D1a,2b] [--assignAssignOwnerNamesOfAttributeDefNames=3Da:b,b:c] [= --assignAssignOwnerUuidsOfAttributeDefNames=3D1a,2b] [--assignAssignOwnerAc= tions=3Dread] [--enabled=3DA|T|F] [--actions=3Dread,write] [--includeGroupD= etail=3Dtrue|false] [--includeSubjectDetail=3Dtrue|false] [--subjectAttribu= teNames=3Dname0,name1] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifie= r=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3DfileN= ame] [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--paramValue0= =3Dvalue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamValue] [-= -debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DgetAttributeAssignmentsWs= --attributeAssignType=3Dgroup --attributeDefNames=3Dtest:testAttributeAssi= gnDefNameDef output line: Index: 0: attributeAssignType: group, owner: test:groupTestA= ttrAssign, attributeDefNameName: test:testAttributeAssignDefName, action: a= ssign, values: 15,5,5, enabled: T, id: a9c83eeb78c04ae5befcea36272d318c assignAttributesWs web service usage: java -jar grouperClient.jar --operation=3DassignAttributesWs --attributeA= ssignType=3Dgroup|member|stem|any_mem|imm_mem|attr_def|group_asgn|mem_asgn|= stem_asgn|any_mem_asgn|imm_mem_asgn|attr_def_asgn --attributeAssignOperatio= n=3Dassign_attr|add_attr|remove_attr|replace_attrs [--attributeDefNameNames= =3Da:b,b:c] [--attributeDefNameUuids=3D1a,2b] [--ownerAttributeDefNames=3Da= :b,b:c] [--ownerAttributeDefUuids=3D1a,2b] [--ownerGroupNames=3Da:b:c,a:b:d= ] [--ownerGroupUuids=3D1234,abcd] [--owner0SubjectId=3DsubjId0] [--owner0Su= bjectIdentifier=3DsubjIdent0] [--owner0SubjectSource=3Dsource0] [--ownerMem= bershipUuids=3Dabc,bcd] [--ownerStemNames=3Da:b,b:c] [--ownerStemUuids=3D1a= ,2b] [--ownerMembershipAny0SubjectId=3D12] [--ownerMembershipAny0SubjectIde= ntifier=3Dab] [--ownerMembershipAny0SourceId=3Dxyz] [--ownerMembershipAny0G= roupName=3D3c] [--ownerMembershipAny0GroupUuid=3D1a] [--ownerAttributeAssig= nUuids=3Da1,b2] [--attributeAssignValueOperation=3Dassign_value|add_value|r= emove_value|replace_values] [--values0Id=3Da1] [--values0Formatted=3Dhey] [= --values0System=3Dthere] [--attributeAssignUuids=3Da:b,b:c] [--actions=3Dre= ad,write] [--assignmentDisabledTime=3D2010/03/05_17:05:13.123] [--assignmen= tEnabledTime=3D2010/03/05_17:05:13.123] [--assignmentNotes=3DsomeNotes] [--= delegatable=3DTRUE|FALSE|GRANT] [--attributeDefNamesToReplace=3Da:b,b:c] [-= -attributeDefUuidsToReplace=3D1a,2b] [--actionsToReplace=3Dread,write] [--a= ttributeDefTypesToReplace=3Dattr,perm,limit,domain,type] [--includeGroupDet= ail=3Dtrue|false] [--includeSubjectDetail=3Dtrue|false] [--subjectAttribute= Names=3Dname0,name1] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier= =3DsubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3DfileNa= me] [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--paramValue0= =3Dvalue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamValue] [-= -debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DassignAttributesWs --attr= ibuteAssignType=3Dgroup --attributeAssignOperation=3Dassign_attr --attribut= eDefNameNames=3Dtest:testAttributeAssignDefNameDef --ownerGroupNames=3Da:b:= c output line: Index: 0: attributeAssignType: group, owner: test:groupTestA= ttrAssign, attributeDefNameName: test:testAttributeAssignDefName, action: a= ssign, values: 15,5,5, enabled: T, id: a9c83eeb78c04ae5befcea36272d318c, ch= anged: T, deleted: F, valuesChanged: F assignAttributesBatchWs web service usage (X is the assignment entry starti= ng from and incrementing from 0): java -jar grouperClient.jar --operation=3DassignAttributesBatchWs --entry= _X_attributeAssignType=3Dgroup|member|stem|any_mem|imm_mem|attr_def|group_a= sgn|mem_asgn|stem_asgn|any_mem_asgn|imm_mem_asgn|attr_def_asgn --entry_X_at= tributeAssignOperation=3Dassign_attr|add_attr|remove_attr [--entry_X_nameOf= AttributeDefName=3Da:b] [--entry_X_uuidOfAttributeDefName=3D1a] [--entry_X_= ownerNameOfAttributeDef=3Da:b] [--entry_X_ownerUuidOfAttributeDef=3D1a] [--= entry_X_ownerGroupName=3Da:b:c] [--entry_X_ownerGroupUuid=3D1234] [--entry_= X_ownerSubjectId=3DsubjId0] [--entry_X_ownerSubjectIdentifier=3DsubjIdent0]= [--entry_X_ownerSubjectSource=3Dsource0] [--entry_X_ownerMembershipUuid=3D= abc] [--entry_X_ownerStemName=3Da:b] [--entry_X_ownerStemUuid=3D1a] [--entr= y_X_ownerMembershipAnySubjectId=3D12] [--entry_X_ownerMembershipAnySubjectI= dentifier=3Dab] [--entry_X_ownerMembershipAnySourceId=3Dxyz] [--entry_X_own= erMembershipAnyGroupName=3Da:b:c] [--entry_X_ownerMembershipAnyGroupUuid=3D= 