You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sc...@apache.org on 2016/10/07 17:25:32 UTC
[1/7] airavata git commit: WIP
Repository: airavata
Updated Branches:
refs/heads/airavata-gov-registry d5f0b7771 -> d8eaa4151
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/log4j.properties b/modules/group-manager/src/main/resources/log4j.properties
deleted file mode 100755
index 9cde476..0000000
--- a/modules/group-manager/src/main/resources/log4j.properties
+++ /dev/null
@@ -1,154 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# will be substituted with the System property "grouper.home", which must have a trailing \ or /
-# depending on your OS. Of course you can use absolute paths if you prefer
-
-
-#
-# log4j Configuration
-# $Id: log4j.example.properties,v 1.13 2009-12-18 13:56:51 tzeller Exp $
-#
-
-# Appenders
-
-## Log messages to stderr
-log4j.appender.grouper_stderr = org.apache.log4j.ConsoleAppender
-log4j.appender.grouper_stderr.Target = System.err
-log4j.appender.grouper_stderr.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_stderr.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Log messages to stdout
-log4j.appender.grouper_stdout = org.apache.log4j.ConsoleAppender
-log4j.appender.grouper_stdout.Target = System.out
-log4j.appender.grouper_stdout.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_stdout.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Grouper API event logging
-log4j.appender.grouper_event = org.apache.log4j.DailyRollingFileAppender
-log4j.appender.grouper_event.File = logs/grouper_event.log
-log4j.appender.grouper_event.DatePattern = '.'yyyy-MM-dd
-log4j.appender.grouper_event.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_event.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Grouper API error logging
-log4j.appender.grouper_error = org.apache.log4j.DailyRollingFileAppender
-log4j.appender.grouper_error.File = logs/grouper_error.log
-log4j.appender.grouper_error.DatePattern = '.'yyyy-MM-dd
-log4j.appender.grouper_error.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_error.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-#log4j.appender.grouper_error.layout.ConversionPattern = %d{ISO8601}: %m%n
-
-# Debug logging (Or: logging that I haven't cleaned up yet to send elsewhere)
-log4j.appender.grouper_debug = org.apache.log4j.RollingFileAppender
-log4j.appender.grouper_debug.File = logs/grouper_debug.log
-log4j.appender.grouper_debug.MaxFileSize = 100KB
-log4j.appender.grouper_debug.MaxBackupIndex = 1
-log4j.appender.grouper_debug.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_debug.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_debug.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Benchmark logging
-log4j.appender.grouper_gb = org.apache.log4j.RollingFileAppender
-log4j.appender.grouper_gb.File = logs/grouper_bench.log
-log4j.appender.grouper_gb.MaxFileSize = 100KB
-log4j.appender.grouper_gb.MaxBackupIndex = 1
-log4j.appender.grouper_gb.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_gb.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_gb.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-# Loggers
-
-## Default logger; will log *everything*
-log4j.rootLogger = ERROR, grouper_error
-
-## All Internet2 (warn to grouper_error per default logger)
-log4j.logger.edu.internet2.middleware = WARN
-
-
-# Provisioning : PSP (version 2.1+)
-log4j.logger.edu.internet2.middleware.psp = INFO
-
-# Provisioning : vt-ldap
-# log4j.logger.edu.vt.middleware.ldap = INFO
-
-# Provisioning : Grouper plugin to Shibboleth attribute resolver
-# log4j.logger.edu.internet2.middleware.grouper.shibboleth = INFO
-
-
-# For more precise (or verbose) logging, enable one or more of the
-# following logging directives. To remove duplicate entries, just change the
-# level, and not where to send the logs
-# http://robertmarkbramprogrammer.blogspot.com/2007/06/log4j-duplicate-lines-in-output.html
-
-## Grouper Event Logging
-## * Logs at _info_ only
-log4j.logger.edu.internet2.middleware.grouper.log.EventLog = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.RegistryInstall = INFO, grouper_event, grouper_stderr
-
-## Grouper Error Logging
-## * Logs at _warn_, _fatal_ and _error_ only (by default this is WARN due to internet2 below)
-#log4j.logger.edu.internet2.middleware.grouper = WARN, grouper_error
-
-## Grouper Debug Logging
-## * NOTE: There is currently VERY LITTLE (useful) information sent to this.
-## * Logs at _info_ only currently
-#log4j.logger.edu.internet2.middleware.grouper = INFO, grouper_debug
-
-## Grouper XML Export + Import Logging
-## TODO Integrate with normal logging
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlExporter = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlImporter = INFO, grouper_event
-
-## Grouper Benchmark Logging
-log4j.logger.edu.internet2.middleware.grouper.bench = INFO, grouper_gb, grouper_stderr
-
-## Grouper script to add missing group sets
-log4j.logger.edu.internet2.middleware.grouper.misc.AddMissingGroupSets = INFO, grouper_event
-
-## Grouper Sync Point in Time Tables
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncPITTables = INFO, grouper_event
-
-## Grouper Sync Stem Set Table
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncStemSets = INFO, grouper_event
-
-## Grouper Migrate Legacy Attributes
-log4j.logger.edu.internet2.middleware.grouper.misc.MigrateLegacyAttributes = INFO, grouper_event
-
-### Subject API
-#log4j.logger.edu.internet2.middleware.subject = ERROR, grouper_error
-#log4j.logger.edu.internet2.middleware.subject.provider = ERROR, grouper_error
-### Hibernate
-#log4j.logger.org.hibernate = ERROR, grouper_error
-### ehcache
-#log4j.logger.net.sf.ehcache = ERROR, grouper_error
-### Spring
-#log4j.logger.org.springframework = ERROR, grouper_error
-
-## Grouper Stress Testing
-log4j.logger.edu.internet2.middleware.grouper.stress = INFO, grouper_debug, grouper_stderr
-
-
-#######################################################
-##Optional settings for debug logs
-#######################################################
-
-## Hooks debug info
-#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook = DEBUG
-#log4j.logger.edu.internet2.middleware.grouper.Group = DEBUG
-
-#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeSecurityHook = DEBUG
-
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/morphString.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/morphString.properties b/modules/group-manager/src/main/resources/morphString.properties
deleted file mode 100755
index dbb9d60..0000000
--- a/modules/group-manager/src/main/resources/morphString.properties
+++ /dev/null
@@ -1,21 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# Put a random alphanumeric string (Case sensitive) for the password encryption. e.g. fh43IRJ4Nf5
-# or put a filename where the random alphanumeric string is. e.g. c:/whatever/key.txt
-encrypt.key =
-# set this to true if you have slashes in your passwords and dont want to look in external files or unencrypt
-encrypt.disableExternalFileLookup = false
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/server.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/server.properties b/modules/group-manager/src/main/resources/server.properties
deleted file mode 100755
index e4a06b1..0000000
--- a/modules/group-manager/src/main/resources/server.properties
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# HSQLDB Server Configuration
-# $Id: server.example.properties,v 1.1 2008-09-29 03:38:30 mchyzer Exp $
-server.address=127.0.0.1
-server.port=9001
-server.address=localhost
-server.port=9001
-server.silent=true
-server.database.0=file:dist/run/grouper
-server.dbname.0=grouper
-server.urlid.0=grouper
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/sources.xml
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/sources.xml b/modules/group-manager/src/main/resources/sources.xml
deleted file mode 100755
index 6107d7d..0000000
--- a/modules/group-manager/src/main/resources/sources.xml
+++ /dev/null
@@ -1,883 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-
- Copyright 2014 Internet2
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
--->
-<!--
-Grouper's subject resolver configuration
-$Id: sources.example.xml,v 1.8 2009-08-11 20:18:09 mchyzer Exp $
--->
-
-<sources>
-
- <!-- Group Subject Resolver -->
-
- <!--
- You can flag a source as not throwing exception on a findAll (general search) i.e. if it is
- ok if it is down. Generally you probably won't want to do this. It defaults to true if omitted.
-
- <init-param>
- <param-name>throwErrorOnFindAllFailure</param-name>
- <param-value>false</param-value>
- </init-param>
- -->
-
- <!--
- You can make virtual attributes (attributes with formatting or based on other attributes) like this:
- init-param name is subjectVirtualAttribute_<index>_<name> where index is the order to be processed
- if some depend on others (0 to 99). The value is the jexl expression language. You can use subjectUtils
- methods (aliased with "subjectUtils", or you can register your own class (must have default constructor).
- Here are examples:
-
- <init-param>
- <param-name>subjectVirtualAttribute_0_loginIdLfName</param-name>
- <param-value>Hey ${subject.getAttributeValue('LOGINID')} and ${subject.getAttributeValue('LFNAME')}</param-value>
- </init-param>
- <init-param>
- <param-name>subjectVirtualAttribute_1_loginIdLfNameLoginId</param-name>
- <param-value>${subject.getAttributeValue('loginIdLfName')} Hey ${subject.getAttributeValue('LOGINID')} and ${subject.getAttributeValue('LFNAME')}</param-value>
- </init-param>
- <init-param>
- <param-name>subjectVirtualAttributeVariable_JDBCSourceAdapterTest</param-name>
- <param-value>edu.internet2.middleware.subject.provider.JDBCSourceAdapterTest</param-value>
- </init-param>
- <init-param>
- <param-name>subjectVirtualAttribute_2_loginIdSquared</param-name>
- <param-value>${JDBCSourceAdapterTest.appendToSelf(subject.getAttributeValue('LOGINID'))}</param-value>
- </init-param>
-
- The first virtual attribute is accessible via: subject.getAttributeValue("loginIdLfNameLoginId");
-
- you can set these c3p0 settings: maxConnectionAge (seconds), testConnectionOnCheckout (true|false),
- preferredTestQuery (e.g. select 1 from dual), idleConnectionTestPeriod (seconds)
-
-
- <init-param>
- <param-name>findSubjectByIdOnCheckConfig</param-name>
- <param-value>true|false</param-value>
- </init-param>
- <init-param>
- <param-name>subjectIdToFindOnCheckConfig</param-name>
- <param-value>someSubjectIdWhichMightExistOrWhatever</param-value>
- </init-param>
-
- <init-param>
- <param-name>findSubjectByIdentifiedOnCheckConfig</param-name>
- <param-value>true|false</param-value>
- </init-param>
- <init-param>
- <param-name>subjectIdentifierToFindOnCheckConfig</param-name>
- <param-value>someSubjectIdentifierWhichMightExistOrWhatever</param-value>
- </init-param>
-
- <init-param>
- <param-name>findSubjectByStringOnCheckConfig</param-name>
- <param-value>true|false</param-value>
- </init-param>
- <init-param>
- <param-name>stringToFindOnCheckConfig</param-name>
- <param-value>someStringWhichMightExistOrWhatever</param-value>
- </init-param>
- -->
-
- <!--
- NOTE: It is recommended that you **not** change the default
- values for this source adapter.
- -->
- <source adapterClass="edu.internet2.middleware.grouper.GrouperSourceAdapter">
- <id>g:gsa</id>
- <name>Grouper: Group Source Adapter</name>
- <type>group</type>
-
- <init-param>
- <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name>
- <param-value>${subject.getAttributeValue('name')},${subject.getAttributeValue('displayName')},${subject.getAttributeValue('alternateName')}</param-value>
- </init-param>
- <init-param>
- <param-name>sortAttribute0</param-name>
- <param-value>displayExtension</param-value>
- </init-param>
- <init-param>
- <param-name>searchAttribute0</param-name>
- <param-value>searchAttribute0</param-value>
- </init-param>
- <!-- on a findPage() this is the most results returned -->
- <init-param>
- <param-name>maxPageSize</param-name>
- <param-value>100</param-value>
- </init-param>
- <internal-attribute>searchAttribute0</internal-attribute>
- </source>
- <!-- Group Subject Resolver -->
-
- <!--
- NOTE: It is recommended that you **not** change the default
- values for this source adapter.
- -->
- <source adapterClass="edu.internet2.middleware.grouper.entity.EntitySourceAdapter">
- <id>grouperEntities</id>
- <name>Grouper: Entity Source Adapter</name>
- <type>application</type>
-
- <init-param>
- <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name>
- <!-- TODO add attribute for subject identifier -->
- <param-value>${subject.getAttributeValue('name')},${subject.getAttributeValue('displayName')},${subject.getAttributeValue('alternateName')}</param-value>
- </init-param>
- <init-param>
- <param-name>sortAttribute0</param-name>
- <param-value>name</param-value>
- </init-param>
- <init-param>
- <param-name>searchAttribute0</param-name>
- <param-value>searchAttribute0</param-value>
- </init-param>
- <internal-attribute>searchAttribute0</internal-attribute>
- </source>
- <!-- Entity Subject Resolver -->
-
- <source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJdbcSourceAdapter">
- <id>jdbc</id>
- <name>Example JDBC Source Adapter</name>
- <type>person</type>
-
- <!-- edu.internet2.middleware.subject.provider.C3p0JdbcConnectionProvider (default)
- edu.internet2.middleware.subject.provider.DbcpJdbcConnectionProvider (legacy)
- edu.internet2.middleware.grouper.subj.GrouperJdbcConnectionProvider
- (same settings as grouper.hibernate.properties, the driver, url, pass, maxActive, maxIdle, maxWait are forbidden -->
- <init-param>
- <param-name>jdbcConnectionProvider</param-name>
- <param-value>edu.internet2.middleware.grouper.subj.GrouperJdbcConnectionProvider </param-value>
- </init-param>
-
- <!-- If using emails and need email addresses in sources, set which attribute has the email address in this source -->
- <init-param>
- <param-name>emailAttributeName</param-name>
- <param-value>email</param-value>
- </init-param>
-
- <!-- if more than this many results are returned, then throw a too many subjects exception -->
- <init-param>
- <param-name>maxResults</param-name>
- <param-value>1000</param-value>
- </init-param>
-
- <!-- on a findPage() this is the most results returned -->
- <init-param>
- <param-name>maxPageSize</param-name>
- <param-value>100</param-value>
- </init-param>
-
- <!-- note: again, if you use GrouperJdbcConnectionProvider, then you should not fill out maxActive, maxIdle,
- maxWait, dbDriver, dbUrl, dbUser, dbPwd, since it will use the grouper.hibernate.properties db settings -->
-
- <!-- init-param>
- <param-name>maxActive</param-name>
- <param-value>16</param-value>
- </init-param>
- <init-param>
- <param-name>maxIdle</param-name>
- <param-value>16</param-value>
- </init-param>
- <init-param>
- <param-name>maxWait</param-name>
- <param-value>-1</param-value>
- </init-param -->
-
- <!--
- e.g. mysql: com.mysql.jdbc.Driver
- e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver
- for p6spy, put the underlying driver in spy.properties
- e.g. oracle: oracle.jdbc.driver.OracleDriver
- e.g. hsqldb: org.hsqldb.jdbcDriver
- e.g. postgres: org.postgresql.Driver -->
-
- <!-- init-param>
- <param-name>dbDriver</param-name>
- <param-value>org.hsqldb.jdbcDriver</param-value>
- </init-param -->
-
- <!--
- e.g. mysql: jdbc:mysql://localhost:3306/grouper
- e.g. p6spy (log sql): [use the URL that your DB requires]
- e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid
- e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true
- e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001
- e.g. postgres: jdbc:postgresql:grouper -->
-
- <!-- init-param>
- <param-name>dbUrl</param-name>
- <param-value>jdbc:hsqldb:C:/projects/GrouperI2MI_1-2/grouper/dist/run/grouper</param-value>
- </init-param>
- <init-param>
- <param-name>dbUser</param-name>
- <param-value>sa</param-value>
- </init-param>
- <init-param>
- <param-name>dbPwd</param-name>
- <param-value></param-value>
- </init-param -->
-
- <init-param>
- <param-name>SubjectID_AttributeType</param-name>
- <param-value>id</param-value>
- </init-param>
- <init-param>
- <param-name>Name_AttributeType</param-name>
- <param-value>name</param-value>
- </init-param>
- <init-param>
- <param-name>Description_AttributeType</param-name>
- <param-value>description</param-value>
- </init-param>
- <init-param>
- <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name>
- <param-value>${subject.name},${subjectUtils.defaultIfBlank(subject.getAttributeValue('LFNAME'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValue('LOGINID'), "")},${subjectUtils.defaultIfBlank(subject.description, "")},${subjectUtils.defaultIfBlank(subject.getAttributeValue('EMAIL'), "")}</param-value>
- </init-param>
- <init-param>
- <param-name>sortAttribute0</param-name>
- <param-value>LFNAME</param-value>
- </init-param>
- <init-param>
- <param-name>sortAttribute1</param-name>
- <param-value>LOGINID</param-value>
- </init-param>
- <init-param>
- <param-name>searchAttribute0</param-name>
- <param-value>searchAttribute0</param-value>
- </init-param>
- <internal-attribute>searchAttribute0</internal-attribute>
-
- <!-- if you are going to use the inclause attribute
- on the search to make the queries batchable when searching
- by id or identifier -->
- <init-param>
- <param-name>useInClauseForIdAndIdentifier</param-name>
- <param-value>true</param-value>
- </init-param>
-
- <!-- comma separate the identifiers for this row, this is for the findByIdentifiers if using an in clause -->
- <init-param>
- <param-name>identifierAttributes</param-name>
- <param-value>LOGINID</param-value>
- </init-param>
-
- <!-- subject identifier to store in grouper's member table -->
- <init-param>
- <param-name>subjectIdentifierAttribute0</param-name>
- <param-value>LOGINID</param-value>
- </init-param>
-
- <search>
- <searchType>searchSubject</searchType>
- <param>
- <param-name>sql</param-name>
- <param-value>
-select
- s.subjectid as id, s.name as name,
- (select sa2.value from subjectattribute sa2 where name='name' and sa2.SUBJECTID = s.subjectid) as lfname,
- (select sa3.value from subjectattribute sa3 where name='loginid' and sa3.SUBJECTID = s.subjectid) as loginid,
- (select sa4.value from subjectattribute sa4 where name='description' and sa4.SUBJECTID = s.subjectid) as description,
- (select sa5.value from subjectattribute sa5 where name='email' and sa5.SUBJECTID = s.subjectid) as email
-from
- subject s
-where
- {inclause}
- </param-value>
- </param>
- <param>
- <param-name>inclause</param-name>
- <param-value>
-s.subjectid = ?
- </param-value>
- </param>
- </search>
- <search>
- <searchType>searchSubjectByIdentifier</searchType>
- <param>
- <param-name>sql</param-name>
- <param-value>
-select
- s.subjectid as id, s.name as name,
- (select sa2.value from subjectattribute sa2 where name='name' and sa2.SUBJECTID = s.subjectid) as lfname,
- (select sa3.value from subjectattribute sa3 where name='loginid' and sa3.SUBJECTID = s.subjectid) as loginid,
- (select sa4.value from subjectattribute sa4 where name='description' and sa4.SUBJECTID = s.subjectid) as description,
- (select sa5.value from subjectattribute sa5 where name='email' and sa5.SUBJECTID = s.subjectid) as email
-from
- subject s, subjectattribute a
-where
- a.name='loginid' and s.subjectid = a.subjectid and {inclause}
- </param-value>
- </param>
- <param>
- <param-name>inclause</param-name>
- <param-value>
- a.value = ?
- </param-value>
- </param>
- </search>
- <search>
- <searchType>search</searchType>
- <param>
- <param-name>sql</param-name>
-
- <!-- for postgres, use this query since no concat() exists:
-
- select
- subject.subjectid as id, subject.name as name,
- lfnamet.lfname as lfname, loginidt.loginid as loginid,
- desct.description as description, emailt.email as email
-from
- subject
- left join (select subjectid, value as lfname from subjectattribute
- where name='name') lfnamet
- on subject.subjectid=lfnamet.subjectid
- left join (select subjectid, value as loginid from subjectattribute
- where name='loginid') loginidt
- on subject.subjectid=loginidt.subjectid
- left join (select subjectid, value as description from subjectattribute
- where name='description') desct
- on subject.subjectid=desct.subjectid
- left join (select subjectid, value as email from subjectattribute
- where name='email') emailt
- on subject.subjectid=emailt.subjectid
-where
- (lower(name) like '%' || ? || '%')
- or (lower(lfnamet.lfname) like '%' || ? || '%')
- or (lower(loginidt.loginid) like '%' || ? || '%')
- or (lower(desct.description) like '%' || ? || '%')
- or (lower(emailt.email) like '%' || ? || '%')
-
-for SQL-server:
-
-select
- subject.subjectid as id, subject.name as name,
- lfnamet.lfname as lfname, loginidt.loginid as loginid,
- desct.description as description, emailt.email as email
-from
- subject
- left join (select subjectid, value as lfname from subjectattribute
- where name='name') lfnamet
- on subject.subjectid=lfnamet.subjectid
- left join (select subjectid, value as loginid from subjectattribute
- where name='loginid') loginidt
- on subject.subjectid=loginidt.subjectid
- left join (select subjectid, value as description from subjectattribute
- where name='description') desct
- on subject.subjectid=desct.subjectid
- left join (select subjectid, value as email from subjectattribute
- where name='email') emailt
- on subject.subjectid=emailt.subjectid
-where
- (lower(name) like '%' + ? + '%')
- or (lower(lfnamet.lfname) like '%' + ? + '%')
- or (lower(loginidt.loginid) like '%' + ? + '%')
- or (lower(desct.description) like '%' + ? + '%')
- or (lower(emailt.email) like '%' + ? + '%')
-
- -->
-
- <param-value>
-select
- s.subjectid as id, s.name as name,
- (select sa2.value from subjectattribute sa2 where name='name' and sa2.SUBJECTID = s.subjectid) as lfname,
- (select sa3.value from subjectattribute sa3 where name='loginid' and sa3.SUBJECTID = s.subjectid) as loginid,
- (select sa4.value from subjectattribute sa4 where name='description' and sa4.SUBJECTID = s.subjectid) as description,
- (select sa5.value from subjectattribute sa5 where name='email' and sa5.SUBJECTID = s.subjectid) as email
-from
- subject s
-where
- s.subjectid in (
- select subjectid from subject where lower(name) like concat('%',concat(?,'%')) union
- select subjectid from subjectattribute where searchvalue like concat('%',concat(?,'%'))
- )
- </param-value>
- </param>
- </search>
- </source>
-
- <!--
- <!- - This is an alternate jdbc source which allows for more complex searches, assumes
- all data is in one table or view, and that all attributes are single valued. There are
- not queries to configure in sources.xml - - >
- <source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJdbcSourceAdapter2">
- <id>sourceId</id>
- <name>Source name</name>
- <type>person</type>
- <init-param>
- <param-name>jdbcConnectionProvider</param-name>
- <param-value>edu.internet2.middleware.grouper.subj.GrouperJdbcConnectionProvider</param-value>
- </init-param>
-
- <init-param>
- <param-name>maxResults</param-name>
- <param-value>1000</param-value>
- </init-param>
-
- <init-param>
- <param-name>dbTableOrView</param-name>
- <param-value>person_source_v</param-value>
- </init-param>
- <init-param>
- <param-name>subjectIdCol</param-name>
- <param-value>some_id</param-value>
- </init-param>
- <init-param>
- <param-name>nameCol</param-name>
- <param-value>name</param-value>
- </init-param>
- <init-param>
- <param-name>descriptionCol</param-name>
- <param-value>description</param-value>
- </init-param>
- <init-param>
- <!- - search col where general searches take place, lower case - - >
- <param-name>lowerSearchCol</param-name>
- <param-value>description_lower</param-value>
- </init-param>
- <init-param>
- <!- - optional col if you want the search results sorted in the API (note, UI might override) - - >
- <param-name>defaultSortCol</param-name>
- <param-value>description</param-value>
- </init-param>
- <init-param>
- <!- - col which identifies the row, perhaps not subjectId, add multiple by incrementing the 0 index - - >
- <param-name>subjectIdentifierCol0</param-name>
- <param-value>pennname</param-value>
- </init-param>
- <init-param>
- <!- - col which identifies the row, perhaps not subjectId, add multiple by incrementing the 0 index - - >
- <param-name>subjectIdentifierCol1</param-name>
- <param-value>penn_id</param-value>
- </init-param>
- <!- - now you can count up from 0 to N of attributes for various cols.
- The name is how to reference in subject.getAttribute() - - >
- <init-param>
- <param-name>subjectAttributeCol0</param-name>
- <param-value>pennname</param-value>
- </init-param>
- <init-param>
- <param-name>subjectAttributeName0</param-name>
- <param-value>PENNNAME</param-value>
- </init-param>
- <init-param>
- <param-name>subjectAttributeCol1</param-name>
- <param-value>description_lower</param-value>
- </init-param>
- <init-param>
- <param-name>subjectAttributeName1</param-name>
- <param-value>searchAttribute0</param-value>
- </init-param>
- <init-param>
- <param-name>sortAttribute0</param-name>
- <param-value>description</param-value>
- </init-param>
- <init-param>
- <param-name>searchAttribute0</param-name>
- <param-value>searchAttribute0</param-value>
- </init-param>
- <internal-attribute>searchAttribute0</internal-attribute>
- <!- - ########################## STATUS SECTION for searches to filter out inactives and allow
- the user to filter by status with e.g. status=all
- this is optional, and advanced - ->
- <!- - column or attribute which represents the status - - >
- <!- -
- <init-param>
- <param-name>statusDatastoreFieldName</param-name>
- <param-value>status</param-value>
- </init-param> - - >
- <!- - search string from user which represents the status. e.g. status=active - - >
- <!- -
- <init-param>
- <param-name>statusLabel</param-name>
- <param-value>status</param-value>
- </init-param> - - >
- <!- - available statuses from screen (if not specified, any will be allowed). comma separated list.
- Note, this is optional and you probably dont want to configure it, it is mostly necessary
- when you have multiple sources with statuses... if someone types an invalid status
- and you have this configured, it will not filter by it - - >
- <!- -
- <init-param>
- <param-name>statusesFromUser<param-name>
- <param-value>Active, Inactive, Pending, All</param-value>
- </init-param> - - >
- <!- - all label from the user - - >
- <!- -
- <init-param>
- <param-name>statusAllFromUser</param-name>
- <param-value>All</param-value>
- </init-param> - - >
- <!- - if no status is specified, this will be used (e.g. for active only). Note, the value should be of the
- form the user would type in - - >
- <!- -
- <init-param>
- <param-name>statusSearchDefault</param-name>
- <param-value>status=active</param-value>
- </init-param> - - >
- <!- - translate between screen values of status, and the data store value. Increment the 0 to 1, 2, etc for more translations.
- so the user could enter: status=active, and that could translate to status_col=A. The 'user' is what the user types in,
- the 'datastore' is what is in the datastore. The user part is not case-sensitive. Note, this could be a many to one - - >
- <!- -
- <init-param>
- <param-name>statusTranslateUser0</param-name>
- <param-value>active</param-value>
- </init-param>
- <init-param>
- <param-name>statusTranslateDatastore0</param-name>
- <param-value>A</param-value>
- </init-param> - - >
- <!- - ########################## END STATUS SECTION - - >
- </source>
- -->
-
- <!--
- <source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter">
- <id>example</id>
- <name>Example Edu</name>
- <type>person</type>
- <init-param>
- <param-name>INITIAL_CONTEXT_FACTORY</param-name>
- <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>
- </init-param>
- <init-param>
- <param-name>PROVIDER_URL</param-name>
- <param-value>ldap://localhost:389</param-value>
- </init-param>
- <init-param>
- <param-name>SECURITY_AUTHENTICATION</param-name>
- <param-value>simple</param-value>
- </init-param>
- <init-param>
- <param-name>SECURITY_PRINCIPAL</param-name>
- <param-value>cn=Manager,dc=example,dc=edu</param-value>
- </init-param>
- <init-param>
- <param-name>SECURITY_CREDENTIALS</param-name>
- <param-value>secret</param-value>
- </init-param>
- <init-param>
- <param-name>SubjectID_AttributeType</param-name>
- <param-value>exampleEduRegID</param-value>
- </init-param>
- <init-param>
- <param-name>SubjectID_formatToLowerCase</param-name>
- <param-value>false</param-value>
- </init-param>
- <init-param>
- <param-name>Name_AttributeType</param-name>
- <param-value>cn</param-value>
- </init-param>
- <init-param>
- <param-name>Description_AttributeType</param-name>
- <param-value>description</param-value>
- </init-param>
-
- <init-param>
- <param-name>VTLDAP_VALIDATOR</param-name>
- <param-value>ConnectLdapValidator|CompareLdapValidator</param-value>
- </init-param>
- <init-param>
- <param-name>VTLDAP_VALIDATOR_COMPARE_DN</param-name>
- <param-value>ou=People,dc=vt,dc=edu</param-value>
- </init-param>
- <init-param>
- <param-name>VTLDAP_VALIDATOR_COMPARE_SEARCH_FILTER_STRING</param-name>
- <param-value>ou=People</param-value>
- </init-param>
-
- /// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE
- /// For filter use
-
- <search>
- <searchType>searchSubject</searchType>
- <param>
- <param-name>filter</param-name>
- <param-value>
- (& (exampleEduRegId=%TERM%) (objectclass=exampleEduPerson))
- </param-value>
- </param>
- <param>
- <param-name>scope</param-name>
- <param-value>
- SUBTREE_SCOPE
- </param-value>
- </param>
- <param>
- <param-name>base</param-name>
- <param-value>
- ou=people,dc=example,dc=edu
- </param-value>
- </param>
-
- </search>
- <search>
- <searchType>searchSubjectByIdentifier</searchType>
- <param>
- <param-name>filter</param-name>
- <param-value>
- (& (uid=%TERM%) (objectclass=exampleEduPerson))
- </param-value>
- </param>
- <param>
- <param-name>scope</param-name>
- <param-value>
- SUBTREE_SCOPE
- </param-value>
- </param>
- <param>
- <param-name>base</param-name>
- <param-value>
- ou=people,dc=example,dc=edu
- </param-value>
- </param>
- </search>
-
- <search>
- <searchType>search</searchType>
- <param>
- <param-name>filter</param-name>
- <param-value>
- (& (|(|(uid=%TERM%)(cn=*%TERM%*))(exampleEduRegId=%TERM%))(objectclass=exampleEduPerson))
- </param-value>
- </param>
- <param>
- <param-name>scope</param-name>
- <param-value>
- SUBTREE_SCOPE
- </param-value>
- </param>
- <param>
- <param-name>base</param-name>
- <param-value>
- ou=people,dc=example,dc=edu
- </param-value>
- </param>
- </search>
- <init-param>
- <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name>
- <param-value>${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}</param-value>
- </init-param>
- <init-param>
- <param-name>sortAttribute0</param-name>
- <param-value>cn</param-value>
- </init-param>
- <init-param>
- <param-name>searchAttribute0</param-name>
- <param-value>searchAttribute0</param-value>
- </init-param>
-
- <!- - ########################## STATUS SECTION for searches to filter out inactives and allow
- the user to filter by status with e.g. status=all
- this is optional, and advanced - ->
- <!- - column or attribute which represents the status - - >
- <!- -
- <init-param>
- <param-name>statusDatastoreFieldName</param-name>
- <param-value>status</param-value>
- </init-param> - - >
- <!- - search string from user which represents the status. e.g. status=active - - >
- <!- -
- <init-param>
- <param-name>statusLabel</param-name>
- <param-value>status</param-value>
- </init-param> - - >
- <!- - available statuses from screen (if not specified, any will be allowed). comma separated list.
- Note, this is optional and you probably dont want to configure it, it is mostly necessary
- when you have multiple sources with statuses... if someone types an invalid status
- and you have this configured, it will not filter by it - - >
- <!- -
- <init-param>
- <param-name>statusesFromUser<param-name>
- <param-value>Active, Inactive, Pending, All</param-value>
- </init-param> - - >
- <!- - all label from the user - - >
- <!- -
- <init-param>
- <param-name>statusAllFromUser</param-name>
- <param-value>All</param-value>
- </init-param> - - >
- <!- - if no status is specified, this will be used (e.g. for active only). Note, the value should be of the
- form the user would type in - - >
- <!- -
- <init-param>
- <param-name>statusSearchDefault</param-name>
- <param-value>status=active</param-value>
- </init-param> - - >
- <!- - translate between screen values of status, and the data store value. Increment the 0 to 1, 2, etc for more translations.
- so the user could enter: status=active, and that could translate to status_col=A. The 'user' is what the user types in,
- the 'datastore' is what is in the datastore. The user part is not case-sensitive. Note, this could be a many to one - - >
- <!- -
- <init-param>
- <param-name>statusTranslateUser0</param-name>
- <param-value>active</param-value>
- </init-param>
- <init-param>
- <param-name>statusTranslateDatastore0</param-name>
- <param-value>A</param-value>
- </init-param> - - >
- <!- - ########################## END STATUS SECTION - - >
-
-
- <internal-attribute>searchAttribute0</internal-attribute>
-
- ///Attributes you would like to display when doing a search
- <attribute>cn</attribute>
- <attribute>sn</attribute>
- <attribute>uid</attribute>
- <attribute>department</attribute>
- <attribute>exampleEduRegId</attribute>
-
- <!- - subject identifier to store in grouper's member table - - >
- <init-param>
- <param-name>subjectIdentifierAttribute0</param-name>
- <param-value>uid</param-value>
- </init-param>
-
- </source>
--->
-
- <source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJdbcSourceAdapter2">
-� � � � <id>AIRAVATA_SUBJECT_SOURCE</id>
-� � � � <name>AIRAVATA_SUBJECT_SOURCE</name>
-� � � � �<type>person</type>�
-� � � � �<init-param>
-� � � � � �<param-name>jdbcConnectionProvider</param-name>
-� � � � � �<param-value>edu.internet2.middleware.subject.provider.C3p0JdbcConnectionProvider</param-value>
-� � � � �</init-param>
-� � � � �
-� � � � �<init-param>
-� � � � � � <param-name>dbDriver</param-name>
-� � � � � � <param-value>com.mysql.jdbc.Driver</param-value>
-� � � � �</init-param>
-� � � � �
-� � � � �<init-param>
-� � � � � � <param-name>dbUrl</param-name>
-� � � � � � <param-value>jdbc:mysql://gw62.iu.xsede.org:3306/dev_expcatalog_gw56</param-value>
-� � � � </init-param>
-� � � ��
-� � � � <init-param>
-� � � � � � <param-name>dbUser</param-name>
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-� � � � � � <param-value></param-value>
-=======
-� � � � � � <param-value>airavata_grouper_client</param-value>
->>>>>>> adding more files
-� � � � </init-param>
-� � � ��
-� � � � <init-param>
-� � � � � � <param-name>dbPwd</param-name>
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-� � � � � � <param-value></param-value>
-=======
-� � � � � � <param-value>airavata_grouper_client</param-value>
->>>>>>> adding more files
-� � � � </init-param>
-� ��
-� � � � �<init-param>
-� � � � � �<param-name>maxResults</param-name>
-� � � � � �<param-value>1000</param-value>
-� � � � �</init-param>
-� ��
-� � � � � <init-param>
-� � � � � �<param-name>dbTableOrView</param-name>
-� � � � � �<param-value>USERS</param-value>
-� � � � �</init-param>
-� � � � �
-� � � � � <init-param>
-� � � � � �<param-name>subjectIdCol</param-name>
-� � � � � �<param-value>AIRAVATA_INTERNAL_USER_ID</param-value>
-� � � � �</init-param>
-� � � � �<init-param>
-� � � � � �<param-name>nameCol</param-name>
-� � � � � �<param-value>AIRAVATA_INTERNAL_USER_ID</param-value>
-� � � � �</init-param>
-� � � � �<init-param>
-� � � � � �<param-name>descriptionCol</param-name>
-� � � � � �<param-value>AIRAVATA_INTERNAL_USER_ID</param-value>
-� � � � �</init-param>
-� � � � �
-� � � � �<init-param>
-� � � � � �<param-name>lowerSearchCol</param-name>
-� � � � � �<param-value>AIRAVATA_INTERNAL_USER_ID</param-value>
-� � � � �</init-param>
-� � � � �
-� � � � �<init-param>
-� � � � � �<param-name>defaultSortCol</param-name>
-� � � � � �<param-value>AIRAVATA_INTERNAL_USER_ID</param-value>
-� � � � �</init-param>
-� � � �
- <!-- �<init-param>
-� � � � � �<param-name>subjectIdentifierCol0</param-name>
-� � � � � �<param-value>subject_identifier</param-value>
-� � � � �</init-param> -->
-� � � ��
-� � � � �<!-- <init-param>
-� � � � � �<param-name>subjectAttributeCol0</param-name>
-� � � � � �<param-value>description</param-value>
-� � � � �</init-param>
-� � � � �<init-param>
-� � � � � �<param-name>subjectAttributeName0</param-name>
-� � � � � �<param-value>description</param-value>
-� � � � �</init-param> -->
-� � � ��
-� � � � �<init-param>
-� � � � � �<param-name>sortAttribute0</param-name>
-� � � � � �<param-value>AIRAVATA_INTERNAL_USER_ID</param-value>
-� � � � �</init-param>
-� � � � � <init-param>
-� � � � � �<param-name>searchAttribute0</param-name>
-� � � � � �<param-value>AIRAVATA_INTERNAL_USER_ID</param-value>
-� � � � �</init-param>
-� � � � �<!-- <internal-attribute>searchAttribute0</internal-attribute> -->
-� � � � �
-� � � � �<!-- <init-param>
-� � � � � �<param-name>statusDatastoreFieldName</param-name>
-� � � � � �<param-value>status</param-value>
-� � � � �</init-param>
-� � � � �
-� � � � �<init-param>
-� � � � � �<param-name>statusLabel</param-name>
-� � � � � �<param-value>status</param-value>
-� � � � �</init-param> -->
-� � � ��
-� � � � �
-� � � � �<!-- <init-param>
-� � � � � �<param-name>statusesFromUser</param-name>
-� � � � � �<param-value>Active, Inactive, Pending, All</param-value>
-� � � � �</init-param>
-� � � � �
-� � � � �<init-param>
-� � � � � �<param-name>statusAllFromUser</param-name>
-� � � � � �<param-value>All</param-value>
-� � � � �</init-param>
-� � � � �
-� � � � �<init-param>
-� � � � � �<param-name>statusSearchDefault</param-name>
-� � � � � �<param-value>status=active</param-value>
-� � � � �</init-param>
-� � � � �
-� � � � �<init-param>
-� � � � � �<param-name>statusTranslateUser0</param-name>
-� � � � � �<param-value>active</param-value>
-� � � � �</init-param>
-� � � � �<init-param>
-� � � � � �<param-name>statusTranslateDatastore0</param-name>
-� � � � � �<param-value>A</param-value>
-� � � � �</init-param> -->
-� � � �</source>�
-
-</sources>
-
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/spy.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/spy.properties b/modules/group-manager/src/main/resources/spy.properties
deleted file mode 100755
index c5ba04e..0000000
--- a/modules/group-manager/src/main/resources/spy.properties
+++ /dev/null
@@ -1,54 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-#Wed Nov 14 17:17:49 EST 2007
-exclude=
-include=
-stringmatcher=
-reloadproperties=false
-log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender
-
-# e.g. mysql: com.mysql.jdbc.Driver
-# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver
-# for p6spy, put the underlying driver in spy.properties
-# e.g. oracle: oracle.jdbc.driver.OracleDriver
-# e.g. hsqldb: org.hsqldb.jdbcDriver
-# e.g. postgres: org.postgresql.Driver
-# e.g. SQL Server: com.microsoft.sqlserver.jdbc.SQLServerDriver
-realdriver=com.mysql.jdbc.Driver
-
-outagedetectioninterval=
-log4j.logger.p6spy=INFO,STDOUT
-log4j.appender.STDOUT.layout.ConversionPattern=p6spy - %m%n
-deregisterdrivers=true
-autoflush=true
-outagedetection=false
-useprefix=false
-includecategories=
-filter=false
-excludecategories=info,debug,result,batch
-logfile=c\:\\temp\\grouperSpy.log
-module.log=com.p6spy.engine.logging.P6LogFactory
-sqlexpression=
-reloadpropertiesinterval=60
-dateformat=yyyy/MM/dd HH\:mm\:ss\:SSS
-stacktrace=false
-executionthreshold=
-log4j.appender.STDOUT.layout=org.apache.log4j.PatternLayout
-append=false
-appender=com.p6spy.engine.logging.appender.FileLogger
-stacktraceclass=
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/sqltool.rc
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/sqltool.rc b/modules/group-manager/src/main/resources/sqltool.rc
deleted file mode 100755
index 270a3b4..0000000
--- a/modules/group-manager/src/main/resources/sqltool.rc
+++ /dev/null
@@ -1,6 +0,0 @@
-# This is a sample sqltool.rc file for use with hsqldb.
