| Include Page | ||||
|---|---|---|---|---|
|
...
| borderColor | #ccc |
|---|---|
| bgColor | #FcFEFF |
| titleColor | white |
| titleBGColor | #00a400 |
...
The Subject API
Note: in Grouper 2.3+ you should use the subject.properties not source.xml
The Subject API
...
The Subject API is used to integrate a java application with a site's existing Identity Management operations (see architectural diagram). It enables any type of object whose identity is being managed - person, group, application, computer, etc. - to be presented to that application without requiring the application to be specifically designed for particular object types or with knowledge of how those objects are stored and represented. Those details form the configuration of the Subject API.
...
| Children Display |
|---|
Debugging
Run the Subject API diagnostics from GSH. Also use the Subject API diagnostics in "misc" in the UI (if Grouper starts... if there is a subject API problem it is severe for Grouper).
| Code Block |
|---|
GrouperSession.startRootSession();
new edu.internet2.middleware.grouper.grouperUi.serviceLogic.SubjectSourceDiagnostics().assignSourceId("SMUPerson_DEV").assignSubjectId("empl1").assignSubjectIdentifier("netid@school.edu").assignSearchString("em").subjectSourceDiagnosticsFromGsh()
===>
SUCCESS: Found subject by id in 37ms: 'empl1'
with SubjectFinder.findByIdAndSource("empl1", "SMUPerson_DEV", false)
SUCCESS: Subject id in returned subject matches the subject id searched for: 'empl1'
WARNING: No subject found by identifier in 14ms: 'netid@school.edu'
with SubjectFinder.findByIdentifierAndSource("netid@school.edu", "SMUPerson_DEV", false)
|
Note, to debug your SubjectAPI configuration, set this in the log4j.properties.
| Code Block |
|---|
log4j.logger.edu.internet2.middleware.subject.provider = DEBUG log4j.logger.edu.vt.middleware.ldap = DEBUG |
...
If you are using a JDBC source, you can use the p6spy sql driver, set the spy.properties to specify the underlying driver and the log file name (in 2.5 we need to revisit this)
Number of sources
Decide how many sources you need. It should be the minimal number that you can do. For people, it should be one. If you dont have one single source, consider working on that initiative. Having multiple subjects in Grouper that represent the same person will lead to problems (e.g. seeing what someone has access to). You might end up with a source for people and a source for service principals.
Choosing Identifiers for Subjects
...
The search() method is used by a User Interface application to allow a human to search for and list subjects using familiar attributes like name parts, departments, etc. For example, to grant a person a privilege, the Signet UI first does a search() using the user's specified search term, displays a list of the names and descriptions of the matching subjects, and enables the UI user to select one.
There are attributes that need to be configured for a subject in addition to subjectId:
- name: This is generally the first and last name for a subject. If this is private data and you dont want to list it, you can use a netId or something to help differentiate the subject from other subjects. Worst case, subjectId
description: This should be something that is standalone to show information about the subject when a list is displayed to help the user select the correct subject. This is the description attribute at Penn
Code Block Chris Hyzer (mchyzer, 10021368) (active) Staff - Isc-applications & Information Services - Application Architect (also: Alumni)- sdf
The Subject API in Grouper Architecture
...
See Also