1a] [--entry_X_ownerAttributeAssignUuid=3Da1] [--entry_X_ownerAttributeAssi= gnBatchIndex=3D0] [--entry_X_attributeAssignValueOperation=3Dassign_value|a= dd_value|remove_value|replace_values] [--entry_X_values0Id=3Da1] [--entry_X= _values0Formatted=3Dhey] [--entry_X_values0System=3Dthere] [--entry_X_attri= buteAssignUuid=3Da:b] [--entry_X_action=3Dread] [--entry_X_assignmentDisabl= edTime=3D2010/03/05_17:05:13.123] [--entry_X_assignmentEnabledTime=3D2010/0= 3/05_17:05:13.123] [--entry_X_assignmentNotes=3DsomeNotes] [--entry_X_deleg= atable=3DTRUE|FALSE|GRANT] [--includeGroupDetail=3Dtrue|false] [--includeSu= bjectDetail=3Dtrue|false] [--subjectAttributeNames=3Dname0,name1] [--actAsS= ubjectId=3DsubjId] [--actAsSubjectIdentifier=3DsubjIdent] [--actAsSubjectSo= urce=3Dsource] [--saveResultsToFile=3DfileName] [--outputTemplate=3DsomePat= tern] [--paramName0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3DxthPa= ramName] [--paramValueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersion= =3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DassignAttributesBatchWs -= -entry_0_attributeAssignType=3Dgroup --entry_0_attributeAssignOperation=3Da= ssign_attr --entry_0_nameOfAttributeDefName=3Dtest:testAttributeAssignDefNa= meDef --entry_0_ownerGroupName=3Da:b:c --entry_1_attributeAssignType=3Dgrou= p --entry_1_attributeAssignOperation=3Dassign_attr --entry_1_nameOfAttribut= eDefName=3Dtest:testAttributeAssignDefNameDef2 --entry_1_ownerGroupName=3Da= :b:c output line: Index: 0, result: 0: attributeAssignType: group, owner: test= :groupTestAttrAssign, attributeDefNameName: test:testAttributeAssignDefName= , action: assign, values: 15,5,5, enabled: T, id: a9c83eeb78c04ae5befcea362= 72d318c, changed: T, deleted: F, valuesChanged: F getPermissionAssignmentsWs web service usage: java -jar grouperClient.jar --operation=3DgetPermissionAssignmentsWs [--i= ncludeAttributeAssignments=3Dtrue|false] [--includeAssignmentsOnAssignments= =3Dtrue|false] [--includeAttributeDefNames=3Dtrue|false] [--includePermissi= onAssignDetail=3Dtrue|false] [--attributeDefNames=3Da:b,b:c] [--attributeDe= fUuids=3D1a,2b] [--attributeDefNameNames=3Da:b,b:c] [--attributeDefNameUuid= s=3D1a,2b] [--roleNames=3Da:b:c,a:b:d] [--roleUuids=3D1234,abcd] [--subject= 0SubjectId=3DsubjId0] [--subject0SubjectIdentifier=3DsubjIdent0] [--subject= 0SubjectSource=3Dsource0] [--enabled=3DA|T|F] [--actions=3Dread,write] [--i= ncludeGroupDetail=3Dtrue|false] [--includeSubjectDetail=3Dtrue|false] [--su= bjectAttributeNames=3Dname0,name1] [--actAsSubjectId=3DsubjId] [--actAsSubj= ectIdentifier=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--pointInTimeFr= om=3Dyyyy/mm/dd hh:mi:ss] [--pointInTimeTo=3Dyyyy/mm/dd hh:mi:ss] [--immedi= ateOnly=3DT|F] [--permissionType=3Drole_subject|role] [--permissionProcesso= r=3DFILTER_REDUNDANT_PERMISSIONS|FILTER_REDUNDANT_PERMISSIONS_AND_PROCESS_L= IMITS|FILTER_REDUNDANT_PERMISSIONS_AND_ROLES|FILTER_REDUNDANT_PERMISSIONS_A= ND_ROLES_AND_PROCESS_LIMITS|PROCESS_LIMITS] [--limitEnvVarName0=3Dname0] [-= -limitEnvVarValue0=3Dvalue0] [--limitEnvVarType0=3Dinteger|decimal|date|tim= estamp|text|boolean|null|emptyString] [--limitEnvVarNameX=3DxthName] [--lim= itEnvVarValueX=3DxthValue] [--limitEnvVarTypeX=3DxthType] [--includeLimits= =3DT|F] [--saveResultsToFile=3DfileName] [--outputTemplate=3DsomePattern] [= --paramName0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3DxthParamName= ] [--paramValueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersion=3DsomeV= ersion] e.g.: java -jar grouperClient.jar --operation=3DgetPermissionAssignmentsW= s --permissionType=3Drole_subject --attributeDefNames=3Dtest:testAttributeA= ssignDefNameDef output line: Index: 0: permissionType: role_subject, role: test:someRole,= subject: 123456, attributeDefNameName: test:testPermission, action: assign= , allowedOverall: T, enabled: T assignPermissionsWs web service usage: java -jar grouperClient.jar --operation=3DassignPermissionsWs --permissio= nType=3Drole|role_subject --permissionAssignOperation=3Dassign_permission|r= emove_permission|replace_permissions [--permissionDefNameNames=3Da:b,b:c] [= -permissionDefNameUuids=3D1a,2b] [--roleNames=3Da:b:c,a:b:d] [--roleUuids= =3D1234,abcd] [--subjectRole0SubjectId=3D12] [--subjectRole0SubjectIdentifi= er=3Dab] [--subjectRole0SourceId=3Dxyz] [--subjectRole0RoleName=3D3c] [--su= bjectRole0RoleUuid=3D1a] [--attributeAssignUuids=3Da:b,b:c] [--actions=3Dre= ad,write] [--disallowed=3Dtrue|false] [--assignmentDisabledTime=3D2010/03/0= 