-urlid grouper
-url jdbc:hsqldb:hsql://127.0.0.1/grouper
-username sa
-password
-
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/subject.base.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/subject.base.properties b/modules/group-manager/src/main/resources/subject.base.properties
deleted file mode 100755
index 6e9fcef..0000000
--- a/modules/group-manager/src/main/resources/subject.base.properties
+++ /dev/null
@@ -1,46 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Subject configuration
-# $Id: subject.base.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
-#
-
-# The subject proprties uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from subject.base.properties
-# (which should not be edited), and the subject.properties overlays
-# the base settings. See the subject.base.properties for the possible
-# settings that can be applied to the subject.properties
-
-########################################
-## Config chaining hierarchy
-########################################
-
-# comma separated config files that override each other (files on the right override the left)
-# each should start with file: or classpath:
-# e.g. classpath:subject.example.properties, file:c:/something/myconfig.properties
-subject.config.hierarchy = classpath:subject.base.properties, classpath:subject.properties
-
-# seconds between checking to see if the config files are updated
-subject.config.secondsBetweenUpdateChecks = 60
-
-########################################
-
-# enter the location of the sources.xml. Must start with classpath: or file:
-# default is: classpath:sources.xml
-# e.g. file:/dir1/dir2/sources.xml
-subject.sources.xml.location = classpath:sources.xml
-
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/subject.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/subject.properties b/modules/group-manager/src/main/resources/subject.properties
deleted file mode 100755
index 98e54c7..0000000
--- a/modules/group-manager/src/main/resources/subject.properties
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Subject configuration
-# $Id: subject.base.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
-#
-
-# The subject proprties uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from subject.base.properties
-# (which should not be edited), and the subject.properties overlays
-# the base settings. See the subject.base.properties for the possible
-# settings that can be applied to the subject.properties
-
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/registry/registry-core/pom.xml
----------------------------------------------------------------------
diff --git a/modules/registry/registry-core/pom.xml b/modules/registry/registry-core/pom.xml
index 1bea32f..c2b26b2 100644
--- a/modules/registry/registry-core/pom.xml
+++ b/modules/registry/registry-core/pom.xml
@@ -102,33 +102,6 @@
<build>
<plugins>
- <plugin>
- <groupId>org.apache.openjpa</groupId>
- <artifactId>openjpa-maven-plugin</artifactId>
- <version>2.2.0</version>
- <configuration>
- <includes>**/entities/*.class</includes>
- <excludes>**/entities/XML*.class</excludes>
- <addDefaultConstructor>true</addDefaultConstructor>
- <enforcePropertyRestrictions>true</enforcePropertyRestrictions>
- </configuration>
- <executions>
- <execution>
- <id>enhancer</id>
- <phase>process-classes</phase>
- <goals>
- <goal>enhance</goal>
- </goals>
- </execution>
- </executions>
- <dependencies>
- <dependency>
- <groupId>org.apache.openjpa</groupId>
- <artifactId>openjpa</artifactId>
- <version>2.2.0</version>
- </dependency>
- </dependencies>
- </plugin>
<!--<plugin>-->
<!--<groupId>org.apache.maven.plugins</groupId>-->
<!--<artifactId>maven-antrun-plugin</artifactId>-->
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/experiment/catalog/impl/ExperimentRegistry.java
----------------------------------------------------------------------
diff --git a/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/experiment/catalog/impl/ExperimentRegistry.java b/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/experiment/catalog/impl/ExperimentRegistry.java
index 8465af4..02c1904 100644
--- a/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/experiment/catalog/impl/ExperimentRegistry.java
+++ b/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/experiment/catalog/impl/ExperimentRegistry.java
@@ -331,6 +331,10 @@ public class ExperimentRegistry {
processResourceSchedule.setQueueName(resourceSchedule.getQueueName());
processResourceSchedule.setWallTimeLimit(resourceSchedule.getWallTimeLimit());
processResourceSchedule.setTotalPhysicalMemory(resourceSchedule.getTotalPhysicalMemory());
+ processResourceSchedule.setOverrideAllocationProjectNumber(resourceSchedule.getOverrideAllocationProjectNumber());
+ processResourceSchedule.setOverrideLoginUserName(resourceSchedule.getOverrideLoginUserName());
+ processResourceSchedule.setOverrideScratchLocation(resourceSchedule.getOverrideScratchLocation());
+ processResourceSchedule.setStaticWorkingDir(resourceSchedule.getStaticWorkingDir());
processResourceSchedule.save();
} catch (Exception e) {
logger.error("Unable to save user config data", e);
@@ -793,6 +797,10 @@ public class ExperimentRegistry {
processResourceSchedule.setQueueName(resourceSchedule.getQueueName());
processResourceSchedule.setWallTimeLimit(resourceSchedule.getWallTimeLimit());
processResourceSchedule.setTotalPhysicalMemory(resourceSchedule.getTotalPhysicalMemory());
+ processResourceSchedule.setOverrideAllocationProjectNumber(resourceSchedule.getOverrideAllocationProjectNumber());
+ processResourceSchedule.setOverrideLoginUserName(resourceSchedule.getOverrideLoginUserName());
+ processResourceSchedule.setOverrideScratchLocation(resourceSchedule.getOverrideScratchLocation());
+ processResourceSchedule.setStaticWorkingDir(resourceSchedule.getStaticWorkingDir());
processResourceSchedule.save();
} catch (Exception e) {
logger.error("Unable to save process resource schedule data", e);
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/registry/registry-core/src/main/resources/META-INF/persistence.xml
----------------------------------------------------------------------
diff --git a/modules/registry/registry-core/src/main/resources/META-INF/persistence.xml b/modules/registry/registry-core/src/main/resources/META-INF/persistence.xml
index cfbe488..4833874 100644
--- a/modules/registry/registry-core/src/main/resources/META-INF/persistence.xml
+++ b/modules/registry/registry-core/src/main/resources/META-INF/persistence.xml
@@ -20,7 +20,7 @@
*
* -->
<persistence xmlns="http://java.sun.com/xml/ns/persistence"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="1.0">
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="1.0">
<persistence-unit name="appcatalog_data">
<provider>org.apache.openjpa.persistence.PersistenceProviderImpl</provider>
<class>org.apache.airavata.registry.core.app.catalog.model.ComputeResource</class>
@@ -115,4 +115,4 @@
<class>org.apache.airavata.registry.core.workflow.catalog.model.WorkflowStatus</class>
<exclude-unlisted-classes>true</exclude-unlisted-classes>
</persistence-unit>
-</persistence>
\ No newline at end of file
+</persistence>
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/registry/registry-core/src/main/resources/credstore-mysql.sql
----------------------------------------------------------------------
diff --git a/modules/registry/registry-core/src/main/resources/credstore-mysql.sql b/modules/registry/registry-core/src/main/resources/credstore-mysql.sql
index f600f24..a0cf815 100644
--- a/modules/registry/registry-core/src/main/resources/credstore-mysql.sql
+++ b/modules/registry/registry-core/src/main/resources/credstore-mysql.sql
@@ -1,14 +1,14 @@
CREATE TABLE COMMUNITY_USER (
- GATEWAY_ID VARCHAR(256) NOT NULL,
- COMMUNITY_USER_NAME VARCHAR(256) NOT NULL,
- TOKEN_ID VARCHAR(256) NOT NULL,
+ GATEWAY_ID VARCHAR(100) NOT NULL,
+ COMMUNITY_USER_NAME VARCHAR(100) NOT NULL,
+ TOKEN_ID VARCHAR(100) NOT NULL,
COMMUNITY_USER_EMAIL VARCHAR(256) NOT NULL,
PRIMARY KEY (GATEWAY_ID, COMMUNITY_USER_NAME, TOKEN_ID)
);
CREATE TABLE CREDENTIALS (
- GATEWAY_ID VARCHAR(256) NOT NULL,
- TOKEN_ID VARCHAR(256) NOT NULL,
+ GATEWAY_ID VARCHAR(100) NOT NULL,
+ TOKEN_ID VARCHAR(100) NOT NULL,
CREDENTIAL BLOB NOT NULL,
PORTAL_USER_ID VARCHAR(256) NOT NULL,
TIME_PERSISTED TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index e0400e1..a8a83ea 100644
--- a/pom.xml
+++ b/pom.xml
@@ -563,7 +563,6 @@
<module>modules/server</module>
<module>modules/workflow</module>
<module>modules/test-suite</module>
- <module>modules/group-manager</module>
<module>modules/sharing-registry</module>
<!-- Deprecated Modules-->
<!--<module>modules/integration-tests</module>-->
[3/7] airavata git commit: WIP
Posted by sc...@apache.org.
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/grouper.base.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.base.properties b/modules/group-manager/src/main/resources/grouper.base.properties
deleted file mode 100755
index 1cc0805..0000000
--- a/modules/group-manager/src/main/resources/grouper.base.properties
+++ /dev/null
@@ -1,1017 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Grouper Configuration
-# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $
-#
-
-# Grouper uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper.base.properties
-# (which should not be edited), and the grouper.properties overlays
-# the base settings. See the grouper.base.properties for the possible
-# settings that can be applied to the grouper.properties
-
-
-########################################
-## Config chaining hierarchy
-########################################
-
-# comma separated config files that override each other (files on the right override the left)
-# each should start with file: or classpath:
-# e.g. classpath:grouper.example.properties, file:c:/something/myconfig.properties
-grouper.config.hierarchy = classpath:grouper.base.properties, classpath:grouper.properties
-
-# seconds between checking to see if the config files are updated
-grouper.config.secondsBetweenUpdateChecks = 60
-
-
-########################################
-## General settings
-########################################
-
-# in cases where grouper is logging or emailing, it will use this to differentiate test vs dev vs prod
-grouper.env.name =
-
-#put the URL which will be used e.g. in emails to users. include the webappname at the end, and nothing after that.
-#e.g. https://server.school.edu/grouper/
-grouper.ui.url =
-
-# tmp dir to use, will set this to the env var for tmp dir during cache operations...
-# note, if you are using a backslash, you need to escape it with another, e.g. c:\\temp
-# see the temp dir in logs with this in log4j.properties
-# log4j.logger.edu.internet2.middleware.grouper.util.GrouperUtil = INFO
-grouper.tmp.dir =
-
-# main stem for grouper built in objects
-# Note: there are more locations to change than just this
-grouper.rootStemForBuiltinObjects = etc
-
-#######################################
-## inititalization and configuration settings
-#######################################
-
-#if grouper should auto init the registry if not initted (i.e. insert the root stem, built in fields, etc)
-#defaults to true
-registry.autoinit = true
-
-#if grouper should try and detect and log configuration errors on startup
-#in general this should be true, unless the output is too annoying or if it is causing a problem
-configuration.detect.errors = true
-
-#if the startup message should display
-configuration.display.startup.message = true
-
-#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on)
-configuration.autocreate.system.groups = false
-
-#auto-create groups (increment the integer index), and auto-populate with users
-#(comma separated subject ids) to bootstrap the registry on startup
-#(note: check config needs to be on)
-#configuration.autocreate.group.name.0 = etc:uiUsers
-#configuration.autocreate.group.description.0 = users allowed to log in to the UI
-#configuration.autocreate.group.subjects.0 = johnsmith
-
-# if should check java version and make sure ok
-configuration.checkJavaVersion = true
-
-# if should check database and utf in new thread
-configuration.checkDatabaseAndUtf.inNewThread = true
-
-# if grouper should check to see if the database has case sensitive selects
-configuration.detect.db.caseSensitive.problems = true
-configuration.display.db.caseSensitive.success.message = false
-
-# if grouper should check to see if utf-8 works on startup in files
-configuration.detect.utf8.file.problems = true
-# if grouper should check to see if utf-8 works on startup in the database
-configuration.detect.utf8.problems = true
-configuration.display.utf8.success.message = false
-
-# if grouper in the utf8 check will check to see if grouper supports transaction
-configuration.detect.db.transaction.problems = true
-configuration.display.transaction.success.message = false
-
-###################################
-## security settings
-###################################
-
-# If set to _true_, the ALL subject will be granted that privilege on
-# each new group that is created. Note, you can override the default
-# checkboxes on screen of UI in media.properties.
-groups.create.grant.all.optin = false
-groups.create.grant.all.optout = false
-groups.create.grant.all.read = false
-groups.create.grant.all.view = false
-groups.create.grant.all.groupAttrRead = false
-
-# If set to _true_, the ALL subject will be granted that privilege on
-# each new stem that is created.
-stems.create.grant.all.create = false
-stems.create.grant.all.stemAdmin = false
-stems.create.grant.all.stemAttrRead = false
-stems.create.grant.all.stemAttrUpdate = false
-
-# If set to _true_, the ALL subject will be granted that privilege on
-# each new attributeDef that is created.
-attributeDefs.create.grant.all.attrAdmin = false
-attributeDefs.create.grant.all.attrOptin = false
-attributeDefs.create.grant.all.attrOptout = false
-attributeDefs.create.grant.all.attrRead = false
-attributeDefs.create.grant.all.attrUpdate = false
-attributeDefs.create.grant.all.attrView = false
-attributeDefs.create.grant.all.attrDefAttrRead = false
-attributeDefs.create.grant.all.attrDefAttrUpdate = false
-
-# if set to true, then the ALL subject will be granted view on new entities
-entities.create.grant.all.view = false
-
-
-# A wheel group allows you to enable non-GrouperSystem subjects to act
-# like a root user when interacting with the registry.
-groups.wheel.use = false
-
-# Set to the name of the group you want to treat as the wheel group.
-# The members of this group will be treated as root-like users.
-groups.wheel.group = etc:sysadmingroup
-
-# A viewonly wheel group allows you to enable non-GrouperSystem subjects to act
-# like a root user when viewing the registry.
-groups.wheel.viewonly.use = false
-
-# Set to the name of the group you want to treat as the viewonly wheel group.
-# The members of this group will be treated as root-like users when viewing objects.
-groups.wheel.viewonly.group = etc:sysadminViewersGroup
-
-# A readonly wheel group allows you to enable non-GrouperSystem subjects to act
-# like a root user when reading the registry.
-groups.wheel.readonly.use = false
-
-# Set to the name of the group you want to treat as the readonly wheel group.
-# The members of this group will be treated as root-like users when reading objects.
-groups.wheel.readonly.group = etc:sysadminReadersGroup
-
-
-# To change the internal names for GrouperAll and GrouperSystem
-# uncomment and change. Review UI nav.properties to ensure consistency
-subject.internal.grouperall.name = EveryEntity
-subject.internal.groupersystem.name = GrouperSysAdmin
-
-# Search and sort strings for internal users
-internalSubjects.searchAttribute0.el = ${subject.name},${subject.id}
-internalSubjects.sortAttribute0.el = ${subject.name}
-
-
-#by default, anyone with admin rights on a group can edit the types or attributes
-#specify types (related attributes will also be protected) which are wheel only, or restricted to a certain group
-#security.types.typeName.wheelOnly = true
-security.types.grouperLoader.wheelOnly = true
-security.types.grouperGroupMembershipSettings.wheelOnly = true
-
-#security.types.typeName.allowOnlyGroup = etc:someAdminGroup
-
-
-# If this property is set, then to move a stem, in addition to having the appropriate stem privileges for the stem being moved and the destination stem,
-# a user must also be a member of the defined group. Note that users in the wheel group will have access regardless of this property.
-#security.stem.groupAllowedToMoveStem = etc:someAdminGroup
-
-# If this property is set, then to rename a stem, in addition to having the appropriate stem privilege for the stem being renamed,
-# a user must also be a member of the defined group. Note that users in the wheel group will have access regardless of this property.
-#security.stem.groupAllowedToRenameStem = etc:someAdminGroup
-
-# If this property is set, then to copy a stem, a user must be a member of the defined group. Note that users in the wheel group will have access regardless of this property.
-#security.stem.groupAllowedToCopyStem = etc:someAdminGroup
-
-# By default, all users have access to sort using any of the sort strings in the member table and search using any of the search strings in the member table.
-# You can restrict to wheel only or to a certain group.
-#security.member.sort.string0.allowOnlyGroup = etc:someGroup
-#security.member.sort.string1.allowOnlyGroup = etc:someGroup
-#security.member.sort.string2.wheelOnly = true
-#security.member.sort.string3.wheelOnly = true
-#security.member.sort.string4.wheelOnly = true
-#security.member.search.string0.allowOnlyGroup = etc:someGroup
-#security.member.search.string1.allowOnlyGroup = etc:someGroup
-#security.member.search.string2.wheelOnly = true
-#security.member.search.string3.wheelOnly = true
-#security.member.search.string4.wheelOnly = true
-
-
-###################################
-## Member sort and search
-###################################
-
-# Attributes of members are kept in the grouper_members table to allow easy sorting and searching (for instance when listing group members).
-# When performing a sort or search and an index is not specified, then a default index will be used as configured below. The value is comma-separated,
-# so that if the user does not have access to the first index, then next will be tried and so forth.
-# Note: all sources should have attributes configured for all default indexes.
-member.search.defaultIndexOrder=0
-member.sort.defaultIndexOrder=0
-
-
-###################################
-## whitelist (allow) and blacklist (deny) for db/ldap data or object deletes, without prompting the user to confirm
-## if a listing is in the whitelist (allow), it will be allowed to delete db/ldap
-## if a listing is in the blacklist (deny), it will be denied from deleting db/ldap
-## multiple inputs can be entered with .0, .1, .2, etc. These numbers must be sequential, starting with 0
-###################################
-
-db.change.allow.user.0=sa
-db.change.allow.url.0=jdbc:hsqldb:hsql://localhost:9001/grouper
-db.change.allow.user.1=grouper1
-db.change.allow.url.1=jdbc:mysql://localhost:3306/grouper1
-
-db.change.deny.user.0=grouper2
-db.change.deny.url.0=jdbc:mysql://localhost:3306/grouper2
-
-# db.change.allow.user.2=uid=admin,ou=system
-# db.change.allow.url.2=ldap://localhost:10389
-
-# if should give error when detect driver mismatch (set to false if using an
-# unknown driver, and tell the grouper team so we can add to list)
-db.log.driver.mismatch = true
-
-###################################
-## Grouper include / exclude and requireGroups
-## If enabled, will make sure the Type is installed, and when that type is
-## applied to a group, it will auto-create the other groups needed to manage the include and exclude lists
-## see: https://bugs.internet2.edu/jira/browse/GRP-178
-## the naming settings below are only used when the type is applied to a group, will not affect
-## existing include/exclude groups
-###################################
-
-#if the addIncludeExclude and requireInGroups should be enabled, and if the type(s) should be
-#auto-created, and used to auto create groups to facilitate include and exclude lists, and require lists
-grouperIncludeExclude.use = false
-grouperIncludeExclude.requireGroups.use = false
-
-#for requireGroups (groups that the members must be to be in the overall group). name is the name of the attribute or type
-#attributeOrType is either attribute for an attribute underneath the requireInGroups type, or type to be a top level type
-#group is the group to be anded in. note attributes are a global namespace, so you might want to use a naming convention,
-#e.g. prefix with "require". description is the tooltip. add as many as you like.
-#grouperIncludeExclude.requireGroup.name.0 = requireActiveEmployee
-#grouperIncludeExclude.requireGroup.attributeOrType.0 = type
-#grouperIncludeExclude.requireGroup.group.0 = school:community:activeEmployee
-#grouperIncludeExclude.requireGroup.description.0 = If value is true, members of the overall group must be an active employee (in the school:community:activeEmployee group). Otherwise, leave this value not filled in.
-
-#grouperIncludeExclude.requireGroup.name.1 = requireActiveStudent
-#grouperIncludeExclude.requireGroup.attributeOrType.1 = attribute
-#grouperIncludeExclude.requireGroup.group.1 = school:community:activeStudent
-#grouperIncludeExclude.requireGroup.description.1 = If value is true, members of the overall group must be an active student (in the school:community:activeStudent group). Otherwise leave this value not filled in.
-
-
-# set some names and tooltips
-grouperIncludeExclude.type.name = addIncludeExclude
-grouperIncludeExclude.tooltip = Select this type to auto-create other groups which facilitate having include and exclude list
-
-grouperIncludeExclude.requireGroups.type.name = requireInGroups
-grouperIncludeExclude.requireGroups.tooltip = Select this type to auto-create other groups which set up group math so that other groups can be required for membership (e.g. activeEmployee)
-
-#leave grouperIncludeExclude.andGroups.attributeName blank if you dont want to use this attribute...
-#though if you were using it, it wont remove already configured groups
-grouperIncludeExclude.requireGroups.attributeName = requireAlsoInGroups
-grouperIncludeExclude.requireGroups.attribute.tooltip = Enter in comma separated group path(s). An entity must be in these groups for it to be in the overall group. e.g. stem1:stem2:group1, stem1:stem3:group2
-
-#suffixes for various include/exclude groups (can use ${space} for space).
-#note, these should uniquely identify various parts of the include/exclude.
-#i.e. if the grouperIncludeExclude type is applied to a group with a suffix of the include suffix,
-#the other groups will not be created...
-grouperIncludeExclude.systemOfRecord.extension.suffix = _systemOfRecord
-grouperIncludeExclude.include.extension.suffix = _includes
-grouperIncludeExclude.exclude.extension.suffix = _excludes
-grouperIncludeExclude.systemOfRecordAndIncludes.extension.suffix = _systemOfRecordAndIncludes
-grouperIncludeExclude.includesMinusExcludes.extension.suffix = _includesMinusExcludes
-#note, put a ${i} in there for where the 1 based index will go
-grouperIncludeExclude.requireGroups.extension.suffix = _requireGroups${i}
-
-#suffixes for various include/exclude groups (can use ${space} for space)
-grouperIncludeExclude.systemOfRecord.displayExtension.suffix = ${space}system of record
-grouperIncludeExclude.include.displayExtension.suffix = ${space}includes
-grouperIncludeExclude.exclude.displayExtension.suffix = ${space}excludes
-grouperIncludeExclude.systemOfRecordAndIncludes.displayExtension.suffix = ${space}system of record and includes
-grouperIncludeExclude.includesMinusExcludes.displayExtension.suffix = ${space}includes minus excludes
-#note, put a ${i} in there for where the 1 based index will go
-grouperIncludeExclude.requireGroups.displayExtension.suffix = ${space}requireGroups ${i}
-
-#can use ${extension} as the group extension, or ${displayExtension} for group display extension
-grouperIncludeExclude.overall.description = Group containing list of ${displayExtension} after adding the includes and subtracting the excludes
-grouperIncludeExclude.systemOfRecord.description = Group containing list of ${displayExtension} (generally straight from the system of record) without yet considering manual include or exclude lists
-grouperIncludeExclude.include.description = Group containing manual list of includes for group ${displayExtension} which will be added to the system of record list (unless the subject is also in the excludes group)
-grouperIncludeExclude.exclude.description = Group containing manual list of excludes for group ${displayExtension} which will not be in the overall group
-grouperIncludeExclude.systemOfRecordAndIncludes.description = Internal utility group for group ${displayExtension} which facilitates the group math for the include and exclude lists
-grouperIncludeExclude.includesMinusExclude.description = Internal utility group for group ${displayExtension} which facilitates includes, excludes, and required groups (e.g. activeEmployee)
-#note, put a ${i} in there for where the 1 based index will go
-grouperIncludeExclude.requireGroups.description = Internal utility group for group ${displayExtension} which facilitates required groups (e.g. activeEmployee)
-
-
-###################################
-## Subject settings
-###################################
-
-# if finding across multiple threadable sources, use threads to do the work faster
-subjects.allPage.useThreadForkJoin = false
-
-# if finding across multiple threadable sources, use threads to do the work faster
-subjects.idOrIdentifier.useThreadForkJoin = false
-
-# if the creator and last updater should be group subject attributes (you get
-# a performance gain if you set to false, but if true you can see subject id from UI in 2.0
-subjects.group.useCreatorAndModifierAsSubjectAttributes = true
-
-# customize subjects by implementing this interface: edu.internet2.middleware.grouper.subj.SubjectCustomizer
-# or extending this class: edu.internet2.middleware.grouper.subj.SubjectCustomizerBase (recommended)
-# note the instance will be reused to make sure it is threadsafe
-subjects.customizer.className =
-
-# if we should use a root session if one isnt started for subject lookups (behavior in v2.0-
-subjects.startRootSessionIfOneIsntStarted = false
-
-###################################
-## Hooks
-## You can register multiple classes for one hook base class by comma separating the hooks implementations
-## You can also register hooks at runtime with:
-## GrouperHookType.addHookManual("hooks.group.class", YourSchoolGroupHooks2.class);
-###################################
-
-#implement a group attribute hook by extending edu.internet2.middleware.grouper.hooks.AttributeHooks
-#hooks.attribute.class=edu.yourSchool.it.YourSchoolGroupHooks,edu.yourSchool.it.YourSchoolGroupHooks2
-
-#implement an attribute def hook by extending edu.internet2.middleware.grouper.hooks.AttributeDefHooks
-#hooks.attributeDef.class=edu.yourSchool.it.YourSchoolAttributeDefHooks,edu.yourSchool.it.YourSchoolAttributeDefHooks2
-
-#implement an attribute def name hook by extending edu.internet2.middleware.grouper.hooks.AttributeDefNameHooks
-#hooks.attributeDefName.class=edu.yourSchool.it.YourSchoolAttributeDefNameHooks,edu.yourSchool.it.YourSchoolAttributeDefNameHooks2
-
-#implement an attribute assign hook by extending edu.internet2.middleware.grouper.hooks.AttributeAssignHooks
-#hooks.attributeAssign.class=edu.yourSchool.it.YourSchoolAttributeAssignHooks,edu.yourSchool.it.YourSchoolAttributeAssignHooks2
-
-#implement an attribute assign hook by extending edu.internet2.middleware.grouper.hooks.AttributeAssignValueHooks
-#hooks.attributeAssignValue.class=edu.yourSchool.it.YourSchoolAttributeAssignValueHooks,edu.yourSchool.it.YourSchoolAttributeAssignValueHooks2
-
-#implement a group hook by extending edu.internet2.middleware.grouper.hooks.GroupHooks
-#hooks.group.class=edu.yourSchool.it.YourSchoolGroupHooks,edu.yourSchool.it.YourSchoolGroupHooks2
-
-#implement a grouper lifecycle hook by extending edu.internet2.middleware.grouper.hooks.LifecycleHooks
-#hooks.lifecycle.class=edu.yourSchool.it.YourSchoolLifecycleHooks
-
-#implement a membership hook by extending edu.internet2.middleware.grouper.hooks.MembershipHooks
-#hooks.membership.class=edu.yourSchool.it.YourSchoolMembershipHooks
-
-#implement a member hook by extending edu.internet2.middleware.grouper.hooks.MemberHooks
-#hooks.member.class=edu.yourSchool.it.YourSchoolMemberHooks
-
-#implement a stem hook by extending edu.internet2.middleware.grouper.hooks.StemHooks
-#hooks.stem.class=edu.yourSchool.it.YourSchoolStemHooks
-
-#implement a composite hook by extending edu.internet2.middleware.grouper.hooks.CompositeHooks
-#hooks.composite.class=edu.yourSchool.it.YourSchoolCompositeHooks
-
-#implement a field hook by extending edu.internet2.middleware.grouper.hooks.FieldHooks
-#hooks.field.class=edu.yourSchool.it.YourSchoolFieldHooks
-
-#implement a grouperSession hook by extending edu.internet2.middleware.grouper.hooks.GrouperSessionHooks
-#hooks.grouperSession.class=edu.yourSchool.it.YourSchoolGrouperSessionHooks
-
-#implement a groupType hook by extending edu.internet2.middleware.grouper.hooks.GroupTypeHooks
-#hooks.groupType.class=edu.yourSchool.it.YourSchoolGroupTypeHooks
-
-#implement a groupTypeTuple hook by extending edu.internet2.middleware.grouper.hooks.GroupTypeTupleHooks
-#hooks.groupTypeTuple.class=edu.yourSchool.it.YourSchoolGroupTypeTupleHooks
-
-#implement a loader hook by extending edu.internet2.middleware.grouper.hooks.LoaderHooks
-#hooks.loader.class=edu.yourSchool.it.YourSchoolLoaderHooks
-
-#implement an external subject hook by extending edu.internet2.middleware.grouper.hooks.ExternalSubjectHooks
-#hooks.externalSubject.class=edu.yourSchool.it.YourSchoolExternalSubjectHooks
-
-###################################
-## Rules
-###################################
-
-# Rules users who are in the following group can use the actAs field to act as someone else
-# You can put multiple groups separated by commas. e.g. a:b:c, e:f:g
-# You can put a single entry as the group the calling user has to be in, and the grouper the actAs has to be in
-# separated by 4 colons
-# e.g. if the configured values is: a:b:c, e:f:d :::: r:e:w, x:e:w
-# then if the calling user is in a:b:c or x:e:w, then the actAs can be anyone
-# if not, then if the calling user is in e:f:d, then the actAs must be in r:e:w. If multiple rules, then
-# if one passes, then it is a success, if they all fail, then fail.
-rules.act.as.group =
-
-# any actAs subject in this group has access to more objects when the EL fires on
-# the IF or THEN EL clause
-rules.accessToApiInEl.group =
-
-# cache the decision to allow a user to actAs another, so it doesnt have to be calculated each time
-# defaults to 30 minutes
-rules.act.as.cache.minutes = 30
-
-# uuids (comma separated) of the attribute assign record which is the rule type to the owner object
-# e.g. SELECT gaagv.attribute_assign_id FROM grouper_attr_asn_group_v gaagv WHERE gaagv.attribute_def_name_name LIKE '%:rule' AND gaagv.group_name = 'stem:a'
-# make sure log info level is set for RuleEngine
-# log4j.logger.edu.internet2.middleware.grouper.rules.RuleEngine = INFO
-rules.attributeAssignTypeIdsToLog = abc1234abc123, def456def345
-
-# if this is true, then log a lot of info about why rules do or do not fire... only turn on temporarily
-# since it takes a lot of resources... note you need log DEBUG set for the rules engine in log4j.properties too e.g.
-# log4j.logger.edu.internet2.middleware.grouper.rules = DEBUG
-rules.logWhyRulesDontFire = false
-
-# put in fully qualified classes to add to the EL context. Note that they need a default constructor
-# comma separated. The alias will be the simple class name without a first cap.
-# e.g. if the class is test.Test the alias is "test"
-rules.customElClasses =
-
-# If the CHECK, IF, and THEN are all exactly what is needed for managing inherited stem privileges
-# Then allow an actAs GrouperSystem in source g:isa
-rules.allowActAsGrouperSystemForInheritedStemPrivileges =
-
-# If not blank, then keep email templates in this folder instead of classpath
-# If in classpath, it is classpath: grouperRulesEmailTemplates/someTemplate.txt
-rules.emailTemplatesFolder =
-
-
-###################################
-## Group attribute validation via regex
-## You can attach a regex to an attribute name (including built ins)
-## If none are registered, the built in hook will not be enabled
-## The built ins are description, displayName, extension, displayExtension, name
-## Configure a group.attribute.validator.attributeName.X for attribute name
-## group.attribute.validator.regex.X for the regex
-## group.attribute.validator.vetoMessage.X for the veto message (can contain the variable $attributeValue$ which will substitute)
-## the X must be a sequential integer which groups the config entries together.
-## do not repeat two config entries
-###################################
-
-#Attach a regex validator by attribute name
-#group.attribute.validator.attributeName.0=extension
-#group.attribute.validator.regex.0=^[a-zA-Z0-9]+$
-#group.attribute.validator.vetoMessage.0=Group ID '$attributeValue$' is invalid since it must contain only alpha-numerics
-#
-#group.attribute.validator.attributeName.1=displayExtension
-#group.attribute.validator.regex.1=^[a-zA-Z0-9 ]+$
-#group.attribute.validator.vetoMessage.1=Group name '$attributeValue$' is invalid since it must contain only alpha-numerics or spaces
-
-#####################################
-## Audit settings
-#####################################
-
-# if set to true, then exceptions will be thrown if any actions are not audited... exceptions
-# should not be thrown since everything should be audited, so this is a switch to make it absorb
-# errors if there is a problem (will be logged instead if second param is true)
-audit.requireAuditsForAllActions = false
-audit.logAuditsForMissingActions = false
-
-#####################################
-## Change log settings
-#####################################
-
-# if we should insert records into grouper_change_log_temp when events happen
-# defaults to true. Note, it is not currently supported to set this to false...
-changeLog.enabled = true
-
-
-#####################################
-## Settings to track last membership changes for groups and stems.
-#####################################
-
-# If true, when an immediate membership changes for a group (either a privilege or a list member),
-# then an update will be made to the lastImmediateMembershipChange property for the group.
-groups.updateLastImmediateMembershipTime = false
-
-# If true, when an immediate, composite, or effective membership changes for a group (either a privilege or a list member),
-# then an update will be made to the lastMembershipChange property for the group.
-groups.updateLastMembershipTime = false
-
-# If true, when an immediate or effective membership changes for a stem (this would be a naming privilege),
-# then an update will be made to the lastMembershipChange property for the stem.
-stems.updateLastMembershipTime = false
-
-
-#####################################
-## Database structure data definition language (DDL) settings
-#####################################
-
-# Grouper DOES NOT WORK WITHOUT NESTED TRANSACTIONS! This config parameter doesnt exist
-#ddlutils.use.nestedTransactions = true
-
-# ddlutils db name will be set by default, you can override it here, it must be one of:
-# axion, cloudscape, db2, db2v8, derby, firebird, hsqldb, interbase, maxdb, mckoi,
-# mssql, mysql, mysql5, oracle, oracle10, oracle9, postgresql, sapdb, sybase, sybasease15,
-#
-#ddlutils.dbname.override = oracle10
-
-# if you want to not create the subject tables (grouper examples for unit testing),
-# then set this to true
-ddlutils.exclude.subject.tables = false
-
-# set the path where ddl scripts are generated (they will be uniquely named in this directory).
-# if blank, the directory used will be the current directory
-ddlutils.directory.for.scripts = ddlScripts
-
-# during schema export, should it install grouper data also or not. e.g. insert the root stem, default true
-ddlutils.schemaexport.installGrouperData = true
-
-# when grouper starts, should it shut down if not right version?
-ddlutils.failIfNotRightVersion = true
-
-# after you have converted id's, and are happy with the conversion of removing the uuid col,
-# this will remove the backup uuid cols when running the gsh command: gsh -registry -deep
-ddlutils.dropBackupUuidCols = false
-
-# after you have converted field id foreign keys, and are happy with the conversion of removing the attribute name,
-# membership list name, and type cols,
-# this will remove the backup field name/type cols when running the gsh command: gsh -registry -deep
-ddlutils.dropBackupFieldNameTypeCols = false
-
-# before the group name etc was moved to the grouper_groups table, the attributes table
-# was backed up. If it should not be backed up, or if the upgrade is done and works, then it can
-# be removed, set to true, run: gsh -registry -deep
-ddlutils.dropAttributeBackupTableFromGroupUpgrade = false
-
-# Since grouper_memberships no longer has effective memberships, that table doesn't need via_id,
-# depth and parent_membership. If they were converted, this will drop the backup of those cols with: gsh -registry -deep
-ddlutils.dropMembershipBackupColsFromOwnerViaUpgrade = false
-
-# After legacy attributes are converted, the backed up tables can be dropped with: gsh -registry -deep
-ddlutils.dropLegacyAttributes = false
-
-# this is the schema ddlutils uses to query metadata with jdbc. usually this can be omitted,
-# and it defaults to your database loginid, however, in postgres, it can be different, so enter here
-# in sql server, it might need to be: dbo
-#ddlutils.schema = public
-
-#if you are running a DB that supports them, but you dont want them, disable comments here (defaults to false)
-ddlutils.disableComments = false
-
-#set to true and we wont subsitute varchar 4000 for text in mysql (wont work in innodb utf-8 databases
-ddlutils.dontSubstituteVarchar4000forTextMysql = false
-
-#####################################
-## mail settings (optional, e.g. for daily report form loader)
-#####################################
-
-#smtp server is a domain name or dns name. set to "testing" if you want to log instead of send (e.g. for testing)
-#mail.smtp.server = whatever.school.edu
-
-#leave blank if unauthenticated
-#mail.smtp.user =
-
-#leave blank if unauthenticated
-#mail.smtp.pass =
-
-#leave blank or false for no ssl, true for ssl
-#mail.smtp.ssl =
-
-#leave blank for default (probably 25), if ssl is true, default is 465, else specify
-#mail.smtp.port =
-
-#this is the default email address where mail from grouper will come from
-#mail.from.address = noreply@school.edu
-
-#this is the subject prefix of emails, which will help differentiate prod vs test vs dev etc
-#mail.subject.prefix = TEST:
-
-#when running junit tests, this is the address that will be used
-#mail.test.address = a@b.c
-
-#####################################
-## misc settings which probably dont need to be changed
-#####################################
-
-dao.factory = edu.internet2.middleware.grouper.internal.dao.hib3.Hib3DAOFactory
-
-# if tables that are hibernated should have optimistic locking or not (assumes the data layer supports this, hibernate does)
-dao.optimisticLocking = true
-
-# set the API as readonly (e.g. during upgrades). Any updates will throw an exception
-grouper.api.readonly = false
-
-# When searching for memberships using the getMemberships WS (or underlying API call), limit the number of memberships
-# which can be returned, else throws exception. -1 means dont check.
-ws.getMemberships.maxResultSize = 30000
-
-# When searching for attribute assignments using the getAttributeAssignments WS (or underlying API call), limit the number of assignments
-# which can be returned, else throws exception. -1 means dont check.
-ws.findAttrAssignments.maxResultSize = 30000
-
-# When searching attribute def names, this is max size
-findAllAttributeDefNames.maxResultSize = 30000
-
-# create the type and attribuute for membership lite ui config by group
-membershipUpdateLiteTypeAutoCreate = false
-
-grouper.tableIndex.group.minIndex = 10000
-grouper.tableIndex.stem.minIndex = 10000
-grouper.tableIndex.attributeDef.minIndex = 10000
-grouper.tableIndex.attributeDefName.minIndex = 10000
-
-# verify that table indexes are set and the pointers are ok, incurs a bit of overhead to grouper startup
-grouper.tableIndex.verifyOnStartup = true
-
-# in different circumstances, retrieve a different number of IDs at once.
-# if it is a system where the JVM is starting and stopping (e.g. GSH), then
-# dont reserve that many at once
-grouper.tableIndex.reserveIdsGsh = 1
-grouper.tableIndex.reserveIdsDefault = 10
-grouper.tableIndex.reserveIdsLoader = 10
-grouper.tableIndex.reserveIdsWs = 10
-grouper.tableIndex.reserveIdsUi = 10
-
-# group who can assign id index cols (also, wheel or root is allowed)
-grouper.tableIndex.groupWhoCanAssignIdIndex = etc:canAssignIdIndex
-
-# number of bytes in DB that a non ascii char takes
-grouper.nonAsciiCharDbBytesLength = 3
-
-# cache size for jexl expressions
-jexl.cacheSize = 1024
-
-# when reading writing files from util classes, this is encoding (was ISO-8859-1)
-grouper.default.fileEncoding = UTF-8
-
-
-#####################################
-## testing settings
-#####################################
-
-# if the ldappc tests should be included when running all tests (default false)
-junit.test.ldappc = false
-
-# if the loader tests should be included when running all tests (default true)
-junit.test.loader = true
-
-# if the ddl tests should be included when running all tests (default true)
-junit.test.ddl = true
-
-# if the gsh tests should be included when running all tests (default false)
-junit.test.gsh = false
-
-# if the stress tests should be included when running all tests (default false)
-junit.test.stress = false
-
-# if the external subject tests should be included when running all tests, note you need the jabber attribute in the view (default false)
-junit.test.externalSubjects = false
-
-# if the group sync should be tested... note you need the demo server available to test this, or change some settings...
-junit.test.groupSync = false
-junit.test.groupSync.url = https://grouperdemo.internet2.edu/grouper-ws_v2_0_0/servicesRest
-junit.test.groupSync.user = remoteUser
-junit.test.groupSync.password = R:/pass/grouperDemoRemoteUser.pass
-#folder where the user can create/stem which the user can use to run tests
-junit.test.groupSync.folder = test2:whateverFolder
-#this is true unless testing to an older grouper which doesnt support this
-junit.test.groupSync.pushAddExternalSubjectIfNotExist = true
-junit.test.groupSync.createRemoteFolderIfNotExist = true
-junit.test.groupSync.remoteSourceId = grouperExternal
-junit.test.groupSync.remoteReadSubjectId = identifier
-junit.test.groupSync.remoteWriteSubjectId = identifier
-
-
-#####################################
-## attribute framework
-#####################################
-
-# root stem in grouper where built in attributes are put
-grouper.attribute.rootStem = etc:attribute
-
-# comma separated names of attribute defs will not be audited or change log or point in time
-grouper.attribute.namesOfAttributeDefsToIgnoreAuditsChangeLogPit.elConfig = ${edu.internet2.middleware.grouper.cfg.GrouperConfig.retrieveConfig().propertyValueStringRequired('grouper.attribute.rootStem')}:userData:grouperUserDataValueDef
-
-# if the attribute loader attributes, and other attributes should be autoconfigured (created, etc)
-grouper.attribute.loader.autoconfigure = true
-
-#####################################
-## centrally managed permissions
-#####################################
-
-# if the permissions limits should be readable and updatable by GrouperAll (set when created)...
-grouper.permissions.limits.builtin.createAs.public = true
-
-# if the permissions limits should be readable and updatable by GrouperAll (set when created)...
-grouper.permissions.limits.builtin.displayExtension.limitAmountLessThan = amount less than
-grouper.permissions.limits.builtin.displayExtension.limitAmountLessThanOrEqual = amount less than or equal to
-grouper.permissions.limits.builtin.displayExtension.limitExpression = Expression
-grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworkRealm = ipAddress on network realm
-grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworks = ipAddress on networks
-grouper.permissions.limits.builtin.displayExtension.limitLabelsContain = labels contains
-grouper.permissions.limits.builtin.displayExtension.limitWeekday9to5 = Weekday 9 to 5
-
-
-# el classes to add to the el context for a limitExpression. Comma-separated fully qualified classnames
-grouper.permissions.limits.el.classes =
-
-# permission limits linked to subclasses of edu.internet2.middleware.grouper.permissions.limits.PermissionLimitBase
-#grouper.permissions.limits.logic.someName.limitName =
-#grouper.permissions.limits.logic.someName.logicClass =
-
-# if you are doing ip address limits, you can put realms here
-# grouper.permissions.limits.realm.someName = 1.2.3.4/24, 2.3.4.5/16
-
-#####################################
-## External subjects
-#####################################
-
-#manages the description of a user automatically
-externalSubjects.desc.el = ${grouperUtil.appendPrefixIfStringNotBlank('[unverifiedInfo]', ' ', grouperUtil.appendIfNotBlankString(externalSubject.name, ' - ', externalSubject.institution))} [externalUserID] ${externalSubject.identifier}
-
-#search and sort strings added to member objects
-externalSubjects.searchAttribute0.el = ${subject.name},${subjectUtils.defaultIfBlank(subject.getAttributeValue("institution"), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValue("identifier"), "")},${subject.id},${subjectUtils.defaultIfBlank(subject.getAttributeValue("email"), "")}
-externalSubjects.sortAttribute0.el = ${subject.name}
-externalSubjects.sortAttribute1.el = ${subjectUtils.defaultIfBlank(subject.getAttributeValue("identifier"), "")}
-externalSubjects.sortAttribute2.el = ${subjectUtils.defaultIfBlank(subject.getAttributeValue("institution"), "")}
-
-# false if the description should be managed via EL (config above)
-externalSubjects.desc.manual = false
-
-# quartz cron where subjects are recalculated if necessary (empty means dont run), e.g. everyday at 3am
-externalSubjects.calc.fields.cron = 0 0 3 * * ?