5_17:05:13.123] [--assignmentEnabledTime=3D2010/03/05_17:05:13.123] [--assi= gnmentNotes=3DsomeNotes] [--delegatable=3DTRUE|FALSE|GRANT] [--includeGroup= Detail=3Dtrue|false] [--includeSubjectDetail=3Dtrue|false] [--subjectAttrib= uteNames=3Dname0,name1] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifi= er=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3Dfile= Name] [--outputTemplate=3DsomePattern] [--attributeDefNamesToReplace=3Da:b,= b:c] [--attributeDefUuidsToReplace=3D1a,2b] [--actionsToReplace=3Dread,writ= e] [--paramName0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3DxthParam= Name] [--paramValueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersion=3Ds= omeVersion] e.g.: java -jar grouperClient.jar --operation=3DassignPermissionsWs --per= missionType=3Drole --permissionAssignOperation=3Dassign_permission --permis= sionDefNameNames=3Dtest:testAttributeAssignDefNameDef --roleNames=3Da:b:c output line: Index: 0: permissionType: role, owner: a:b:c, permissionDefN= ameName: test:testAttributeAssignDefName, action: assign, disallowed: T, en= abled: T, attributeAssignId: a9c83eeb78c04ae5befcea36272d318c, changed: T, = deleted: F attributeDefNameSaveWs web service usage: java -jar grouperClient.jar --operation=3DattributeDefNameSaveWs --name= =3Da:b:c [--saveMode=3DINSERT_OR_UPDATE|INSERT|UPDATE] [--attributeDefNameL= ookupName=3Da:b:c] [--attributeDefNameLookupUuid=3Dsd87f-dsf87-sdf89-df78f]= [--description=3DtheDescription] [--displayExtension=3DtheDisplayExtension= ] [--createParentStemsIfNotExist=3Dtrue|false] [--uuidOfAttributeDef=3Dsd87= f-dsf87-sdf89-df78f] [--nameOfAttributeDef=3Da:b:c] [--actAsSubjectId=3Dsub= jId] [--actAsSubjectIdentifier=3DsubjIdent] [--actAsSubjectSource=3Dsource]= [--saveResultsToFile=3DfileName] [--outputTemplate=3DsomePattern] [--param= Name0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3DxthParamName] [--pa= ramValueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DattributeDefNameSave --na= me=3DaStem:aGroup output: Success: T: code: SUCCESS_INSERTED: aStem:aGroup attributeDefNameDeleteWs web service usage: java -jar grouperClient.jar --operation=3DattributeDefNameDeleteWs --attr= ibuteDefNameNames=3DattributeDefNameName0,attributeDefNameName1 [--txType= =3DNONE|READ_WRITE_NEW] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifi= er=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3Dfile= Name] [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--paramValue= 0=3Dvalue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamValue] [= --debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DattributeDefNameDelete --= attributeDefNameNames=3DaStem:anAttributeDefName0,aStem:anAttributeDefName1 output line: Index 0: success: T: code: SUCCESS: aStem:anAttributeDefName= 0 assignAttributeDefNameInheritanceWs web service usage: java -jar grouperClient.jar --operation=3DassignAttributeDefNameInheritan= ceWs --attributeDefNameName=3DattributeDefNameName0 --relatedAttributeDefNa= meNames=3DrelatedName0,relatedName1 --assign=3DT|F [--replaceAllExisting=3D= T|F] [--txType=3DNONE|READ_WRITE_NEW] [--actAsSubjectId=3DsubjId] [--actAsS= ubjectIdentifier=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--saveResult= sToFile=3DfileName] [--outputTemplate=3DsomePattern] [--paramName0=3Dname0]= [--paramValue0=3Dvalue1] [--paramNameX=3DxthParamName] [--paramValueX=3Dxt= hParamValue] [--debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DassignAttributeDefNameInh= eritanceWs --attributeDefNameName=3DaStem:anAttributeDefName0 --relatedAttr= ibuteDefNameNames=3DaStem:anAttributeDefName1 --assign=3DT output line: code: SUCCESS, message: Had 1 successful adds, 0 adds which = already existed, 0 successful removes, and 0 removes which didnt exist. findAttributeDefNamesWs web service usage java -jar grouperClient.jar --operation=3DfindAttributeDefNamesWs [--scop= e=3Dsome:scopeOrTerms] [--splitScope=3DT|F] [--attributeDefNameNames=3Da:b,= b:c] [--attributeDefNameUuids=3D12ab,23cd] [--nameOfAttributeDef=3Da:b:c] [= --uuidOfAttributeDef=3D12fg-34fg] [--attributeAssignType=3Dany_mem|any_mem_= asgn|attr_def|attr_def_asgn|group|group_asgn|imm_mem|imm_mem_asgn|mem_asgn|= member|stem|stem_asgn] [--attributeDefType=3Dattr|domain|limit|perm|type] [= --inheritanceSetRelation=3DIMPLIED_BY_THIS|IMPLIED_BY_THIS_IMMEDIATE|THAT_I= MPLY_THIS|THAT_IMPLY_THIS_IMMEDIATE] [--sortString=3Dname|displayName|exten= sion|displayExtension] [--ascending=3DT|F] [--pageNumber=3D2] [--pageSize= =3D50] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3DsubjIdent] [= --actAsSubjectSource=3Dsource] [--outputTemplate=3DsomePattern] [--paramNam= e0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3DxthParamName] [--param= ValueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersion=3DsomeVersion] e.g.: java -jar grouperClient.jar --operation=3DfindAttributeDefNamesWs -= -scope=3DaStem: output: Index 0: name: aStem:anAttributeDefName, displayName: A stem:An A= ttributeDefName sendMessageWs web service usage java -jar grouperClient.jar --operation=3DsendMessageWs --queueType=3Dque= ue|topic --queueOrTopicName=3Dqueue_or_topic_name --messageBody0=3Dtest-mes= sage-body [--messageBodyX=3Dmessage body x] [--messagingSystemName=3DsomeMe= ssagingSystemName] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3D= subjIdent] [--actAsSubjectSource=3Dsource] [--outputTemplate=3DsomePattern]= [--paramName0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3DxthParamNa= me] [--paramValueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersion=3Dsom= eVersion] [--routingKey=3Drouting-key] [--autocreateObjects=3DT|F] e.g.: java -jar grouperClient.jar --operation=3DsendMessageWs --queueType= =3Dtopic --queueOrTopicName=3Dtest-topic3 --messageBody0=3Dtest-message-bod= y --messagingSystemName=3DrabbitMqMessaging --routingKey=3Dtest-key --auotc= reateObjects=3DT --paramName0=3DexchangeType --paramValue0=3DTOPIC output line: Success: T, queueOrTopicName=3Dtest-topic3, numberOfMessages= =3D1 receiveMessageWs web service usage java -jar grouperClient.jar --operation=3DreceiveMessageWs --queueOrTopic= Name=3Dqueue_name [--messagingSystemName=3DsomeMessagingSystemName] [--actA= sSubjectId=3DsubjId] [--actAsSubjectIdentifier=3DsubjIdent] [--actAsSubject= Source=3Dsource] [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [-= -paramValue0=3Dvalue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthPa= ramValue] [--debug=3Dtrue] [--clientVersion=3DsomeVersion] [--routingKey=3D= routing-key] [--autocreateObjects=3DT|F] e.g.: java -jar grouperClient.jar --operation=3DreceiveMessageWs --queueO= rTopicName=3Dtest-queue --messagingSystemName=3DgrouperBuiltinMessaging --a= uotcreateObjects=3DT --paramName0=3DqueueType --paramValue0=3Dqueue output line: Index 0: success: T, queueOrTopicName: test-queue, messageBo= dy: test-message-body ############################################### Common options: --outputTemplate=3D${index}: ${wsGroup.name} the output template allow the caller to customize what is displayed in = the output from the XML anything in ${} will be evaluated, and there are different variables av= ailable for various operations. if you pass in --debug=3Dtrue, it will tell you the xml and the variabl= es you can use. You can drill down in the variables, e.g. ${wsGroupDeleteResult.wsGroup.name}, you can do = operations, e.g. ${index+1}, you can do simple string utilities from GrouperClientUtils or GrouperCl= ientCommonUtils, e.g. ${grouperClientUtils.trimToEmpty(wsGroup.name)} --debug=3Dtrue this will display debug information including the request and response = to stderr --saveResultsToFile=3D/tmp/somefile.txt you can save the stdout to a file if you like --actAsSubjectId=3DsubjId --actAsSubjectIdentifier=3DsubjIdent --actAsSub= jectSource=3Dsource if you want to run the operation as a different user than the user who = is authenticating to the web service, then specify the actAsSubjectId or actAsSubjectIden= tifier (and optionally the actAsSubjectSource). You would do this e.g. to run a command as ad= min, or as a user who is using the end layer application. Note you need permissions to do th= is in grouper. --paramName0=3Dname0 --paramValue0=3Dvalue1 --paramNameX=3DxthParamName -= -paramValueX=3DxthParamValue you can specify params in name/value pairs if the operation supports it= (see grouper web service documentation for details) --clientVersion=3DsomeVersion generally this does not need to be changed. This is the version label = sent to the web service which might affect the output from the web service. Not it does not af= fect the request to the web service (besides the label), it only affect the response from the w= eb service. --txType=3DGcTransactionType affects how batched operations are executed on the server (e.g. adding = multiple subjects to a group) generally the only values which make sense are to use a large transacti= on or not: READ_WRITE_NEW, NONE --includeGroupDetail=3Dtrue if applicable, this option will return not only the group's name, but m= ore information such as the attribuites, types, composite members, etc. --subjectAttributeNames=3Da,b,c if applicable, subjects will be returned from the server with these att= ributes in a string array
To use grouperClient as a Java API, just add the grouperClient.jar to yo= ur classpath (e.g. in your WEB-INF/lib directory for a web app), add groupe= r.client.properties to your classpath, then use the classes generally in th= e edu.internet2.middleware.grouperClient.api package. e.g.
WsAddMemberResults wsAddMemberResults = =3D new GcAddMember().assignGroupName("aStem:aGroup").addSubjectId("12345")= .execute();
Here is an example of finding a stem
/* * @author mchyzer * $Id$ */ package edu.internet2.middleware.grouperClient.poc; import edu.internet2.middleware.grouperClient.api.GcFindStems; import edu.internet2.middleware.grouperClient.ws.beans.WsFindStemsResults; import edu.internet2.middleware.grouperClient.ws.beans.WsResultMeta; import edu.internet2.middleware.grouperClient.ws.beans.WsStem; import edu.internet2.middleware.grouperClient.ws.beans.WsStemQueryFilter; /** * */ public class FindStem { /** * @param args */ public static void main(String[] args) { GcFindStems gcFindStems =3D new GcFindStems(); WsStemQueryFilter wsStemQueryFilter =3D new WsStemQueryFilter(); wsStemQueryFilter.setStemName("penn"); wsStemQueryFilter.setStemQueryFilterType("FIND_BY_STEM_NAME_APPROXIMATE= "); gcFindStems.assignStemQueryFilter(wsStemQueryFilter); WsFindStemsResults wsFindStemsResults =3D gcFindStems.execute(); WsResultMeta resultMetadata =3D wsFindStemsResults.getResultMetadata(); if (!"T".equals(resultMetadata.getSuccess())) { throw new RuntimeException("Error finding stems: " + resultMetadata.g= etSuccess() + ", " + resultMetadata.getResultCode() + ", " + resultMetadata.getResultMessage()); } WsStem[] wsStems =3D wsFindStemsResults.getStemResults(); if (wsStems !=3D null) { for (WsStem wsStem : wsStems) { System.out.println(wsStem.getName()); } } } }
Note: you can use method chaining for compact usage, or put each paramet= er in its own statement.
Get the binary release:
Get the source release, unzip, cd to the dir
ant ##### NOW CUSTOMIZE THE conf/grouper.client.properties, conf/grouper.client= .usage.txt, misc/README.txt ant ##### OUTPUT is in dist dir: grouperClient.jar, or grouperClient.institutio= n-1.4.0.tar.gz
Checkout grouper client:
cvs -d:pserver:anoncvs@anoncvs.internet2.edu:/home/cvs/i2mi login cvs -d:pserver:anoncvs@anoncvs.internet2.edu:/home/cvs/i2mi co grouper-misc= /grouperClient cd grouper-misc\grouperClient ant ##### NOW CUSTOMIZE THE conf/grouper.client.properties, conf/grouper.client= .usage.txt, misc/README.txt ant ##### OUTPUT is in dist dir: grouperClient.jar, or grouperClient.institutio= n-1.4.0.tar.gz
Now you can zip up the grouperClient.jar, grouper.client.properties, and= a README.txt and post on a website for your department users to download.&= nbsp; Of course no credentials should be in the zip, the users can fill the= se in when they are authorized.
Here is the example grouper.client.properties
# # Grouper client configuration # $Id: grouper.client.example.properties,v 1.3 2008/12/01 07:40:28 mchyzer = Exp $ # ######################################## ## LDAP connection settings ######################################## # url of directory, including the base DN (distinguished name) # e.g. ldap://server.school.edu/dc=3Dschool,dc=3Dedu # e.g. ldaps://server.school.edu/dc=3Dschool,dc=3Dedu grouperClient.ldap.url =3D # kerberos principal used to connect to ldap grouperClient.ldap.kerberosPrincipal =3D # password for shared secret authentication to ldap # or you can put a filename with an encrypted password grouperClient.ldap.password =3D
The above section is generally for the user, though the url can be fille= d in when distributing to users
######################################## ## Web service Connection settings ######################################## # url of web service, should include everything up to the first resource to= access # e.g. http://groups.school.edu:8090/grouperWs/servicesRest # e.g. https://groups.school.edu/grouperWs/servicesRest grouperClient.webService.url =3D # kerberos principal used to connect to web service grouperClient.webService.kerberosPrincipal =3D # password for shared secret authentication to web service # or you can put a filename with an encrypted password grouperClient.webService.password =3D
The above section is generally for users, though the url can be filled i= n before distributing to users
######################################## ## Encrypted password settings ######################################## # Put a random alphanumeric string (Case sensitive) for the password encryp= tion. e.g. fh43IRJ4Nf5 # or put a filename where the random alphanumeric string is. # e.g. c:/whatever/key.txt # e.g. sdfklj24lkj34lk34 encrypt.key =3D # set this to true if you have slashes in your passwords and dont want to l= ook in external files or unencrypt encrypt.disableExternalFileLookup =3D false
grouperClient contains a version of i2mi morphString to keep passwords e= ncrypted in external files from the config file (e.g. so the config file ca= n be more safely distributed, or stored in version control)
######################################## ## Logging ######################################## # For java.util.logging, only for the grouperClient package (not below) # from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST= , OFF, SEVERE, WARNING grouperClient.logging.grouperClientOnly.logLevel =3D WARNING # If you are not using log4j (will use java.util.logging, you can turn logg= ing on which will go to stderr # (if no file specified below). This is default log level # from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST= , OFF, SEVERE, WARNING grouperClient.logging.logLevel =3D WARNING # If you dont want the logging to go to stderr, then put a lot file locatio= n here: e.g. f:/temp/grouperClient.log grouperClient.logging.logFile =3D # if you want ws requests and responses being logged to files, put the dire= ctory here. # The grouper client will create subdirs grouperClient.logging.webService.documentDir =3D # try to indent the xml. If this fails for some reason, or you want t= he raw xml, # set to false grouperClient.logging.webService.indent =3D true
grouperClient contains a version of commons logging. So if used by= itself, very basic logging will be used, either to stderr, or to a log fil= e is specified above. There is a lot of debug logging, so if you are = having issues, set the grouperClient.logging.grouperClientOnly.logLevel to = ALL. You can segregate the grouperClient log level, from everything e= lse. Also, you can store all web service files (e.g. for debugging pu= rposes). Also, these can be indented for easy reading. Note: yo= u can pass in --debug=3Dtrue to see debug logs and web service request/resp= onses in stderr.