-
-externalSubjects.name.required = true
-externalSubjects.email.required = false
-externalSubjects.email.enabled = true
-
-# these field names (uuid, institution, identifier, uuid, email, name) or attribute names
-# will be toLowered, and appended with comma separators. e.g. if you add attributes, add them here too
-externalSubjects.searchStringFields = name, institution, identifier, uuid, email
-
-externalSubjects.institution.required = false
-externalSubjects.institution.enabled = true
-
-# note, this must be only alphanumeric lower case or underscore
-# (valid db column name, subject attribute name)
-#externalSubjects.attributes.jabber.systemName = jabber
-#externalSubjects.attributes.jabber.required = false
-# comment on column in DB (no special characters allowed)
-#externalSubjects.attributes.jabber.comment = The jabber ID of the user
-
-# if wheel or root can edit external users
-externalSubjects.wheelOrRootCanEdit = true
-
-# group which is allowed to edit external users
-externalSubjects.groupAllowedForEdit =
-
-# if the view on the external subjects should be created.
-# turn this off if it doesnt compile, othrewise should be fine
-externalSubjects.createView = true
-
-#name of external subject source, defaults to grouperExternal
-externalSubject.sourceId = grouperExternal
-externalSubject.sourceName = External Users
-
-# grouper can auto create a jdbc2 source for the external subjects
-externalSubjects.autoCreateSource = true
-
-# put in fully qualified classes to add to the EL context. Note that they need a default constructor
-# comma separated. The alias will be the simple class name without a first cap.
-# e.g. if the class is test.Test the alias is "test"
-externalSubjects.customElClasses =
-
-# change these to affect the storage where external subjects live (e.g. to store in ldap),
-# must implement each respective storable interface
-externalSubjects.storage.ExternalSubjectStorable.class = edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectDbStorage
-externalSubjects.storage.ExternalSubjectAttributeStorable.class = edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectAttributeDbStorage
-
-# you can use the variables $newline$, $inviteLink$. Note, you need to change this default message...
-externalSubjectsInviteDefaultEmail = Hello,$newline$$newline$This is an invitation to register at our site to be able to access our applications. This invitation expires in 7 days. Click on the link below and sign in with your InCommon credentials. If you do not have InCommon credentials you can register at a site like protectnetwork.org and use those credentials.$newline$$newline$$inviteLink$$newline$$newline$Regards.
-# default subject for email
-externalSubjectsInviteDefaultEmailSubject = Register to access applications
-
-# you can use the variables $newline$, $inviteeIdentifier$, $inviteeEmailAddress$. Note, you need to change this default message...
-externalSubjectsNotifyInviterEmail = Hello,$newline$$newline$This is a notification that user $inviteeIdentifier$ from email address $inviteeEmailAddress$ has registered with the identity management service. They can now use applications at this institution.$newline$$newline$Regards.
-externalSubjectsNotifyInviterSubject = $inviteeIdentifier$ has registered
-
-# numner of days after which this request will expire. If -1, then will not expire
-externalSubjectsInviteExpireAfterDays = 7
-
-#put some group names comma separated for groups to auto add subjects to
-externalSubjects.autoaddGroups=
-#should be insert, or update, or insert,update
-externalSubjects.autoaddGroupActions=insert,update
-#if a number is here, expire the group assignment after a certain number of days
-externalSubjects.autoaddGroupExpireAfterDays=
-
-# add multiple group assignment actions by URL param: externalSubjectInviteName
-#externalSubjects.autoadd.testingLibrary.externalSubjectInviteName=library
-
-# comma separated groups to add for this type of invite
-#externalSubjects.autoadd.testingLibrary.groups=
-
-# should be insert, update, or insert,update
-#externalSubjects.autoadd.testingLibrary.actions=insert,update
-
-# should be insert, update, or insert,update
-#externalSubjects.autoadd.testingLibrary.expireAfterDays=
-
-#if registrations are only allowed if invited or existing...
-externalSubjects.registerRequiresInvite=true
-
-#make sure the identifier when logging in is like an email address or eppn, e.g. username@school.edu
-externalSubjects.validateIndentiferLikeEmail=true
-
-#put regexes here, increment the 0 for multiple entries, e.g. restrict your own institution
-#note, the extensions must be sequential (dont skip), regex e.g. ^.*@myschool\\.edu$
-externalSubjects.regexForInvalidIdentifier.0=
-
-#####################################
-## org management
-#####################################
-
-# if the orgs table(s) should be included in the DDL (includes the hierarchical table
-orgs.includePocOrgsTablesInDdl = false
-
-# loader connection of the database where orgs are (grouper means the grouper db in grouper.hibernate.properties)
-orgs.databaseName = grouper
-
-#table name of the org table (can prefix by schema name if you like)
-orgs.orgTableName = grouperorgs_poc_orgs
-
-#column names of this table
-orgs.orgIdCol = id
-orgs.orgNameCol = org_name
-orgs.orgDisplayNameCol = org_display_name
-orgs.orgParentIdCol = parent_id
-
-#stem where the orgs are, e.g. poc:orgs
-orgs.parentStemName = poc:orgs
-
-#org config name
-orgs.configGroupName = poc:orgs:orgsConfig
-
-######################################
-## Grouper client connections
-## if this grouper needs to talk to another grouper, this is the client connection information
-######################################
-
-
-# id of the source, should match the part in the property name
-#grouperClient.someOtherSchool.id = someOtherSchool
-
-# url of web service, should include everything up to the first resource to access
-# e.g. https://groups.school.edu/grouperWs/servicesRest
-#grouperClient.someOtherSchool.properties.grouperClient.webService.url = https://some.other.school.edu/grouperWs/servicesRest
-
-# login ID
-#grouperClient.someOtherSchool.properties.grouperClient.webService.login = someRemoteLogin
-
-# password for shared secret authentication to web service
-# or you can put a filename with an encrypted password
-#grouperClient.someOtherSchool.properties.grouperClient.webService.password = *********
-
-# client version should match or be related to the server on the other end...
-#grouperClient.someOtherSchool.properties.grouperClient.webService.client.version = v2_0_000
-
-# this is the subject to act as local, if blank, act as GrouperSystem, specify with SubjectFinder packed string, e.g.
-# subjectIdOrIdentifier or sourceId::::subjectId or ::::subjectId or sourceId::::::subjectIdentifier or ::::::subjectIdentifier
-# sourceId::::::::subjectIdOrIdentifier or ::::::::subjectIdOrIdentifier
-#grouperClient.someOtherSchool.localActAsSubject =
-
-# the id of this source, generally the same as the name in the property name. This is mandatory
-#grouperClient.someOtherSchool.source.jdbc.id = jdbc
-
-# the part between "grouperClient.someOtherSchool.source." and ".id" links up the configs,
-# in this case, "jdbc", make sure it has no special chars. sourceId can be blank if you dont want to specify
-#grouperClient.someOtherSchool.source.jdbc.local.sourceId = jdbc
-
-# this is the identifier that goes between them, it is "id" or an attribute name. subjects without this attribute will not be processed
-#grouperClient.someOtherSchool.source.jdbc.local.read.subjectId = identifier
-
-# this is the identifier to lookup to add a subject, should be "id" or "identifier" or "idOrIdentifier"
-#grouperClient.someOtherSchool.source.jdbc.local.write.subjectId = identifier
-
-# sourceId of the remote system, can be blank
-#grouperClient.someOtherSchool.source.jdbc.remote.sourceId = jdbc
-
-# this is the identifier that goes between them, it is "id" or an attribute name. subjects without this attribute will not be processed
-#grouperClient.someOtherSchool.source.jdbc.remote.read.subjectId =
-
-# this is the identifier to lookup to add a subject, should be "id" or "identifier" or "idOrIdentifier"
-#grouperClient.someOtherSchool.source.jdbc.remote.write.subjectId =
-
-
-
-
-######################################
-## Sync to/from another grouper
-## Only sync one group to one other group, do not sync one group to
-## two report groupers. If you need to do this, add the group to another group
-######################################
-
-# we need to know where our
-# connection name in grouper client connections above
-#syncAnotherGrouper.testGroup0.connectionName = someOtherSchool
-
-# incremental or push or pull or incremental_push. Note, incremental push is cron'ed and incremental (to make sure no discrepancies arise)
-#syncAnotherGrouper.testGroup0.syncType = incremental_push
-
-# quartz cron to schedule the pull or push (incremental is automatic as events happen) (e.g. 5am daily)
-#syncAnotherGrouper.testGroup0.cron = 0 0 5 * * ?
-
-# local group which is being synced
-#syncAnotherGrouper.testGroup0.local.groupName = test:testGroup
-
-# remote group at another grouper which is being synced
-#syncAnotherGrouper.testGroup0.remote.groupName = test2:testGroup2
-
-# if subjects are external and should be created if not exist
-#syncAnotherGrouper.testGroup0.addExternalSubjectIfNotFound = true
-
-
-
-###################################
-## user data settings
-###################################
-
-# amount of time to cache groups in use
-grouperUserData.group.cache.seconds = 120
-
-
-######################################
-## Legacy attributes
-######################################
-legacyAttribute.baseStem=etc:legacy:attribute
-legacyAttribute.groupTypeDef.prefix=legacyGroupTypeDef_
-legacyAttribute.attributeDef.prefix=legacyAttributeDef_
-legacyAttribute.customListDef.prefix=legacyCustomListDef_
-legacyAttribute.groupType.prefix=legacyGroupType_
-legacyAttribute.attribute.prefix=legacyAttribute_
-legacyAttribute.customList.prefix=legacyCustomList_
-legacyAttributeMigration.useThreads = true
-legacyAttributeMigration.threadPoolSize = 20
-
-
-######################################
-## Point in time audit
-######################################
-pit.sync.useThreads = true
-pit.sync.threadPoolSize = 20
-
-
-######################################
-## Stem sets
-######################################
-stemSet.sync.useThreads = true
-stemSet.sync.threadPoolSize = 20
-
-
-######################################
-## Group sets
-######################################
-groupSet.sync.useThreads = true
-groupSet.sync.threadPoolSize = 20
-
-########################
-## LDAPProvisioningHook
-########################
-#LDAPProvisioningHook.exclude.regex.0=.*_excludes$
-#LDAPProvisioningHook.exclude.regex.1=.*_includes$
-#LDAPProvisioningHook.exclude.regex.2=.*_systemOfRecord$
-#LDAPProvisioningHook.exclude.regex.3=.*_systemOfRecordAndIncludes$
-
-#########################################
-## Unresolvable Subject Deletion Utility
-#########################################
-
-# Don't do anything if more than this number of unresolvable subjects are found
-usdu.failsafe.maxUnresolvableSubjects = 200
-
-
-################# DIAGNOSTICS ##################
-# In UI and WS
-
-#if ignore tests. Note, in job names, invalid chars need to be replaced with underscore (e.g. colon)
-#anything in this regex: [^a-zA-Z0-9._-]
-ws.diagnostic.ignore.memoryTest = false
-ws.diagnostic.ignore.dbTest_grouper = false
-ws.diagnostic.ignore.source_jdbc = false
-ws.diagnostic.ignore.loader_CHANGE_LOG_changeLogTempToChangeLog = false
-
-#this is 52 hours... 48 for 2 days, and 4 more for the job to run. So if the warehouse is down for updates,
-#then the daily job will not give an error
-ws.diagnostic.defaultMinutesSinceLastSuccess = 3120
-
-#change log can only for 30 minutes of failing before diagnostics fails
-ws.diagnostic.defaultMinutesChangeLog = 30
-
-#number of minute that can go by without a success before an error is thrown
-ws.diagnostic.minutesSinceLastSuccess.loader_SQL_GROUP_LIST__aStem_aGroup2 = 60
-
-#list groups which should check the size, in this case, "employee" or "students" in the key name is a variable
-#ws.diagnostic.checkGroupSize.employees.groupName = community:employees
-#ws.diagnostic.checkGroupSize.employees.minSize = 28000
-
-#ws.diagnostic.checkGroupSize.students.groupName = community:students
-#ws.diagnostic.checkGroupSize.students.minSize = 18000
-
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/grouper.client.base.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.client.base.properties b/modules/group-manager/src/main/resources/grouper.client.base.properties
deleted file mode 100755
index cf78604..0000000
--- a/modules/group-manager/src/main/resources/grouper.client.base.properties
+++ /dev/null
@@ -1,552 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Grouper client configuration
-# $Id: grouper.client.base.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
-#
-
-# The grouper client uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper.client.base.properties
-# (which should not be edited), and the grouper.client.properties overlays
-# the base settings. See the grouper.client.base.properties for the possible
-# settings that can be applied to the grouper.client.properties
-
-########################################
-## LDAP connection settings
-########################################
-
-# url of directory, including the base DN (distinguished name)
-# e.g. ldap://server.school.edu/dc=school,dc=edu
-# e.g. ldaps://server.school.edu/dc=school,dc=edu
-grouperClient.ldap.url =
-
-# kerberos principal used to connect to ldap
-grouperClient.ldap.login =
-
-# password for shared secret authentication to ldap
-# or you can put a filename with an encrypted password
-grouperClient.ldap.password =
-
-########################################
-## Web service Connection settings
-########################################
-
-# url of web service, should include everything up to the first resource to access
-# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
-# e.g. https://groups.school.edu/grouper-ws/servicesRest
-grouperClient.webService.url =
-
-# kerberos principal used to connect to web service
-grouperClient.webService.login =
-
-# password for shared secret authentication to web service
-# or you can put a filename with an encrypted password
-grouperClient.webService.password =
-
-########################################
-## Config chaining hierarchy
-########################################
-
-# comma separated config files that override each other (files on the right override the left)
-# each should start with file: or classpath:
-# e.g. classpath:grouper.client.example.properties, file:c:/something/myconfig.properties
-grouperClient.config.hierarchy = classpath:grouper.client.base.properties, classpath:grouper.client.properties
-
-# seconds between checking to see if the config files are updated
-grouperClient.config.secondsBetweenUpdateChecks = 60
-
-########################################
-## Misc settings
-########################################
-
-# path of a writable directory where files can be created or stored
-# for example, cache of discovery configuration, or failover state
-# dot is the current directory... note, this directory must exist
-# or it will be created (attempted)
-# if this is blank, none of these features will be used, and
-# no files will be saved
-grouperClient.cacheDirectory = .
-
-########################################
-## Encrypted password settings
-########################################
-
-# Put a random alphanumeric string (Case sensitive) for the password encryption. e.g. fh43IRJ4Nf5
-# or put a filename where the random alphanumeric string is.
-# e.g. c:/whatever/key.txt
-# e.g. sdfklj24lkj34lk34
-encrypt.key =
-
-# set this to true if you have slashes in your passwords and dont want to look in external files or unencrypt
-encrypt.disableExternalFileLookup = false
-
-# pre grouper 2.0, the client encrypted passwords differently than the server. Now that the client is part of the server,
-# there are more reasons to be consistent. Change to false for pre-2.0 password encryption behavior
-encrypt.encryptLikeServer = true
-
-########################################
-## Logging
-########################################
-
-# For java.util.logging, only for the grouperClient package (not below)
-# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING
-grouperClient.logging.grouperClientOnly.logLevel = WARNING
-
-# If you are not using log4j (will use java.util.logging, you can turn logging on which will go to stderr
-# (if no file specified below). This is default log level
-# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING
-grouperClient.logging.logLevel = WARNING
-
-# If you dont want the logging to go to stderr, then put a log file location here: e.g. f:/temp/grouperClient.log
-grouperClient.logging.logFile =
-
-# if you want ws requests and responses being logged to files, put the directory here.
-# The grouper client will create subdirs
-grouperClient.logging.webService.documentDir =
-
-# try to indent the xml. If this fails for some reason, or you want the raw xml,
-# set to false
-grouperClient.logging.webService.indent = true
-
-# if the masked password should be logged (if false, dont log anything about password)
-# the masked password will show how many chars the password is (helpful for diagnosing
-# password encryption issues)
-grouperClient.logging.logMaskedPassword = false
-
-########################################
-## Service discovery settings
-########################################
-
-# number of minutes to remember that a connection had errors
-grouperClient.minutesToKeepErrors = 2
-
-# if you are using a discovery service, but a discovery properties
-# at a URL (preferably SSL with valid certificate)
-# you should have multiple discovery URLs hosted at independent locations
-# to add more, increment the integer
-grouperClient.urlOfDiscovery.0 =
-grouperClient.urlOfDiscovery.1 =
-
-# if your app has a slow startup time, and the initial connections are timing out
-# esp if you arent just using the command line client (e.g. if using it as a jar),
-# then add more time here
-grouperClient.secondsForClassesToLoad = 20
-
-# this will save the failover state to a file so if the JVM is stopped, it
-# will be there when it starts again.
-# Set to 0 to store on every use (recommended if used command line)
-# or set to -1 to not store or read ever
-# grouperClient.cacheDirectory must be set
-grouperClient.saveFailoverStateEverySeconds = 60
-
-# if the failover client should use threads. If it doesnt then you cant detect timeouts
-grouperClient.failoverClientUseThreads = true
-
-# this will cache the discovery properties in memory or on disk
-# if you want to cache the discovery properties locally, put a directory here:
-# this is recommended especially if you are using the grouper client as a command
-# line application and the process is constantly restarting
-# note, this will be used for a failsafe cache if all discovery servers are unavailable
-# grouperClient.cacheDirectory must be set
-# set to 0 or -1 to not cache
-grouperClient.cacheDiscoveryPropertiesForSeconds = 120
-
-# this is the path in the discovery server there the grouper.client.discovery.properties is
-grouperClient.discoveryGrouperClientPropertiesDirectory =
-
-####
-## Below here are default values and override values for the discovery
-## properties at your institution. Note: if the override keys are there
-## with no value then it will blank out the discovery service value
-####
-
-# default urls of directory, including the base DN (distinguished name)
-# add more properties and increment the integer (.1, .2, etc)
-# e.g. ldap://server.school.edu/dc=school,dc=edu
-# e.g. ldaps://server.school.edu/dc=school,dc=edu
-grouperClient.discoveryDefault.ldap.0.url =
-#grouperClient.discoveryOverride.ldap.0.url =
-
-# default active/active or active/standby
-# active/active will pick a server randomly,
-# and will stick with it for as long as the affinity is set
-# active/standby will always use the first connection
-# if no errors, then try the second one etc.
-# if a connection has more errors and has a higher priority,
-# then it will not be tried again until the
-# takeConnectionOutOfPoolOnErrorForSeconds timeout
-# passes
-grouperClient.discoveryDefault.ldap.loadBalancing = active/active
-#grouperClient.discoveryOverride.ldap.loadBalancing = active/active
-
-# if we are active/active, then the same connection will
-# be used for a certain number of seconds. If this is -1, then
-# always keep the same server (unless errors)
-grouperClient.discoveryDefault.ldap.affinitySeconds = 28800
-#grouperClient.discoveryOverride.ldap.affinitySeconds = 28800
-
-# if a connection has more errors than another, it will not be
-# used until this error timeout passes (unless the other is throwing errors
-# too)
-grouperClient.discoveryDefault.ldap.lowerConnectionPriorityOnErrorForMinutes = 3
-#grouperClient.discoveryOverride.ldap.lowerConnectionPriorityOnErrorForMinutes = 3
-
-# when a connection is attempted, this is the timeout that it will use before trying
-# another connection
-grouperClient.discoveryDefault.ldap.timeoutSeconds = 30
-#grouperClient.discoveryOverride.ldap.timeoutSeconds = 30
-
-# after all connections have been attempted, it will wait for this long
-# to see if any finish
-grouperClient.discoveryDefault.ldap.extraTimeoutSeconds = 15
-#grouperClient.discoveryOverride.ldap.extraTimeoutSeconds = 15
-
-# urls of web service, should include everything up to the first resource to access
-# this is for read or write operations
-# add more properties and increment the integer (.1, .2, etc)
-# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
-# e.g. https://groups.school.edu/grouper-ws/servicesRest
-grouperClient.discoveryDefault.webService.readWrite.0.url =
-#grouperClient.discoveryOverride.webService.readWrite.0.url =
-
-# url of web service, should include everything up to the first resource to access
-# this is for only read operations
-# add more properties and increment the integer (.1, .2, etc)
-# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
-# e.g. https://groups.school.edu/grouper-ws/servicesRest
-grouperClient.discoveryDefault.webService.readOnly.0.url =
-#grouperClient.discoveryOverride.webService.readOnly.0.url =
-
-# active/active or active/standby
-# active/active will pick a server randomly,
-# and will stick with it for as long as the affinity is set
-# active/standby will always use the first connection
-# if no errors, then try the second one etc.
-# if a connection has more errors and has a higher priority,
-# then it will not be tried again until the
-# takeConnectionOutOfPoolOnErrorForSeconds timeout
-# passes
-grouperClient.discoveryDefault.webService.loadBalancing = active/active
-#grouperClient.discoveryOverride.webService.loadBalancing = active/active
-
-# if you want to always try read/write before readOnly (i.e. if you are
-# worried about if you make a write and read right after each other)
-grouperClient.discoveryDefault.webService.preferReadWrite = true
-#grouperClient.discoveryOverride.webService.preferReadWrite = true
-
-# if we are active/active, then the same connection will
-# be used for a certain number of seconds. If this is -1, then
-# always keep the same server (unless errors)
-grouperClient.discoveryDefault.webService.affinitySeconds = 28800
-#grouperClient.discoveryOverride.webService.affinitySeconds = 28800
-
-# if a connection has more errors than another, it will not be
-# used until this error timeout passes (unless the other is throwing errors
-# too)
-grouperClient.discoveryDefault.webService.lowerConnectionPriorityOnErrorForMinutes = 3
-#grouperClient.discoveryOverride.webService.lowerConnectionPriorityOnErrorForMinutes = 3
-
-# when a connection is attempted, this is the timeout that it will use before trying
-# another connection
-grouperClient.discoveryDefault.webService.timeoutSeconds = 60
-#grouperClient.discoveryOverride.webService.timeoutSeconds = 60
-
-# after all connections have been attempted, it will wait for this long
-# to see if any finish
-grouperClient.discoveryDefault.webService.extraTimeoutSeconds = 30
-#grouperClient.discoveryOverride.webService.extraTimeoutSeconds = 30
-
-
-
-####################################################################################
-####################################################################################
-#### Institutional and advanced settings
-####################################################################################
-####################################################################################
-
-#######################################
-## output templates
-#######################################
-
-webService.addMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$
-webService.getMembers.output = GroupIndex ${groupIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: group: ${wsGroup.name}: subjectIndex: ${subjectIndex}: ${wsSubject.id}$newline$
-webService.deleteMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$
-webService.hasMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}: ${hasMember}$newline$
-webService.getGroups.output = SubjectIndex ${subjectIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: subject: ${wsSubject.id}: groupIndex: ${groupIndex}: ${wsGroup.name}$newline$
-webService.groupSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$
-webService.stemSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$
-webService.groupDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$
-webService.stemDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$
-webService.getGrouperPrivilegesLite.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsGrouperPrivilegeResult.privilegeType}: ${wsGrouperPrivilegeResult.privilegeName}$newline$
-webService.assignGrouperPrivileges.output = Index: ${index}, success: ${resultMetadata.success}, code: ${resultMetadata.resultCode}, ${objectType}: ${objectName}, subject: ${wsSubject.id}, ${wsAssignGrouperPrivilegesResult.privilegeType}: ${wsAssignGrouperPrivilegesResult.privilegeName}$newline$
-webService.assignGrouperPrivilegesLite.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsAssignGrouperPrivilegesLiteResult.privilegeType}: ${wsAssignGrouperPrivilegesLiteResult.privilegeName}$newline$
-webService.findGroups.output = Index ${index}: name: ${wsGroup.name}, displayName: ${wsGroup.displayName}$newline$
-webService.findStems.output = Index ${index}: name: ${wsStem.name}, displayName: ${wsStem.displayName}$newline$
-webService.memberChangeSubject.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: oldSubject: ${wsSubjectOld.id}, newSubject: ${wsSubjectNew.id}$newline$
-webService.getMemberships.output = Index: ${index}: ${type}: ${ownerName}, subject: ${wsSubject.id}, list: ${wsMembership.listName}, type: ${wsMembership.membershipType}, enabled: ${wsMembership.enabled}$newline$
-webService.getSubjects.output = Index: ${index}: success: ${success}, code: ${wsSubject.resultCode}, subject: ${wsSubject.id}$newline$
-webService.getAttributeAssignments.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}$newline$
-webService.getAttributeAssignActions.output = Index: ${index}: nameOfAttributeDef: ${wsAttributeAssignActionTuple.nameOfAttributeDef}, action: ${wsAttributeAssignActionTuple.action}$newline$
-webService.assignAttributes.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeResult.changed}, deleted: ${wsAssignAttributeResult.deleted}, valuesChanged: ${wsAssignAttributeResult.valuesChanged}$newline$
-webService.assignAttributesBatch.output = Index: ${assignIndex}, itemIndex: ${assignItemIndex}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeBatchResult.changed}, deleted: ${wsAssignAttributeBatchResult.deleted}, valuesChanged: ${wsAssignAttributeBatchResult.valuesChanged}$newline$
-webService.getPermissionAssignments.output = Index: ${index}: permissionType: ${wsPermissionAssign.permissionType}, role: ${wsPermissionAssign.roleName}, subject: ${wsPermissionAssign.sourceId} - ${wsPermissionAssign.subjectId}, attributeDefNameName: ${wsPermissionAssign.attributeDefNameName}, action: ${wsPermissionAssign.action}, allowedOverall: ${wsPermissionAssign.allowedOverall}, enabled: ${wsPermissionAssign.enabled}$newline$
-webService.assignPermissions.output = Index: ${index}: permissionType: ${permissionType}, owner: ${ownerName}, permissionDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, disallowed: ${wsAttributeAssign.disallowed}, enabled: ${wsAttributeAssign.enabled}, attributeAssignId: ${wsAttributeAssign.id}, changed: ${wsAssignPermissionResult.changed}, deleted: ${wsAssignPermissionResult.deleted}$newline$
-webService.assignAttributeDefNameInheritance.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}, message: ${resultMetadata.resultMessage}$newline$
-webService.attributeDefNameSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$
-webService.attributeDefNameDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$
-webService.findAttributeDefNames.output = Index ${index}: name: ${wsAttributeDefName.name}, displayName: ${wsAttributeDefName.displayName}$newline$
-webService.assignAttributeDefActions.output=Index ${index}: nameOfAttributeDef: ${nameOfAttributeDef}, action: ${actionWithOperation.action}, status: ${actionWithOperation.status}$newline$
-
-#######################################
-## ldap queries
-#######################################
-
-# operation name
-ldapSearchAttribute.operationName.0 = pennnameToPennid
-ldapSearchAttribute.ldapName.0 = ou=pennnames
-ldapSearchAttribute.matchingAttributes.0 = pennname
-ldapSearchAttribute.matchingAttributeLabels.0 = pennnameToDecode
-ldapSearchAttribute.returningAttributes.0 = pennid
-ldapSearchAttribute.outputTemplate.0 = pennid: ${pennid}
-ldapSearchAttribute.resultType.0 = STRING
-
-ldapSearchAttribute.operationName.1 = pennidToPennname
-ldapSearchAttribute.ldapName.1 = ou=pennnames
-ldapSearchAttribute.matchingAttributes.1 = pennid
-ldapSearchAttribute.matchingAttributeLabels.1 = pennidToDecode
-ldapSearchAttribute.returningAttributes.1 = pennname
-ldapSearchAttribute.outputTemplate.1 = pennname: ${pennname}
-ldapSearchAttribute.resultType.1 = STRING
-
-ldapSearchAttribute.operationName.2 = hasMemberLdap
-ldapSearchAttribute.ldapName.2 = ou=groups
-ldapSearchAttribute.matchingAttributes.2 = cn, hasMember
-ldapSearchAttribute.matchingAttributeLabels.2 = groupName, pennnameToCheck
-ldapSearchAttribute.returningAttributes.2 = cn
-ldapSearchAttribute.outputTemplate.2 = hasMember: ${resultBoolean}
-ldapSearchAttribute.resultType.2 = BOOLEAN
-
-ldapSearchAttribute.operationName.3 = getMembersLdap
-ldapSearchAttribute.ldapName.3 = ou=groups
-ldapSearchAttribute.matchingAttributes.3 = cn
-ldapSearchAttribute.matchingAttributeLabels.3 = groupName
-ldapSearchAttribute.returningAttributes.3 = hasMember
-ldapSearchAttribute.outputTemplate.3 = ${resultString}$newline$
-ldapSearchAttribute.resultType.3 = STRING_LIST
-
-########################################
-## Custom operations
-## Implement the interface ClientOperation, put it in the jar
-## Increment the int index for multiples (must be in order)
-########################################
-
-#customOperation.name.0 = cosignLikeWebsec
-#customOperation.class.0 = edu.upenn.isc.grouperClient.CosignLikeWebsecOperation
-
-
-########################################
-## Authentication settings
-########################################
-
-# user prefix
-grouperClient.ldap.user.prefix = uid=
-
-# user suffix
-grouperClient.ldap.user.suffix = ,ou=entities,dc=upenn,dc=edu
-
-# config name for the ldap user name between prefix and suffix
-grouperClient.ldap.user.label = login
-
-# config name for the webService user name between prefix and suffix
-grouperClient.webService.user.label = login
-
-########################################
-## Web service settings
-########################################
-
-# web service client version
-grouperClient.webService.client.version = v2_2_000
-
-# socket timeout
-grouperClient.webService.httpSocketTimeoutMillis = 90000
-
-# connection manager timeout
-grouperClient.webService.httpConnectionManagerTimeoutMillis = 90000
-
-# ignore extraneous xml fields from server (e.g. on server upgrade, when the client isnt upgraded)
-# if you dont ignore, and there is an extraneous field which is not omitted (below), then an exception
-# will be thrown
-grouperClient.webService.ignoreExtraneousXmlFields = true
-
-# register fields to be ignored with xstream. this is useful if you are not
-# ignoring extraneous fields (above), but know that there are a few to be ignored
-# place them here with fully qualified classname dont property name, comma separated
-# e.g. edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis, edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis2
-grouper.webService.omitXmlProperties =
-
-########################################
-## Misc
-########################################
-
-# if there are extra command line args, should we fail or just log?
-grouperClient.failOnExtraCommandLineArgs = true
-
-# you can have aliases for subjectId and subjectIdentifer in command line args
-# (though subjectId will still be allowed, but you cant pass both)
-# if this value is pennIds, then e.g. for addMemberWs, you can use --pennIds=123,234
-# instead of --subjectIds=123,345
-grouperClient.alias.subjectIds =
-
-# if this value is pennKeys, then e.g. for addMemberWs, you can use --pennKeys=abc,bcd
-# instead of --subjectIdentifiers=abc,bcd
-grouperClient.alias.subjectIdentifiers =
-
-# if this value is pennId, then e.g. for getGrouperPrivilegesLite, you can use --pennId=123
-# instead of --subjectId=123
-grouperClient.alias.subjectId =
-
-# if this value is pennKey, then e.g. for getGrouperPrivilegesLite, you can use --pennKey=abc
-# instead of --subjectIdentifiers=abc
-grouperClient.alias.subjectIdentifier =
-
-# if this value is PennId, then e.g. for addMemberWs, you can use --actAsPennId=123
-# instead of --actAsSubjectId=abc,bcd
-grouperClient.alias.SubjectId =
-
-# if this value is PennKey, then e.g. for addMemberWs, you can use --actAsPennKey=abc
-# instead of --actAsSubjectIdentifier=abc
-grouperClient.alias.SubjectIdentifier =
-
-# the encoding used to read config files
-grouperClient.config.encoding = UTF-8
-
-# this should probably be changed to UTF-8 for international charsets... for US it can be: ISO-8859-1
-grouperClient.default.fileEncoding = UTF-8
-
-# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.EasySslSocketFactory
-grouperClient.https.customSocketFactory =
-
-# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.BlindSslSocketFactory
-grouperClient.ldaps.customSocketFactory =
-
-
-##############################
-## Kuali Identity settings
-##############################
-
-kuali.identity.source.0 = jdbc
-kuali.identity.nameAttribute.0 = name
-kuali.identity.identifierAttribute.0 = loginid
-
-# separate a sourceId from a subjectId or sourceId
-kuali.identity.sourceSeparator = ::::
-
-
-########################################
-## JDBC settings
-########################################
-
-# default database connection name
-grouperClient.jdbc.defaultName = default
-
-# the part between jdbc. and the last . is the name of the connection, in this case "default"
-# e.g. mysql: com.mysql.jdbc.Driver
-# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver
-# for p6spy, put the underlying driver in spy.properties
-# e.g. oracle: oracle.jdbc.driver.OracleDriver
-# e.g. hsqldb: org.hsqldb.jdbcDriver
-# e.g. postgres: org.postgresql.Driver
-# e.g. mssql: com.microsoft.sqlserver.jdbc.SQLServerDriver
-grouperClient.jdbc.default.driver = oracle.jdbc.driver.OracleDriver
-
-# e.g. mysql: jdbc:mysql://localhost:3306/grouper
-# e.g. p6spy (log sql): [use the URL that your DB requires]
-# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid
-# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true
-# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper
-# e.g. postgres: jdbc:postgresql://localhost:5432/database
-# e.g. mssql: jdbc:sqlserver://localhost:3280
-grouperClient.jdbc.default.url = jdbc:oracle:thin:@server.school.edu:1521:sid
-grouperClient.jdbc.default.user = some_schema
-grouperClient.jdbc.default.pass = abc123
-
-
-
-################################
-## AWS settings
-################################
-
-# sqs settings
-grouperClient.awsAccessKey = ABC123
-grouperClient.awsSecretKey = xyz789
-grouperClient.awsSqsQueueUrl = https://sqs.region.amazonaws.com/1234/queue_name
-
-
-################################
-## ESB settings
-################################
-
-## if you want to encrypt messages, set this to an implementation of edu.internet2.middleware.grouperClient.encryption.GcEncryptionInterface
-esb.consumer.encryptionImplementation = edu.internet2.middleware.grouperClient.encryption.GcSymmetricEncryptAesCbcPkcs5Padding
-## this is a key or could be encrypted in a file as well like other passwords
-## generate a key with: java -cp grouperClient.jar edu.internet2.middleware.grouperClient.encryption.GcGenerateKey
-## number these if there are multiple
-#esb.consumer.encryptionKey.0 = abc123
-
-
-################################
-## XMPP client settings
-## Note: you need the smack.jar in your classpath, see the grouper xmpp wiki for usage
-## https://spaces.internet2.edu/display/Grouper/Grouper+XMPP+notifications+v1.6.0
-################################
-
-
-## general xmpp configuration
-grouperClient.xmpp.server.host = jabber.school.edu
-grouperClient.xmpp.server.port = 5222
-grouperClient.xmpp.user = username
-# note, pass can be in an external file with morphstring
-grouperClient.xmpp.pass =
-grouperClient.xmpp.resource = grouperClient
-# note, you need the exact id and resource here or it wont match
-grouperClient.xmpp.trustedMessagesFromJabberIds = user@school.edu/resource, user2@school.edu/resource2
-
-# if true, then each quartz trigger name will be unique
-# do this for atlassian since it doesnt do quartz right, and wont delete or reuse old triggers
-grouperClient.xmpp.uniqueQuartzTriggerNames = false
-
-# if true, send this to smack, if we should debug. not sure if it does anything
-grouperClient.xmpp.debuggerEnabled = false
-
-grouperClient.xmpp.job.myJobName.groupNames = test:xmppGroups:test1
-grouperClient.xmpp.job.myJobName.allowIncrementalNotInGroupNamesList = false
-grouperClient.xmpp.job.myJobName.handlerClass = edu.internet2.middleware.grouperClientExt.xmpp.GrouperClientXmppFileHandler
-# set this to reload_group or incremental if not reload on each event
-grouperClient.xmpp.job.myJobName.eventAction = incremental
-# how often a full refresh should occur regardless of events
-grouperClient.xmpp.job.myJobName.fullRefreshQuartzCronString = 0 0 5 * * ?
-grouperClient.xmpp.job.myJobName.fileHandler.targetFile = c:/temp/targetFile.txt
-grouperClient.xmpp.job.myJobName.fileHandler.filePrefix = c:/temp/filePrefix.txt
-grouperClient.xmpp.job.myJobName.fileHandler.iteratorEl = ${subject.attribute['pennname']}$space$
-grouperClient.xmpp.job.myJobName.fileHandler.fileSuffix = c:/temp/fileSuffix.txt
-grouperClient.xmpp.job.myJobName.subjectAttributeNames = pennname
-# subjects wont notify in not in these sources, comma separated, or blank for all
-grouperClient.xmpp.job.myJobName.requireSources = pennperson
-# subjects wont notify if they dont have a non blank value for these attributes, or blank for all
-grouperClient.xmpp.job.myJobName.requireAttributes = pennname
-
-
[7/7] airavata git commit: WIP
Posted by sc...@apache.org.
WIP
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/d8eaa415
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/d8eaa415
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/d8eaa415
Branch: refs/heads/airavata-gov-registry
Commit: d8eaa415170732043b3278416488781d123ff1f2
Parents: d5f0b77
Author: scnakandala <su...@gmail.com>
Authored: Fri Oct 7 13:25:28 2016 -0400
Committer: scnakandala <su...@gmail.com>
Committed: Fri Oct 7 13:25:28 2016 -0400
----------------------------------------------------------------------
dev-tools/ansible/group_vars/all.yml | 5 +-
.../templates/airavata-server.properties.j2 | 13 +
.../templates/airavata-server.properties.j2 | 13 +
.../roles/pga/templates/pga_config.php.j2 | 2 +-
.../templates/airavata-server.properties.j2 | 13 +
modules/group-manager/pom.xml | 58 -
.../internal/dao/PermissionEntryDAO.java | 286 ----
.../dao/hib3/Hib3PermissionEntryDAO.java | 1123 -------------
.../grouper/permissions/PermissionFinder.java | 770 ---------
.../airavata/grouper/AiravataGrouperUtil.java | 35 -
.../airavata/grouper/GroupManagerCPI.java | 41 -
.../airavata/grouper/GroupManagerException.java | 36 -
.../airavata/grouper/GroupManagerFactory.java | 42 -
.../airavata/grouper/GroupManagerImpl.java | 137 --
.../apache/airavata/grouper/SubjectType.java | 14 -
.../apache/airavata/grouper/group/Group.java | 175 --
.../airavata/grouper/group/GroupMembership.java | 88 -
.../grouper/group/GroupMembershipType.java | 12 -
.../airavata/grouper/group/GroupService.java | 60 -
.../grouper/group/GroupServiceImpl.java | 578 -------
.../grouper/permission/PermissionAction.java | 15 -
.../permission/PermissionServiceImpl.java | 86 -
.../airavata/grouper/resource/Resource.java | 145 --
.../resource/ResourceNotFoundException.java | 35 -
.../grouper/resource/ResourceServiceImpl.java | 541 -------
.../airavata/grouper/resource/ResourceType.java | 51 -
.../airavata/grouper/role/RoleServiceImpl.java | 154 --
.../Owasp.CsrfGuard.overlay.properties | 78 -
.../main/resources/Owasp.CsrfGuard.properties | 403 -----
.../group-manager/src/main/resources/README.txt | 21 -
.../src/main/resources/ehcache.xml | 1517 ------------------
.../resources/grouper-loader.base.properties | 351 ----
.../main/resources/grouper-loader.properties | 25 -
.../src/main/resources/grouper.base.properties | 1017 ------------
.../resources/grouper.client.base.properties | 552 -------
.../main/resources/grouper.client.properties | 552 -------
.../resources/grouper.hibernate.base.properties | 120 --
.../main/resources/grouper.hibernate.properties | 20 -
.../src/main/resources/grouper.properties | 1017 ------------
.../src/main/resources/grouperUtf8.txt | 1 -
.../src/main/resources/log4j.properties | 154 --
.../src/main/resources/morphString.properties | 21 -
.../src/main/resources/server.properties | 26 -
.../src/main/resources/sources.xml | 883 ----------
.../src/main/resources/spy.properties | 54 -
.../group-manager/src/main/resources/sqltool.rc | 6 -
.../src/main/resources/subject.base.properties | 46 -
.../src/main/resources/subject.properties | 27 -
modules/registry/registry-core/pom.xml | 27 -
.../catalog/impl/ExperimentRegistry.java | 8 +
.../src/main/resources/META-INF/persistence.xml | 4 +-
.../src/main/resources/credstore-mysql.sql | 10 +-
pom.xml | 1 -
53 files changed, 58 insertions(+), 11411 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/dev-tools/ansible/group_vars/all.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/group_vars/all.yml b/dev-tools/ansible/group_vars/all.yml
index 5a159c3..5e95586 100644
--- a/dev-tools/ansible/group_vars/all.yml
+++ b/dev-tools/ansible/group_vars/all.yml
@@ -14,7 +14,7 @@ deployment_dir: "{{ user_home }}/dev-deployment"
airavata_source_dir: "{{ user_home }}/source"
airavata_dist: "apache-airavata-server-0.17-SNAPSHOT"
airavata_dist_name: "{{ airavata_dist }}-bin.tar.gz"
-git_branch: develop
+git_branch: airavata-gov-registry
# Database related variables
db_server: "{{ groups['database'][0] }}"
@@ -24,6 +24,7 @@ db_password: "airavata"
app_catalog: "app_catalog"
exp_catalog: "exp_catalog"
replica_catalog: "replica_catalog"
+sharing_catalog: "sharing_catalog"
workflow_catalog: "wf_catalog"
credential_store: "credential_store"
@@ -47,7 +48,7 @@ api_server_port: "8930"
api_secured: "false"
tls_enable: "false"
api_server_tls_port: "9930"
-enable_sharing: "false"
+enable_sharing: "true"
# Orchestrator related variables
orchestrator_name: "orchestrator-node0"
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2 b/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
index b8d093e..bf92e39 100644
--- a/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
+++ b/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
@@ -91,6 +91,19 @@ workflowcatalog.jdbc.password={{ db_password }}
workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION
###########################################################################
+# Sharing Catalog DB Configuration
+###########################################################################
+#for derby [AiravataJPARegistry]
+#sharingcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
+#sharingcatalog.jdbc.url=jdbc:derby://localhost:1527/sharing_catalog;create=true;user=airavata;password=airavata
+# MySql database configuration
+sharingcatalog.jdbc.driver=com.mysql.jdbc.Driver
+sharingcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ sharing_catalog }}
+sharingcatalog.jdbc.user={{ db_user }}
+sharingcatalog.jdbc.password={{ db_password }}
+sharingcatalog.validationQuery=SELECT 1 from CONFIGURATION
+
+###########################################################################
# User Profile MongoDB Configuration
###########################################################################
userprofile.mongodb.host=localhost
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2 b/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
index b8d093e..bf92e39 100644
--- a/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
+++ b/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
@@ -91,6 +91,19 @@ workflowcatalog.jdbc.password={{ db_password }}
workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION
###########################################################################
+# Sharing Catalog DB Configuration
+###########################################################################
+#for derby [AiravataJPARegistry]
+#sharingcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
+#sharingcatalog.jdbc.url=jdbc:derby://localhost:1527/sharing_catalog;create=true;user=airavata;password=airavata
+# MySql database configuration
+sharingcatalog.jdbc.driver=com.mysql.jdbc.Driver
+sharingcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ sharing_catalog }}
+sharingcatalog.jdbc.user={{ db_user }}
+sharingcatalog.jdbc.password={{ db_password }}
+sharingcatalog.validationQuery=SELECT 1 from CONFIGURATION
+
+###########################################################################
# User Profile MongoDB Configuration
###########################################################################
userprofile.mongodb.host=localhost
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
index 7b38575..c71308d 100644
--- a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
+++ b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
@@ -161,7 +161,7 @@ return array(
/**
* Data Sharing enabled
*/
- 'data-sharing-enabled' => false
+ 'data-sharing-enabled' => true
],
/**
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2 b/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
index b8d093e..bf92e39 100644
--- a/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
+++ b/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
@@ -91,6 +91,19 @@ workflowcatalog.jdbc.password={{ db_password }}
workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION
###########################################################################
+# Sharing Catalog DB Configuration
+###########################################################################
+#for derby [AiravataJPARegistry]
+#sharingcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
+#sharingcatalog.jdbc.url=jdbc:derby://localhost:1527/sharing_catalog;create=true;user=airavata;password=airavata
+# MySql database configuration
+sharingcatalog.jdbc.driver=com.mysql.jdbc.Driver
+sharingcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ sharing_catalog }}
+sharingcatalog.jdbc.user={{ db_user }}
+sharingcatalog.jdbc.password={{ db_password }}
+sharingcatalog.validationQuery=SELECT 1 from CONFIGURATION
+
+###########################################################################
# User Profile MongoDB Configuration
###########################################################################
userprofile.mongodb.host=localhost
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/pom.xml
----------------------------------------------------------------------
diff --git a/modules/group-manager/pom.xml b/modules/group-manager/pom.xml
deleted file mode 100644
index d660eb6..0000000
--- a/modules/group-manager/pom.xml
+++ /dev/null
@@ -1,58 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <parent>
- <artifactId>airavata</artifactId>
- <groupId>org.apache.airavata</groupId>
- <version>0.17-SNAPSHOT</version>
- <relativePath>../../pom.xml</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
-
- <artifactId>group-manager</artifactId>
-
-
- <properties>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- </properties>
-
- <dependencies>
-
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>3.8.1</version>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>edu.internet2.middleware.grouper</groupId>
- <artifactId>grouper</artifactId>
- <version>2.3.0</version>
- <exclusions>
- <exclusion>
- <groupId>commons-digester</groupId>
- <artifactId>commons-digester</artifactId>
- </exclusion>
- <exclusion>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
- <dependency>
- <groupId>commons-digester</groupId>
- <artifactId>commons-digester</artifactId>
- <version>1.7</version>
- </dependency>
-
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate-ehcache</artifactId>
- <version>5.0.4.Final</version>
- </dependency>
-
- </dependencies>
-</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/PermissionEntryDAO.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/PermissionEntryDAO.java b/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/PermissionEntryDAO.java
deleted file mode 100755
index 120e82c..0000000
--- a/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/PermissionEntryDAO.java
+++ /dev/null
@@ -1,286 +0,0 @@
-/**
- * Copyright 2014 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- Copyright (C) 2007 University Corporation for Advanced Internet Development, Inc.