######################################################################= ############## ###########################################################################= ######### #### Institutional and advanced settings ###########################################################################= ######### ###########################################################################= ######### ####################################### ## output templates ####################################### webService.addMember.output =3D Index ${index}: success: ${resultMetadata.s= uccess}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$ webService.getMembers.output =3D GroupIndex ${groupIndex}: success: ${resul= tMetadata.success}: code: ${resultMetadata.resultCode}: group: ${wsGroup.na= me}: subjectIndex: ${subjectIndex}: ${wsSubject.id}$newline$ webService.deleteMember.output =3D Index ${index}: success: ${resultMetadat= a.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$ webService.hasMember.output =3D Index ${index}: success: ${resultMetadata.s= uccess}: code: ${resultMetadata.resultCode}: ${wsSubject.id}: ${hasMember}$= newline$ webService.getGroups.output =3D SubjectIndex ${subjectIndex}: success: ${re= sultMetadata.success}: code: ${resultMetadata.resultCode}: subject: ${wsSub= ject.id}: groupIndex: ${groupIndex}: ${wsGroup.name}$newline$ webService.groupSave.output =3D Success: ${resultMetadata.success}: code: $= {resultMetadata.resultCode}: ${wsGroup.name}$newline$ webService.stemSave.output =3D Success: ${resultMetadata.success}: code: ${= resultMetadata.resultCode}: ${wsStem.name}$newline$ webService.groupDelete.output =3D Index ${index}: success: ${resultMetadata= .success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$ webService.stemDelete.output =3D Index ${index}: success: ${resultMetadata.= success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$ webService.getGrouperPrivilegesLite.output =3D Index ${index}: success: ${r= esultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: = ${objectName}: subject: ${wsSubject.id}: ${wsGrouperPrivilegeResult.privile= geType}: ${wsGrouperPrivilegeResult.privilegeName}$newline$ webService.assignGrouperPrivilegesLite.output =3D Success: ${resultMetadata= .success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}= : subject: ${wsSubject.id}: ${wsAssignGrouperPrivilegesLiteResult.privilege= Type}: ${wsAssignGrouperPrivilegesLiteResult.privilegeName}$newline$ webService.findGroups.output =3D Index ${index}: name: ${wsGroup.name}, dis= playName: ${wsGroup.displayName}$newline$ webService.findStems.output =3D Index ${index}: name: ${wsStem.name}, displ= ayName: ${wsStem.displayName}$newline$ webService.memberChangeSubject.output =3D Success: ${resultMetadata.success= }: code: ${resultMetadata.resultCode}: oldSubject: ${wsSubjectOld.id}, newS= ubject: ${wsSubjectNew.id}$newline$
Note that the settings the end user is likely to need to to change are up t=
op in the config file. Output templates are central to grouper client=
, so that the command line output can be parsed easily by clients, or used =
in other programs. The syntax is Java EL, and uses a version of the j=
akarta library jexl. In different circumstances different objects are=
in scope, this needs more documentation and examples, but the point is tha=
t you can customize the output to suit your needs, and make sure it will no=
t change with upgrades.
####################################### ## ldap queries ####################################### # operation name ldapSearchAttribute.operationName.0 =3D pennnameToPennid ldapSearchAttribute.ldapName.0 =3D ou=3Dpennnames ldapSearchAttribute.matchingAttributes.0 =3D pennname ldapSearchAttribute.matchingAttributeLabels.0 =3D pennnameToDecode ldapSearchAttribute.returningAttributes.0 =3D pennid ldapSearchAttribute.outputTemplate.0 =3D pennid: ${pennid} ldapSearchAttribute.resultType.0 =3D STRING ldapSearchAttribute.operationName.1 =3D pennidToPennname ldapSearchAttribute.ldapName.1 =3D ou=3Dpennnames ldapSearchAttribute.matchingAttributes.1 =3D pennid ldapSearchAttribute.matchingAttributeLabels.1 =3D pennidToDecode ldapSearchAttribute.returningAttributes.1 =3D pennname ldapSearchAttribute.outputTemplate.1 =3D pennname: ${pennname} ldapSearchAttribute.resultType.1 =3D STRING ldapSearchAttribute.operationName.2 =3D hasMemberLdap ldapSearchAttribute.ldapName.2 =3D ou=3Dgroups ldapSearchAttribute.matchingAttributes.2 =3D cn, hasMember ldapSearchAttribute.matchingAttributeLabels.2 =3D groupName, pennnameToChec= k ldapSearchAttribute.returningAttributes.2 =3D cn ldapSearchAttribute.outputTemplate.2 =3D isInGroup: ${resultBoolean} ldapSearchAttribute.resultType.2 =3D BOOLEAN ldapSearchAttribute.operationName.3 =3D getMembersLdap ldapSearchAttribute.ldapName.3 =3D ou=3Dgroups ldapSearchAttribute.matchingAttributes.3 =3D cn ldapSearchAttribute.matchingAttributeLabels.3 =3D groupName ldapSearchAttribute.returningAttributes.3 =3D hasMember ldapSearchAttribute.outputTemplate.3 =3D ${resultString}$newline$ ldapSearchAttribute.resultType.3 =3D STRING_LIST
The LDAP API is very generic. Right now simple attribute lookups a= re supported, checking to see if there is an attribute match, or listing a = multi-valued attribute. More documentation is needed here, and perhap= s more options, let us know what you need for ldap access.