- Copyright (C) 2007 The University Of Chicago
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-package edu.internet2.middleware.grouper.internal.dao;
-
-import edu.internet2.middleware.grouper.Stem;
-import edu.internet2.middleware.grouper.Stem.Scope;
-import edu.internet2.middleware.grouper.permissions.PermissionEntry;
-
-import java.sql.Timestamp;
-import java.util.Collection;
-import java.util.Set;
-
-/**
- * Basic <code>PermissionEntry</code> DAO interface.
- * @author mchyzer
- * @version $Id: PermissionEntryDAO.java,v 1.3 2009-10-26 04:52:17 mchyzer Exp $
- */
-public interface PermissionEntryDAO extends GrouperDAO {
-
- /**
- * find all permissions that a subject has
- * @param memberId
- * @return the permissions
- */
- public Set<PermissionEntry> findByMemberId(String memberId);
-
- /**
- * get attribute assigns by member and attribute def name id
- * @param memberId
- * @param attributeDefNameId
- * @return set of assigns or empty if none there
- */
- public Set<PermissionEntry> findByMemberIdAndAttributeDefNameId(String memberId, String attributeDefNameId);
-
- /**
- * see if the permission exists and is enabled
- * @param subjectId
- * @param sourceId
- * @param action
- * @param attributeDefNameName
- * @return true if has permissions and is enabled
- */
- public boolean hasPermissionBySubjectIdSourceIdActionAttributeDefName(String subjectId, String sourceId,
- String action, String attributeDefNameName);
-
-
- /**
- * securely search for assignments. need to pass in either the assign ids, def ids, def name ids, or group ids
- * cannot have more than 100 bind variables. well, you can pass more than 100 members... it will batch
- * @param attributeDefIds optional
- * @param attributeDefNameIds mutually exclusive with attributeDefIds
- * @param roleIds optional
- * @param actions (null means all actions)
- * @param enabled (null means all, true means enabled, false means disabled)
- * @param memberIds
- * @param noEndDate true if no end date on memberships
- * @return the permissions
- */
- public Set<PermissionEntry> findPermissions(
- Collection<String> attributeDefIds,
- Collection<String> attributeDefNameIds,
- Collection<String> roleIds,
- Collection<String> actions,
- Boolean enabled,
- Collection<String> memberIds,
- boolean noEndDate);
-
- /**
- * securely search for assignments. need to pass in either the assign ids, def ids, def name ids, or group ids
- * cannot have more than 100 bind variables. well, you can pass more than 100 members... it will batch
- * @param attributeDefIds optional
- * @param attributeDefNameIds mutually exclusive with attributeDefIds
- * @param roleIds optional
- * @param actions (null means all actions)
- * @param enabled (null means all, true means enabled, false means disabled)
- * @param memberIds
- * @param noEndDate true if no end date on memberships
- * @param permissionNameInStem if looking for permission names in a certain stem, put it here
- * @param permissionNameInStemScope if looking for permission names in a certain stem, put scope here
- * @return the permissions
- */
- public Set<PermissionEntry> findPermissions(
- Collection<String> attributeDefIds,
- Collection<String> attributeDefNameIds,
- Collection<String> roleIds,
- Collection<String> actions,
- Boolean enabled,
- Collection<String> memberIds,
- boolean noEndDate, Stem permissionNameInStem, Scope permissionNameInStemScope);
-
- /**
- * securely search for assignments. need to pass in either the assign ids, def ids, def name ids, or group ids
- * cannot have more than 100 bind variables. well, you can pass more than 100 members... it will batch
- * @param attributeDefIds optional
- * @param attributeDefNameIds mutually exclusive with attributeDefIds
- * @param roleIds optional
- * @param actions (null means all actions)
- * @param enabled (null means all, true means enabled, false means disabled)
- * @param memberIds
- * @param noEndDate true if no end date on memberships
- * @param permissionNameInStem if looking for permission names in a certain stem, put it here
- * @param permissionNameInStemScope if looking for permission names in a certain stem, put scope here
- * @param queryOptions queryOptions for sorting and paging
- * @return the permissions
- */
- public Set<PermissionEntry> findPermissions(
- Collection<String> attributeDefIds,
- Collection<String> attributeDefNameIds,
- Collection<String> roleIds,
- Collection<String> actions,
- Boolean enabled,
- Collection<String> memberIds,
- boolean noEndDate, Stem permissionNameInStem, Scope permissionNameInStemScope, QueryOptions queryOptions);
-
-
- /**
- * securely search for assignments
- * @param attributeAssignType
- * @param attributeDefId optional
- * @param attributeDefNameId mutually exclusive with attributeDefIds
- * @param ownerRoleId optional
- * @param ownerStemId optional
- * @param ownerMemberId optional
- * @param ownerAttributeDefId optional
- * @param ownerMembershipId optional
- * @param action optional
- * @param enabled (null means all, true means enabled, false means disabled)
- * @param includeAssignmentsOnAssignments if assignments on assignments should also be included
- * @return the assignments
- */
- public Set<PermissionEntry> findPermissions(
- String attributeDefId, String attributeDefNameId,
- String ownerRoleId, String ownerMemberId, String action,
- Boolean enabled);
-
- /**
- * securely search for assignments
- * @param attributeAssignType
- * @param attributeDefId optional
- * @param attributeDefNameId mutually exclusive with attributeDefIds
- * @param ownerRoleId optional
- * @param ownerStemId optional
- * @param ownerAttributeDefId optional
- * @param ownerMembershipId optional
- * @param action optional
- * @param enabled (null means all, true means enabled, false means disabled)
- * @param includeAssignmentsOnAssignments if assignments on assignments should also be included
- * @return the assignments
- */
- public Set<PermissionEntry> findRolePermissions(
- String attributeDefId, String attributeDefNameId,
- String ownerRoleId, String action,
- Boolean enabled);
-
-
- /**
- * securely search for assignments. need to pass in either the assign ids, def ids, def name ids, or group ids
- * cannot have more than 100 bind variables
- * @param attributeDefIds optional
- * @param attributeDefNameIds mutually exclusive with attributeDefIds
- * @param roleIds optional
- * @param actions (null means all actions)
- * @param enabled (null means all, true means enabled, false means disabled)
- * @param memberIds
- * @return the permissions
- */
- public Set<PermissionEntry> findPermissions(
- Collection<String> attributeDefIds,
- Collection<String> attributeDefNameIds,
- Collection<String> roleIds,
- Collection<String> actions,
- Boolean enabled,
- Collection<String> memberIds);
-
- /**
- * Find all permissions based on attributeDefinition, and a range of disabled dates
- * @param attributeDefId
- * @param disabledDateFrom null if dont consider
- * @param disabledDateTo null if dont consider
- * @return the permission records
- */
- public Set<PermissionEntry> findPermissionsByAttributeDefDisabledRange(String attributeDefId,
- Timestamp disabledDateFrom, Timestamp disabledDateTo);
-
-
- /**
- * find subjects who are not in a group but who have permissions
- * @param attributeDefId
- * @param groupId
- * @param immediateRoleMembershipsOrRoleSubject
- * @param queryOptions
- * @param enabled
- * @param hasNoEndDate
- * @return the set of members
- */
- public Set<PermissionEntry> findAllPermissionsNotInGroupAndType(String attributeDefId, String groupId,
- boolean immediateRoleMembershipsOrRoleSubject, QueryOptions queryOptions, Boolean enabled, boolean hasNoEndDate);
-
- /**
- * find subjects who are not in a group but who have permissions
- * @param attributeDefId
- * @param stem
- * @param stemScope
- * @param immediateRoleMembershipsOrRoleSubject
- * @param queryOptions
- * @param enabled
- * @param hasNoEndDate
- * @return the set of members
- */
- public Set<PermissionEntry> findAllPermissionsNotInStem(String attributeDefId, Stem stem, Stem.Scope stemScope,
- boolean immediateRoleMembershipsOrRoleSubject, QueryOptions queryOptions, Boolean enabled, boolean hasNoEndDate);
-
- /**
- * securely search for role assignments. need to pass in either the assign ids, def ids, def name ids, or group ids
- * cannot have more than 100 bind variables
- * @param attributeDefIds optional
- * @param attributeDefNameIds mutually exclusive with attributeDefIds
- * @param roleIds optional
- * @param actions (null means all actions)
- * @param enabled (null means all, true means enabled, false means disabled)
- * @param memberIds
- * @param noEndDate true if no end date on memberships
- * @return the permissions
- */
- public Set<PermissionEntry> findRolePermissions(
- Collection<String> attributeDefIds,
- Collection<String> attributeDefNameIds,
- Collection<String> roleIds,
- Collection<String> actions,
- Boolean enabled,
- boolean noEndDate);
-
- /**
- * securely search for role assignments. need to pass in either the assign ids, def ids, def name ids, or group ids
- * cannot have more than 100 bind variables
- * @param attributeDefIds optional
- * @param attributeDefNameIds mutually exclusive with attributeDefIds
- * @param roleIds optional
- * @param actions (null means all actions)
- * @param enabled (null means all, true means enabled, false means disabled)
- * @param memberIds
- * @param noEndDate true if no end date on memberships
- * @param permissionNameInStem if looking for permission names in a certain stem, put it here
- * @param permissionNameInStemScope if looking for permission names in a certain stem, put scope here
- * @return the permissions
- */
- public Set<PermissionEntry> findRolePermissions(
- Collection<String> attributeDefIds,
- Collection<String> attributeDefNameIds,
- Collection<String> roleIds,
- Collection<String> actions,
- Boolean enabled,
- boolean noEndDate, Stem permissionNameInStem, Scope permissionNameInStemScope);
-
-}
-
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/hib3/Hib3PermissionEntryDAO.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/hib3/Hib3PermissionEntryDAO.java b/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/hib3/Hib3PermissionEntryDAO.java
deleted file mode 100755
index 244d8d2..0000000
--- a/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/hib3/Hib3PermissionEntryDAO.java
+++ /dev/null
@@ -1,1123 +0,0 @@
-/**
- * Copyright 2014 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- Copyright (C) 2004-2007 University Corporation for Advanced Internet Development, Inc.
- Copyright (C) 2004-2007 The University Of Chicago
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-package edu.internet2.middleware.grouper.internal.dao.hib3;
-import edu.internet2.middleware.grouper.Group;
-import edu.internet2.middleware.grouper.GrouperSession;
-import edu.internet2.middleware.grouper.Stem;
-import edu.internet2.middleware.grouper.Stem.Scope;
-import edu.internet2.middleware.grouper.cfg.GrouperConfig;
-import edu.internet2.middleware.grouper.hibernate.ByHqlStatic;
-import edu.internet2.middleware.grouper.hibernate.HibUtils;
-import edu.internet2.middleware.grouper.hibernate.HibernateSession;
-import edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO;
-import edu.internet2.middleware.grouper.internal.dao.QueryOptions;
-import edu.internet2.middleware.grouper.internal.dao.QuerySort;
-import edu.internet2.middleware.grouper.permissions.PermissionEntry;
-import edu.internet2.middleware.grouper.permissions.PermissionEntryImpl;
-import edu.internet2.middleware.grouper.privs.AccessPrivilege;
-import edu.internet2.middleware.grouper.privs.AttributeDefPrivilege;
-import edu.internet2.middleware.grouper.util.GrouperUtil;
-import edu.internet2.middleware.subject.Subject;
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-
-import java.sql.Timestamp;
-import java.util.*;
-
-/**
- * Basic Hibernate <code>PermissionEntry</code> DAO interface.
- * @author Chris Hyzer
- * @version $Id: Hib3PermissionEntryDAO.java,v 1.4 2009-10-26 04:52:17 mchyzer Exp $
- */
-public class Hib3PermissionEntryDAO extends Hib3DAO implements PermissionEntryDAO {
-
- /** logger */
- @SuppressWarnings("unused")
- private static final Log LOG = GrouperUtil.getLog(Hib3PermissionEntryDAO.class);
-
- /** */
- private static final String KLASS = Hib3PermissionEntryDAO.class.getName();
-
- private static final String PERMISSION_ENTRY_COLUMNS = "gr.nameDb as roleName, gm.subjectSourceIdDb as subjectSourceId, gm.subjectIdDb as subjectId, gaaa.nameDb as action, gadn.nameDb as attributeDefNameName, gadn.displayNameDb as attributeDefNameDispName, gr.displayNameDb as roleDisplayName, gaa.attributeAssignDelegatableDb as attributeAssignDelegatableDb, gaa.enabledDb as enabledDb, gaa.enabledTimeDb as enabledTimeDb, gaa.disabledTimeDb as disabledTimeDb, gr.uuid as roleId, gadn.attributeDefId as attributeDefId, gm.uuid as memberId, gadn.id as attributeDefNameId, gaaa.id as actionId, gmav.depth as membershipDepth, grs.depth as roleSetDepth, gadns.depth as attributeDefNameSetDepth, gaaas.depth as attributeAssignActionSetDepth, gmav.uuid as membershipId, gaa.id as attributeAssignId, gaa.attributeAssignTypeDb as attributeAssignTypeDb, gaa.notes as assignmentNotes, gmav.enabledTimeDb as immediateMshipEnabledTimeDb, gmav.disabledTimeDb as immediateMshipDisabledTimeDb, gaa.disallowedD
b as disallowedDb";
-
- private static final String PERMISSION_ENTRY_TABLES = "Group gr, MembershipEntry gmav, Member gm, Field gf, RoleSet grs, AttributeDef gad, AttributeAssign gaa, AttributeDefName gadn, AttributeDefNameSet gadns, AttributeAssignAction gaaa, AttributeAssignActionSet gaaas";
-
- private static final String PERMISSION_ENTRY_WHERE_CLAUSE = "gmav.ownerGroupId = gr.uuid and gmav.fieldId = gf.uuid and gr.typeOfGroupDb = 'role' and gf.typeString = 'list' and gf.name = 'members' and gmav.enabledDb = 'T' and gmav.memberUuid = gm.id and gadn.attributeDefId = gad.id and gad.attributeDefTypeDb = 'perm' and gaa.attributeDefNameId = gadns.ifHasAttributeDefNameId and gadn.id = gadns.thenHasAttributeDefNameId and gaa.attributeAssignActionId = gaaas.ifHasAttrAssignActionId and gaaa.id = gaaas.thenHasAttrAssignActionId and ((grs.ifHasRoleId = gr.uuid and gaa.ownerGroupId = grs.thenHasRoleId and gaa.attributeAssignTypeDb = 'group') or (grs.ifHasRoleId = gr.uuid and grs.thenHasRoleId = gr.uuid and gmav.ownerGroupId = gaa.ownerGroupId and gmav.memberUuid = gaa.ownerMemberId and gaa.attributeAssignTypeDb = 'any_mem'))";
-
- /**
- *
- * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#findByMemberId(String)
- */
- public Set<PermissionEntry> findByMemberId(String memberId) {
-
- String sql =
- "select distinct " + PERMISSION_ENTRY_COLUMNS + " from " + PERMISSION_ENTRY_TABLES + " where " + PERMISSION_ENTRY_WHERE_CLAUSE + " " +
- "and gm.uuid = :theMemberId ";
-
- Set<PermissionEntryImpl> permissionData = HibernateSession.byHqlStatic().createQuery(sql)
- .setString("theMemberId", memberId)
- .assignConvertHqlColumnsToObject(true)
- .listSet(PermissionEntryImpl.class);
-
- return new LinkedHashSet<PermissionEntry>(permissionData);
- }
-
- /**
- *
- * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#hasPermissionBySubjectIdSourceIdActionAttributeDefName(String, String, String, String)
- */
- public boolean hasPermissionBySubjectIdSourceIdActionAttributeDefName(String subjectId, String sourceId,
- String action, String attributeDefNameName) {
- Long count = HibernateSession.byHqlStatic().createQuery(
- "select count(*) from " + PERMISSION_ENTRY_TABLES + " where " + PERMISSION_ENTRY_WHERE_CLAUSE + " " +
- "and gm.subjectIdDb = :theSubjectId " +
- "and gm.subjectSourceIdDb = :theSubjectSourceId " +
- "and gaaa.nameDb = :theAction " +
- "and gadn.nameDb = :theAttributeDefNameName")
- .setString("theSubjectId", subjectId)
- .setString("theSubjectSourceId", sourceId)
- .setString("theAction", action)
- .setString("theAttributeDefNameName", attributeDefNameName)
- .uniqueResult(Long.class);
-
- return count > 0;
- }
-
- /**
- * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#findByMemberIdAndAttributeDefNameId(String, String)
- */
- public Set<PermissionEntry> findByMemberIdAndAttributeDefNameId(String memberId,
- String attributeDefNameId) {
- Set<PermissionEntryImpl> permissionEntries = HibernateSession.byHqlStatic().createQuery(
- "select " + PERMISSION_ENTRY_COLUMNS + " from " + PERMISSION_ENTRY_TABLES + " where " + PERMISSION_ENTRY_WHERE_CLAUSE +
- " and gm.uuid = :theMemberId" +
- " and gadn.id = :theAttributeDefNameId")
- .setString("theMemberId", memberId)
- .setString("theAttributeDefNameId", attributeDefNameId)
- .assignConvertHqlColumnsToObject(true)
- .listSet(PermissionEntryImpl.class);
-
- return new LinkedHashSet<PermissionEntry>(permissionEntries);
- }
-
- /**
- * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#findPermissions(Collection, Collection, Collection, Collection, Boolean, Collection)
- */
- public Set<PermissionEntry> findPermissions(Collection<String> attributeDefIds,
- Collection<String> attributeDefNameIds, Collection<String> roleIds,
- Collection<String> actions, Boolean enabled, Collection<String> memberIds) {
- return findPermissions(attributeDefIds, attributeDefNameIds, roleIds, actions, enabled, memberIds, false);
- }
-
- /**
- * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#findPermissions(Collection, Collection, Collection, Collection, Boolean, Collection, boolean)
- */
- public Set<PermissionEntry> findPermissions(Collection<String> attributeDefIds,
- Collection<String> attributeDefNameIds, Collection<String> roleIds,
- Collection<String> actions, Boolean enabled, Collection<String> memberIdsTotal, boolean noEndDate) {
- return findPermissions(attributeDefIds, attributeDefNameIds, roleIds, actions, enabled, memberIdsTotal, false, null, null);
- }
-
- /**
- * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#findPermissions(Collection, Collection, Collection, Collection, Boolean, Collection, boolean, Stem, Scope)
- */
- public Set<PermissionEntry> findPermissions(Collection<String> attributeDefIds,
- Collection<String> attributeDefNameIds, Collection<String> roleIds,
- Collection<String> actions, Boolean enabled, Collection<String> memberIdsTotal,
- boolean noEndDate, Stem permissionNameInStem, Scope permissionNameInStemScope) {
-
- Set<PermissionEntry> totalResults = new LinkedHashSet<PermissionEntry>();
-
- int numberOfMemberBatches = GrouperUtil.batchNumberOfBatches(memberIdsTotal, 100);
-
- boolean hasMemberBatches = numberOfMemberBatches > 0;
- //there needs to be at least one batch
- numberOfMemberBatches = numberOfMemberBatches == 0 ? 1 : numberOfMemberBatches;
-
- List<String> membersIdsTotalList = memberIdsTotal instanceof List ? (List)memberIdsTotal
- : new ArrayList<String>(GrouperUtil.nonNull(memberIdsTotal));
-
- for (int memberBatchIndex=0;memberBatchIndex<numberOfMemberBatches;memberBatchIndex++) {
-
- //if no batches, just use null
- List<String> memberIds = hasMemberBatches ? GrouperUtil.batchList(membersIdsTotalList, 100, memberBatchIndex) : null;
-
- int memberIdsSize = GrouperUtil.length(memberIds);
- int roleIdsSize = GrouperUtil.length(roleIds);
- int actionsSize = GrouperUtil.length(actions);
- int attributeDefIdsSize = GrouperUtil.length(attributeDefIds);
- int attributeDefNameIdsSize = GrouperUtil.length(attributeDefNameIds);
-
- //if (memberIdsSize == 0 && roleIdsSize == 0 && attributeDefIdsSize == 0 && attributeDefNameIdsSize == 0) {
- // throw new RuntimeException("Illegal query, you need to pass in members and/or attributeDefId(s) and/or roleId(s) and/or roleNames and/or attributeDefNameIds");
- //}
-
- //too many bind vars... note, we can batch up the memberIds
- if (memberIdsSize + roleIdsSize + attributeDefIdsSize + attributeDefNameIdsSize + actionsSize > 180) {
- throw new RuntimeException("Too many memberIdsSize " + memberIdsSize
- + " roleIdsSize " + roleIdsSize + " or attributeDefIdsSize "
- + attributeDefIdsSize + " or attributeDefNameIds " + attributeDefNameIdsSize + " or actionsSize " + actionsSize );
- }
-
-
-
- ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
- String selectPrefix = "select distinct " + PERMISSION_ENTRY_COLUMNS + " ";
-
- //doesnt work due to composite key, hibernate puts parens around it and mysql fails
- //String countPrefix = "select count(distinct pea) ";
-
- StringBuilder sqlTables = new StringBuilder(" from " + PERMISSION_ENTRY_TABLES + " ");
-
- if (permissionNameInStem != null && permissionNameInStemScope == Scope.ONE) {
- sqlTables.append(" , AttributeDefName adn2 ");
- }
-
- StringBuilder sqlWhereClause = new StringBuilder(" " + PERMISSION_ENTRY_WHERE_CLAUSE + " ");
-
- GrouperSession grouperSession = GrouperSession.staticGrouperSession();
-
- Subject grouperSessionSubject = grouperSession.getSubject();
-
- grouperSession.getAttributeDefResolver().hqlFilterAttrDefsWhereClause(
- grouperSessionSubject, byHqlStatic,
- sqlTables, sqlWhereClause, "gadn.attributeDefId", AttributeDefPrivilege.ATTR_READ_PRIVILEGES);
-
- boolean changedQuery = grouperSession.getAccessResolver().hqlFilterGroupsWhereClause(
- grouperSessionSubject, byHqlStatic,
- sqlTables, "gr.uuid", AccessPrivilege.ATTRIBUTE_READ_PRIVILEGES);
-
- StringBuilder sql;
- if (changedQuery) {
- if (sqlWhereClause.length() > 0) {
- sql = sqlTables.append(" and ").append(sqlWhereClause);
- } else {
- throw new RuntimeException("Unexpected.");
- }
- } else {
- sql = sqlTables.append(" where ").append(sqlWhereClause);
- }
-
- if (enabled != null && enabled) {
- sql.append(" and gaa.enabledDb = 'T' ");
- }
- if (enabled != null && !enabled) {
- sql.append(" and gaa.enabledDb = 'F' ");
- }
-
- if (permissionNameInStem != null) {
- switch (permissionNameInStemScope) {
- case ONE:
- sql.append(" and gadn.id = adn2.id and adn2.stemId = :stemId ");
- byHqlStatic.setString("stemId", permissionNameInStem.getUuid());
- break;
- case SUB:
-
- sql.append(" and gadn.nameDb like :stemSub ");
- byHqlStatic.setString("stemSub", permissionNameInStem.getName() + ":%");
-
- break;
- default:
- throw new RuntimeException("Not expecting permissionNameInStemScope: " + permissionNameInStemScope);
- }
- }
-
-
- if (noEndDate) {
- sql.append(" and gmav.disabledTimeDb is null ");
- sql.append(" and gaa.disabledTimeDb is null ");
- }
-
- if (actionsSize > 0) {
- sql.append(" and gaaa.nameDb in (");
- sql.append(HibUtils.convertToInClause(actions, byHqlStatic));
- sql.append(") ");
- }
- if (roleIdsSize > 0) {
- sql.append(" and gr.uuid in (");
- sql.append(HibUtils.convertToInClause(roleIds, byHqlStatic));
- sql.append(") ");
- }
- if (attributeDefIdsSize > 0) {
- sql.append(" and gadn.attributeDefId in (");
- sql.append(HibUtils.convertToInClause(attributeDefIds, byHqlStatic));
- sql.append(") ");
- }
- if (attributeDefNameIdsSize > 0) {
- sql.append(" and gadn.id in (");
- sql.append(HibUtils.convertToInClause(attributeDefNameIds, byHqlStatic));
- sql.append(") ");
- }
- if (memberIdsSize > 0) {
- sql.append(" and gm.uuid in (");
- sql.append(HibUtils.convertToInClause(memberIds, byHqlStatic));
- sql.append(") ");
- }
-
- QueryOptions queryOptions = new QueryOptions();
- QuerySort querySort = new QuerySort("gm.subjectIdDb", true);
- querySort.insertSortToBeginning("gaaa.nameDb", true);
- querySort.insertSortToBeginning("gr.displayNameDb", true);
- querySort.insertSortToBeginning("gadn.displayNameDb", true);
- queryOptions.sort(querySort);
-
- System.out.println("TEST TEST TEST");
-
- byHqlStatic
- .setCacheable(false)
- .setCacheRegion(KLASS + ".findPermissions").options(queryOptions);
-
- int maxAssignments = GrouperConfig.retrieveConfig().propertyValueInt("ws.findPermissions.maxResultSize", 30000);
-
- String sqlString = sql.toString();
-
- //if we did where and, then switch to where
- sqlString = sqlString.replaceAll("where\\s+and", "where");
-
- //if we end in where, strip it out
- sqlString = sqlString.trim();
- if (sqlString.endsWith("where")) {
- sqlString = sqlString.substring(0, sqlString.length()-5);
- }
-
- Set<PermissionEntryImpl> permissionData = byHqlStatic.createQuery(selectPrefix + sqlString)
- .assignConvertHqlColumnsToObject(true)
- .listSet(PermissionEntryImpl.class);
-
- int size = GrouperUtil.length(permissionData);
- if (maxAssignments >= 0) {
-
- //doesnt work on mysql i think due to hibernate and composite key
- //size = byHqlStatic.createQuery(countPrefix + sqlString).uniqueResult(long.class);
-
- //see if too many
- if (size > maxAssignments) {
- throw new RuntimeException("Too many results: " + size);
- }
-
- }
-
-
- //nothing to filter
- if (size == 0) {
- continue;
- }
-
- Set<PermissionEntry> results = new LinkedHashSet<PermissionEntry>(permissionData);
-
- //if the hql didnt filter, we need to do that here
- results = grouperSession.getAttributeDefResolver().postHqlFilterPermissions(grouperSessionSubject, results);
-
- //we should be down to the secure list
- totalResults.addAll(results);
- }
-
- return totalResults;
- }
-
- /**
- * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#findPermissions(Collection, Collection, Collection, Collection, Boolean, Collection, boolean, Stem, Scope, QueryOptions)
- */
- public Set<PermissionEntry> findPermissions(Collection<String> attributeDefIds,
- Collection<String> attributeDefNameIds, Collection<String> roleIds,
- Collection<String> actions, Boolean enabled, Collection<String> memberIdsTotal,
- boolean noEndDate, Stem permissionNameInStem, Scope permissionNameInStemScope, QueryOptions queryOptions) {
-
- Set<PermissionEntry> totalResults = new LinkedHashSet<PermissionEntry>();
-
- int numberOfMemberBatches = GrouperUtil.batchNumberOfBatches(memberIdsTotal, 100);
-
- boolean hasMemberBatches = numberOfMemberBatches > 0;
- //there needs to be at least one batch
- numberOfMemberBatches = numberOfMemberBatches == 0 ? 1 : numberOfMemberBatches;
-
- List<String> membersIdsTotalList = memberIdsTotal instanceof List ? (List)memberIdsTotal
- : new ArrayList<String>(GrouperUtil.nonNull(memberIdsTotal));
-
- for (int memberBatchIndex=0;memberBatchIndex<numberOfMemberBatches;memberBatchIndex++) {
-
- //if no batches, just use null
- List<String> memberIds = hasMemberBatches ? GrouperUtil.batchList(membersIdsTotalList, 100, memberBatchIndex) : null;
-
- int memberIdsSize = GrouperUtil.length(memberIds);
- int roleIdsSize = GrouperUtil.length(roleIds);
- int actionsSize = GrouperUtil.length(actions);
- int attributeDefIdsSize = GrouperUtil.length(attributeDefIds);
- int attributeDefNameIdsSize = GrouperUtil.length(attributeDefNameIds);
-
- //if (memberIdsSize == 0 && roleIdsSize == 0 && attributeDefIdsSize == 0 && attributeDefNameIdsSize == 0) {
- // throw new RuntimeException("Illegal query, you need to pass in members and/or attributeDefId(s) and/or roleId(s) and/or roleNames and/or attributeDefNameIds");
- //}
-
- //too many bind vars... note, we can batch up the memberIds
- if (memberIdsSize + roleIdsSize + attributeDefIdsSize + attributeDefNameIdsSize + actionsSize > 180) {
- throw new RuntimeException("Too many memberIdsSize " + memberIdsSize
- + " roleIdsSize " + roleIdsSize + " or attributeDefIdsSize "
- + attributeDefIdsSize + " or attributeDefNameIds " + attributeDefNameIdsSize + " or actionsSize " + actionsSize );
- }
-
-
-
- ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
- String selectPrefix = "select distinct " + PERMISSION_ENTRY_COLUMNS + " ";
-
- //doesnt work due to composite key, hibernate puts parens around it and mysql fails
- //String countPrefix = "select count(distinct pea) ";
-
- StringBuilder sqlTables = new StringBuilder(" from " + PERMISSION_ENTRY_TABLES + " ");
-
- if (permissionNameInStem != null && permissionNameInStemScope == Scope.ONE) {
- sqlTables.append(" , AttributeDefName adn2 ");
- }
-
- StringBuilder sqlWhereClause = new StringBuilder(" " + PERMISSION_ENTRY_WHERE_CLAUSE + " ");
-
- GrouperSession grouperSession = GrouperSession.staticGrouperSession();
-
- Subject grouperSessionSubject = grouperSession.getSubject();
-
- grouperSession.getAttributeDefResolver().hqlFilterAttrDefsWhereClause(
- grouperSessionSubject, byHqlStatic,
- sqlTables, sqlWhereClause, "gadn.attributeDefId", AttributeDefPrivilege.ATTR_READ_PRIVILEGES);
-
- boolean changedQuery = grouperSession.getAccessResolver().hqlFilterGroupsWhereClause(
- grouperSessionSubject, byHqlStatic,
- sqlTables, "gr.uuid", AccessPrivilege.ATTRIBUTE_READ_PRIVILEGES);
-
- StringBuilder sql;
- if (changedQuery) {
- if (sqlWhereClause.length() > 0) {
- sql = sqlTables.append(" and ").append(sqlWhereClause);
- } else {
- throw new RuntimeException("Unexpected.");
- }
- } else {
- sql = sqlTables.append(" where ").append(sqlWhereClause);
- }
-
- if (enabled != null && enabled) {
- sql.append(" and gaa.enabledDb = 'T' ");
- }
- if (enabled != null && !enabled) {
- sql.append(" and gaa.enabledDb = 'F' ");
- }
-
- if (permissionNameInStem != null) {
- switch (permissionNameInStemScope) {
- case ONE:
- sql.append(" and gadn.id = adn2.id and adn2.stemId = :stemId ");
- byHqlStatic.setString("stemId", permissionNameInStem.getUuid());
- break;
- case SUB:
-
- sql.append(" and gadn.nameDb like :stemSub ");
- byHqlStatic.setString("stemSub", permissionNameInStem.getName() + ":%");
-
- break;
- default:
- throw new RuntimeException("Not expecting permissionNameInStemScope: " + permissionNameInStemScope);
- }
- }
-
-
- if (noEndDate) {
- sql.append(" and gmav.disabledTimeDb is null ");
- sql.append(" and gaa.disabledTimeDb is null ");
- }
-
- if (actionsSize > 0) {
- sql.append(" and gaaa.nameDb in (");
- sql.append(HibUtils.convertToInClause(actions, byHqlStatic));
- sql.append(") ");
- }
- if (roleIdsSize > 0) {
- sql.append(" and gr.uuid in (");
- sql.append(HibUtils.convertToInClause(roleIds, byHqlStatic));
- sql.append(") ");
- }
- if (attributeDefIdsSize > 0) {
- sql.append(" and gadn.attributeDefId in (");
- sql.append(HibUtils.convertToInClause(attributeDefIds, byHqlStatic));
- sql.append(") ");
- }
- if (attributeDefNameIdsSize > 0) {
- sql.append(" and gadn.id in (");
- sql.append(HibUtils.convertToInClause(attributeDefNameIds, byHqlStatic));
- sql.append(") ");
- }
- if (memberIdsSize > 0) {
- sql.append(" and gm.uuid in (");
- sql.append(HibUtils.convertToInClause(memberIds, byHqlStatic));
- sql.append(") ");
- }
-
- if (queryOptions == null) {
- queryOptions = new QueryOptions();
- }
- // don't let the client override the sorting settings
- QuerySort querySort = new QuerySort("gm.subjectIdDb", true);
- querySort.insertSortToBeginning("gaaa.nameDb", true);
- querySort.insertSortToBeginning("gr.displayNameDb", true);
- querySort.insertSortToBeginning("gadn.displayNameDb", true);
- queryOptions.sort(querySort);
-
-
- byHqlStatic
- .setCacheable(false)
- .setCacheRegion(KLASS + ".findPermissions").options(queryOptions);
-
- int maxAssignments = GrouperConfig.retrieveConfig().propertyValueInt("ws.findPermissions.maxResultSize", 30000);
-
- String sqlString = sql.toString();
-
- //if we did where and, then switch to where
- sqlString = sqlString.replaceAll("where\\s+and", "where");
-
- //if we end in where, strip it out
- sqlString = sqlString.trim();
- if (sqlString.endsWith("where")) {
- sqlString = sqlString.substring(0, sqlString.length()-5);
- }
-
- Set<PermissionEntryImpl> permissionData = byHqlStatic.createQuery(selectPrefix + sqlString)
- .assignConvertHqlColumnsToObject(true)
- .listSet(PermissionEntryImpl.class);
-
- int size = GrouperUtil.length(permissionData);
- if (maxAssignments >= 0) {
-
- //doesnt work on mysql i think due to hibernate and composite key
- //size = byHqlStatic.createQuery(countPrefix + sqlString).uniqueResult(long.class);
-
- //see if too many
- if (size > maxAssignments) {
- throw new RuntimeException("Too many results: " + size);
- }
-
- }
-
-
- //nothing to filter
- if (size == 0) {
- continue;
- }
-
- Set<PermissionEntry> results = new LinkedHashSet<PermissionEntry>(permissionData);
-
- //if the hql didnt filter, we need to do that here
- results = grouperSession.getAttributeDefResolver().postHqlFilterPermissions(grouperSessionSubject, results);
-
- //we should be down to the secure list
- totalResults.addAll(results);
- }
-
- return totalResults;
- }
-
- /**
- * @see PermissionEntryDAO#findPermissionsByAttributeDefDisabledRange(String, Timestamp, Timestamp)
- * find permissions by attribute definition which are about to expire
- */
- public Set<PermissionEntry> findPermissionsByAttributeDefDisabledRange(
- String attributeDefId, Timestamp disabledDateFrom, Timestamp disabledDateTo) {
-
- if (disabledDateFrom == null && disabledDateTo == null) {
- throw new RuntimeException("Need to pass in disabledFrom or disabledTo");
- }
-
- //if they got it backwards, then fix it for them
- if (disabledDateFrom != null && disabledDateTo != null
- && disabledDateFrom.getTime() > disabledDateTo.getTime()) {
-
- Timestamp temp = disabledDateFrom;
- disabledDateFrom = disabledDateTo;
- disabledDateTo = temp;
-
- }
-
- ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
- StringBuilder sql = new StringBuilder(
- "select " + PERMISSION_ENTRY_COLUMNS + " from " + PERMISSION_ENTRY_TABLES + ", AttributeDefName theAttributeDefName where " + PERMISSION_ENTRY_WHERE_CLAUSE
- + " and gadn.id = theAttributeDefName.id "
- + " and theAttributeDefName.attributeDefId = :theAttributeDefId "
- + " and gm.uuid is not null "
- + " and gaa.enabledDb = 'T' ");
-
- if (disabledDateFrom != null) {
- sql.append(" and gaa.disabledTimeDb >= :disabledDateFrom ");
- byHqlStatic.setLong( "disabledDateFrom" , disabledDateFrom.getTime() );
- }
- if (disabledDateTo != null) {
- sql.append(" and gaa.disabledTimeDb <= :disabledDateTo ");
- byHqlStatic.setLong( "disabledDateTo" , disabledDateTo.getTime() );
- }
-
- sql.append(
- " and not exists ( select gaaInner.id from " + PERMISSION_ENTRY_TABLES.replaceAll("(\\w+) (\\w+)", "$1 $2Inner") + " where " + PERMISSION_ENTRY_WHERE_CLAUSE.replace(".", "Inner.") +
- " and gadnInner.id = gadn.id " +
- " and gaaaInner.id = gaaa.id " +
- //note, who cares which role it is, if the user has the permission... (not exactly right if not flattening permissions, but thats ok)
- //" and validPermissionEntry.roleId = thePermissionEntry.roleId " +
- " and gmInner.uuid = gm.uuid " +
- " and gaaInner.enabledDb = 'T' and ( gaaInner.disabledTimeDb is null ");
-
- if (disabledDateTo != null) {
- sql.append(" or gaaInner.disabledTimeDb > :disabledDateTo ");
- } else if (disabledDateFrom != null) {
- sql.append(" or gaaInner.disabledTimeDb < :disabledDateFrom ");
- }
-
-
- sql.append(") )");
-
- Set<PermissionEntryImpl> permissionEntries = byHqlStatic
- .createQuery(sql.toString())
- .setCacheable(false)
- .setCacheRegion(KLASS + ".FindPermissionsByAttributeDefDisabledRange")
- .setString( "theAttributeDefId" , attributeDefId )
- .assignConvertHqlColumnsToObject(true)
- .listSet(PermissionEntryImpl.class);
-
- return new LinkedHashSet<PermissionEntry>(permissionEntries);
-
-
- }
-
- /**
- * @see PermissionEntryDAO#findAllPermissionsNotInGroupAndType(String, String, boolean, QueryOptions, Boolean, boolean)
- */
- public Set<PermissionEntry> findAllPermissionsNotInGroupAndType(String attributeDefId,
- String groupId, boolean immediateRoleMembershipsOrRoleSubject, QueryOptions queryOptions,
- Boolean enabled, boolean hasNoEndDate) {
-
- StringBuilder sql = new StringBuilder(
- "select " + PERMISSION_ENTRY_COLUMNS + " from " + PERMISSION_ENTRY_TABLES + ", AttributeDefName theAttributeDefName where " + PERMISSION_ENTRY_WHERE_CLAUSE
- + " and gadn.id = theAttributeDefName.id "
- + " and theAttributeDefName.attributeDefId = :theAttributeDefId "
- + " and gm.uuid is not null ");
-
- if (enabled != null) {
- sql.append(" and gaa.enabledDb = 'T' ");
- }
-
- if (immediateRoleMembershipsOrRoleSubject) {
- //either t
- sql.append(" and (gmav.depth = 0 " );
- sql.append(" or gaa.attributeAssignTypeDb != 'group' ) " );
- }
-
- if (hasNoEndDate) {
- sql.append(" and gaa.disabledTimeDb is null ");
- sql.append(" and gmav.disabledTimeDb is null ");
- }
-
- sql.append(" and gm.uuid not in ( select notInMembershipEntry.memberUuid from MembershipEntry as notInMembershipEntry " +
- " where notInMembershipEntry.ownerGroupId = :ownerGroupId "
- + " and notInMembershipEntry.fieldId = '" + Group.getDefaultList().getUuid() + "' ");
- if (enabled != null) {
- if (enabled) {
- sql.append(" and notInMembershipEntry.enabledDb = 'T' ");
- } else {
- sql.append(" and notInMembershipEntry.enabledDb = 'F' ");
- }
- }
- sql.append(" ) ");
-
- ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
- Set<PermissionEntryImpl> permissionEntries = byHqlStatic
- .createQuery(sql.toString())
- .setCacheable(false)
- .setCacheRegion(KLASS + ".FindAllPermissionsNotInGroupAndType")
- .setString( "theAttributeDefId" , attributeDefId )
- .setString( "ownerGroupId" , groupId )
- .assignConvertHqlColumnsToObject(true)
- .listSet(PermissionEntryImpl.class);
-
- return new LinkedHashSet<PermissionEntry>(permissionEntries);
-
-
- }
-
- /**
- * @see PermissionEntryDAO#findAllPermissionsNotInStem(String, Stem, Stem.Scope, boolean, QueryOptions, Boolean, boolean)
- */
- public Set<PermissionEntry> findAllPermissionsNotInStem(String attributeDefId,
- Stem ownerNotInStem, Stem.Scope stemScope, boolean immediateRoleMembershipsOrRoleSubject,
- QueryOptions queryOptions, Boolean enabled, boolean hasNoEndDate) {
-
- StringBuilder sql = new StringBuilder(
- "select " + PERMISSION_ENTRY_COLUMNS + " from " + PERMISSION_ENTRY_TABLES + ", AttributeDefName theAttributeDefName where " + PERMISSION_ENTRY_WHERE_CLAUSE
- + " and gadn.id = theAttributeDefName.id "
- + " and theAttributeDefName.attributeDefId = :theAttributeDefId "
- + " and gm.uuid is not null ");
-
- if (enabled != null) {
- sql.append(" and gaa.enabledDb = 'T' ");
- }
-
- if (immediateRoleMembershipsOrRoleSubject) {
- //either t