######################################## ## Authentication settings ######################################## # user prefix grouperClient.ldap.user.prefix =3D uid=3D # user suffix grouperClient.ldap.user.suffix =3D ,ou=3Dentities,dc=3Dupenn,dc=3Dedu # config name for the ldap user name between prefix and suffix grouperClient.ldap.user.label =3D kerberosPrincipal # config name for the webService user name between prefix and suffix grouperClient.webService.user.label =3D kerberosPrincipal #version of the output, as we upgrade the client, we will maintain previous= output versions grouperClient.output.version =3D 1.4.0
To authenticate to LDAP the username might not need to be exposed to the= end user, so you can put a prefix and suffix here. Also, the label u= sed in the config file for the login id can be cusotmized to make it easier= to use.
######################################## ## Web service settings ######################################## # web service client version grouperClient.webService.client.version =3D v1_4_000 # socket timeout grouperClient.webService.httpSocketTimeoutMillis =3D 90000 # connection manager timeout grouperClient.webService.httpConnectionManagerTimeoutMillis =3D 90000 # ignore extraneous xml fields from server (e.g. on server upgrade, when th= e client isnt upgraded) # if you dont ignore, and there is an extraneous field which is not omitted= (below), then an exception # will be thrown grouperClient.webService.ignoreExtraneousXmlFields =3D true # register fields to be ignored with xstream. this is useful if you are no= t # ignoring extraneous fields (above), but know that there are a few to be i= gnored # place them here with fully qualified classname dont property name, comma = separated # e.g. edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.milli= s, edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis2 grouper.webService.omitXmlProperties =3D
The timeouts and client version are stored here. If you want to ig= nore some XML that clients send that is not valid (e.g. if the service has = changed, and there are old clients), then you can specify here. Also = you can call out any specific properties in objects to ignore (inbound or o= utbound)
######################################## ## Misc ######################################## # if there are extra command line args, should we fail or just log? grouperClient.failOnExtraCommandLineArgs =3D true # you can have aliases for subjectId and subjectIdentifer in command line a= rgs # (though subjectId will still be allowed, but you cant pass both) # if this value is pennIds, then e.g. for addMemberWs, you can use --pennId= s=3D123,234 # instead of --subjectIds=3D123,345 grouperClient.alias.subjectIds =3D # if this value is pennKeys, then e.g. for addMemberWs, you can use --pennK= eys=3Dabc,bcd # instead of --subjectIdentifiers=3Dabc,bcd grouperClient.alias.subjectIdentifiers =3D # if this value is pennId, then e.g. for getGrouperPrivilegesLite, you can = use --pennId=3D123 # instead of --subjectId=3D123 grouperClient.alias.subjectId =3D # if this value is pennKey, then e.g. for getGrouperPrivilegesLite, you can= use --pennKey=3Dabc # instead of --subjectIdentifiers=3Dabc grouperClient.alias.subjectIdentifier =3D # if this value is PennId, then e.g. for addMemberWs, you can use --actAsPe= nnId=3D123 # instead of --actAsSubjectId=3Dabc,bcd grouperClient.alias.SubjectId =3D # if this value is PennKey, then e.g. for addMemberWs, you can use --actAsP= ennKey=3Dabc # instead of --actAsSubjectIdentifier=3Dabc grouperClient.alias.SubjectIdentifier =3D # this should probably be changed to UTF-8 for international charsets... fo= r US it can be: ISO-8859-1 grouperClient.default.fileEncoding =3D ISO-8859-1
If an invalid option is passed in, should it throw an error?
Also, you can put aliases on arguments that are for subjectId and subjec= tIdentifier. This means that this alternate argument name can be used= instead of subjectId and subjectIdentifier. You can use either the a= lias or the original name, but not both at the same time. The example= s above show what we are doing at Penn, where subjectId is pennId, and subj= ectIdentifier is pennKey.
Per the usage readme:
--outputTemplate=3D${index}: ${wsGroup.name} the output template allow the caller to customize what i= s displayed in the output from the XML anything in ${} will be evaluated, and there are differe= nt variables available for various operations. if you pass in --debug=3Dtrue, it will tell you the xml = and the variables you can use. You can drill down in the variables, e.g. ${wsGroupDeleteResult.wsGroup.nam= e}, you can do operations, e.g. ${index+1}, you can do simple string utilities from GrouperClientUti= ls or GrouperClientCommonUtils, e.g. ${grouperClientUtils.trimToEmpty(wsGroup.name)}
This uses the jakarta library JEXL.
The easiest way to use this, is first to do a request with debug mode:= p>
C:\dev_inst\eclipse\workspace_v33\grouperClient\dist>java -jar grou= perClient.jar --operation=3DaddMemberWs --groupName=3DaStem:aGroup --subjec= tIds=3Dtest.subject.0 --debug=3Dtrue ... ################ RESPONSE START (indented) ############### HTTP/1.1 201 Created Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=3Dxxxxxxxxxxxx; Path=3D/grouperWs X-Grouper-resultCode: SUCCESS X-Grouper-success: T X-Grouper-resultCode2: NONE Content-Type: text/xml Date: Mon, 08 Dec 2008 05:43:36 GMT Connection: close <WsAddMemberResults> <results> <WsAddMemberResult> <wsSubject> <resultCode>SUCCESS</resultCode> <success>T</success> <id>test.subject.0</id> <sourceId>jdbc</sourceId> </wsSubject> <resultMetadata> <resultCode>SUCCESS_ALREADY_EXISTED</resultCode> <success>T</success> </resultMetadata> </WsAddMemberResult> </results> <wsGroupAssigned> <extension>aGroup</extension> <displayExtension>aGroup</displayExtension> <displayName>aStem:aGroup</displayName> <name>aStem:aGroup</name> <uuid>01a1d70c-df7c-4ffa-b6ed-f90fa7c37f6b</uuid> </wsGroupAssigned> <resultMetadata> <resultCode>SUCCESS</resultCode> <resultMessage>Success for: clientVersion: v1_4_000, wsGroupLooku= p: WsGroupLookup[groupName=3DaSte m:aGroup], subjectLookups: Array size: 1: [0]: WsSubjectLookup[subjectId=3D= test.subject.0] , replaceAllExisting: false, actAsSubject: null, fieldName: null, txType: N= ONE, includeGroupDetail: false, includeSubjectDetail: false, subjectAttributeNames: null , params: null</resultMessage> <success>T</success> </resultMetadata> <responseMetadata> <millis>453</millis> <serverVersion>v1_4_000</serverVersion> </responseMetadata> </WsAddMemberResults> ################ RESPONSE END ############### ... DEBUG: Output template: Index ${index}: success: ${resultMetadata.success}:= code: ${resultMetadata.resultCode}: ${wsSubject.id} , available variables: wsAddMemberResults, grouperClientUtils, wsGroupAssig= ned, index, wsAddMemberResult, wsSubject, resultMetadata
You can see what the available variables are, and you can see the XML re= sponse.
So, if you want to print out some variables, you can use the objects ava= ilable, and drill down by looking at what is available in the xml:
C:\grouper>java -jar grouperClient.jar --operation=3DaddMemberWs --= groupName=3DaStem:aGroup --subjectIds=3Dtest.subject.0 --outputTemplate=3D"= sourceId: ${wsAddMemberResult.wsSubject.sourceId}, uuid: ${wsGroupAssigned.= uuid}" sourceId: jdbc, uuid: 01a1d70c-df7c-4ffa-b6ed-f90fa7c37f6b C:\grouper>
If you evaluate an expression which returns null (which is what is retur= ned if a variable doesnt exist), a warning will be displayed to stderr, but= the stdout will still be intact. If this is intended, use grouperCli= entUtils.defaultString() and it will not return null.
If you want the grouper client to execute custom Java operations, then f= ollow these instructions. For example, at Penn we will have a couple = of operations that decode Cosign single-signon tokens.
######################################## ## Custom operations ## Implement the interface ClientOperation, put it in the jar ## Increment the int index for multiples (must be in order) ######################################## customOperation.name.0 =3D cosignDecode customOperation.class.0 =3D edu.upenn.isc.grouperClient.CosignDecodeOperati= on
* Implement the interface with the logic, and get params from the comman= d line:
/** * @see edu.internet2.middleware.grouperClient.ClientOperation#= operate(edu.internet2.middleware.grouperClient.OperationParams) */ public String operate(OperationParams operationParams) { Map<String, String> argMap =3D operationParams.get= ArgMap(); Map<String, String> argMapNotUsed =3D operationPar= ams.getArgMapNotUsed(); //get params from command line String serviceName =3D GrouperClientUtils.argMapString(a= rgMap, argMapNotUsed, "serviceName", true); String cookie =3D GrouperClientUtils.argMapString(argMap= , argMapNotUsed, "cosignCookie", true); //get params from grouper.client.properties String keyStorePath =3D GrouperClientUtils.propertiesVal= ue("cosign.keyStorePath", true); ... etc, execute the logic, and return the result which should be print= ed to screen or written to file
* Build with: ant
Call the operation from the command lin= e:
C:\grouperClient\dist\institution\grouperClient.institution-1.4.0>j= ava -jar grouperClient.jar --operation=3DcosignDecode --serviceName=3Dcosig= n-isc-whatever-0 --cosignCookie=3D0mmN5ZwyJukNxxxxxxxxx 203-PennNet ID mchyzer 203-8-digit PennID 123456 203-Timestamp 1111111111 203 IP Address 1.2.3.4 C:\grouperClient\dist\institution\grouperClient.institution-1.4.0>
sdf
If you don't want to validate the SSL (e.g. self signed certificate) fol= low these instructions in grouperClient.properties
# to not require valid SSL, use: edu.internet2.middleware.grouperClien= t.ssl.EasySslSocketFactory grouperClient.https.customSocketFactory =3D # to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl= .BlindSslSocketFactory grouperClient.ldaps.customSocketFactory =3D