- sql.append(" and (gmav.depth = 0 " );
- sql.append(" or gaa.attributeAssignTypeDb != 'group' ) " );
- }
-
- if (hasNoEndDate) {
- sql.append(" and gaa.disabledTimeDb is null ");
- sql.append(" and gmav.disabledTimeDb is null ");
- }
-
- sql.append(" and not exists ( select notInMembershipEntry.memberUuid " +
- " from MembershipEntry as notInMembershipEntry, Group as theStemGroup " +
- " where notInMembershipEntry.ownerGroupId = theStemGroup.uuid "
- + " and notInMembershipEntry.memberUuid = gm.uuid "
- + " and notInMembershipEntry.fieldId = '" + Group.getDefaultList().getUuid() + "' ");
-
- ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
- switch (stemScope) {
- case ONE:
-
- sql.append(" and theStemGroup.parentUuid = :stemId ");
- byHqlStatic.setString("stemId", ownerNotInStem.getUuid());
- break;
-
- case SUB:
-
- sql.append(" and theStemGroup.nameDb like :stemSub ");
- byHqlStatic.setString("stemSub", ownerNotInStem.getName() + ":%");
-
- break;
- default:
- throw new RuntimeException("Not expecting scope: " + stemScope);
- }
-
- sql.append(" ) ");
-
-
- Set<PermissionEntryImpl> permissionEntries = byHqlStatic
- .createQuery(sql.toString())
- .setCacheable(false)
- .setCacheRegion(KLASS + ".FindAllPermissionsNotInStem")
- .setString( "theAttributeDefId" , attributeDefId )
- .assignConvertHqlColumnsToObject(true)
- .listSet(PermissionEntryImpl.class);
-
- return new LinkedHashSet<PermissionEntry>(permissionEntries);
-
- }
-
- /**
- * find permissions based on filter criteria
- */
- public Set<PermissionEntry> findPermissions(String attributeDefId,
- String attributeDefNameId, String ownerRoleId, String ownerMemberId,
- String action, Boolean enabled) {
-
- ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
- String selectPrefix = "select distinct " + PERMISSION_ENTRY_COLUMNS + " ";
-
- //doesnt work due to composite key, hibernate puts parens around it and mysql fails
- //String countPrefix = "select count(distinct pea) ";
-
- StringBuilder sqlTables = new StringBuilder(" from " + PERMISSION_ENTRY_TABLES + " ");
-
- StringBuilder sqlWhereClause = new StringBuilder(" " + PERMISSION_ENTRY_WHERE_CLAUSE + " ");
-
- GrouperSession grouperSession = GrouperSession.staticGrouperSession();
-
- Subject grouperSessionSubject = grouperSession.getSubject();
-
- grouperSession.getAttributeDefResolver().hqlFilterAttrDefsWhereClause(
- grouperSessionSubject, byHqlStatic,
- sqlTables, sqlWhereClause, "gadn.attributeDefId", AttributeDefPrivilege.ATTR_READ_PRIVILEGES);
-
- boolean changedQuery = grouperSession.getAccessResolver().hqlFilterGroupsWhereClause(
- grouperSessionSubject, byHqlStatic,
- sqlTables, "gr.uuid", AccessPrivilege.ATTRIBUTE_READ_PRIVILEGES);
-
- StringBuilder sql;
- if (changedQuery) {
- if (sqlWhereClause.length() > 0) {
- sql = sqlTables.append(" and ").append(sqlWhereClause);
- } else {
- throw new RuntimeException("Unexpected.");
- }
- } else {
- sql = sqlTables.append(" where ").append(sqlWhereClause);
- }
-
- if (enabled != null && enabled) {
- sql.append(" and gaa.enabledDb = 'T' ");
- }
- if (enabled != null && !enabled) {
- sql.append(" and gaa.enabledDb = 'F' ");
- }
-
- if (!StringUtils.isBlank(ownerRoleId)) {
- sql.append(" and gr.uuid = :theOwnerRoleId ");
- byHqlStatic.setString("theOwnerRoleId", ownerRoleId);
- }
-
- if (!StringUtils.isBlank(action)) {
- sql.append(" and gaaa.nameDb = :theAction ");
- byHqlStatic.setString("theAction", action);
- }
-
- if (!StringUtils.isBlank(attributeDefId)) {
- sql.append(" and gadn.attributeDefId = :theAttributeDefId ");
- byHqlStatic.setString("theAttributeDefId", attributeDefId);
- }
- if (!StringUtils.isBlank(attributeDefNameId)) {
- sql.append(" and gadn.id = :theAttributeDefNameId ");
- byHqlStatic.setString("theAttributeDefNameId", attributeDefNameId);
- }
- if (!StringUtils.isBlank(ownerMemberId)) {
- sql.append(" and gm.uuid = :theOwnerMemberId ");
- byHqlStatic.setString("theOwnerMemberId", ownerMemberId);
- }
- byHqlStatic
- .setCacheable(false)
- .setCacheRegion(KLASS + ".findPermissions");
-
- int maxAssignments = GrouperConfig.retrieveConfig().propertyValueInt("ws.findPermissions.maxResultSize", 30000);
-
- String sqlString = sql.toString();
-
- //if we did where and, then switch to where
- sqlString = sqlString.replaceAll("where\\s+and", "where");
- sqlString = sqlString.replaceAll("where\\s*$", "");
-
- Set<PermissionEntryImpl> resultsTemp = byHqlStatic.createQuery(selectPrefix + sqlString)
- .assignConvertHqlColumnsToObject(true)
- .listSet(PermissionEntryImpl.class);
-
- int size = GrouperUtil.length(resultsTemp);
- if (maxAssignments >= 0) {
-
- //doesnt work on mysql i think due to hibernate and composite key
- //size = byHqlStatic.createQuery(countPrefix + sqlString).uniqueResult(long.class);
-
- //see if too many
- if (size > maxAssignments) {
- throw new RuntimeException("Too many results: " + size);
- }
-
- }
-
- Set<PermissionEntry> results = new LinkedHashSet<PermissionEntry>(resultsTemp);
-
-
- //nothing to filter
- if (size == 0) {
- return results;
- }
-
- //if the hql didnt filter, we need to do that here
- results = grouperSession.getAttributeDefResolver().postHqlFilterPermissions(grouperSessionSubject, results);
-
- //we should be down to the secure list
- return results;
- }
-
- /**
- * @see PermissionEntry#findRolePermissions(String attributeDefId, String attributeDefNameId, String ownerRoleId, String action, Boolean enabled)
- */
- public Set<PermissionEntry> findRolePermissions(String attributeDefId,
- String attributeDefNameId, String ownerRoleId, String action, Boolean enabled) {
-
- ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
- String selectPrefix = "select distinct pea ";
-
- //doesnt work due to composite key, hibernate puts parens around it and mysql fails
- //String countPrefix = "select count(distinct pea) ";
-
- StringBuilder sqlTables = new StringBuilder(" from PermissionEntryRoleAssigned pea ");
-
- StringBuilder sqlWhereClause = new StringBuilder("");
-
- GrouperSession grouperSession = GrouperSession.staticGrouperSession();
-
- Subject grouperSessionSubject = grouperSession.getSubject();
-
- grouperSession.getAttributeDefResolver().hqlFilterAttrDefsWhereClause(
- grouperSessionSubject, byHqlStatic,
- sqlTables, sqlWhereClause, "pea.attributeDefId", AttributeDefPrivilege.ATTR_READ_PRIVILEGES);
-
- boolean changedQuery = grouperSession.getAccessResolver().hqlFilterGroupsWhereClause(
- grouperSessionSubject, byHqlStatic,
- sqlTables, "pea.roleId", AccessPrivilege.ATTRIBUTE_READ_PRIVILEGES);
-
- StringBuilder sql;
- if (changedQuery) {
- if (sqlWhereClause.length() > 0) {
- sql = sqlTables.append(" and ").append(sqlWhereClause);
- } else {
- sql = sqlTables;
- }
- } else {
- sql = sqlTables.append(" where ").append(sqlWhereClause);
- }
-
- if (enabled != null && enabled) {
- sql.append(" and pea.enabledDb = 'T' ");
- }
- if (enabled != null && !enabled) {
- sql.append(" and pea.enabledDb = 'F' ");
- }
-
- if (!StringUtils.isBlank(ownerRoleId)) {
- sql.append(" and pea.roleId = :theOwnerRoleId ");
- byHqlStatic.setString("theOwnerRoleId", ownerRoleId);
- }
-
- if (!StringUtils.isBlank(action)) {
- sql.append(" and pea.action = :theAction ");
- byHqlStatic.setString("theAction", action);
- }
-
- if (!StringUtils.isBlank(attributeDefId)) {
- sql.append(" and pea.attributeDefId = :theAttributeDefId ");
- byHqlStatic.setString("theAttributeDefId", attributeDefId);
- }
- if (!StringUtils.isBlank(attributeDefNameId)) {
- sql.append(" and pea.attributeDefNameId = :theAttributeDefNameId ");
- byHqlStatic.setString("theAttributeDefNameId", attributeDefNameId);
- }
- byHqlStatic
- .setCacheable(false)
- .setCacheRegion(KLASS + ".findRolePermissions");
-
- int maxAssignments = GrouperConfig.retrieveConfig().propertyValueInt("ws.findPermissions.maxResultSize", 30000);
-
- String sqlString = sql.toString();
-
- //if we did where and, then switch to where
- sqlString = sqlString.replaceAll("where\\s+and", "where");
- sqlString = sqlString.replaceAll("where\\s*$", "");
-
- Set<PermissionEntry> results = byHqlStatic.createQuery(selectPrefix + sqlString).listSet(PermissionEntry.class);
-
- int size = GrouperUtil.length(results);
- if (maxAssignments >= 0) {
-
- //doesnt work on mysql i think due to hibernate and composite key
- //size = byHqlStatic.createQuery(countPrefix + sqlString).uniqueResult(long.class);
-
- //see if too many
- if (size > maxAssignments) {
- throw new RuntimeException("Too many results: " + size);
- }
-
- }
-
-
- //nothing to filter
- if (size == 0) {
- return results;
- }
-
- //if the hql didnt filter, we need to do that here
- results = grouperSession.getAttributeDefResolver().postHqlFilterPermissions(grouperSessionSubject, results);
-
- //we should be down to the secure list
- return results;
-
- }
-
- /**
- * @see PermissionEntryDAO#findRolePermissions(Collection, Collection, Collection, Collection, Boolean, boolean)
- */
- public Set<PermissionEntry> findRolePermissions(Collection<String> attributeDefIds,
- Collection<String> attributeDefNameIds, Collection<String> roleIds,
- Collection<String> actions, Boolean enabled, boolean noEndDate) {
- return findRolePermissions(attributeDefIds, attributeDefNameIds, roleIds, actions, enabled, noEndDate, null, null);
- }
-
- /**
- * @see PermissionEntryDAO#findRolePermissions(Collection, Collection, Collection, Collection, Boolean, boolean, Stem, Scope)
- */
- public Set<PermissionEntry> findRolePermissions(Collection<String> attributeDefIds,
- Collection<String> attributeDefNameIds, Collection<String> roleIds,
- Collection<String> actions, Boolean enabled, boolean noEndDate,
- Stem permissionNameInStem, Scope permissionNameInStemScope) {
- int roleIdsSize = GrouperUtil.length(roleIds);
- int actionsSize = GrouperUtil.length(actions);
- int attributeDefIdsSize = GrouperUtil.length(attributeDefIds);
- int attributeDefNameIdsSize = GrouperUtil.length(attributeDefNameIds);
-
- //too many bind vars
- if (roleIdsSize + attributeDefIdsSize + attributeDefNameIdsSize + actionsSize > 100) {
- throw new RuntimeException("Too many roleIdsSize " + roleIdsSize + " or attributeDefIdsSize "
- + attributeDefIdsSize + " or attributeDefNameIds " + attributeDefNameIdsSize + " or actionsSize " + actionsSize );
- }
-
- ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
- String selectPrefix = "select distinct pea ";
-
- //doesnt work due to composite key, hibernate puts parens around it and mysql fails
- //String countPrefix = "select count(distinct pea) ";
-
- StringBuilder sqlTables = new StringBuilder(" from PermissionEntryRoleAssigned pea ");
-
- if (permissionNameInStem != null && permissionNameInStemScope == Scope.ONE) {
- sqlTables.append(" , AttributeDefName adn ");
- }
-
- StringBuilder sqlWhereClause = new StringBuilder("");
-
- GrouperSession grouperSession = GrouperSession.staticGrouperSession();
-
- Subject grouperSessionSubject = grouperSession.getSubject();
-
- grouperSession.getAttributeDefResolver().hqlFilterAttrDefsWhereClause(
- grouperSessionSubject, byHqlStatic,
- sqlTables, sqlWhereClause, "pea.attributeDefId", AttributeDefPrivilege.ATTR_READ_PRIVILEGES);
-
- boolean changedQuery = grouperSession.getAccessResolver().hqlFilterGroupsWhereClause(
- grouperSessionSubject, byHqlStatic,
- sqlTables, "pea.roleId", AccessPrivilege.ATTRIBUTE_READ_PRIVILEGES);
-
- StringBuilder sql;
- if (changedQuery) {
- if (sqlWhereClause.length() > 0) {
- sql = sqlTables.append(" and ").append(sqlWhereClause);
- } else {
- sql = sqlTables;
- }
- } else {
- sql = sqlTables.append(" where ").append(sqlWhereClause);
- }
-
- if (enabled != null && enabled) {
- sql.append(" and pea.enabledDb = 'T' ");
- }
- if (enabled != null && !enabled) {
- sql.append(" and pea.enabledDb = 'F' ");
- }
-
- if (noEndDate) {
- sql.append(" and pea.disabledTimeDb is null ");
- }
-
- if (permissionNameInStem != null) {
- switch (permissionNameInStemScope) {
- case ONE:
- sql.append(" and pea.attributeDefNameId = adn.id and adn.stemId = :stemId ");
- byHqlStatic.setString("stemId", permissionNameInStem.getUuid());
- break;
- case SUB:
-
- sql.append(" and pea.attributeDefNameName like :stemSub ");
- byHqlStatic.setString("stemSub", permissionNameInStem.getName() + ":%");
-
- break;
- default:
- throw new RuntimeException("Not expecting permissionNameInStemScope: " + permissionNameInStemScope);
- }
- }
-
-
- if (actionsSize > 0) {
- sql.append(" and pea.action in (");
- sql.append(HibUtils.convertToInClause(actions, byHqlStatic));
- sql.append(") ");
- }
- if (roleIdsSize > 0) {
- sql.append(" and pea.roleId in (");
- sql.append(HibUtils.convertToInClause(roleIds, byHqlStatic));
- sql.append(") ");
- }
- if (attributeDefIdsSize > 0) {
- sql.append(" and pea.attributeDefId in (");
- sql.append(HibUtils.convertToInClause(attributeDefIds, byHqlStatic));
- sql.append(") ");
- }
- if (attributeDefNameIdsSize > 0) {
- sql.append(" and pea.attributeDefNameId in (");
- sql.append(HibUtils.convertToInClause(attributeDefNameIds, byHqlStatic));
- sql.append(") ");
- }
-
- QueryOptions queryOptions = new QueryOptions();
- QuerySort querySort = new QuerySort("pea.action", true);
- querySort.insertSortToBeginning("pea.roleDisplayName", true);
- querySort.insertSortToBeginning("pea.attributeDefNameDispName", true);
- queryOptions.sort(querySort);
-
- byHqlStatic
- .setCacheable(false).options(queryOptions)
- .setCacheRegion(KLASS + ".findRolePermissions");
-
- int maxAssignments = GrouperConfig.retrieveConfig().propertyValueInt("ws.findPermissions.maxResultSize", 30000);
-
- String sqlString = sql.toString();
-
- //if we did where and, then switch to where
- sqlString = sqlString.replaceAll("where\\s+and", "where");
-
- Set<PermissionEntry> results = byHqlStatic.createQuery(selectPrefix + sqlString).listSet(PermissionEntry.class);
-
- int size = GrouperUtil.length(results);
- if (maxAssignments >= 0) {
-
- //doesnt work on mysql i think due to hibernate and composite key
- //size = byHqlStatic.createQuery(countPrefix + sqlString).uniqueResult(long.class);
-
- //see if too many
- if (size > maxAssignments) {
- throw new RuntimeException("Too many results: " + size);
- }
-
- }
-
-
- //nothing to filter
- if (size == 0) {
- return results;
- }
-
- //if the hql didnt filter, we need to do that here
- results = grouperSession.getAttributeDefResolver().postHqlFilterPermissions(grouperSessionSubject, results);
-
- //we should be down to the secure list
- return results;
-
- }
-}
[6/7] airavata git commit: WIP
Posted by sc...@apache.org.
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/permissions/PermissionFinder.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/permissions/PermissionFinder.java b/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/permissions/PermissionFinder.java
deleted file mode 100755
index 390fe31..0000000
--- a/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/permissions/PermissionFinder.java
+++ /dev/null
@@ -1,770 +0,0 @@
-/**
- * Copyright 2014 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @author mchyzer
- * $Id$
- */
-package edu.internet2.middleware.grouper.permissions;
-
-import java.sql.Timestamp;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.commons.lang.StringUtils;
-
-import edu.internet2.middleware.grouper.GroupFinder;
-import edu.internet2.middleware.grouper.GrouperSession;
-import edu.internet2.middleware.grouper.Member;
-import edu.internet2.middleware.grouper.MemberFinder;
-import edu.internet2.middleware.grouper.Stem;
-import edu.internet2.middleware.grouper.Stem.Scope;
-import edu.internet2.middleware.grouper.attr.AttributeDef;
-import edu.internet2.middleware.grouper.attr.AttributeDefName;
-import edu.internet2.middleware.grouper.attr.finder.AttributeDefFinder;
-import edu.internet2.middleware.grouper.attr.finder.AttributeDefNameFinder;
-import edu.internet2.middleware.grouper.internal.dao.QueryOptions;
-import edu.internet2.middleware.grouper.misc.GrouperDAOFactory;
-import edu.internet2.middleware.grouper.permissions.PermissionEntry.PermissionType;
-import edu.internet2.middleware.grouper.permissions.limits.PermissionLimitBean;
-import edu.internet2.middleware.grouper.permissions.role.Role;
-import edu.internet2.middleware.grouper.util.GrouperUtil;
-import edu.internet2.middleware.subject.Subject;
-
-
-/**
- *
- */
-public class PermissionFinder {
-
- /**
- * limitEnvVars if processing limits, pass in a map of limits. The name is the
- * name of the variable, and the value is the value. Note, you can typecast the
- * values by putting a valid type in parens in front of the param name. e.g.
- * name: (int)amount, value: 50
- */
- private Map<String, Object> limitEnvVars = null;
-
- /**
- * limitEnvVars if processing limits with PermissionProcessor, pass in a map of limits. The name is the
- * name of the variable, and the value is the value. Note, you can typecast the
- * values by putting a valid type in parens in front of the param name. e.g.
- * name: (int)amount, value: 50
- * @param key
- * @param value
- * @return this for chaining
- */
- public PermissionFinder addLimitEnvVar(String key, Object value) {
- if (this.limitEnvVars == null) {
- this.limitEnvVars = new LinkedHashMap<String, Object>();
- }
- this.limitEnvVars.put(key, value);
- return this;
- }
-
- /**
- * limitEnvVars if processing limits, pass in a map of limits. The name is the
- * name of the variable, and the value is the value. Note, you can typecast the
- * values by putting a valid type in parens in front of the param name. e.g.
- * name: (int)amount, value: 50
- * @param theEnvVars the map to replace
- * @return this for chaining
- */
- public PermissionFinder assignLimitEnvVars(Map<String, Object> theEnvVars) {
- this.limitEnvVars = theEnvVars;
- return this;
- }
-
- /**
- *
- */
- private Collection<String> memberIds = null;
-
- /**
- * add a member id to the search criteria
- * @param memberId
- * @return this for chaining
- */
- public PermissionFinder addMemberId(String memberId) {
- if (this.memberIds == null) {
- this.memberIds = new ArrayList<String>();
- }
- //no need to look for dupes
- if (!this.memberIds.contains(memberId)) {
- this.memberIds.add(memberId);
- }
- return this;
- }
-
- /**
- * add a collection of member ids to look for
- * @param theMemberIds
- * @return this for chaining
- */
- public PermissionFinder assignMemberIds(Collection<String> theMemberIds) {
- this.memberIds = theMemberIds;
- return this;
- }
-
- /**
- * add a subject to look for.
- * @param subject
- * @return this for chaining
- */
- public PermissionFinder addSubject(Subject subject) {
-
- //note, since we are chaining, we need to add if not found, since if we dont, it will find for
- //all subjects if no more are added
- Member member = MemberFinder.findBySubject(GrouperSession.staticGrouperSession(), subject, true);
- return this.addMemberId(member.getUuid());
- }
-
- /**
- *
- */
- private Collection<String> roleIds = null;
-
- /**
- * add a role id to the search criteria
- * @param roleId
- * @return this for chaining
- */
- public PermissionFinder addRoleId(String roleId) {
- if (!StringUtils.isBlank(roleId)) {
- if (this.roleIds == null) {
- this.roleIds = new ArrayList<String>();
- }
- //no need to look for dupes
- if (!this.roleIds.contains(roleId)) {
- this.roleIds.add(roleId);
- }
- }
- return this;
- }
-
- /**
- * assign a collection of role ids to look for
- * @param theRoleIds
- * @return this for chaining
- */
- public PermissionFinder assignRoleIds(Collection<String> theRoleIds) {
- this.roleIds = theRoleIds;
- return this;
- }
-
- /**
- * add a role to look for.
- * @param role
- * @return this for chaining
- */
- public PermissionFinder addRole(Role role) {
-
- return this.addRoleId(role.getId());
- }
-
- /**
- * add a role to look for by name.
- * @param name
- * @return this for chaining
- */
- public PermissionFinder addRole(String name) {
-
- Role role = GroupFinder.findByName(GrouperSession.staticGrouperSession(), name, true);
-
- return this.addRoleId(role.getId());
- }
-
-
- /**
- *
- */
- private Collection<String> permissionDefIds = null;
-
- /**
- * add a attribute def id to the search criteria
- * @param attributeDefId
- * @return this for chaining
- */
- public PermissionFinder addPermissionDefId(String attributeDefId) {
- if (!StringUtils.isBlank(attributeDefId)) {
- if (this.permissionDefIds == null) {
- this.permissionDefIds = new ArrayList<String>();
- }
- //no need to look for dupes
- if (!this.permissionDefIds.contains(attributeDefId)) {
- this.permissionDefIds.add(attributeDefId);
- }
- }
- return this;
- }
-
- /**
- * assign a collection of attribute def ids to look for
- * @param theAttributeDefIds
- * @return this for chaining
- */
- public PermissionFinder assignPermissionDefIds(Collection<String> theAttributeDefIds) {
- this.permissionDefIds = theAttributeDefIds;
- return this;
- }
-
- /**
- * if narrowing search for permissions in a certain folder only
- * @param permissionNameFolder1
- * @return this for chaining
- */
- public PermissionFinder assignPermissionNameFolder(Stem permissionNameFolder1) {
- this.permissionNameFolder = permissionNameFolder1;
- return this;
- }
-
- /**
- * if searching in a folder, this is the scope: only in this folder, or also in subfolders
- * @param scope
- * @return this for chaining
- */
- public PermissionFinder assignPermissionNameFolderScope(Scope scope) {
- this.permissionNameFolderScope = scope;
- return this;
- }
-
- /**
- * add a attribute def to look for.
- * @param attributeDef
- * @return this for chaining
- */
- public PermissionFinder addPermissionDef(AttributeDef attributeDef) {
-
- return this.addPermissionDefId(attributeDef.getId());
- }
-
- /**
- * add a attribute def to look for by name.
- * @param attributeDefName
- * @return this for chaining
- */
- public PermissionFinder addPermissionDef(String attributeDefName) {
-
- AttributeDef attributeDef = AttributeDefFinder.findByName(attributeDefName, true);
-
- return this.addPermissionDefId(attributeDef.getId());
- }
-
-
- /**
- *
- */
- private Collection<String> permissionNameIds = null;
-
- /**
- * if looking for permissions in a certain folder
- */
- private Stem permissionNameFolder = null;
-
- /**
- * if looking for permissions in any subfolder, or just in this folder directly
- */
- private Scope permissionNameFolderScope = null;
-
- /**
- * add an attribute def name id to the search criteria
- * @param attributeDefNameId
- * @return this for chaining
- */
- public PermissionFinder addPermissionNameId(String attributeDefNameId) {
- if (!StringUtils.isBlank(attributeDefNameId)) {
- if (this.permissionNameIds == null) {
- this.permissionNameIds = new ArrayList<String>();
- }
- //no need to look for dupes
- if (!this.permissionNameIds.contains(attributeDefNameId)) {
- this.permissionNameIds.add(attributeDefNameId);
- }
- }
- return this;
- }
-
- /**
- * assign a collection of attribute def name ids to look for
- * @param theAttributeDefNameIds
- * @return this for chaining
- */
- public PermissionFinder assignPermissionNameIds(Collection<String> theAttributeDefNameIds) {
- this.permissionNameIds = theAttributeDefNameIds;
- return this;
- }
-
- /**
- * add a attribute def name to look for.
- * @param attributeDefName
- * @return this for chaining
- */
- public PermissionFinder addPermissionName(AttributeDefName attributeDefName) {
-
- return this.addPermissionNameId(attributeDefName.getId());
- }
-
- /**
- * add a attribute def name to look for by name.
- * @param name
- * @return this for chaining
- */
- public PermissionFinder addPermissionName(String name) {
-
- AttributeDefName attributeDefName = AttributeDefNameFinder.findByName(name, true);
-
- return this.addPermissionNameId(attributeDefName.getId());
- }
-
-
- /**
- *
- */
- private Collection<String> actions = null;
-
- /**
- * add a action to the search criteria
- * @param action
- * @return this for chaining
- */
- public PermissionFinder addAction(String action) {
- if (!StringUtils.isBlank(action)) {
- if (this.actions == null) {
- this.actions = new ArrayList<String>();
- }
- //no need to look for dupes
- if (!this.actions.contains(action)) {
- this.actions.add(action);
- }
- }
- return this;
- }
-
- /**
- * if sorting or paging
- */
- private QueryOptions queryOptions;
-
- /**
- * if sorting, paging, caching, etc
- * @param theQueryOptions
- * @return this for chaining
- */
- public PermissionFinder assignQueryOptions(QueryOptions theQueryOptions) {
- this.queryOptions = theQueryOptions;
- return this;
- }
-
- /**
- * assign actions to search for, return this for chaining
- * @param theActions
- * @return this for chaining
- */
- public PermissionFinder assignActions(Collection<String> theActions) {
- this.actions = theActions;
- return this;
- }
-
- /** if we should look for all, or enabled only. default is all */
- private Boolean enabled;
-
- /**
- * true means enabled only, false, means disabled only, and null means all
- * @param theEnabled
- * @return this for chaining
- */
- public PermissionFinder assignEnabled(Boolean theEnabled) {
- this.enabled = theEnabled;
- return this;
- }
-
- /**
- * if we should find the best answer, or process limits, etc
- */
- private PermissionProcessor permissionProcessor;
-
- /**
- * if we should find the best answer, or process limits, etc
- * @param thePermissionProcessor
- * @return this for chaining
- */
- public PermissionFinder assignPermissionProcessor(PermissionProcessor thePermissionProcessor) {
- this.permissionProcessor = thePermissionProcessor;
- return this;
- }
-
- /** if we should filter out non immediate permissions */
- private boolean immediateOnly = false;
-
- /**
- * if we should filter out non immediate permissions
- * @param theImmediate
- * @return this for chaining
- */
- public PermissionFinder assignImmediateOnly(boolean theImmediate) {
- this.immediateOnly = theImmediate;
- return this;
- }
-
- /** are we looking for role permissions or subject permissions? cant be null */
- private PermissionType permissionType = PermissionType.role_subject;
-
- /**
- * are we looking for role permissions or subject permissions? cant be null
- * @param thePermissionType
- * @return this for chaining
- */
- public PermissionFinder assignPermissionType(PermissionType thePermissionType) {
- this.permissionType = thePermissionType;
- return this;
- }
-
-
- /**
- * based on what you are querying for, see if has permission.
- * Note, you should be looking for one subject,
- * one action, one resource, one role or multiple roles, etc
- * If you are looking for multiple, it will see if anyone has that permission
- * @return true if has permission, false if not
- */
- public boolean hasPermission() {
-
- //there needs to be a subject if looking by subject
- if (this.permissionType == PermissionType.role_subject) {
- if (GrouperUtil.length(this.memberIds) != 1) {
- throw new RuntimeException("You need to search for 1 and only 1 subject when using hasPermission for subject permissions: " + this);
- }
- } else if (this.permissionType == PermissionType.role) {
- if (GrouperUtil.length(this.roleIds) != 1) {
- throw new RuntimeException("You need to search for 1 and only 1 role when using hasPermission for role permissions: " + this);
- }
- }
-
- if (this.permissionProcessor == null) {
- //get all the permissions for this user in these roles
- this.permissionProcessor = limitEnvVars == null ? PermissionProcessor.FILTER_REDUNDANT_PERMISSIONS_AND_ROLES
- : PermissionProcessor.FILTER_REDUNDANT_PERMISSIONS_AND_ROLES_AND_PROCESS_LIMITS ;
- } else if (this.permissionProcessor != PermissionProcessor.FILTER_REDUNDANT_PERMISSIONS_AND_ROLES
- && this.permissionProcessor != PermissionProcessor.FILTER_REDUNDANT_PERMISSIONS_AND_ROLES_AND_PROCESS_LIMITS){
- throw new RuntimeException("permissionProcessor must be FILTER_REDUNDANT_PERMISSIONS_AND_ROLES " +
- "or FILTER_REDUNDANT_PERMISSIONS_AND_ROLES_AND_PROCESS_LIMITS");
- }
-
- Set<PermissionEntry> permissionEntriesSet = findPermissions();
-
- if (GrouperUtil.length(permissionEntriesSet) > 1) {
- throw new RuntimeException("Why is there more than one permission entry? " + GrouperUtil.stringValue(permissionEntriesSet));
- }
-
- if (GrouperUtil.length(permissionEntriesSet) == 0) {
- return false;
- }
-
- if (pointInTimeTo != null || pointInTimeFrom != null) {
- // we're not taking into consideration limits here...
- return !permissionEntriesSet.iterator().next().isDisallowed();
- }
-
- return permissionEntriesSet.iterator().next().isAllowedOverall();
- }
-
- /**
- * get the permissions, and the limits, so the caller (e.g. the UI/WS) doesnt have to get them again
- * @return the map of entry to the limits and values
- */
- public Map<PermissionEntry, Set<PermissionLimitBean>> findPermissionsAndLimits() {
-
- PermissionProcessor originalProcessor = this.permissionProcessor;
-
- this.validateProcessor();
-
- PermissionProcessor nonLimitProcessor = originalProcessor;
- boolean getLimits = false;
-
- if (originalProcessor != null && this.permissionProcessor.isLimitProcessor()) {
- nonLimitProcessor = this.permissionProcessor.nonLimitPermissionProcesssor();
- getLimits = true;
- }
-
- //do this without limits
- this.assignPermissionProcessor(nonLimitProcessor);
-
- Set<PermissionEntry> permissionEntrySet = this.findPermissions();
-
- //List<PermissionEntry> permissionEntryList = new ArrayList<PermissionEntry>(permissionEntrySet);
- //for (PermissionEntry permissionEntry : permissionEntryList) {
- // System.out.println(permissionEntry.getRole().getDisplayExtension() + " - "
- // + permissionEntry.getSubjectId() + " - " + permissionEntry.getAction() + " - "
- // + permissionEntry.getAttributeDefName().getDisplayExtension() + " - "
- // + permissionEntry.getAttributeAssignId());
- //}
- //System.out.println("\n");
-
- //assign back original
- this.assignPermissionProcessor(originalProcessor);
-
- //get limits from permissions
- //CH 20111005: pass PIT to this method, to get limit attribute assignments at a certain point in time
- Map<PermissionEntry, Set<PermissionLimitBean>> permissionLimitBeanMap = GrouperUtil.nonNull(PermissionLimitBean.findPermissionLimits(permissionEntrySet));
-
- //if (GrouperUtil.length(permissionLimitBeanMap) > 0) {
- // for (PermissionEntry permissionEntry : permissionLimitBeanMap.keySet()) {
- // System.out.println(permissionEntry.getRole().getDisplayExtension() + " - "
- // + permissionEntry.getSubjectId() + " - " + permissionEntry.getAction() + " - "
- // + permissionEntry.getAttributeDefName().getDisplayExtension() + " - "
- // + permissionEntry.getAttributeAssignId() + ":");
- // Set<PermissionLimitBean> permissionLimitBeans = permissionLimitBeanMap.get(permissionEntry);
- // for (PermissionLimitBean permissionLimitBean : GrouperUtil.nonNull(permissionLimitBeans)) {
- // System.out.println(" -> " + permissionLimitBean.getLimitAssign().getId() + " - "
- // + permissionLimitBean.getLimitAssign().getAttributeDefName().getDisplayExtension());
- // }
- // }
- //}
-
- if (getLimits) {
- PermissionProcessor.processLimits(permissionEntrySet, this.limitEnvVars, permissionLimitBeanMap);
- }
-
- return permissionLimitBeanMap;
- }
-
- /**
- * permission result gives helper methods in processing the results
- * @return the permission result
- */
- public PermissionResult findPermissionResult() {
-
- Set<PermissionEntry> permissionEntries = this.findPermissions();
-
- return new PermissionResult(permissionEntries);
- }
-
- /**
- * find a list of permissions
- * @return the set of permissions never null
- */
- public Set<PermissionEntry> findPermissions() {
-
- validateProcessor();
-
- Set<PermissionEntry> permissionEntries = null;
-
- if (pointInTimeFrom == null && pointInTimeTo == null) {
- if (this.permissionType == PermissionType.role_subject) {
- permissionEntries = GrouperDAOFactory.getFactory().getPermissionEntry().findPermissions(
- this.permissionDefIds, this.permissionNameIds, this.roleIds, this.actions, this.enabled,
- this.memberIds, false, this.permissionNameFolder, this.permissionNameFolderScope, this.queryOptions);
- } else if (this.permissionType == PermissionType.role) {
- permissionEntries = GrouperDAOFactory.getFactory().getPermissionEntry().findRolePermissions(
- this.permissionDefIds, this.permissionNameIds, this.roleIds, this.actions,
- this.enabled, false, this.permissionNameFolder, this.permissionNameFolderScope);
- } else {
- throw new RuntimeException("Not expecting permission type: " + this.permissionType);
- }
- } else {
- if (this.permissionType == PermissionType.role_subject) {
- if (this.permissionNameFolder != null) {
- throw new RuntimeException("Not implemented looking for permissions by folder and point in time");
- }
- permissionEntries = GrouperDAOFactory.getFactory().getPITPermissionAllView().findPermissions(
- permissionDefIds, permissionNameIds, roleIds, actions, memberIds, pointInTimeFrom, pointInTimeTo);
- } else {
- throw new RuntimeException("Not expecting permission type: " + this.permissionType);
- }
- }
-
- //if size is one, there arent redundancies to process
- if (this.permissionProcessor != null) {
- this.permissionProcessor.processPermissions(permissionEntries, this.limitEnvVars);
- }
-
- //if immediate only, do this after processing since it might affect the best decision
- if (this.immediateOnly) {
- //see if we are doing immediate only
- Iterator<PermissionEntry> iterator = GrouperUtil.nonNull(permissionEntries).iterator();
- while (iterator.hasNext()) {
- PermissionEntry permissionEntry = iterator.next();
- if (!permissionEntry.isImmediate(this.permissionType)) {
- iterator.remove();
- }
- }
- }
-
- return permissionEntries;
-
- }
-
- /**
- * validate that the processor dosent conflict with anything...
- */
- private void validateProcessor() {
- if (this.permissionProcessor != null && (this.enabled != null && !this.enabled)) {
- throw new RuntimeException("You cannot process the permissions " +
- "(FILTER_REDUNDANT_PERMISSIONS || FILTER_REUNDANT_PERMISSIONS_AND_ROLES) " +
- "without looking for enabled permissions only");
- }
-
- //if processing permissions, just look at enabled
- if (this.permissionProcessor != null && this.enabled == null) {
- this.enabled = true;
- }
-
- // verify options for point in time queries
- if (pointInTimeFrom != null || pointInTimeTo != null) {
- if (limitEnvVars != null && limitEnvVars.size() > 0) {
- throw new RuntimeException("Cannot use limits for point in time queries.");
- }
-
- if (immediateOnly) {
- throw new RuntimeException("immediateOnly is not supported for point in time queries.");
- }
-
- if (enabled == null || !enabled) {
- throw new RuntimeException("Cannot search for disabled permissions for point in time queries.");
- }
-
- if (permissionType == PermissionType.role) {
- throw new RuntimeException("Permission type " + PermissionType.role.getName() + " is not supported for point in time queries.");
- }
-
- if (permissionProcessor != null) {
- if (permissionProcessor.isLimitProcessor()) {
- throw new RuntimeException("limit processors are not supported for point in time queries.");
- }
-
- if (pointInTimeFrom == null || pointInTimeTo == null || pointInTimeFrom.getTime() != pointInTimeTo.getTime()) {
- throw new RuntimeException("When using permission processors with point in time queries, queries have to be at a single point in time.");
- }
- }
- }
- }
-
- /**
- * find a permission
- * @param exceptionIfNotFound true if exception should be thrown if permission not found
- * @return the permission or null
- */
- public PermissionEntry findPermission(boolean exceptionIfNotFound) {
-
- Set<PermissionEntry> permissions = findPermissions();
-
- //this should find one if it is there...
- PermissionEntry permissionEntry = null;
-
- if (GrouperUtil.length(permissions) > 1) {
- throw new RuntimeException("Why is there more than one permission found? " + this);
- }
-
- if (GrouperUtil.length(permissions) == 1) {
- permissionEntry = permissions.iterator().next();
- }
-
- if (permissionEntry == null && exceptionIfNotFound) {
- throw new RuntimeException("could not find permission: "
- + this);
- }
- return permissionEntry;
-
- }
-
- /**
- * @see Object#toString()
- */
- @Override
- public String toString() {
- StringBuilder result = new StringBuilder();
- if (GrouperUtil.length(this.actions) > 0) {
- result.append("actions: ").append(GrouperUtil.toStringForLog(this.actions, 100));
- }
- if (GrouperUtil.length(this.permissionDefIds) > 0) {
- result.append("attributeDefIds: ").append(GrouperUtil.toStringForLog(this.permissionDefIds, 100));
- }
- if (GrouperUtil.length(this.permissionNameIds) > 0) {
- result.append("attributeDefNameIds: ").append(GrouperUtil.toStringForLog(this.permissionNameIds, 100));
- }
- if (enabled != null) {
- result.append("enabled: ").append(this.enabled);
- }
- if (this.immediateOnly) {
- result.append("immediateOnly: ").append(this.immediateOnly);
- }
- if (GrouperUtil.length(this.limitEnvVars) > 0) {
- result.append("limitEnvVars: ").append(GrouperUtil.toStringForLog(this.limitEnvVars, 100));
- }
- if (GrouperUtil.length(this.memberIds) > 0) {
- result.append("memberIds: ").append(GrouperUtil.toStringForLog(this.memberIds, 100));
- }
- if (this.permissionProcessor != null) {
- result.append("permissionProcessor: ").append(this.permissionProcessor);
- }
- if (this.permissionType != null) {
- result.append("permissionType: ").append(this.permissionType);
- }
- if (GrouperUtil.length(this.roleIds) > 0) {
- result.append("roleIds: ").append(GrouperUtil.toStringForLog(this.roleIds, 100));
- }
- return result.toString();
- }
-
- /**
- * To query permissions at a certain point in time or time range in the past, set this value
- * and/or the value of pointInTimeTo. This parameter specifies the start of the range
- * of the point in time query. If this is specified but pointInTimeTo is not specified,
- * then the point in time query range will be from the time specified to now.
- */
- private Timestamp pointInTimeFrom = null;
-
- /**
- * To query permissions at a certain point in time or time range in the past, set this value
- * and/or the value of pointInTimeFrom. This parameter specifies the end of the range
- * of the point in time query. If this is the same as pointInTimeFrom, then the query
- * will be done at a single point in time rather than a range. If this is specified but
- * pointInTimeFrom is not specified, then the point in time query range will be from the
- * minimum point in time to the time specified.
- */
- private Timestamp pointInTimeTo = null;
-
- /**
- * To query permissions at a certain point in time or time range in the past, set this value
- * and/or the value of pointInTimeTo. This parameter specifies the start of the range
- * of the point in time query. If this is specified but pointInTimeTo is not specified,
- * then the point in time query range will be from the time specified to now.
- * @param pointInTimeFrom
- * @return this for changing
- */
- public PermissionFinder assignPointInTimeFrom(Timestamp pointInTimeFrom) {
- this.pointInTimeFrom = pointInTimeFrom;
- return this;
- }
-
- /**
- * To query permissions at a certain point in time or time range in the past, set this value
- * and/or the value of pointInTimeFrom. This parameter specifies the end of the range
- * of the point in time query. If this is the same as pointInTimeFrom, then the query
- * will be done at a single point in time rather than a range. If this is specified but
- * pointInTimeFrom is not specified, then the point in time query range will be from the
- * minimum point in time to the time specified.
- * @param pointInTimeTo
- * @return this for changing
- */
- public PermissionFinder assignPointInTimeTo(Timestamp pointInTimeTo) {
- this.pointInTimeTo = pointInTimeTo;
- return this;
- }
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/AiravataGrouperUtil.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/AiravataGrouperUtil.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/AiravataGrouperUtil.java
deleted file mode 100755
index 3dc164c..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/AiravataGrouperUtil.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- *
- */
-package org.apache.airavata.grouper;
-
-
-/**
- * @author vsachdeva
- *
- */
-public class AiravataGrouperUtil {
-
- public static final String COLON = ":";
-
- public static final String ROOT_STEM_NAME = "airavata";
-
- public static final String ROLES_STEM_NAME = ROOT_STEM_NAME + COLON + "roles";
-
- public static final String GROUPS_STEM_NAME = ROOT_STEM_NAME + COLON +"groups";
-
- public static final String PROJECT_STEM_NAME = ROOT_STEM_NAME + COLON + "projects";
-
- public static final String EXPERIMENT_STEM_NAME = ROOT_STEM_NAME + COLON + "experiments";
-
- public static final String DATA_STEM_NAME = ROOT_STEM_NAME + COLON + "data";
-
- public static final String OTHER_STEM_NAME = ROOT_STEM_NAME + COLON + "other";
-
- public static final String PERMISSIONS_ATTRIBUTE_DEF = ROOT_STEM_NAME + COLON + "permissions" + COLON + "airavataAttributeDef";
-
- public static final String SUBJECT_SOURCE = "AIRAVATA_SUBJECT_SOURCE";
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerCPI.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerCPI.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerCPI.java
deleted file mode 100644
index e34c341..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerCPI.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package org.apache.airavata.grouper;
-
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-import org.apache.airavata.grouper.group.Group;
-=======
->>>>>>> adding more files
-import org.apache.airavata.grouper.permission.PermissionAction;
-import org.apache.airavata.grouper.resource.Resource;
-import org.apache.airavata.grouper.resource.ResourceType;
-
-import java.util.List;
-import java.util.Set;
-
-public interface GroupManagerCPI {
- void createResource(Resource projectResource);
-
- boolean isResourceRegistered(String resourceId, org.apache.airavata.grouper.resource.ResourceType resourceType);
-
- void grantPermission(String userId, SubjectType subjectType, String resourceId, ResourceType resourceType,
- PermissionAction permissionAction);
-
- void revokePermission(String userId, SubjectType subjectType, String resourceId, ResourceType resourceType,
- PermissionAction action);
-
- Set<String> getAllAccessibleUsers(String resourceId, ResourceType resourceType, PermissionAction permissionType);
-
- List<String> getAccessibleResourcesForUser(String userId, ResourceType resourceType, PermissionAction permissionAction);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- void createGroup(Group group);
-
- void updateGroup(Group group);
-
- void deleteGroup(String groupId, String s);
-
- Group getGroup(String groupId);
-
- List<Group> getAllGroupsUserBelongs(String userId);
-=======
->>>>>>> adding more files
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerException.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerException.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerException.java
deleted file mode 100644
index 4f8951e..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerException.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
-*/
-package org.apache.airavata.grouper;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class GroupManagerException extends Exception {
- private final static Logger logger = LoggerFactory.getLogger(GroupManagerException.class);
-
- public GroupManagerException(Exception e) {
- super(e);
- }
-
- public GroupManagerException(String s) {
- super(s);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerFactory.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerFactory.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerFactory.java
deleted file mode 100644
index 5c6a447..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerFactory.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
-*/
-package org.apache.airavata.grouper;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class GroupManagerFactory {
- private final static Logger logger = LoggerFactory.getLogger(GroupManagerFactory.class);
-
- private static GroupManagerCPI groupManager;
-
- public static GroupManagerCPI getGroupManager() throws GroupManagerException {
- try {
- if (groupManager == null) {
- groupManager = new GroupManagerImpl();
- }
- } catch (Exception e) {
- logger.error("Unable to create Group Manager client", e);
- throw new GroupManagerException(e);
- }
- return groupManager;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerImpl.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerImpl.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerImpl.java
deleted file mode 100644
index cb4a4ce..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/GroupManagerImpl.java
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
-*/
-package org.apache.airavata.grouper;
-
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-import org.apache.airavata.grouper.group.Group;
-import org.apache.airavata.grouper.group.GroupMembership;
-import org.apache.airavata.grouper.group.GroupServiceImpl;
-import org.apache.airavata.grouper.permission.PermissionAction;
-import org.apache.airavata.grouper.permission.PermissionServiceImpl;
-import org.apache.airavata.grouper.resource.Resource;
-import org.apache.airavata.grouper.resource.ResourceNotFoundException;
-=======
-import org.apache.airavata.grouper.permission.PermissionAction;
-import org.apache.airavata.grouper.permission.PermissionServiceImpl;
-import org.apache.airavata.grouper.resource.Resource;
->>>>>>> adding more files
-import org.apache.airavata.grouper.resource.ResourceServiceImpl;
-import org.apache.airavata.grouper.resource.ResourceType;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-
-public class GroupManagerImpl implements GroupManagerCPI {
- private final static Logger logger = LoggerFactory.getLogger(GroupManagerImpl.class);
-
- private ResourceServiceImpl resourceService;
- private PermissionServiceImpl permissionService;
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- private GroupServiceImpl groupService;
-=======
->>>>>>> adding more files
-
- public GroupManagerImpl(){
- this.resourceService = new ResourceServiceImpl();
- this.permissionService = new PermissionServiceImpl();
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- this.groupService = new GroupServiceImpl();
-=======
->>>>>>> adding more files
- }
-
- @Override
- public void createResource(Resource projectResource) {
- resourceService.createResource(projectResource);
- }
-
- @Override
- public boolean isResourceRegistered(String resourceId, ResourceType resourceType) {
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- try{
- return resourceService.getResource(resourceId, resourceType) != null;
- }catch (ResourceNotFoundException ex){
- return false;
- }
-=======
- return resourceService.getResource(resourceId, resourceType) != null;
->>>>>>> adding more files
- }
-
- @Override
- public void grantPermission(String userId, SubjectType subjectType, String resourceId, ResourceType resourceType,
- PermissionAction permissionAction) {
- permissionService.grantPermission(userId, subjectType, resourceId, resourceType, permissionAction);
- }
-
- @Override
- public void revokePermission(String userId, SubjectType subjectType, String resourceId, ResourceType resourceType,
- PermissionAction action) {
- permissionService.revokePermission(userId, subjectType, resourceId, resourceType, action);
- }
-
- @Override
- public Set<String> getAllAccessibleUsers(String resourceId, ResourceType resourceType, PermissionAction permissionType) {
- return resourceService.getAllAccessibleUsers(resourceId, resourceType, permissionType);
- }
-
- @Override
- public List<String> getAccessibleResourcesForUser(String userId, ResourceType resourceType, PermissionAction permissionAction) {
- Set<Resource> allResources = resourceService.getAccessibleResourcesForUser(userId, resourceType, permissionAction, false, 0, -1);
- List<String> ids = new ArrayList<>(allResources.size());
- allResources.stream().forEach(r->ids.add(r.getId()));
- return ids;
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- @Override
- public void createGroup(Group group) {
- groupService.createGroup(group);
- }
-
- @Override
- public void updateGroup(Group group) {
- groupService.updateGroup(group);
- }
-
- @Override
- public void deleteGroup(String groupId, String userId) {
- groupService.deleteGroup(groupId, userId);
- }
-
- @Override
- public Group getGroup(String groupId) {
- return groupService.getGroup(groupId);
- }
-
- @Override
- public List<Group> getAllGroupsUserBelongs(String userId) {
- List<GroupMembership> groupMemberships = groupService.getAllMembershipsForUser(userId);
- List<Group> groupList = new ArrayList<>();
- groupMemberships.stream().forEach(gm->groupList.add(getGroup(gm.getGroupId())));
- return groupList;
- }
-=======
->>>>>>> adding more files
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/SubjectType.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/SubjectType.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/SubjectType.java
deleted file mode 100755
index 81e3f27..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/SubjectType.java
+++ /dev/null
@@ -1,14 +0,0 @@
-/**
- *
- */
-package org.apache.airavata.grouper;
-
-
-/**
- * @author vsachdeva
- *
- */
-public enum SubjectType {
- PERSON,
- GROUP
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/Group.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/Group.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/Group.java
deleted file mode 100755
index 2505c78..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/Group.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/**
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- *
-=======
- *
->>>>>>> adding more files
- */
-package org.apache.airavata.grouper.group;
-
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * @author vsachdeva
- *
- */
-public class Group {
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- private String id;
-
- private String name;
-
- private String ownerId;
-
- private String description;
-
- private List<String> members = new ArrayList<String>();
-
- public Group(String id, String ownerId) {
- if (id == null || ownerId == null) {
- throw new IllegalArgumentException("id or ownerId is null");
- }
- this.id = id;
- this.ownerId = ownerId;
- }
-
- public Group() {
-
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
-=======
-
- private String id;
-
- private String name;
-
- private String description;
-
- private List<String> users = new ArrayList<String>();
-
->>>>>>> adding more files
- /**
- * @return the id
- */
- public String getId() {
- return id;
- }
-
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-=======
-
- /**
- * @param id the id to set
- */
- public void setId(String id) {
- this.id = id;
- }
-
-
->>>>>>> adding more files
- /**
- * @return the name
- */
- public String getName() {
- return name;
- }
-
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- /**
- * @param name the name to set
- */
- public void setName(String name) {
- this.name = name;
- }
-
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- /**
- * @return the ownerId
- */
- public String getOwnerId() {
- return ownerId;
- }
-
-
-=======
-
->>>>>>> adding more files
- /**
- * @return the description
- */
- public String getDescription() {
- return description;
- }
-
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- /**
- * @param description the description to set
- */
- public void setDescription(String description) {
- this.description = description;
- }
-
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- /**
- * @return the members
- */
- public List<String> getMembers() {
- return members;
- }
-
- /**
- * @param members the members to set
- */
- public void setMembers(List<String> members) {
- this.members = members;
- }
-
-
- @Override
- public String toString() {
- return "Group [id=" + id + ", name=" + name + ", ownerId=" + ownerId
- + ", description=" + description + "]";
- }
-
-=======
-
- /**
- * @return the users
- */
- public List<String> getUsers() {
- return users;
- }
-
- /**
- * @param users the users to set
- */
- public void setUsers(List<String> users) {
- this.users = users;
- }
-
-
- /**
- * @see Object#toString()
- */
- @Override
- public String toString() {
- return "Group [id=" + id + ", name=" + name + ", description=" + description + "]";
- }
-
->>>>>>> adding more files
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupMembership.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupMembership.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupMembership.java
deleted file mode 100755
index 1348aa3..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupMembership.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/**
- *
- */
-package org.apache.airavata.grouper.group;
-
-import org.apache.airavata.grouper.SubjectType;
-
-/**
- * @author vsachdeva
- *
- */
-public class GroupMembership {
-
- private String groupId;
-
- private String memberId;
-
- private SubjectType memberType;
-
- private GroupMembershipType groupMembershipType;
-
- /**
- * @return the groupId
- */
- public String getGroupId() {
- return groupId;
- }
-
- /**
- * @param groupId the groupId to set
- */
- public void setGroupId(String groupId) {
- this.groupId = groupId;
- }
-
- /**
- * @return the memberId
- */
- public String getMemberId() {
- return memberId;
- }
-
- /**
- * @param memberId the memberId to set
- */
- public void setMemberId(String memberId) {
- this.memberId = memberId;
- }
-
- /**
- * @return the memberType
- */
- public SubjectType getMemberType() {
- return memberType;
- }
-
- /**
- * @param memberType the memberType to set
- */
- public void setMemberType(SubjectType memberType) {
- this.memberType = memberType;
- }
-
- /**
- * @return the groupMembershipType
- */
- public GroupMembershipType getGroupMembershipType() {
- return groupMembershipType;
- }
-
- /**
- * @param groupMembershipType the groupMembershipType to set
- */
- public void setGroupMembershipType(GroupMembershipType groupMembershipType) {
- this.groupMembershipType = groupMembershipType;
- }
-
- /**
- * @see Object#toString()
- */
- @Override
- public String toString() {
- return "GroupMembership [groupId=" + groupId + ", memberId=" + memberId
- + ", memberType=" + memberType + ", groupMembershipType=" + groupMembershipType
- + "]";
- }
-
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupMembershipType.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupMembershipType.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupMembershipType.java
deleted file mode 100755
index f5bbdaa..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupMembershipType.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package org.apache.airavata.grouper.group;
-
-/**
- *
- * @author vsachdeva
- *
- */
-public enum GroupMembershipType {
-
- DIRECT,
- INDIRECT
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupService.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupService.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupService.java
deleted file mode 100755
index f6e4444..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupService.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- *
- */
-package org.apache.airavata.grouper.group;
-
-import java.util.List;
-
-import edu.internet2.middleware.grouper.exception.GroupAddAlreadyExistsException;
-import edu.internet2.middleware.grouper.exception.GroupNotFoundException;
-import edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException;
-import edu.internet2.middleware.subject.SubjectNotFoundException;
-=======
- *
- */
-package org.apache.airavata.grouper.group;
-
-import edu.internet2.middleware.grouper.exception.GroupNotFoundException;
->>>>>>> adding more files
-
-/**
- * @author vsachdeva
- *
- */
-public interface GroupService {
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- void createGroup(Group group) throws SubjectNotFoundException, GroupAddAlreadyExistsException;
-
- void updateGroup(Group group) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException;
-
- void deleteGroup(String groupId, String ownerId) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException;
-
- Group getGroup(String groupId) throws GroupNotFoundException;
-
- void addGroupToGroup(String parentGroupId, String childGroupId, String ownerId) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException;
-
- void removeGroupFromGroup(String parentGroupId, String childGroupId, String ownerId) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException;
-
- void addUserToGroup(String userId, String groupId, String ownerId) throws SubjectNotFoundException, GroupNotFoundException, InsufficientPrivilegeException;
-
- void removeUserFromGroup(String userId, String groupId, String ownerId) throws SubjectNotFoundException, GroupNotFoundException, InsufficientPrivilegeException;
-
- List<GroupMembership> getAllMembersForGroup(String groupId) throws GroupNotFoundException;
-
- List<GroupMembership> getAllMembershipsForUser(String userId) throws SubjectNotFoundException;
-=======
-
- public void createOrUpdateGroup(Group group);
-
- public void deleteGroup(String groupId) throws GroupNotFoundException;
-
- public Group getGroup(String groupId) throws GroupNotFoundException;
-
- public void addGroupToGroup(String parentGroupId, String childGroupId) throws GroupNotFoundException;
-
- public void removeGroupFromGroup(String parentGroupId, String childGroupId) throws GroupNotFoundException;
->>>>>>> adding more files
-
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupServiceImpl.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupServiceImpl.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupServiceImpl.java
deleted file mode 100755
index cd3a456..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupServiceImpl.java
+++ /dev/null
@@ -1,578 +0,0 @@
-/**
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- *
- */
-package org.apache.airavata.grouper.group;
-
-import static edu.internet2.middleware.subject.provider.SubjectTypeEnum.PERSON;
-import static org.apache.airavata.grouper.AiravataGrouperUtil.COLON;
-import static org.apache.airavata.grouper.AiravataGrouperUtil.GROUPS_STEM_NAME;
-import static org.apache.airavata.grouper.AiravataGrouperUtil.SUBJECT_SOURCE;
-import static org.apache.airavata.grouper.group.GroupMembershipType.DIRECT;
-import static org.apache.airavata.grouper.group.GroupMembershipType.INDIRECT;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
-import org.apache.airavata.grouper.SubjectType;
-
-import edu.internet2.middleware.grouper.GroupFinder;
-import edu.internet2.middleware.grouper.GroupSave;
-import edu.internet2.middleware.grouper.GrouperSession;
-import edu.internet2.middleware.grouper.Member;
-import edu.internet2.middleware.grouper.MemberFinder;
-import edu.internet2.middleware.grouper.SubjectFinder;
-import edu.internet2.middleware.grouper.exception.GroupAddAlreadyExistsException;
-import edu.internet2.middleware.grouper.exception.GroupNotFoundException;
-import edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException;
-import edu.internet2.middleware.grouper.group.TypeOfGroup;
-import edu.internet2.middleware.grouper.internal.dao.QueryOptions;
-import edu.internet2.middleware.grouper.misc.SaveMode;
-import edu.internet2.middleware.grouper.privs.AccessPrivilege;
-import edu.internet2.middleware.grouper.util.GrouperUtil;
-import edu.internet2.middleware.subject.Subject;
-import edu.internet2.middleware.subject.SubjectNotFoundException;
-=======
- *
- */
-package org.apache.airavata.grouper.group;
-
-import edu.internet2.middleware.grouper.*;
-import edu.internet2.middleware.grouper.exception.GroupNotFoundException;
-import edu.internet2.middleware.grouper.group.TypeOfGroup;
-import edu.internet2.middleware.grouper.internal.dao.QueryOptions;
-import edu.internet2.middleware.grouper.util.GrouperUtil;
-import edu.internet2.middleware.subject.Subject;
-import edu.internet2.middleware.subject.SubjectNotFoundException;
-import org.apache.airavata.grouper.SubjectType;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import static edu.internet2.middleware.grouper.misc.SaveMode.INSERT_OR_UPDATE;
-import static edu.internet2.middleware.subject.provider.SubjectTypeEnum.PERSON;
-import static org.apache.airavata.grouper.AiravataGrouperUtil.*;
-import static org.apache.airavata.grouper.group.GroupMembershipType.DIRECT;
-import static org.apache.airavata.grouper.group.GroupMembershipType.INDIRECT;
->>>>>>> adding more files
-
-/**
- * @author vsachdeva
- *
- */
-public class GroupServiceImpl implements GroupService {
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-
- public void createGroup(Group group) throws SubjectNotFoundException, GroupAddAlreadyExistsException {
-
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- Subject subject = SubjectFinder.findByIdAndSource(group.getOwnerId(), SUBJECT_SOURCE, true);
-=======
-
-
- public void createOrUpdateGroup(Group group) {
-
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
->>>>>>> adding more files
- GroupSave groupSave = new GroupSave(grouperSession);
- groupSave.assignTypeOfGroup(TypeOfGroup.group);
- groupSave.assignGroupNameToEdit(GROUPS_STEM_NAME+COLON+group.getId());
- groupSave.assignName(GROUPS_STEM_NAME+COLON+group.getId());
- groupSave.assignDisplayExtension(group.getName());
- groupSave.assignDescription(group.getDescription());
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- groupSave.assignSaveMode(SaveMode.INSERT);
- groupSave.assignCreateParentStemsIfNotExist(true);
- edu.internet2.middleware.grouper.Group grp = groupSave.save();
- grp.grantPriv(subject, AccessPrivilege.ADMIN, false);
- for (String userId: group.getMembers()) {
- Subject sub = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, true);
- grp.addMember(sub, false);
- }
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
-
- public void updateGroup(Group group) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException {
-
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- Subject subject = SubjectFinder.findByIdAndSource(group.getOwnerId(), SUBJECT_SOURCE, true);
-
- edu.internet2.middleware.grouper.Group grouperGroup = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+group.getId(),
- true, new QueryOptions().secondLevelCache(false));
-
- Subject admin = null;
- // there will be one admin only.
- if (grouperGroup.getAdmins().size() > 0) {
- admin = grouperGroup.getAdmins().iterator().next();
- }
- if (admin == null) {
- throw new RuntimeException("There is no admin for the group "+group.getId()+". It should have never happened.");
- }
- if (!admin.getId().equals(subject.getId())) {
- throw new InsufficientPrivilegeException("Only the owner of the group can update.");
- }
- GroupSave groupSave = new GroupSave(grouperSession);
- groupSave.assignTypeOfGroup(TypeOfGroup.group);
- groupSave.assignGroupNameToEdit(GROUPS_STEM_NAME+COLON+group.getId());
- groupSave.assignName(GROUPS_STEM_NAME+COLON+group.getId());
- groupSave.assignDisplayExtension(group.getName());
- groupSave.assignDescription(group.getDescription());
- groupSave.assignSaveMode(SaveMode.UPDATE);
- groupSave.assignCreateParentStemsIfNotExist(true);
- edu.internet2.middleware.grouper.Group grp = groupSave.save();
- for (Member member: grp.getMembers()) {
- grp.deleteMember(member);
- }
- for (String userId: group.getMembers()) {
- Subject sub = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, true);
- grp.addMember(sub, false);
-=======
- groupSave.assignSaveMode(INSERT_OR_UPDATE);
- groupSave.assignCreateParentStemsIfNotExist(true);
- edu.internet2.middleware.grouper.Group grp = groupSave.save();
- for (String userId: group.getUsers()) {
- Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, false);
- if (subject == null) {
- throw new SubjectNotFoundException(userId+" airavata internal user id was not found.");
- }
- grp.addMember(subject, false);
->>>>>>> adding more files
- }
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- }
-
- public void deleteGroup(String groupId, String ownerId) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException {
-
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group group = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+groupId,
- true, new QueryOptions().secondLevelCache(false));
- Subject subject = SubjectFinder.findByIdAndSource(ownerId, SUBJECT_SOURCE, true);
- Subject admin = null;
- // there will be one admin only.
- if (group.getAdmins().size() > 0) {
- admin = group.getAdmins().iterator().next();
- }
- if (admin == null) {
- throw new RuntimeException("There is no admin for the group "+groupId+". It should have never happened.");
- }
- if (!admin.getId().equals(subject.getId())) {
- throw new InsufficientPrivilegeException("Only the owner of the group can update.");
- }
-=======
- }
-
- public void deleteGroup(String groupId) throws GroupNotFoundException {
-
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group group = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+groupId,
- true, new QueryOptions().secondLevelCache(false));
->>>>>>> adding more files
- group.delete();
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- public Group getGroup(String groupId) throws GroupNotFoundException {
-
- GrouperSession grouperSession = null;
- Group group = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group grouperGroup = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+groupId, true);
- Subject admin = null;
- // there will be one admin only.
- if (grouperGroup.getAdmins().size() > 0) {
- admin = grouperGroup.getAdmins().iterator().next();
- }
- if (admin == null) {
- throw new RuntimeException("There is no admin for the group "+groupId+". It should have never happened.");
- }
- group = new Group(grouperGroup.getExtension(), admin.getId());
-=======
-
- public Group getGroup(String groupId) throws GroupNotFoundException {
-
- GrouperSession grouperSession = null;
- Group group = new Group();
- try {
- grouperSession = GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group grouperGroup = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+groupId, true);
- group.setId(grouperGroup.getExtension());
->>>>>>> adding more files
- group.setName(grouperGroup.getDisplayExtension());
- group.setDescription(grouperGroup.getDescription());
- List<String> users = new ArrayList<String>();
- for(Member member: grouperGroup.getMembers()) {
- if (member.getSubjectType().equals(PERSON)) {
- users.add(member.getSubjectId());
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- group.setMembers(users);
-=======
- group.setUsers(users);
->>>>>>> adding more files
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- return group;
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- public void addGroupToGroup(String parentGroupId, String childGroupId, String ownerId) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException {
-
-=======
-
- public void addGroupToGroup(String parentGroupId, String childGroupId) throws GroupNotFoundException {
-
->>>>>>> adding more files
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group grouperParentGroup = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+parentGroupId, true);
- edu.internet2.middleware.grouper.Group grouperChildGroup = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+childGroupId, true);
- Subject subject = SubjectFinder.findById(grouperChildGroup.getId(), false);
- if (subject == null) {
- throw new GroupNotFoundException(childGroupId+" was not found.");
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- Subject maybeAdmin = SubjectFinder.findByIdAndSource(ownerId, SUBJECT_SOURCE, true);
- Subject admin = null;
- // there will be one admin only.
- if (grouperParentGroup.getAdmins().size() > 0) {
- admin = grouperParentGroup.getAdmins().iterator().next();
- }
- if (admin == null) {
- throw new RuntimeException("There is no admin for the group "+parentGroupId+". It should have never happened.");
- }
- if (!admin.getId().equals(maybeAdmin.getId())) {
- throw new InsufficientPrivilegeException("Only the owner of the group "+parentGroupId+" can update.");
- }
-
- if (grouperChildGroup.getAdmins().size() > 0) {
- admin = grouperChildGroup.getAdmins().iterator().next();
- }
- if (admin == null) {
- throw new RuntimeException("There is no admin for the group "+childGroupId+". It should have never happened.");
- }
- if (!admin.getId().equals(maybeAdmin.getId())) {
- throw new InsufficientPrivilegeException("Only the owner of the group "+childGroupId+" can update.");
- }
-=======
->>>>>>> adding more files
- grouperParentGroup.addMember(subject, false);
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- public void removeGroupFromGroup(String parentGroupId, String childGroupId, String ownerId) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException {
-
-=======
-
- public void removeGroupFromGroup(String parentGroupId, String childGroupId) throws GroupNotFoundException {
-
->>>>>>> adding more files
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group grouperParentGroup = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+parentGroupId, true);
- edu.internet2.middleware.grouper.Group grouperChildGroup = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+childGroupId, true);
- Subject subject = SubjectFinder.findById(grouperChildGroup.getId(), false);
- if (subject == null) {
- throw new SubjectNotFoundException(childGroupId+" was not found.");
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- Subject maybeAdmin = SubjectFinder.findByIdAndSource(ownerId, SUBJECT_SOURCE, true);
- Subject admin = null;
- // there will be one admin only.
- if (grouperParentGroup.getAdmins().size() > 0) {
- admin = grouperParentGroup.getAdmins().iterator().next();
- }
- if (admin == null) {
- throw new RuntimeException("There is no admin for the group "+parentGroupId+". It should have never happened.");
- }
- if (!admin.getId().equals(maybeAdmin.getId())) {
- throw new InsufficientPrivilegeException("Only the owner of the group "+parentGroupId+" can update.");
- }
-
- if (grouperChildGroup.getAdmins().size() > 0) {
- admin = grouperChildGroup.getAdmins().iterator().next();
- }
- if (admin == null) {
- throw new RuntimeException("There is no admin for the group "+childGroupId+". It should have never happened.");
- }
- if (!admin.getId().equals(maybeAdmin.getId())) {
- throw new InsufficientPrivilegeException("Only the owner of the group "+childGroupId+" can update.");
- }
-=======
->>>>>>> adding more files
- grouperParentGroup.deleteMember(subject, false);
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- public void addUserToGroup(String userId, String groupId, String ownerId) throws SubjectNotFoundException, GroupNotFoundException, InsufficientPrivilegeException {
-=======
-
- public void addUserToGroup(String userId, String groupId) throws SubjectNotFoundException, GroupNotFoundException {
->>>>>>> adding more files
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group group = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+groupId, true);
- Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, true);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- Subject maybeAdmin = SubjectFinder.findByIdAndSource(ownerId, SUBJECT_SOURCE, true);
- Subject admin = null;
- // there will be one admin only.
- if (group.getAdmins().size() > 0) {
- admin = group.getAdmins().iterator().next();
- }
- if (admin == null) {
- throw new RuntimeException("There is no admin for the group "+groupId+". It should have never happened.");
- }
- if (!admin.getId().equals(maybeAdmin.getId())) {
- throw new InsufficientPrivilegeException("Only the owner of the group can update.");
- }
-=======
->>>>>>> adding more files
- group.addMember(subject, false);
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- public void removeUserFromGroup(String userId, String groupId, String ownerId) throws SubjectNotFoundException, GroupNotFoundException, InsufficientPrivilegeException {
-=======
-
- public void removeUserFromGroup(String userId, String groupId) throws SubjectNotFoundException, GroupNotFoundException {
->>>>>>> adding more files
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group group = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+groupId, true);
- Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, true);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- Subject maybeAdmin = SubjectFinder.findByIdAndSource(ownerId, SUBJECT_SOURCE, true);
- Subject admin = null;
- // there will be one admin only.
- if (group.getAdmins().size() > 0) {
- admin = group.getAdmins().iterator().next();
- }
- if (admin == null) {
- throw new RuntimeException("There is no admin for the group "+groupId+". It should have never happened.");
- }
- if (!admin.getId().equals(maybeAdmin.getId())) {
- throw new InsufficientPrivilegeException("Only the owner of the group can update.");
- }
-
-=======
->>>>>>> adding more files
- group.deleteMember(subject, false);
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- public List<GroupMembership> getAllMembersForGroup(String groupId) throws GroupNotFoundException {
-=======
-
- public List<GroupMembership> getAllMembersForTheGroup(String groupId) throws GroupNotFoundException {
->>>>>>> adding more files
- List<GroupMembership> groupMemberships = new ArrayList<GroupMembership>();
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group grouperGroup = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+groupId, true);
- for(Member member: grouperGroup.getImmediateMembers()) {
- GroupMembership groupMembership = new GroupMembership();
- groupMembership.setGroupId(groupId);
- groupMembership.setGroupMembershipType(DIRECT);
- groupMembership.setMemberId(member.getSubjectType().equals(PERSON) ? member.getSubjectId() : GrouperUtil.substringAfterLast(member.getName(), ":"));
- groupMembership.setMemberType(member.getSubjectType().equals(PERSON) ? SubjectType.PERSON: SubjectType.GROUP);
- groupMemberships.add(groupMembership);
- }
- for(Member member: grouperGroup.getNonImmediateMembers()) {
- GroupMembership groupMembership = new GroupMembership();
- groupMembership.setGroupId(groupId);
- groupMembership.setGroupMembershipType(INDIRECT);
- groupMembership.setMemberId(member.getSubjectType().equals(PERSON) ? member.getSubjectId() : GrouperUtil.substringAfterLast(member.getName(), ":"));
- groupMembership.setMemberType(member.getSubjectType().equals(PERSON) ? SubjectType.PERSON: SubjectType.GROUP);
- groupMemberships.add(groupMembership);
- }
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- return groupMemberships;
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- public List<GroupMembership> getAllMembershipsForUser(String userId) throws SubjectNotFoundException {
- List<GroupMembership> groupMemberships = new ArrayList<GroupMembership>();
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, true);
- Member member = MemberFinder.findBySubject(grouperSession, subject, false);
- if (member != null) {
- for (edu.internet2.middleware.grouper.Group group : member.getImmediateGroups()) {
- GroupMembership groupMembership = new GroupMembership();
- groupMembership.setGroupId(group.getExtension());
- groupMembership.setGroupMembershipType(DIRECT);
- groupMembership.setMemberId(userId);
- groupMembership.setMemberType(SubjectType.PERSON);
- groupMemberships.add(groupMembership);
- }
- for (edu.internet2.middleware.grouper.Group group : member.getNonImmediateGroups()) {
- GroupMembership groupMembership = new GroupMembership();
- groupMembership.setGroupId(group.getExtension());
- groupMembership.setGroupMembershipType(INDIRECT);
- groupMembership.setMemberId(userId);
- groupMembership.setMemberType(SubjectType.PERSON);
- groupMemberships.add(groupMembership);
- }
- }
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- return groupMemberships;
- }
-
- public static void main(String[] args) {
-
- GroupService groupService = new GroupServiceImpl();
-
- // create a test group
- Group parentGroup = new Group("airavata parent group id", "airavata_id_1");
- parentGroup.setName("airavata parent group name");
- parentGroup.setDescription("airavata parent group description");
- parentGroup.setMembers(Arrays.asList("airavata_id_2", "airavata_id_3"));
- groupService.createGroup(parentGroup);
-
- // update the same group
- Group updateGroup = new Group("airavata parent group id", "airavata_id_1");
- updateGroup.setName("airavata parent group name updated");
- updateGroup.setDescription("airavata parent group description updated");
- updateGroup.setMembers(Arrays.asList("airavata_id_4", "airavata_id_5"));
- groupService.updateGroup(updateGroup);
-
- // create another group
- Group childGroup = new Group("airavata child group id", "airavata_id_1");
- childGroup.setName("airavata child group name");
- childGroup.setDescription("airavata child group description");
- childGroup.setMembers(Arrays.asList("airavata_id_6", "airavata_id_7"));
- groupService.createGroup(childGroup);
-
- // add child group to parent group
- groupService.addGroupToGroup("airavata parent group id", "airavata child group id", "airavata_id_1");
-
- // add two more direct persons to the group
- groupService.addUserToGroup("airavata_id_2", "airavata parent group id", "airavata_id_1");
- groupService.addUserToGroup("airavata_id_3", "airavata parent group id", "airavata_id_1");
-
- // add a person to the child group which will be basically an indirect member of parent group
- groupService.addUserToGroup("airavata_id_8", "airavata child group id", "airavata_id_1");
-
- // get the parent group
- Group group = groupService.getGroup("airavata parent group id");
- System.out.println(group);
-
- //get all the members of the group
- List<GroupMembership> allMembersForGroup = groupService.getAllMembersForGroup("airavata parent group id");
- System.out.println(allMembersForGroup);
-
- //get all the groups for user airavata_id_2
- List<GroupMembership> membershipsForUser = groupService.getAllMembershipsForUser("airavata_id_2");
- System.out.println(membershipsForUser);
-
- // remove child from parent
- groupService.removeGroupFromGroup("airavata parent group id", "airavata child group id", "airavata_id_1");
-
- // delete the same group
- groupService.deleteGroup("airavata child group id", "airavata_id_1");
- groupService.deleteGroup("airavata parent group id", "airavata_id_1");
-
- }
-
-=======
-
- public static void main(String[] args) {
-
- GroupServiceImpl groupServiceImpl = new GroupServiceImpl();
-
- // create a test group
- Group parentGroup = new Group();
- parentGroup.setId("airavata parent group id");
- parentGroup.setName("airavata parent group name");
- parentGroup.setDescription("airavata parent group description");
- groupServiceImpl.createOrUpdateGroup(parentGroup);
-
- // update the same group
- Group updateGroup = new Group();
- updateGroup.setId("airavata parent group id");
- updateGroup.setName("airavata parent group name updated");
- updateGroup.setDescription("airavata parent group description updated");
- groupServiceImpl.createOrUpdateGroup(updateGroup);
-
- // create another group
- Group childGroup = new Group();
- childGroup.setId("airavata child group id");
- childGroup.setName("airavata child group name");
- childGroup.setDescription("airavata child group description");
- groupServiceImpl.createOrUpdateGroup(childGroup);
-
- // add child group to parent group
- groupServiceImpl.addGroupToGroup("airavata parent group id", "airavata child group id");
-
- // add a direct person to the group
- groupServiceImpl.addUserToGroup("admin@seagrid", "airavata parent group id");
-
- // add a person to the child group which will be basically an indirect member of parent group
- groupServiceImpl.addUserToGroup("scnakandala@seagrid", "airavata child group id");
-
- // get the parent group
- groupServiceImpl.getGroup("airavata parent group id");
-
- //get all the members of the group
- groupServiceImpl.getAllMembersForTheGroup("airavata parent group id");
-
- // remove child from parent
- groupServiceImpl.removeGroupFromGroup("airavata parent group id", "airavata child group id");
-
- // delete the same group
- groupServiceImpl.deleteGroup("airavata child group id");
- groupServiceImpl.deleteGroup("airavata parent group id");
-
- }
-
->>>>>>> adding more files
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/permission/PermissionAction.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/permission/PermissionAction.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/permission/PermissionAction.java
deleted file mode 100755
index d0aed09..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/permission/PermissionAction.java
+++ /dev/null
@@ -1,15 +0,0 @@
-/**
- *
- */
-package org.apache.airavata.grouper.permission;
-
-
-/**
- * @author vsachdeva
- *
- */
-public enum PermissionAction {
-
- WRITE, READ;
-
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/permission/PermissionServiceImpl.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/permission/PermissionServiceImpl.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/permission/PermissionServiceImpl.java
deleted file mode 100755
index 631b09e..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/permission/PermissionServiceImpl.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/**
- *
- */
-package org.apache.airavata.grouper.permission;
-
-import static org.apache.airavata.grouper.AiravataGrouperUtil.COLON;
-import static org.apache.airavata.grouper.AiravataGrouperUtil.GROUPS_STEM_NAME;
-import static org.apache.airavata.grouper.AiravataGrouperUtil.SUBJECT_SOURCE;
-import static org.apache.airavata.grouper.SubjectType.PERSON;
-
-import org.apache.airavata.grouper.SubjectType;
-import org.apache.airavata.grouper.resource.ResourceType;
-import org.apache.airavata.grouper.role.RoleServiceImpl;
-
-import edu.internet2.middleware.grouper.GroupFinder;
-import edu.internet2.middleware.grouper.GrouperSession;
-import edu.internet2.middleware.grouper.SubjectFinder;
-import edu.internet2.middleware.subject.Subject;
-
-/**
- * @author vsachdeva
- *
- */
-public class PermissionServiceImpl {
-
-
- public void grantPermission(String userIdOrGroupId, SubjectType subjectType, String resourceId, ResourceType resourceType, PermissionAction action) {
-
- if (userIdOrGroupId == null || subjectType == null || resourceId == null || resourceType == null || action == null) {
- throw new IllegalArgumentException("Invalid input");
- }
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- Subject subject = null;
- if (PERSON == subjectType) {
- subject = SubjectFinder.findByIdAndSource(userIdOrGroupId, SUBJECT_SOURCE, false);
- } else {
- edu.internet2.middleware.grouper.Group grouperGroup = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+userIdOrGroupId, false);
- if (grouperGroup == null) {
- throw new IllegalArgumentException("group with id/name "+userIdOrGroupId+" could not be found.");
- }
- subject = SubjectFinder.findById(grouperGroup.getId(), false);
- }
-
- if (subject == null) {
- throw new IllegalArgumentException("userIdOrGroupId "+userIdOrGroupId+" could not be found.");
- }
- RoleServiceImpl roleService = new RoleServiceImpl();
- roleService.assignRoleToUser(subject.getId(), resourceId+"_"+action, grouperSession);
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
-
- }
-
- public void revokePermission(String userIdOrGroupId, SubjectType subjectType, String resourceId, ResourceType resourceType, PermissionAction action) {
- if (userIdOrGroupId == null || subjectType == null || resourceId == null || resourceType == null || action == null) {
- throw new IllegalArgumentException("Invalid input");
- }
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- Subject subject = null;
- if (PERSON == subjectType) {
- subject = SubjectFinder.findByIdAndSource(userIdOrGroupId, SUBJECT_SOURCE, false);
- } else {
- edu.internet2.middleware.grouper.Group grouperGroup = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+userIdOrGroupId, false);
- if (grouperGroup == null) {
- throw new IllegalArgumentException("group with id/name "+userIdOrGroupId+" could not be found.");
- }
- subject = SubjectFinder.findById(grouperGroup.getId(), false);
- }
-
- if (subject == null) {
- throw new IllegalArgumentException("userIdOrGroupId "+userIdOrGroupId+" could not be found.");
- }
- RoleServiceImpl roleService = new RoleServiceImpl();
- roleService.removeRoleFromUser(subject.getId(), resourceId+"_"+action, grouperSession);
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/Resource.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/Resource.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/Resource.java
deleted file mode 100755
index f599647..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/Resource.java
+++ /dev/null
@@ -1,145 +0,0 @@
-/**
- *
- */
-package org.apache.airavata.grouper.resource;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.lang.builder.HashCodeBuilder;
-
-/**
- * @author vsachdeva
- *
- */
-public class Resource {
-
- private String id;
-
- private String name;
-
- private String description;
-
- private String parentResourceId;
-
- private ResourceType type;
-
- private String ownerId;
-
- public Resource(String resourceId, ResourceType resourceType) {
- if (resourceId == null || resourceType == null) {
- throw new IllegalArgumentException("Either resourceId or resourceType is null");
- }
- this.id = resourceId;
- this.type = resourceType;
- }
-
-
- /**
- * @return the resourceId
- */
- public String getId() {
- return id;
- }
-
-
- /**
- * @return the resourceName
- */
- public String getName() {
- return name;
- }
-
-
- /**
- * @param resourceName the resourceName to set
- */
- public void setName(String resourceName) {
- this.name = resourceName;
- }
-
- /**
- * @return the resourceDescription
- */
- public String getDescription() {
- return description;
- }
-
-
- /**
- * @param resourceDescription the resourceDescription to set
- */
- public void setDescription(String resourceDescription) {
- this.description = resourceDescription;
- }
-
-
- /**
- * @return the parentResourceId
- */
- public String getParentResourceId() {
- return parentResourceId;
- }
-
-
- /**
- * @param parentResourceId the parentResourceId to set
- */
- public void setParentResourceId(String parentResourceId) {
- this.parentResourceId = parentResourceId;
- }
-
-
- /**
- * @return the resourceType
- */
- public ResourceType getResourceType() {
- return type;
- }
-
-
- /**
- * @return the ownerId
- */
- public String getOwnerId() {
- return ownerId;
- }
-
-
- /**
- * @param ownerId the ownerId to set
- */
- public void setOwnerId(String ownerId) {
- this.ownerId = ownerId;
- }
-
-
- @Override
- public boolean equals(Object other) {
- if (this == other) {
- return true;
- }
- if (!(other instanceof Resource)) {
- return false;
- }
- return StringUtils.equals(this.getId(), ( (Resource) other ).getId());
- }
-
-
- @Override
- public int hashCode() {
- return new HashCodeBuilder()
- .append( this.getId() )
- .toHashCode();
- }
-
-
- @Override
- public String toString() {
- return "Resource [resourceId=" + id + ", resourceName=" + name
- + ", resourceDescription=" + description + ", parentResourceId="
- + parentResourceId + ", resourceType=" + type + "]";
- }
-
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceNotFoundException.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceNotFoundException.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceNotFoundException.java
deleted file mode 100755
index b5a19c6..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceNotFoundException.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- *
- */
-package org.apache.airavata.grouper.resource;
-
-
-/**
- * @author vsachdeva
- *
- */
-public class ResourceNotFoundException extends RuntimeException {
-
- private static final long serialVersionUID = 1L;
-
-
- public ResourceNotFoundException() {
- super();
- }
-
-
- public ResourceNotFoundException(String msg) {
- super(msg);
- }
-
-
- public ResourceNotFoundException(String msg, Throwable cause) {
- super(msg, cause);
- }
-
-
- public ResourceNotFoundException(Throwable cause) {
- super(cause);
- }
-
-}
[2/7] airavata git commit: WIP
Posted by sc...@apache.org.
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/grouper.client.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.client.properties b/modules/group-manager/src/main/resources/grouper.client.properties
deleted file mode 100755
index cf78604..0000000
--- a/modules/group-manager/src/main/resources/grouper.client.properties
+++ /dev/null
@@ -1,552 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Grouper client configuration
-# $Id: grouper.client.base.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
-#
-
-# The grouper client uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper.client.base.properties
-# (which should not be edited), and the grouper.client.properties overlays
-# the base settings. See the grouper.client.base.properties for the possible
-# settings that can be applied to the grouper.client.properties
-
-########################################
-## LDAP connection settings
-########################################
-
-# url of directory, including the base DN (distinguished name)
-# e.g. ldap://server.school.edu/dc=school,dc=edu
-# e.g. ldaps://server.school.edu/dc=school,dc=edu
-grouperClient.ldap.url =
-
-# kerberos principal used to connect to ldap
-grouperClient.ldap.login =
-
-# password for shared secret authentication to ldap
-# or you can put a filename with an encrypted password
-grouperClient.ldap.password =
-
-########################################
-## Web service Connection settings
-########################################
-
-# url of web service, should include everything up to the first resource to access
-# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
-# e.g. https://groups.school.edu/grouper-ws/servicesRest
-grouperClient.webService.url =
-
-# kerberos principal used to connect to web service
-grouperClient.webService.login =
-
-# password for shared secret authentication to web service
-# or you can put a filename with an encrypted password
-grouperClient.webService.password =
-
-########################################
-## Config chaining hierarchy
-########################################
-
-# comma separated config files that override each other (files on the right override the left)
-# each should start with file: or classpath:
-# e.g. classpath:grouper.client.example.properties, file:c:/something/myconfig.properties
-grouperClient.config.hierarchy = classpath:grouper.client.base.properties, classpath:grouper.client.properties
-
-# seconds between checking to see if the config files are updated
-grouperClient.config.secondsBetweenUpdateChecks = 60
-
-########################################
-## Misc settings
-########################################
-
-# path of a writable directory where files can be created or stored
-# for example, cache of discovery configuration, or failover state
-# dot is the current directory... note, this directory must exist
-# or it will be created (attempted)
-# if this is blank, none of these features will be used, and
-# no files will be saved
-grouperClient.cacheDirectory = .
-
-########################################
-## Encrypted password settings
-########################################
-
-# Put a random alphanumeric string (Case sensitive) for the password encryption. e.g. fh43IRJ4Nf5
-# or put a filename where the random alphanumeric string is.
-# e.g. c:/whatever/key.txt
-# e.g. sdfklj24lkj34lk34
-encrypt.key =
-
-# set this to true if you have slashes in your passwords and dont want to look in external files or unencrypt
-encrypt.disableExternalFileLookup = false
-
-# pre grouper 2.0, the client encrypted passwords differently than the server. Now that the client is part of the server,
-# there are more reasons to be consistent. Change to false for pre-2.0 password encryption behavior
-encrypt.encryptLikeServer = true
-
-########################################
-## Logging
-########################################
-
-# For java.util.logging, only for the grouperClient package (not below)
-# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING
-grouperClient.logging.grouperClientOnly.logLevel = WARNING
-
-# If you are not using log4j (will use java.util.logging, you can turn logging on which will go to stderr
-# (if no file specified below). This is default log level
-# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING
-grouperClient.logging.logLevel = WARNING
-
-# If you dont want the logging to go to stderr, then put a log file location here: e.g. f:/temp/grouperClient.log
-grouperClient.logging.logFile =
-
-# if you want ws requests and responses being logged to files, put the directory here.
-# The grouper client will create subdirs
-grouperClient.logging.webService.documentDir =
-
-# try to indent the xml. If this fails for some reason, or you want the raw xml,
-# set to false
-grouperClient.logging.webService.indent = true
-
-# if the masked password should be logged (if false, dont log anything about password)
-# the masked password will show how many chars the password is (helpful for diagnosing
-# password encryption issues)
-grouperClient.logging.logMaskedPassword = false
-
-########################################
-## Service discovery settings
-########################################
-
-# number of minutes to remember that a connection had errors
-grouperClient.minutesToKeepErrors = 2
-
-# if you are using a discovery service, but a discovery properties
-# at a URL (preferably SSL with valid certificate)
-# you should have multiple discovery URLs hosted at independent locations
-# to add more, increment the integer
-grouperClient.urlOfDiscovery.0 =
-grouperClient.urlOfDiscovery.1 =
-
-# if your app has a slow startup time, and the initial connections are timing out
-# esp if you arent just using the command line client (e.g. if using it as a jar),
-# then add more time here
-grouperClient.secondsForClassesToLoad = 20
-
-# this will save the failover state to a file so if the JVM is stopped, it
-# will be there when it starts again.
-# Set to 0 to store on every use (recommended if used command line)
-# or set to -1 to not store or read ever
-# grouperClient.cacheDirectory must be set
-grouperClient.saveFailoverStateEverySeconds = 60
-
-# if the failover client should use threads. If it doesnt then you cant detect timeouts
-grouperClient.failoverClientUseThreads = true
-
-# this will cache the discovery properties in memory or on disk
-# if you want to cache the discovery properties locally, put a directory here:
-# this is recommended especially if you are using the grouper client as a command
-# line application and the process is constantly restarting
-# note, this will be used for a failsafe cache if all discovery servers are unavailable
-# grouperClient.cacheDirectory must be set
-# set to 0 or -1 to not cache
-grouperClient.cacheDiscoveryPropertiesForSeconds = 120
-
-# this is the path in the discovery server there the grouper.client.discovery.properties is
-grouperClient.discoveryGrouperClientPropertiesDirectory =
-
-####
-## Below here are default values and override values for the discovery
-## properties at your institution. Note: if the override keys are there
-## with no value then it will blank out the discovery service value
-####
-
-# default urls of directory, including the base DN (distinguished name)
-# add more properties and increment the integer (.1, .2, etc)
-# e.g. ldap://server.school.edu/dc=school,dc=edu
-# e.g. ldaps://server.school.edu/dc=school,dc=edu
-grouperClient.discoveryDefault.ldap.0.url =
-#grouperClient.discoveryOverride.ldap.0.url =
-
-# default active/active or active/standby
-# active/active will pick a server randomly,
-# and will stick with it for as long as the affinity is set
-# active/standby will always use the first connection
-# if no errors, then try the second one etc.
-# if a connection has more errors and has a higher priority,
-# then it will not be tried again until the
-# takeConnectionOutOfPoolOnErrorForSeconds timeout
-# passes
-grouperClient.discoveryDefault.ldap.loadBalancing = active/active
-#grouperClient.discoveryOverride.ldap.loadBalancing = active/active
-
-# if we are active/active, then the same connection will
-# be used for a certain number of seconds. If this is -1, then
-# always keep the same server (unless errors)
-grouperClient.discoveryDefault.ldap.affinitySeconds = 28800
-#grouperClient.discoveryOverride.ldap.affinitySeconds = 28800
-
-# if a connection has more errors than another, it will not be
-# used until this error timeout passes (unless the other is throwing errors
-# too)
-grouperClient.discoveryDefault.ldap.lowerConnectionPriorityOnErrorForMinutes = 3
-#grouperClient.discoveryOverride.ldap.lowerConnectionPriorityOnErrorForMinutes = 3
-
-# when a connection is attempted, this is the timeout that it will use before trying
-# another connection
-grouperClient.discoveryDefault.ldap.timeoutSeconds = 30
-#grouperClient.discoveryOverride.ldap.timeoutSeconds = 30
-
-# after all connections have been attempted, it will wait for this long
-# to see if any finish
-grouperClient.discoveryDefault.ldap.extraTimeoutSeconds = 15
-#grouperClient.discoveryOverride.ldap.extraTimeoutSeconds = 15
-
-# urls of web service, should include everything up to the first resource to access
-# this is for read or write operations
-# add more properties and increment the integer (.1, .2, etc)
-# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
-# e.g. https://groups.school.edu/grouper-ws/servicesRest
-grouperClient.discoveryDefault.webService.readWrite.0.url =
-#grouperClient.discoveryOverride.webService.readWrite.0.url =
-
-# url of web service, should include everything up to the first resource to access
-# this is for only read operations
-# add more properties and increment the integer (.1, .2, etc)
-# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
-# e.g. https://groups.school.edu/grouper-ws/servicesRest
-grouperClient.discoveryDefault.webService.readOnly.0.url =
-#grouperClient.discoveryOverride.webService.readOnly.0.url =
-
-# active/active or active/standby
-# active/active will pick a server randomly,
-# and will stick with it for as long as the affinity is set
-# active/standby will always use the first connection
-# if no errors, then try the second one etc.
-# if a connection has more errors and has a higher priority,
-# then it will not be tried again until the
-# takeConnectionOutOfPoolOnErrorForSeconds timeout
-# passes
-grouperClient.discoveryDefault.webService.loadBalancing = active/active
-#grouperClient.discoveryOverride.webService.loadBalancing = active/active
-
-# if you want to always try read/write before readOnly (i.e. if you are
-# worried about if you make a write and read right after each other)
-grouperClient.discoveryDefault.webService.preferReadWrite = true
-#grouperClient.discoveryOverride.webService.preferReadWrite = true
-
-# if we are active/active, then the same connection will
-# be used for a certain number of seconds. If this is -1, then
-# always keep the same server (unless errors)
-grouperClient.discoveryDefault.webService.affinitySeconds = 28800
-#grouperClient.discoveryOverride.webService.affinitySeconds = 28800
-
-# if a connection has more errors than another, it will not be
-# used until this error timeout passes (unless the other is throwing errors
-# too)
-grouperClient.discoveryDefault.webService.lowerConnectionPriorityOnErrorForMinutes = 3
-#grouperClient.discoveryOverride.webService.lowerConnectionPriorityOnErrorForMinutes = 3
-
-# when a connection is attempted, this is the timeout that it will use before trying
-# another connection
-grouperClient.discoveryDefault.webService.timeoutSeconds = 60
-#grouperClient.discoveryOverride.webService.timeoutSeconds = 60
-
-# after all connections have been attempted, it will wait for this long
-# to see if any finish
-grouperClient.discoveryDefault.webService.extraTimeoutSeconds = 30
-#grouperClient.discoveryOverride.webService.extraTimeoutSeconds = 30
-
-
-
-####################################################################################
-####################################################################################
-#### Institutional and advanced settings
-####################################################################################
-####################################################################################
-
-#######################################
-## output templates
-#######################################
-
-webService.addMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$
-webService.getMembers.output = GroupIndex ${groupIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: group: ${wsGroup.name}: subjectIndex: ${subjectIndex}: ${wsSubject.id}$newline$
-webService.deleteMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$
-webService.hasMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}: ${hasMember}$newline$
-webService.getGroups.output = SubjectIndex ${subjectIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: subject: ${wsSubject.id}: groupIndex: ${groupIndex}: ${wsGroup.name}$newline$
-webService.groupSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$
-webService.stemSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$
-webService.groupDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$
-webService.stemDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$
-webService.getGrouperPrivilegesLite.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsGrouperPrivilegeResult.privilegeType}: ${wsGrouperPrivilegeResult.privilegeName}$newline$
-webService.assignGrouperPrivileges.output = Index: ${index}, success: ${resultMetadata.success}, code: ${resultMetadata.resultCode}, ${objectType}: ${objectName}, subject: ${wsSubject.id}, ${wsAssignGrouperPrivilegesResult.privilegeType}: ${wsAssignGrouperPrivilegesResult.privilegeName}$newline$
-webService.assignGrouperPrivilegesLite.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsAssignGrouperPrivilegesLiteResult.privilegeType}: ${wsAssignGrouperPrivilegesLiteResult.privilegeName}$newline$
-webService.findGroups.output = Index ${index}: name: ${wsGroup.name}, displayName: ${wsGroup.displayName}$newline$
-webService.findStems.output = Index ${index}: name: ${wsStem.name}, displayName: ${wsStem.displayName}$newline$
-webService.memberChangeSubject.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: oldSubject: ${wsSubjectOld.id}, newSubject: ${wsSubjectNew.id}$newline$
-webService.getMemberships.output = Index: ${index}: ${type}: ${ownerName}, subject: ${wsSubject.id}, list: ${wsMembership.listName}, type: ${wsMembership.membershipType}, enabled: ${wsMembership.enabled}$newline$
-webService.getSubjects.output = Index: ${index}: success: ${success}, code: ${wsSubject.resultCode}, subject: ${wsSubject.id}$newline$
-webService.getAttributeAssignments.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}$newline$
-webService.getAttributeAssignActions.output = Index: ${index}: nameOfAttributeDef: ${wsAttributeAssignActionTuple.nameOfAttributeDef}, action: ${wsAttributeAssignActionTuple.action}$newline$
-webService.assignAttributes.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeResult.changed}, deleted: ${wsAssignAttributeResult.deleted}, valuesChanged: ${wsAssignAttributeResult.valuesChanged}$newline$
-webService.assignAttributesBatch.output = Index: ${assignIndex}, itemIndex: ${assignItemIndex}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeBatchResult.changed}, deleted: ${wsAssignAttributeBatchResult.deleted}, valuesChanged: ${wsAssignAttributeBatchResult.valuesChanged}$newline$
-webService.getPermissionAssignments.output = Index: ${index}: permissionType: ${wsPermissionAssign.permissionType}, role: ${wsPermissionAssign.roleName}, subject: ${wsPermissionAssign.sourceId} - ${wsPermissionAssign.subjectId}, attributeDefNameName: ${wsPermissionAssign.attributeDefNameName}, action: ${wsPermissionAssign.action}, allowedOverall: ${wsPermissionAssign.allowedOverall}, enabled: ${wsPermissionAssign.enabled}$newline$
-webService.assignPermissions.output = Index: ${index}: permissionType: ${permissionType}, owner: ${ownerName}, permissionDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, disallowed: ${wsAttributeAssign.disallowed}, enabled: ${wsAttributeAssign.enabled}, attributeAssignId: ${wsAttributeAssign.id}, changed: ${wsAssignPermissionResult.changed}, deleted: ${wsAssignPermissionResult.deleted}$newline$
-webService.assignAttributeDefNameInheritance.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}, message: ${resultMetadata.resultMessage}$newline$
-webService.attributeDefNameSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$
-webService.attributeDefNameDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$
-webService.findAttributeDefNames.output = Index ${index}: name: ${wsAttributeDefName.name}, displayName: ${wsAttributeDefName.displayName}$newline$
-webService.assignAttributeDefActions.output=Index ${index}: nameOfAttributeDef: ${nameOfAttributeDef}, action: ${actionWithOperation.action}, status: ${actionWithOperation.status}$newline$
-
-#######################################
-## ldap queries
-#######################################
-
-# operation name
-ldapSearchAttribute.operationName.0 = pennnameToPennid
-ldapSearchAttribute.ldapName.0 = ou=pennnames
-ldapSearchAttribute.matchingAttributes.0 = pennname
-ldapSearchAttribute.matchingAttributeLabels.0 = pennnameToDecode
-ldapSearchAttribute.returningAttributes.0 = pennid
-ldapSearchAttribute.outputTemplate.0 = pennid: ${pennid}
-ldapSearchAttribute.resultType.0 = STRING
-
-ldapSearchAttribute.operationName.1 = pennidToPennname
-ldapSearchAttribute.ldapName.1 = ou=pennnames
-ldapSearchAttribute.matchingAttributes.1 = pennid
-ldapSearchAttribute.matchingAttributeLabels.1 = pennidToDecode
-ldapSearchAttribute.returningAttributes.1 = pennname
-ldapSearchAttribute.outputTemplate.1 = pennname: ${pennname}
-ldapSearchAttribute.resultType.1 = STRING
-
-ldapSearchAttribute.operationName.2 = hasMemberLdap
-ldapSearchAttribute.ldapName.2 = ou=groups
-ldapSearchAttribute.matchingAttributes.2 = cn, hasMember
-ldapSearchAttribute.matchingAttributeLabels.2 = groupName, pennnameToCheck
-ldapSearchAttribute.returningAttributes.2 = cn
-ldapSearchAttribute.outputTemplate.2 = hasMember: ${resultBoolean}
-ldapSearchAttribute.resultType.2 = BOOLEAN
-
-ldapSearchAttribute.operationName.3 = getMembersLdap
-ldapSearchAttribute.ldapName.3 = ou=groups
-ldapSearchAttribute.matchingAttributes.3 = cn
-ldapSearchAttribute.matchingAttributeLabels.3 = groupName
-ldapSearchAttribute.returningAttributes.3 = hasMember
-ldapSearchAttribute.outputTemplate.3 = ${resultString}$newline$
-ldapSearchAttribute.resultType.3 = STRING_LIST
-
-########################################
-## Custom operations
-## Implement the interface ClientOperation, put it in the jar
-## Increment the int index for multiples (must be in order)
-########################################
-
-#customOperation.name.0 = cosignLikeWebsec
-#customOperation.class.0 = edu.upenn.isc.grouperClient.CosignLikeWebsecOperation
-
-
-########################################
-## Authentication settings
-########################################
-
-# user prefix
-grouperClient.ldap.user.prefix = uid=
-
-# user suffix
-grouperClient.ldap.user.suffix = ,ou=entities,dc=upenn,dc=edu
-
-# config name for the ldap user name between prefix and suffix
-grouperClient.ldap.user.label = login
-
-# config name for the webService user name between prefix and suffix
-grouperClient.webService.user.label = login
-
-########################################
-## Web service settings
-########################################
-
-# web service client version
-grouperClient.webService.client.version = v2_2_000
-
-# socket timeout
-grouperClient.webService.httpSocketTimeoutMillis = 90000
-
-# connection manager timeout
-grouperClient.webService.httpConnectionManagerTimeoutMillis = 90000
-
-# ignore extraneous xml fields from server (e.g. on server upgrade, when the client isnt upgraded)
-# if you dont ignore, and there is an extraneous field which is not omitted (below), then an exception
-# will be thrown
-grouperClient.webService.ignoreExtraneousXmlFields = true
-
-# register fields to be ignored with xstream. this is useful if you are not
-# ignoring extraneous fields (above), but know that there are a few to be ignored
-# place them here with fully qualified classname dont property name, comma separated
-# e.g. edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis, edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis2
-grouper.webService.omitXmlProperties =
-
-########################################
-## Misc
-########################################
-
-# if there are extra command line args, should we fail or just log?
-grouperClient.failOnExtraCommandLineArgs = true
-
-# you can have aliases for subjectId and subjectIdentifer in command line args
-# (though subjectId will still be allowed, but you cant pass both)
-# if this value is pennIds, then e.g. for addMemberWs, you can use --pennIds=123,234
-# instead of --subjectIds=123,345
-grouperClient.alias.subjectIds =
-
-# if this value is pennKeys, then e.g. for addMemberWs, you can use --pennKeys=abc,bcd
-# instead of --subjectIdentifiers=abc,bcd
-grouperClient.alias.subjectIdentifiers =
-
-# if this value is pennId, then e.g. for getGrouperPrivilegesLite, you can use --pennId=123
-# instead of --subjectId=123
-grouperClient.alias.subjectId =
-
-# if this value is pennKey, then e.g. for getGrouperPrivilegesLite, you can use --pennKey=abc
-# instead of --subjectIdentifiers=abc
-grouperClient.alias.subjectIdentifier =
-
-# if this value is PennId, then e.g. for addMemberWs, you can use --actAsPennId=123
-# instead of --actAsSubjectId=abc,bcd
-grouperClient.alias.SubjectId =
-
-# if this value is PennKey, then e.g. for addMemberWs, you can use --actAsPennKey=abc
-# instead of --actAsSubjectIdentifier=abc
-grouperClient.alias.SubjectIdentifier =
-
-# the encoding used to read config files
-grouperClient.config.encoding = UTF-8
-
-# this should probably be changed to UTF-8 for international charsets... for US it can be: ISO-8859-1
-grouperClient.default.fileEncoding = UTF-8
-
-# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.EasySslSocketFactory
-grouperClient.https.customSocketFactory =
-
-# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.BlindSslSocketFactory
-grouperClient.ldaps.customSocketFactory =
-
-
-##############################
-## Kuali Identity settings
-##############################
-
-kuali.identity.source.0 = jdbc
-kuali.identity.nameAttribute.0 = name
-kuali.identity.identifierAttribute.0 = loginid
-
-# separate a sourceId from a subjectId or sourceId
-kuali.identity.sourceSeparator = ::::
-
-
-########################################
-## JDBC settings
-########################################
-
-# default database connection name
-grouperClient.jdbc.defaultName = default
-
-# the part between jdbc. and the last . is the name of the connection, in this case "default"
-# e.g. mysql: com.mysql.jdbc.Driver
-# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver
-# for p6spy, put the underlying driver in spy.properties
-# e.g. oracle: oracle.jdbc.driver.OracleDriver
-# e.g. hsqldb: org.hsqldb.jdbcDriver
-# e.g. postgres: org.postgresql.Driver
-# e.g. mssql: com.microsoft.sqlserver.jdbc.SQLServerDriver
-grouperClient.jdbc.default.driver = oracle.jdbc.driver.OracleDriver
-
-# e.g. mysql: jdbc:mysql://localhost:3306/grouper
-# e.g. p6spy (log sql): [use the URL that your DB requires]
-# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid
-# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true
-# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper
-# e.g. postgres: jdbc:postgresql://localhost:5432/database
-# e.g. mssql: jdbc:sqlserver://localhost:3280
-grouperClient.jdbc.default.url = jdbc:oracle:thin:@server.school.edu:1521:sid
-grouperClient.jdbc.default.user = some_schema
-grouperClient.jdbc.default.pass = abc123
-
-
-
-################################
-## AWS settings
-################################
-
-# sqs settings
-grouperClient.awsAccessKey = ABC123
-grouperClient.awsSecretKey = xyz789
-grouperClient.awsSqsQueueUrl = https://sqs.region.amazonaws.com/1234/queue_name
-
-
-################################
-## ESB settings
-################################
-
-## if you want to encrypt messages, set this to an implementation of edu.internet2.middleware.grouperClient.encryption.GcEncryptionInterface
-esb.consumer.encryptionImplementation = edu.internet2.middleware.grouperClient.encryption.GcSymmetricEncryptAesCbcPkcs5Padding
-## this is a key or could be encrypted in a file as well like other passwords
-## generate a key with: java -cp grouperClient.jar edu.internet2.middleware.grouperClient.encryption.GcGenerateKey
-## number these if there are multiple
-#esb.consumer.encryptionKey.0 = abc123
-
-
-################################
-## XMPP client settings
-## Note: you need the smack.jar in your classpath, see the grouper xmpp wiki for usage
-## https://spaces.internet2.edu/display/Grouper/Grouper+XMPP+notifications+v1.6.0
-################################
-
-
-## general xmpp configuration
-grouperClient.xmpp.server.host = jabber.school.edu
-grouperClient.xmpp.server.port = 5222
-grouperClient.xmpp.user = username
-# note, pass can be in an external file with morphstring
-grouperClient.xmpp.pass =
-grouperClient.xmpp.resource = grouperClient
-# note, you need the exact id and resource here or it wont match
-grouperClient.xmpp.trustedMessagesFromJabberIds = user@school.edu/resource, user2@school.edu/resource2
-
-# if true, then each quartz trigger name will be unique
-# do this for atlassian since it doesnt do quartz right, and wont delete or reuse old triggers
-grouperClient.xmpp.uniqueQuartzTriggerNames = false
-
-# if true, send this to smack, if we should debug. not sure if it does anything
-grouperClient.xmpp.debuggerEnabled = false
-
-grouperClient.xmpp.job.myJobName.groupNames = test:xmppGroups:test1
-grouperClient.xmpp.job.myJobName.allowIncrementalNotInGroupNamesList = false
-grouperClient.xmpp.job.myJobName.handlerClass = edu.internet2.middleware.grouperClientExt.xmpp.GrouperClientXmppFileHandler
-# set this to reload_group or incremental if not reload on each event
-grouperClient.xmpp.job.myJobName.eventAction = incremental
-# how often a full refresh should occur regardless of events
-grouperClient.xmpp.job.myJobName.fullRefreshQuartzCronString = 0 0 5 * * ?
-grouperClient.xmpp.job.myJobName.fileHandler.targetFile = c:/temp/targetFile.txt
-grouperClient.xmpp.job.myJobName.fileHandler.filePrefix = c:/temp/filePrefix.txt
-grouperClient.xmpp.job.myJobName.fileHandler.iteratorEl = ${subject.attribute['pennname']}$space$
-grouperClient.xmpp.job.myJobName.fileHandler.fileSuffix = c:/temp/fileSuffix.txt
-grouperClient.xmpp.job.myJobName.subjectAttributeNames = pennname
-# subjects wont notify in not in these sources, comma separated, or blank for all
-grouperClient.xmpp.job.myJobName.requireSources = pennperson
-# subjects wont notify if they dont have a non blank value for these attributes, or blank for all
-grouperClient.xmpp.job.myJobName.requireAttributes = pennname
-
-
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/grouper.hibernate.base.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.hibernate.base.properties b/modules/group-manager/src/main/resources/grouper.hibernate.base.properties
deleted file mode 100755
index 7070b17..0000000
--- a/modules/group-manager/src/main/resources/grouper.hibernate.base.properties
+++ /dev/null
@@ -1,120 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Grouper Hibernate Configuration
-# $Id: grouper.hibernate.example.properties,v 1.9 2009-08-11 20:18:09 mchyzer Exp $
-#
-
-# The grouper hibernate config uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper.hibernate.base.properties
-# (which should not be edited), and the grouper.hibernate.properties overlays
-# the base settings. See the grouper.hibernate.base.properties for the possible
-# settings that can be applied to the grouper.hibernate.properties
-
-########################################
-## Config chaining hierarchy
-########################################
-
-# comma separated config files that override each other (files on the right override the left)
-# each should start with file: or classpath:
-# e.g. classpath:grouper.hibernate.base.properties, file:c:/temp/myFile.properties
-grouper.hibernate.config.hierarchy = classpath:grouper.hibernate.base.properties, classpath:grouper.hibernate.properties
-
-# seconds between checking to see if the config files are updated
-grouper.hibernate.config.secondsBetweenUpdateChecks = 60
-
-########################################
-## DB settings
-########################################
-
-# e.g. mysql: jdbc:mysql://localhost:3306/grouper
-# e.g. p6spy (log sql): [use the URL that your DB requires]
-# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid
-# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true
-# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper
-# e.g. postgres: jdbc:postgresql://localhost:5432/database
-# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper
-hibernate.connection.url = jdbc:hsqldb:hsql://localhost:9001/grouper
-
-hibernate.connection.username = sa
-# If you are using an empty password, depending upon your version of
-# Java and Ant you may need to specify a password of "".
-# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
-hibernate.connection.password =
-
-################ BELOW HERE YOU GENERALLY DO NOT NEED TO CHANGE ####################
-
-# Leave blank to autodetect based on URL, or specify
-# Hibernate3.
-# e.g. org.hibernate.dialect.Oracle10gDialect, org.hibernate.dialect.HSQLDialect
-# e.g. org.hibernate.dialect.PostgreSQLDialect ,org.hibernate.dialect.MySQL5Dialect
-# e.g. org.hibernate.dialect.SQLServerDialect
-hibernate.dialect =
-
-# see http://ehcache.org/documentation/user-guide/hibernate#Configure-Ehcache-as-the-Second-Level-Cache-Provider
-# Hibernate 3.0 - 3.2
-# hibernate.cache.provider_class = org.hibernate.cache.EhCacheProvider
-# Hibernate 3.3+
-hibernate.cache.region.factory_class = net.sf.ehcache.hibernate.EhCacheRegionFactory
-
-
-#
-# Generic Hibernate Configuration
-#
-
-hibernate.cache.use_query_cache = true
-
-# leave blank to autodetect based on URL
-# e.g. mysql: com.mysql.jdbc.Driver
-# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver
-# for p6spy, put the underlying driver in spy.properties
-# e.g. oracle: oracle.jdbc.driver.OracleDriver
-# e.g. hsqldb: org.hsqldb.jdbcDriver
-# e.g. postgres: org.postgresql.Driver
-# e.g. mssql: com.microsoft.sqlserver.jdbc.SQLServerDriver
-hibernate.connection.driver_class =
-
-
-hibernate.connection.autocommit = false
-
-# Use c3p0 connection pooling (since dbcp not supported in hibernate anymore)
-# http://www.hibernate.org/214.html, http://www.hibernate.org/hib_docs/reference/en/html/session-configuration.html
-hibernate.c3p0.max_size 16
-hibernate.c3p0.min_size 0
-#seconds
-hibernate.c3p0.timeout 100
-hibernate.c3p0.max_statements 0
-hibernate.c3p0.idle_test_period 100
-hibernate.c3p0.acquire_increment 1
-hibernate.c3p0.validate false
-
-#What to do if there are connection problems - see http://www.mchange.com/projects/c3p0/index.html#configuration_properties
-#These settings are designed to cause exceptions sooner rather than later so end users are not left with a hanging UI. Once the database
-#is available again a connection will be made witout further intervention
-#If tou get intermittent connection problems in the UI even though the database is OK try increasing the max_size setting above and
-#tune the settings below
-hibernate.c3p0.acquireRetryAttempts=2
-hibernate.c3p0.acquireRetryDelay=500
-hibernate.c3p0.checkoutTimeout=30000
-
-hibernate.jdbc.use_streams_for_binary = true
-
-hibernate.max_fetch_depth = 1
-
-hibernate.show_sql = false
-
-hibernate.jdbc.batch_size 20
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/grouper.hibernate.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.hibernate.properties b/modules/group-manager/src/main/resources/grouper.hibernate.properties
deleted file mode 100755
index 1621d92..0000000
--- a/modules/group-manager/src/main/resources/grouper.hibernate.properties
+++ /dev/null
@@ -1,20 +0,0 @@
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-hibernate.connection.url = jdbc:mysql://localhost:3306/grouper
-
-hibernate.connection.username =root
-# If you are using an empty password, depending upon your version of
-# Java and Ant you may need to specify a password of "".
-# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
-hibernate.connection.password =
-=======
-hibernate.connection.url = jdbc:mysql://gw62.iu.xsede.org:3306/grouper
-
-hibernate.connection.username =airavata_grouper_client
-# If you are using an empty password, depending upon your version of
-# Java and Ant you may need to specify a password of "".
-# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
-hibernate.connection.password =airavata_grouper_client
->>>>>>> adding more files
-
-hibernate.cache.use_second_level_cache=true
-hibernate.cache.region.factory_class=org.hibernate.cache.ehcache.EhCacheRegionFactory
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/grouper.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.properties b/modules/group-manager/src/main/resources/grouper.properties
deleted file mode 100755
index 1cc0805..0000000
--- a/modules/group-manager/src/main/resources/grouper.properties
+++ /dev/null
@@ -1,1017 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Grouper Configuration
-# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $
-#
-
-# Grouper uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper.base.properties
-# (which should not be edited), and the grouper.properties overlays
-# the base settings. See the grouper.base.properties for the possible
-# settings that can be applied to the grouper.properties
-
-
-########################################
-## Config chaining hierarchy
-########################################
-
-# comma separated config files that override each other (files on the right override the left)
-# each should start with file: or classpath:
-# e.g. classpath:grouper.example.properties, file:c:/something/myconfig.properties
-grouper.config.hierarchy = classpath:grouper.base.properties, classpath:grouper.properties
-
-# seconds between checking to see if the config files are updated
-grouper.config.secondsBetweenUpdateChecks = 60
-
-
-########################################
-## General settings
-########################################
-
-# in cases where grouper is logging or emailing, it will use this to differentiate test vs dev vs prod
-grouper.env.name =
-
-#put the URL which will be used e.g. in emails to users. include the webappname at the end, and nothing after that.
-#e.g. https://server.school.edu/grouper/
-grouper.ui.url =
-
-# tmp dir to use, will set this to the env var for tmp dir during cache operations...
-# note, if you are using a backslash, you need to escape it with another, e.g. c:\\temp
-# see the temp dir in logs with this in log4j.properties
-# log4j.logger.edu.internet2.middleware.grouper.util.GrouperUtil = INFO
-grouper.tmp.dir =
-
-# main stem for grouper built in objects
-# Note: there are more locations to change than just this
-grouper.rootStemForBuiltinObjects = etc
-
-#######################################
-## inititalization and configuration settings
-#######################################
-
-#if grouper should auto init the registry if not initted (i.e. insert the root stem, built in fields, etc)
-#defaults to true
-registry.autoinit = true
-
-#if grouper should try and detect and log configuration errors on startup
-#in general this should be true, unless the output is too annoying or if it is causing a problem
-configuration.detect.errors = true
-
-#if the startup message should display
-configuration.display.startup.message = true
-
-#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on)
-configuration.autocreate.system.groups = false
-
-#auto-create groups (increment the integer index), and auto-populate with users
-#(comma separated subject ids) to bootstrap the registry on startup
-#(note: check config needs to be on)
-#configuration.autocreate.group.name.0 = etc:uiUsers
-#configuration.autocreate.group.description.0 = users allowed to log in to the UI
-#configuration.autocreate.group.subjects.0 = johnsmith
-
-# if should check java version and make sure ok
-configuration.checkJavaVersion = true
-
-# if should check database and utf in new thread
-configuration.checkDatabaseAndUtf.inNewThread = true
-
-# if grouper should check to see if the database has case sensitive selects
-configuration.detect.db.caseSensitive.problems = true
-configuration.display.db.caseSensitive.success.message = false
-
-# if grouper should check to see if utf-8 works on startup in files
-configuration.detect.utf8.file.problems = true
-# if grouper should check to see if utf-8 works on startup in the database
-configuration.detect.utf8.problems = true
-configuration.display.utf8.success.message = false
-
-# if grouper in the utf8 check will check to see if grouper supports transaction
-configuration.detect.db.transaction.problems = true
-configuration.display.transaction.success.message = false
-
-###################################
-## security settings
-###################################
-
-# If set to _true_, the ALL subject will be granted that privilege on
-# each new group that is created. Note, you can override the default
-# checkboxes on screen of UI in media.properties.
-groups.create.grant.all.optin = false
-groups.create.grant.all.optout = false
-groups.create.grant.all.read = false
-groups.create.grant.all.view = false
-groups.create.grant.all.groupAttrRead = false
-
-# If set to _true_, the ALL subject will be granted that privilege on
-# each new stem that is created.
-stems.create.grant.all.create = false
-stems.create.grant.all.stemAdmin = false
-stems.create.grant.all.stemAttrRead = false
-stems.create.grant.all.stemAttrUpdate = false
-
-# If set to _true_, the ALL subject will be granted that privilege on
-# each new attributeDef that is created.
-attributeDefs.create.grant.all.attrAdmin = false
-attributeDefs.create.grant.all.attrOptin = false
-attributeDefs.create.grant.all.attrOptout = false
-attributeDefs.create.grant.all.attrRead = false
-attributeDefs.create.grant.all.attrUpdate = false
-attributeDefs.create.grant.all.attrView = false
-attributeDefs.create.grant.all.attrDefAttrRead = false
-attributeDefs.create.grant.all.attrDefAttrUpdate = false
-
-# if set to true, then the ALL subject will be granted view on new entities
-entities.create.grant.all.view = false
-
-
-# A wheel group allows you to enable non-GrouperSystem subjects to act
-# like a root user when interacting with the registry.
-groups.wheel.use = false
-
-# Set to the name of the group you want to treat as the wheel group.
-# The members of this group will be treated as root-like users.
-groups.wheel.group = etc:sysadmingroup
-
-# A viewonly wheel group allows you to enable non-GrouperSystem subjects to act
-# like a root user when viewing the registry.
-groups.wheel.viewonly.use = false
-
-# Set to the name of the group you want to treat as the viewonly wheel group.
-# The members of this group will be treated as root-like users when viewing objects.
-groups.wheel.viewonly.group = etc:sysadminViewersGroup
-
-# A readonly wheel group allows you to enable non-GrouperSystem subjects to act
-# like a root user when reading the registry.
-groups.wheel.readonly.use = false
-
-# Set to the name of the group you want to treat as the readonly wheel group.
-# The members of this group will be treated as root-like users when reading objects.
-groups.wheel.readonly.group = etc:sysadminReadersGroup
-
-
-# To change the internal names for GrouperAll and GrouperSystem
-# uncomment and change. Review UI nav.properties to ensure consistency
-subject.internal.grouperall.name = EveryEntity
-subject.internal.groupersystem.name = GrouperSysAdmin
-
-# Search and sort strings for internal users
-internalSubjects.searchAttribute0.el = ${subject.name},${subject.id}
-internalSubjects.sortAttribute0.el = ${subject.name}
-
-
-#by default, anyone with admin rights on a group can edit the types or attributes
-#specify types (related attributes will also be protected) which are wheel only, or restricted to a certain group
-#security.types.typeName.wheelOnly = true
-security.types.grouperLoader.wheelOnly = true
-security.types.grouperGroupMembershipSettings.wheelOnly = true
-
-#security.types.typeName.allowOnlyGroup = etc:someAdminGroup
-
-
-# If this property is set, then to move a stem, in addition to having the appropriate stem privileges for the stem being moved and the destination stem,
-# a user must also be a member of the defined group. Note that users in the wheel group will have access regardless of this property.
-#security.stem.groupAllowedToMoveStem = etc:someAdminGroup
-
-# If this property is set, then to rename a stem, in addition to having the appropriate stem privilege for the stem being renamed,
-# a user must also be a member of the defined group. Note that users in the wheel group will have access regardless of this property.
-#security.stem.groupAllowedToRenameStem = etc:someAdminGroup
-
-# If this property is set, then to copy a stem, a user must be a member of the defined group. Note that users in the wheel group will have access regardless of this property.
-#security.stem.groupAllowedToCopyStem = etc:someAdminGroup
-
-# By default, all users have access to sort using any of the sort strings in the member table and search using any of the search strings in the member table.
-# You can restrict to wheel only or to a certain group.
-#security.member.sort.string0.allowOnlyGroup = etc:someGroup
-#security.member.sort.string1.allowOnlyGroup = etc:someGroup
-#security.member.sort.string2.wheelOnly = true
-#security.member.sort.string3.wheelOnly = true
-#security.member.sort.string4.wheelOnly = true
-#security.member.search.string0.allowOnlyGroup = etc:someGroup
-#security.member.search.string1.allowOnlyGroup = etc:someGroup
-#security.member.search.string2.wheelOnly = true
-#security.member.search.string3.wheelOnly = true
-#security.member.search.string4.wheelOnly = true
-
-
-###################################
-## Member sort and search
-###################################
-
-# Attributes of members are kept in the grouper_members table to allow easy sorting and searching (for instance when listing group members).
-# When performing a sort or search and an index is not specified, then a default index will be used as configured below. The value is comma-separated,
-# so that if the user does not have access to the first index, then next will be tried and so forth.
-# Note: all sources should have attributes configured for all default indexes.
-member.search.defaultIndexOrder=0
-member.sort.defaultIndexOrder=0
-
-
-###################################
-## whitelist (allow) and blacklist (deny) for db/ldap data or object deletes, without prompting the user to confirm
-## if a listing is in the whitelist (allow), it will be allowed to delete db/ldap
-## if a listing is in the blacklist (deny), it will be denied from deleting db/ldap
-## multiple inputs can be entered with .0, .1, .2, etc. These numbers must be sequential, starting with 0
-###################################
-
-db.change.allow.user.0=sa
-db.change.allow.url.0=jdbc:hsqldb:hsql://localhost:9001/grouper
-db.change.allow.user.1=grouper1
-db.change.allow.url.1=jdbc:mysql://localhost:3306/grouper1
-
-db.change.deny.user.0=grouper2
-db.change.deny.url.0=jdbc:mysql://localhost:3306/grouper2
-
-# db.change.allow.user.2=uid=admin,ou=system
-# db.change.allow.url.2=ldap://localhost:10389
-
-# if should give error when detect driver mismatch (set to false if using an
-# unknown driver, and tell the grouper team so we can add to list)
-db.log.driver.mismatch = true
-
-###################################
-## Grouper include / exclude and requireGroups
-## If enabled, will make sure the Type is installed, and when that type is
-## applied to a group, it will auto-create the other groups needed to manage the include and exclude lists
-## see: https://bugs.internet2.edu/jira/browse/GRP-178
-## the naming settings below are only used when the type is applied to a group, will not affect
-## existing include/exclude groups
-###################################
-
-#if the addIncludeExclude and requireInGroups should be enabled, and if the type(s) should be
-#auto-created, and used to auto create groups to facilitate include and exclude lists, and require lists
-grouperIncludeExclude.use = false
-grouperIncludeExclude.requireGroups.use = false
-
-#for requireGroups (groups that the members must be to be in the overall group). name is the name of the attribute or type
-#attributeOrType is either attribute for an attribute underneath the requireInGroups type, or type to be a top level type
-#group is the group to be anded in. note attributes are a global namespace, so you might want to use a naming convention,
-#e.g. prefix with "require". description is the tooltip. add as many as you like.
-#grouperIncludeExclude.requireGroup.name.0 = requireActiveEmployee
-#grouperIncludeExclude.requireGroup.attributeOrType.0 = type
-#grouperIncludeExclude.requireGroup.group.0 = school:community:activeEmployee
-#grouperIncludeExclude.requireGroup.description.0 = If value is true, members of the overall group must be an active employee (in the school:community:activeEmployee group). Otherwise, leave this value not filled in.
-
-#grouperIncludeExclude.requireGroup.name.1 = requireActiveStudent
-#grouperIncludeExclude.requireGroup.attributeOrType.1 = attribute
-#grouperIncludeExclude.requireGroup.group.1 = school:community:activeStudent
-#grouperIncludeExclude.requireGroup.description.1 = If value is true, members of the overall group must be an active student (in the school:community:activeStudent group). Otherwise leave this value not filled in.
-
-
-# set some names and tooltips
-grouperIncludeExclude.type.name = addIncludeExclude
-grouperIncludeExclude.tooltip = Select this type to auto-create other groups which facilitate having include and exclude list
-
-grouperIncludeExclude.requireGroups.type.name = requireInGroups
-grouperIncludeExclude.requireGroups.tooltip = Select this type to auto-create other groups which set up group math so that other groups can be required for membership (e.g. activeEmployee)
-
-#leave grouperIncludeExclude.andGroups.attributeName blank if you dont want to use this attribute...
-#though if you were using it, it wont remove already configured groups
-grouperIncludeExclude.requireGroups.attributeName = requireAlsoInGroups
-grouperIncludeExclude.requireGroups.attribute.tooltip = Enter in comma separated group path(s). An entity must be in these groups for it to be in the overall group. e.g. stem1:stem2:group1, stem1:stem3:group2
-
-#suffixes for various include/exclude groups (can use ${space} for space).
-#note, these should uniquely identify various parts of the include/exclude.
-#i.e. if the grouperIncludeExclude type is applied to a group with a suffix of the include suffix,
-#the other groups will not be created...
-grouperIncludeExclude.systemOfRecord.extension.suffix = _systemOfRecord
-grouperIncludeExclude.include.extension.suffix = _includes
-grouperIncludeExclude.exclude.extension.suffix = _excludes
-grouperIncludeExclude.systemOfRecordAndIncludes.extension.suffix = _systemOfRecordAndIncludes
-grouperIncludeExclude.includesMinusExcludes.extension.suffix = _includesMinusExcludes
-#note, put a ${i} in there for where the 1 based index will go
-grouperIncludeExclude.requireGroups.extension.suffix = _requireGroups${i}
-
-#suffixes for various include/exclude groups (can use ${space} for space)
-grouperIncludeExclude.systemOfRecord.displayExtension.suffix = ${space}system of record
-grouperIncludeExclude.include.displayExtension.suffix = ${space}includes
-grouperIncludeExclude.exclude.displayExtension.suffix = ${space}excludes
-grouperIncludeExclude.systemOfRecordAndIncludes.displayExtension.suffix = ${space}system of record and includes
-grouperIncludeExclude.includesMinusExcludes.displayExtension.suffix = ${space}includes minus excludes
-#note, put a ${i} in there for where the 1 based index will go
-grouperIncludeExclude.requireGroups.displayExtension.suffix = ${space}requireGroups ${i}
-
-#can use ${extension} as the group extension, or ${displayExtension} for group display extension
-grouperIncludeExclude.overall.description = Group containing list of ${displayExtension} after adding the includes and subtracting the excludes
-grouperIncludeExclude.systemOfRecord.description = Group containing list of ${displayExtension} (generally straight from the system of record) without yet considering manual include or exclude lists
-grouperIncludeExclude.include.description = Group containing manual list of includes for group ${displayExtension} which will be added to the system of record list (unless the subject is also in the excludes group)
-grouperIncludeExclude.exclude.description = Group containing manual list of excludes for group ${displayExtension} which will not be in the overall group
-grouperIncludeExclude.systemOfRecordAndIncludes.description = Internal utility group for group ${displayExtension} which facilitates the group math for the include and exclude lists
-grouperIncludeExclude.includesMinusExclude.description = Internal utility group for group ${displayExtension} which facilitates includes, excludes, and required groups (e.g. activeEmployee)
-#note, put a ${i} in there for where the 1 based index will go
-grouperIncludeExclude.requireGroups.description = Internal utility group for group ${displayExtension} which facilitates required groups (e.g. activeEmployee)
-
-
-###################################
-## Subject settings
-###################################
-
-# if finding across multiple threadable sources, use threads to do the work faster
-subjects.allPage.useThreadForkJoin = false
-
-# if finding across multiple threadable sources, use threads to do the work faster
-subjects.idOrIdentifier.useThreadForkJoin = false
-
-# if the creator and last updater should be group subject attributes (you get
-# a performance gain if you set to false, but if true you can see subject id from UI in 2.0
-subjects.group.useCreatorAndModifierAsSubjectAttributes = true
-
-# customize subjects by implementing this interface: edu.internet2.middleware.grouper.subj.SubjectCustomizer
-# or extending this class: edu.internet2.middleware.grouper.subj.SubjectCustomizerBase (recommended)
-# note the instance will be reused to make sure it is threadsafe
-subjects.customizer.className =
-
-# if we should use a root session if one isnt started for subject lookups (behavior in v2.0-
-subjects.startRootSessionIfOneIsntStarted = false
-
-###################################
-## Hooks
-## You can register multiple classes for one hook base class by comma separating the hooks implementations
-## You can also register hooks at runtime with:
-## GrouperHookType.addHookManual("hooks.group.class", YourSchoolGroupHooks2.class);
-###################################
-
-#implement a group attribute hook by extending edu.internet2.middleware.grouper.hooks.AttributeHooks
-#hooks.attribute.class=edu.yourSchool.it.YourSchoolGroupHooks,edu.yourSchool.it.YourSchoolGroupHooks2
-
-#implement an attribute def hook by extending edu.internet2.middleware.grouper.hooks.AttributeDefHooks
-#hooks.attributeDef.class=edu.yourSchool.it.YourSchoolAttributeDefHooks,edu.yourSchool.it.YourSchoolAttributeDefHooks2
-
-#implement an attribute def name hook by extending edu.internet2.middleware.grouper.hooks.AttributeDefNameHooks
-#hooks.attributeDefName.class=edu.yourSchool.it.YourSchoolAttributeDefNameHooks,edu.yourSchool.it.YourSchoolAttributeDefNameHooks2
-
-#implement an attribute assign hook by extending edu.internet2.middleware.grouper.hooks.AttributeAssignHooks
-#hooks.attributeAssign.class=edu.yourSchool.it.YourSchoolAttributeAssignHooks,edu.yourSchool.it.YourSchoolAttributeAssignHooks2
-
-#implement an attribute assign hook by extending edu.internet2.middleware.grouper.hooks.AttributeAssignValueHooks
-#hooks.attributeAssignValue.class=edu.yourSchool.it.YourSchoolAttributeAssignValueHooks,edu.yourSchool.it.YourSchoolAttributeAssignValueHooks2
-
-#implement a group hook by extending edu.internet2.middleware.grouper.hooks.GroupHooks
-#hooks.group.class=edu.yourSchool.it.YourSchoolGroupHooks,edu.yourSchool.it.YourSchoolGroupHooks2
-
-#implement a grouper lifecycle hook by extending edu.internet2.middleware.grouper.hooks.LifecycleHooks
-#hooks.lifecycle.class=edu.yourSchool.it.YourSchoolLifecycleHooks
-
-#implement a membership hook by extending edu.internet2.middleware.grouper.hooks.MembershipHooks
-#hooks.membership.class=edu.yourSchool.it.YourSchoolMembershipHooks
-
-#implement a member hook by extending edu.internet2.middleware.grouper.hooks.MemberHooks
-#hooks.member.class=edu.yourSchool.it.YourSchoolMemberHooks
-
-#implement a stem hook by extending edu.internet2.middleware.grouper.hooks.StemHooks
-#hooks.stem.class=edu.yourSchool.it.YourSchoolStemHooks
-
-#implement a composite hook by extending edu.internet2.middleware.grouper.hooks.CompositeHooks
-#hooks.composite.class=edu.yourSchool.it.YourSchoolCompositeHooks
-
-#implement a field hook by extending edu.internet2.middleware.grouper.hooks.FieldHooks
-#hooks.field.class=edu.yourSchool.it.YourSchoolFieldHooks
-
-#implement a grouperSession hook by extending edu.internet2.middleware.grouper.hooks.GrouperSessionHooks
-#hooks.grouperSession.class=edu.yourSchool.it.YourSchoolGrouperSessionHooks
-
-#implement a groupType hook by extending edu.internet2.middleware.grouper.hooks.GroupTypeHooks
-#hooks.groupType.class=edu.yourSchool.it.YourSchoolGroupTypeHooks
-
-#implement a groupTypeTuple hook by extending edu.internet2.middleware.grouper.hooks.GroupTypeTupleHooks
-#hooks.groupTypeTuple.class=edu.yourSchool.it.YourSchoolGroupTypeTupleHooks
-
-#implement a loader hook by extending edu.internet2.middleware.grouper.hooks.LoaderHooks
-#hooks.loader.class=edu.yourSchool.it.YourSchoolLoaderHooks
-
-#implement an external subject hook by extending edu.internet2.middleware.grouper.hooks.ExternalSubjectHooks
-#hooks.externalSubject.class=edu.yourSchool.it.YourSchoolExternalSubjectHooks
-
-###################################
-## Rules
-###################################
-
-# Rules users who are in the following group can use the actAs field to act as someone else
-# You can put multiple groups separated by commas. e.g. a:b:c, e:f:g
-# You can put a single entry as the group the calling user has to be in, and the grouper the actAs has to be in
-# separated by 4 colons
-# e.g. if the configured values is: a:b:c, e:f:d :::: r:e:w, x:e:w
-# then if the calling user is in a:b:c or x:e:w, then the actAs can be anyone
-# if not, then if the calling user is in e:f:d, then the actAs must be in r:e:w. If multiple rules, then
-# if one passes, then it is a success, if they all fail, then fail.
-rules.act.as.group =
-
-# any actAs subject in this group has access to more objects when the EL fires on
-# the IF or THEN EL clause
-rules.accessToApiInEl.group =
-
-# cache the decision to allow a user to actAs another, so it doesnt have to be calculated each time
-# defaults to 30 minutes
-rules.act.as.cache.minutes = 30
-
-# uuids (comma separated) of the attribute assign record which is the rule type to the owner object
-# e.g. SELECT gaagv.attribute_assign_id FROM grouper_attr_asn_group_v gaagv WHERE gaagv.attribute_def_name_name LIKE '%:rule' AND gaagv.group_name = 'stem:a'
-# make sure log info level is set for RuleEngine
-# log4j.logger.edu.internet2.middleware.grouper.rules.RuleEngine = INFO
-rules.attributeAssignTypeIdsToLog = abc1234abc123, def456def345
-
-# if this is true, then log a lot of info about why rules do or do not fire... only turn on temporarily
-# since it takes a lot of resources... note you need log DEBUG set for the rules engine in log4j.properties too e.g.
-# log4j.logger.edu.internet2.middleware.grouper.rules = DEBUG
-rules.logWhyRulesDontFire = false
-
-# put in fully qualified classes to add to the EL context. Note that they need a default constructor
-# comma separated. The alias will be the simple class name without a first cap.
-# e.g. if the class is test.Test the alias is "test"
-rules.customElClasses =
-
-# If the CHECK, IF, and THEN are all exactly what is needed for managing inherited stem privileges
-# Then allow an actAs GrouperSystem in source g:isa
-rules.allowActAsGrouperSystemForInheritedStemPrivileges =
-
-# If not blank, then keep email templates in this folder instead of classpath
-# If in classpath, it is classpath: grouperRulesEmailTemplates/someTemplate.txt
-rules.emailTemplatesFolder =
-
-
-###################################
-## Group attribute validation via regex
-## You can attach a regex to an attribute name (including built ins)
-## If none are registered, the built in hook will not be enabled
-## The built ins are description, displayName, extension, displayExtension, name
-## Configure a group.attribute.validator.attributeName.X for attribute name
-## group.attribute.validator.regex.X for the regex
-## group.attribute.validator.vetoMessage.X for the veto message (can contain the variable $attributeValue$ which will substitute)
-## the X must be a sequential integer which groups the config entries together.
-## do not repeat two config entries
-###################################
-
-#Attach a regex validator by attribute name
-#group.attribute.validator.attributeName.0=extension
-#group.attribute.validator.regex.0=^[a-zA-Z0-9]+$
-#group.attribute.validator.vetoMessage.0=Group ID '$attributeValue$' is invalid since it must contain only alpha-numerics
-#
-#group.attribute.validator.attributeName.1=displayExtension
-#group.attribute.validator.regex.1=^[a-zA-Z0-9 ]+$
-#group.attribute.validator.vetoMessage.1=Group name '$attributeValue$' is invalid since it must contain only alpha-numerics or spaces
-
-#####################################
-## Audit settings
-#####################################
-
-# if set to true, then exceptions will be thrown if any actions are not audited... exceptions
-# should not be thrown since everything should be audited, so this is a switch to make it absorb
-# errors if there is a problem (will be logged instead if second param is true)
-audit.requireAuditsForAllActions = false
-audit.logAuditsForMissingActions = false
-
-#####################################
-## Change log settings
-#####################################
-
-# if we should insert records into grouper_change_log_temp when events happen
-# defaults to true. Note, it is not currently supported to set this to false...
-changeLog.enabled = true
-
-
-#####################################
-## Settings to track last membership changes for groups and stems.
-#####################################
-
-# If true, when an immediate membership changes for a group (either a privilege or a list member),
-# then an update will be made to the lastImmediateMembershipChange property for the group.
-groups.updateLastImmediateMembershipTime = false
-
-# If true, when an immediate, composite, or effective membership changes for a group (either a privilege or a list member),
-# then an update will be made to the lastMembershipChange property for the group.
-groups.updateLastMembershipTime = false
-
-# If true, when an immediate or effective membership changes for a stem (this would be a naming privilege),
-# then an update will be made to the lastMembershipChange property for the stem.
-stems.updateLastMembershipTime = false
-
-
-#####################################
-## Database structure data definition language (DDL) settings
-#####################################
-
-# Grouper DOES NOT WORK WITHOUT NESTED TRANSACTIONS! This config parameter doesnt exist
-#ddlutils.use.nestedTransactions = true
-
-# ddlutils db name will be set by default, you can override it here, it must be one of:
-# axion, cloudscape, db2, db2v8, derby, firebird, hsqldb, interbase, maxdb, mckoi,
-# mssql, mysql, mysql5, oracle, oracle10, oracle9, postgresql, sapdb, sybase, sybasease15,
-#
-#ddlutils.dbname.override = oracle10
-
-# if you want to not create the subject tables (grouper examples for unit testing),
-# then set this to true
-ddlutils.exclude.subject.tables = false
-
-# set the path where ddl scripts are generated (they will be uniquely named in this directory).
-# if blank, the directory used will be the current directory
-ddlutils.directory.for.scripts = ddlScripts
-
-# during schema export, should it install grouper data also or not. e.g. insert the root stem, default true
-ddlutils.schemaexport.installGrouperData = true
-
-# when grouper starts, should it shut down if not right version?
-ddlutils.failIfNotRightVersion = true
-
-# after you have converted id's, and are happy with the conversion of removing the uuid col,
-# this will remove the backup uuid cols when running the gsh command: gsh -registry -deep
-ddlutils.dropBackupUuidCols = false
-
-# after you have converted field id foreign keys, and are happy with the conversion of removing the attribute name,
-# membership list name, and type cols,
-# this will remove the backup field name/type cols when running the gsh command: gsh -registry -deep
-ddlutils.dropBackupFieldNameTypeCols = false
-
-# before the group name etc was moved to the grouper_groups table, the attributes table
-# was backed up. If it should not be backed up, or if the upgrade is done and works, then it can
-# be removed, set to true, run: gsh -registry -deep
-ddlutils.dropAttributeBackupTableFromGroupUpgrade = false
-
-# Since grouper_memberships no longer has effective memberships, that table doesn't need via_id,
-# depth and parent_membership. If they were converted, this will drop the backup of those cols with: gsh -registry -deep
-ddlutils.dropMembershipBackupColsFromOwnerViaUpgrade = false
-
-# After legacy attributes are converted, the backed up tables can be dropped with: gsh -registry -deep
-ddlutils.dropLegacyAttributes = false
-
-# this is the schema ddlutils uses to query metadata with jdbc. usually this can be omitted,
-# and it defaults to your database loginid, however, in postgres, it can be different, so enter here
-# in sql server, it might need to be: dbo
-#ddlutils.schema = public
-
-#if you are running a DB that supports them, but you dont want them, disable comments here (defaults to false)
-ddlutils.disableComments = false
-
-#set to true and we wont subsitute varchar 4000 for text in mysql (wont work in innodb utf-8 databases
-ddlutils.dontSubstituteVarchar4000forTextMysql = false
-
-#####################################
-## mail settings (optional, e.g. for daily report form loader)
-#####################################
-
-#smtp server is a domain name or dns name. set to "testing" if you want to log instead of send (e.g. for testing)
-#mail.smtp.server = whatever.school.edu
-
-#leave blank if unauthenticated
-#mail.smtp.user =
-
-#leave blank if unauthenticated
-#mail.smtp.pass =
-
-#leave blank or false for no ssl, true for ssl
-#mail.smtp.ssl =
-
-#leave blank for default (probably 25), if ssl is true, default is 465, else specify
-#mail.smtp.port =
-
-#this is the default email address where mail from grouper will come from
-#mail.from.address = noreply@school.edu
-
-#this is the subject prefix of emails, which will help differentiate prod vs test vs dev etc
-#mail.subject.prefix = TEST:
-
-#when running junit tests, this is the address that will be used
-#mail.test.address = a@b.c
-
-#####################################
-## misc settings which probably dont need to be changed
-#####################################
-
-dao.factory = edu.internet2.middleware.grouper.internal.dao.hib3.Hib3DAOFactory
-
-# if tables that are hibernated should have optimistic locking or not (assumes the data layer supports this, hibernate does)
-dao.optimisticLocking = true
-
-# set the API as readonly (e.g. during upgrades). Any updates will throw an exception
-grouper.api.readonly = false
-
-# When searching for memberships using the getMemberships WS (or underlying API call), limit the number of memberships
-# which can be returned, else throws exception. -1 means dont check.
-ws.getMemberships.maxResultSize = 30000
-
-# When searching for attribute assignments using the getAttributeAssignments WS (or underlying API call), limit the number of assignments
-# which can be returned, else throws exception. -1 means dont check.
-ws.findAttrAssignments.maxResultSize = 30000
-
-# When searching attribute def names, this is max size
-findAllAttributeDefNames.maxResultSize = 30000
-
-# create the type and attribuute for membership lite ui config by group
-membershipUpdateLiteTypeAutoCreate = false
-
-grouper.tableIndex.group.minIndex = 10000
-grouper.tableIndex.stem.minIndex = 10000
-grouper.tableIndex.attributeDef.minIndex = 10000
-grouper.tableIndex.attributeDefName.minIndex = 10000
-
-# verify that table indexes are set and the pointers are ok, incurs a bit of overhead to grouper startup
-grouper.tableIndex.verifyOnStartup = true
-
-# in different circumstances, retrieve a different number of IDs at once.
-# if it is a system where the JVM is starting and stopping (e.g. GSH), then
-# dont reserve that many at once
-grouper.tableIndex.reserveIdsGsh = 1
-grouper.tableIndex.reserveIdsDefault = 10
-grouper.tableIndex.reserveIdsLoader = 10
-grouper.tableIndex.reserveIdsWs = 10
-grouper.tableIndex.reserveIdsUi = 10
-
-# group who can assign id index cols (also, wheel or root is allowed)
-grouper.tableIndex.groupWhoCanAssignIdIndex = etc:canAssignIdIndex
-
-# number of bytes in DB that a non ascii char takes
-grouper.nonAsciiCharDbBytesLength = 3
-
-# cache size for jexl expressions
-jexl.cacheSize = 1024
-
-# when reading writing files from util classes, this is encoding (was ISO-8859-1)
-grouper.default.fileEncoding = UTF-8
-
-
-#####################################
-## testing settings
-#####################################
-
-# if the ldappc tests should be included when running all tests (default false)
-junit.test.ldappc = false
-
-# if the loader tests should be included when running all tests (default true)
-junit.test.loader = true
-
-# if the ddl tests should be included when running all tests (default true)
-junit.test.ddl = true
-
-# if the gsh tests should be included when running all tests (default false)
-junit.test.gsh = false
-
-# if the stress tests should be included when running all tests (default false)
-junit.test.stress = false
-
-# if the external subject tests should be included when running all tests, note you need the jabber attribute in the view (default false)
-junit.test.externalSubjects = false
-
-# if the group sync should be tested... note you need the demo server available to test this, or change some settings...
-junit.test.groupSync = false
-junit.test.groupSync.url = https://grouperdemo.internet2.edu/grouper-ws_v2_0_0/servicesRest
-junit.test.groupSync.user = remoteUser
-junit.test.groupSync.password = R:/pass/grouperDemoRemoteUser.pass
-#folder where the user can create/stem which the user can use to run tests
-junit.test.groupSync.folder = test2:whateverFolder
-#this is true unless testing to an older grouper which doesnt support this
-junit.test.groupSync.pushAddExternalSubjectIfNotExist = true
-junit.test.groupSync.createRemoteFolderIfNotExist = true
-junit.test.groupSync.remoteSourceId = grouperExternal
-junit.test.groupSync.remoteReadSubjectId = identifier
-junit.test.groupSync.remoteWriteSubjectId = identifier
-
-
-#####################################
-## attribute framework
-#####################################
-
-# root stem in grouper where built in attributes are put
-grouper.attribute.rootStem = etc:attribute
-
-# comma separated names of attribute defs will not be audited or change log or point in time
-grouper.attribute.namesOfAttributeDefsToIgnoreAuditsChangeLogPit.elConfig = ${edu.internet2.middleware.grouper.cfg.GrouperConfig.retrieveConfig().propertyValueStringRequired('grouper.attribute.rootStem')}:userData:grouperUserDataValueDef
-
-# if the attribute loader attributes, and other attributes should be autoconfigured (created, etc)
-grouper.attribute.loader.autoconfigure = true
-
-#####################################
-## centrally managed permissions
-#####################################
-
-# if the permissions limits should be readable and updatable by GrouperAll (set when created)...
-grouper.permissions.limits.builtin.createAs.public = true
-
-# if the permissions limits should be readable and updatable by GrouperAll (set when created)...
-grouper.permissions.limits.builtin.displayExtension.limitAmountLessThan = amount less than
-grouper.permissions.limits.builtin.displayExtension.limitAmountLessThanOrEqual = amount less than or equal to
-grouper.permissions.limits.builtin.displayExtension.limitExpression = Expression
-grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworkRealm = ipAddress on network realm
-grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworks = ipAddress on networks
-grouper.permissions.limits.builtin.displayExtension.limitLabelsContain = labels contains
-grouper.permissions.limits.builtin.displayExtension.limitWeekday9to5 = Weekday 9 to 5
-
-
-# el classes to add to the el context for a limitExpression. Comma-separated fully qualified classnames
-grouper.permissions.limits.el.classes =
-
-# permission limits linked to subclasses of edu.internet2.middleware.grouper.permissions.limits.PermissionLimitBase
-#grouper.permissions.limits.logic.someName.limitName =
-#grouper.permissions.limits.logic.someName.logicClass =
-
-# if you are doing ip address limits, you can put realms here
-# grouper.permissions.limits.realm.someName = 1.2.3.4/24, 2.3.4.5/16
-
-#####################################
-## External subjects
-#####################################
-
-#manages the description of a user automatically
-externalSubjects.desc.el = ${grouperUtil.appendPrefixIfStringNotBlank('[unverifiedInfo]', ' ', grouperUtil.appendIfNotBlankString(externalSubject.name, ' - ', externalSubject.institution))} [externalUserID] ${externalSubject.identifier}
-
-#search and sort strings added to member objects
-externalSubjects.searchAttribute0.el = ${subject.name},${subjectUtils.defaultIfBlank(subject.getAttributeValue("institution"), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValue("identifier"), "")},${subject.id},${subjectUtils.defaultIfBlank(subject.getAttributeValue("email"), "")}
-externalSubjects.sortAttribute0.el = ${subject.name}
-externalSubjects.sortAttribute1.el = ${subjectUtils.defaultIfBlank(subject.getAttributeValue("identifier"), "")}
-externalSubjects.sortAttribute2.el = ${subjectUtils.defaultIfBlank(subject.getAttributeValue("institution"), "")}
-
-# false if the description should be managed via EL (config above)
-externalSubjects.desc.manual = false
-
-# quartz cron where subjects are recalculated if necessary (empty means dont run), e.g. everyday at 3am
-externalSubjects.calc.fields.cron = 0 0 3 * * ?
-
-externalSubjects.name.required = true
-externalSubjects.email.required = false
-externalSubjects.email.enabled = true
-
-# these field names (uuid, institution, identifier, uuid, email, name) or attribute names
-# will be toLowered, and appended with comma separators. e.g. if you add attributes, add them here too
-externalSubjects.searchStringFields = name, institution, identifier, uuid, email
-
-externalSubjects.institution.required = false
-externalSubjects.institution.enabled = true
-
-# note, this must be only alphanumeric lower case or underscore
-# (valid db column name, subject attribute name)
-#externalSubjects.attributes.jabber.systemName = jabber
-#externalSubjects.attributes.jabber.required = false
-# comment on column in DB (no special characters allowed)
-#externalSubjects.attributes.jabber.comment = The jabber ID of the user
-
-# if wheel or root can edit external users
-externalSubjects.wheelOrRootCanEdit = true
-
-# group which is allowed to edit external users
-externalSubjects.groupAllowedForEdit =
-
-# if the view on the external subjects should be created.
-# turn this off if it doesnt compile, othrewise should be fine
-externalSubjects.createView = true
-
-#name of external subject source, defaults to grouperExternal
-externalSubject.sourceId = grouperExternal
-externalSubject.sourceName = External Users
-
-# grouper can auto create a jdbc2 source for the external subjects
-externalSubjects.autoCreateSource = true
-
-# put in fully qualified classes to add to the EL context. Note that they need a default constructor
-# comma separated. The alias will be the simple class name without a first cap.
-# e.g. if the class is test.Test the alias is "test"
-externalSubjects.customElClasses =
-
-# change these to affect the storage where external subjects live (e.g. to store in ldap),
-# must implement each respective storable interface
-externalSubjects.storage.ExternalSubjectStorable.class = edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectDbStorage
-externalSubjects.storage.ExternalSubjectAttributeStorable.class = edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectAttributeDbStorage
-
-# you can use the variables $newline$, $inviteLink$. Note, you need to change this default message...
-externalSubjectsInviteDefaultEmail = Hello,$newline$$newline$This is an invitation to register at our site to be able to access our applications. This invitation expires in 7 days. Click on the link below and sign in with your InCommon credentials. If you do not have InCommon credentials you can register at a site like protectnetwork.org and use those credentials.$newline$$newline$$inviteLink$$newline$$newline$Regards.
-# default subject for email
-externalSubjectsInviteDefaultEmailSubject = Register to access applications
-
-# you can use the variables $newline$, $inviteeIdentifier$, $inviteeEmailAddress$. Note, you need to change this default message...
-externalSubjectsNotifyInviterEmail = Hello,$newline$$newline$This is a notification that user $inviteeIdentifier$ from email address $inviteeEmailAddress$ has registered with the identity management service. They can now use applications at this institution.$newline$$newline$Regards.
-externalSubjectsNotifyInviterSubject = $inviteeIdentifier$ has registered
-
-# numner of days after which this request will expire. If -1, then will not expire
-externalSubjectsInviteExpireAfterDays = 7
-
-#put some group names comma separated for groups to auto add subjects to
-externalSubjects.autoaddGroups=
-#should be insert, or update, or insert,update
-externalSubjects.autoaddGroupActions=insert,update
-#if a number is here, expire the group assignment after a certain number of days
-externalSubjects.autoaddGroupExpireAfterDays=
-
-# add multiple group assignment actions by URL param: externalSubjectInviteName
-#externalSubjects.autoadd.testingLibrary.externalSubjectInviteName=library
-
-# comma separated groups to add for this type of invite
-#externalSubjects.autoadd.testingLibrary.groups=
-
-# should be insert, update, or insert,update
-#externalSubjects.autoadd.testingLibrary.actions=insert,update
-
-# should be insert, update, or insert,update
-#externalSubjects.autoadd.testingLibrary.expireAfterDays=
-
-#if registrations are only allowed if invited or existing...
-externalSubjects.registerRequiresInvite=true
-
-#make sure the identifier when logging in is like an email address or eppn, e.g. username@school.edu
-externalSubjects.validateIndentiferLikeEmail=true
-
-#put regexes here, increment the 0 for multiple entries, e.g. restrict your own institution
-#note, the extensions must be sequential (dont skip), regex e.g. ^.*@myschool\\.edu$
-externalSubjects.regexForInvalidIdentifier.0=
-
-#####################################
-## org management
-#####################################
-
-# if the orgs table(s) should be included in the DDL (includes the hierarchical table
-orgs.includePocOrgsTablesInDdl = false
-
-# loader connection of the database where orgs are (grouper means the grouper db in grouper.hibernate.properties)
-orgs.databaseName = grouper
-
-#table name of the org table (can prefix by schema name if you like)
-orgs.orgTableName = grouperorgs_poc_orgs
-
-#column names of this table
-orgs.orgIdCol = id
-orgs.orgNameCol = org_name
-orgs.orgDisplayNameCol = org_display_name
-orgs.orgParentIdCol = parent_id
-
-#stem where the orgs are, e.g. poc:orgs
-orgs.parentStemName = poc:orgs
-
-#org config name
-orgs.configGroupName = poc:orgs:orgsConfig
-
-######################################
-## Grouper client connections
-## if this grouper needs to talk to another grouper, this is the client connection information
-######################################
-
-
-# id of the source, should match the part in the property name
-#grouperClient.someOtherSchool.id = someOtherSchool
-
-# url of web service, should include everything up to the first resource to access
-# e.g. https://groups.school.edu/grouperWs/servicesRest
-#grouperClient.someOtherSchool.properties.grouperClient.webService.url = https://some.other.school.edu/grouperWs/servicesRest
-
-# login ID
-#grouperClient.someOtherSchool.properties.grouperClient.webService.login = someRemoteLogin
-
-# password for shared secret authentication to web service
-# or you can put a filename with an encrypted password
-#grouperClient.someOtherSchool.properties.grouperClient.webService.password = *********
-
-# client version should match or be related to the server on the other end...
-#grouperClient.someOtherSchool.properties.grouperClient.webService.client.version = v2_0_000
-
-# this is the subject to act as local, if blank, act as GrouperSystem, specify with SubjectFinder packed string, e.g.
-# subjectIdOrIdentifier or sourceId::::subjectId or ::::subjectId or sourceId::::::subjectIdentifier or ::::::subjectIdentifier
-# sourceId::::::::subjectIdOrIdentifier or ::::::::subjectIdOrIdentifier
-#grouperClient.someOtherSchool.localActAsSubject =
-
-# the id of this source, generally the same as the name in the property name. This is mandatory
-#grouperClient.someOtherSchool.source.jdbc.id = jdbc
-
-# the part between "grouperClient.someOtherSchool.source." and ".id" links up the configs,
-# in this case, "jdbc", make sure it has no special chars. sourceId can be blank if you dont want to specify
-#grouperClient.someOtherSchool.source.jdbc.local.sourceId = jdbc
-
-# this is the identifier that goes between them, it is "id" or an attribute name. subjects without this attribute will not be processed
-#grouperClient.someOtherSchool.source.jdbc.local.read.subjectId = identifier
-
-# this is the identifier to lookup to add a subject, should be "id" or "identifier" or "idOrIdentifier"
-#grouperClient.someOtherSchool.source.jdbc.local.write.subjectId = identifier
-
-# sourceId of the remote system, can be blank
-#grouperClient.someOtherSchool.source.jdbc.remote.sourceId = jdbc
-
-# this is the identifier that goes between them, it is "id" or an attribute name. subjects without this attribute will not be processed
-#grouperClient.someOtherSchool.source.jdbc.remote.read.subjectId =
-
-# this is the identifier to lookup to add a subject, should be "id" or "identifier" or "idOrIdentifier"
-#grouperClient.someOtherSchool.source.jdbc.remote.write.subjectId =
-
-
-
-
-######################################
-## Sync to/from another grouper
-## Only sync one group to one other group, do not sync one group to
-## two report groupers. If you need to do this, add the group to another group
-######################################
-
-# we need to know where our
-# connection name in grouper client connections above
-#syncAnotherGrouper.testGroup0.connectionName = someOtherSchool
-
-# incremental or push or pull or incremental_push. Note, incremental push is cron'ed and incremental (to make sure no discrepancies arise)
-#syncAnotherGrouper.testGroup0.syncType = incremental_push
-
-# quartz cron to schedule the pull or push (incremental is automatic as events happen) (e.g. 5am daily)
-#syncAnotherGrouper.testGroup0.cron = 0 0 5 * * ?
-
-# local group which is being synced
-#syncAnotherGrouper.testGroup0.local.groupName = test:testGroup
-
-# remote group at another grouper which is being synced
-#syncAnotherGrouper.testGroup0.remote.groupName = test2:testGroup2
-
-# if subjects are external and should be created if not exist
-#syncAnotherGrouper.testGroup0.addExternalSubjectIfNotFound = true
-
-
-
-###################################
-## user data settings
-###################################
-
-# amount of time to cache groups in use
-grouperUserData.group.cache.seconds = 120
-
-
-######################################
-## Legacy attributes
-######################################
-legacyAttribute.baseStem=etc:legacy:attribute
-legacyAttribute.groupTypeDef.prefix=legacyGroupTypeDef_
-legacyAttribute.attributeDef.prefix=legacyAttributeDef_
-legacyAttribute.customListDef.prefix=legacyCustomListDef_
-legacyAttribute.groupType.prefix=legacyGroupType_
-legacyAttribute.attribute.prefix=legacyAttribute_
-legacyAttribute.customList.prefix=legacyCustomList_
-legacyAttributeMigration.useThreads = true
-legacyAttributeMigration.threadPoolSize = 20
-
-
-######################################
-## Point in time audit
-######################################
-pit.sync.useThreads = true
-pit.sync.threadPoolSize = 20
-
-
-######################################
-## Stem sets
-######################################
-stemSet.sync.useThreads = true
-stemSet.sync.threadPoolSize = 20
-
-
-######################################
-## Group sets
-######################################
-groupSet.sync.useThreads = true
-groupSet.sync.threadPoolSize = 20
-
-########################
-## LDAPProvisioningHook
-########################
-#LDAPProvisioningHook.exclude.regex.0=.*_excludes$
-#LDAPProvisioningHook.exclude.regex.1=.*_includes$
-#LDAPProvisioningHook.exclude.regex.2=.*_systemOfRecord$
-#LDAPProvisioningHook.exclude.regex.3=.*_systemOfRecordAndIncludes$
-
-#########################################
-## Unresolvable Subject Deletion Utility
-#########################################
-
-# Don't do anything if more than this number of unresolvable subjects are found
-usdu.failsafe.maxUnresolvableSubjects = 200
-
-
-################# DIAGNOSTICS ##################
-# In UI and WS
-
-#if ignore tests. Note, in job names, invalid chars need to be replaced with underscore (e.g. colon)
-#anything in this regex: [^a-zA-Z0-9._-]
-ws.diagnostic.ignore.memoryTest = false
-ws.diagnostic.ignore.dbTest_grouper = false
-ws.diagnostic.ignore.source_jdbc = false
-ws.diagnostic.ignore.loader_CHANGE_LOG_changeLogTempToChangeLog = false
-
-#this is 52 hours... 48 for 2 days, and 4 more for the job to run. So if the warehouse is down for updates,
-#then the daily job will not give an error
-ws.diagnostic.defaultMinutesSinceLastSuccess = 3120
-
-#change log can only for 30 minutes of failing before diagnostics fails
-ws.diagnostic.defaultMinutesChangeLog = 30
-
-#number of minute that can go by without a success before an error is thrown
-ws.diagnostic.minutesSinceLastSuccess.loader_SQL_GROUP_LIST__aStem_aGroup2 = 60
-
-#list groups which should check the size, in this case, "employee" or "students" in the key name is a variable
-#ws.diagnostic.checkGroupSize.employees.groupName = community:employees
-#ws.diagnostic.checkGroupSize.employees.minSize = 28000
-
-#ws.diagnostic.checkGroupSize.students.groupName = community:students
-#ws.diagnostic.checkGroupSize.students.minSize = 18000
-
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/grouperUtf8.txt
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouperUtf8.txt b/modules/group-manager/src/main/resources/grouperUtf8.txt
deleted file mode 100755
index 526f696..0000000
--- a/modules/group-manager/src/main/resources/grouperUtf8.txt
+++ /dev/null
@@ -1 +0,0 @@
-\u0679\u067a\u067b\u067c\u0643\u0644\u0644
\ No newline at end of file
[5/7] airavata git commit: WIP
Posted by sc...@apache.org.
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceServiceImpl.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceServiceImpl.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceServiceImpl.java
deleted file mode 100755
index fc4b33a..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceServiceImpl.java
+++ /dev/null
@@ -1,541 +0,0 @@
-/**
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- *
-=======
- *
->>>>>>> adding more files
- */
-package org.apache.airavata.grouper.resource;
-
-import edu.internet2.middleware.grouper.*;
-import edu.internet2.middleware.grouper.Stem.Scope;
-import edu.internet2.middleware.grouper.attr.*;
-import edu.internet2.middleware.grouper.attr.assign.AttributeAssignAction;
-import edu.internet2.middleware.grouper.attr.finder.AttributeDefFinder;
-import edu.internet2.middleware.grouper.attr.finder.AttributeDefNameFinder;
-import edu.internet2.middleware.grouper.internal.dao.QueryOptions;
-import edu.internet2.middleware.grouper.misc.SaveMode;
-import edu.internet2.middleware.grouper.permissions.PermissionAllowed;
-import edu.internet2.middleware.grouper.permissions.PermissionEntry;
-import edu.internet2.middleware.grouper.permissions.PermissionFinder;
-import edu.internet2.middleware.subject.Subject;
-import edu.internet2.middleware.subject.SubjectNotFoundException;
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-import org.apache.airavata.grouper.AiravataGrouperUtil;
-=======
->>>>>>> adding more files
-import org.apache.airavata.grouper.SubjectType;
-import org.apache.airavata.grouper.group.GroupServiceImpl;
-import org.apache.airavata.grouper.permission.PermissionAction;
-import org.apache.airavata.grouper.permission.PermissionServiceImpl;
-import org.apache.airavata.grouper.role.RoleServiceImpl;
-
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import static org.apache.airavata.grouper.AiravataGrouperUtil.*;
-import static org.apache.airavata.grouper.permission.PermissionAction.READ;
-import static org.apache.airavata.grouper.permission.PermissionAction.WRITE;
-import static org.apache.airavata.grouper.resource.ResourceType.*;
-
-/**
- * @author vsachdeva
- *
- */
-public class ResourceServiceImpl {
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-
- //TODO: break this method into smaller methods
- public void createResource(Resource resource) throws ResourceNotFoundException {
-
- validateResource(resource);
-
-=======
-
-
- //TODO: break this method into smaller methods
- public void createResource(Resource resource) throws ResourceNotFoundException {
-
- validateResource(resource);
-
->>>>>>> adding more files
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- AttributeDefName parentAttributeDefName = null;
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- // make sure that the parent resource exists in grouper if it is in the request
- if (resource.getParentResourceId() != null) {
- parentAttributeDefName = AttributeDefNameFinder.findByName(resource.getResourceType().getParentResoruceType()
- .getStemFromResourceType()+COLON+resource.getParentResourceId(), false);
- if (parentAttributeDefName == null) {
- throw new ResourceNotFoundException(resource.getParentResourceId() +" was not found.");
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- Subject subject = SubjectFinder.findByIdAndSource(resource.getOwnerId(), SUBJECT_SOURCE, false);
- if (subject == null) {
- throw new IllegalArgumentException("Resource owner id "+resource.getOwnerId()+" could not be found.");
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- // create an attribute def if doesn't exist
- AttributeDef attributeDef = AttributeDefFinder.findByName(PERMISSIONS_ATTRIBUTE_DEF, false);
- if (attributeDef == null) {
- AttributeDefSave attributeDefSave = new AttributeDefSave(grouperSession);
- attributeDef = attributeDefSave.assignAttributeDefType(AttributeDefType.perm).assignToGroup(true)
- .assignToEffMembership(true).assignName(PERMISSIONS_ATTRIBUTE_DEF).assignCreateParentStemsIfNotExist(true)
- .assignSaveMode(SaveMode.INSERT_OR_UPDATE).save();
- AttributeAssignAction read = attributeDef.getAttributeDefActionDelegate().addAction(READ.name());
- AttributeAssignAction write = attributeDef.getAttributeDefActionDelegate().addAction(WRITE.name());
- write.getAttributeAssignActionSetDelegate().addToAttributeAssignActionSet(read);
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- // create attribute def name
- AttributeDefNameSave attributeDefNameSave = new AttributeDefNameSave(grouperSession, attributeDef);
- attributeDefNameSave.assignCreateParentStemsIfNotExist(true);
- attributeDefNameSave.assignSaveMode(SaveMode.INSERT_OR_UPDATE);
- attributeDefNameSave.assignAttributeDefNameNameToEdit(resource.getResourceType().getStemFromResourceType()+COLON+resource.getId());
- attributeDefNameSave.assignName(resource.getResourceType().getStemFromResourceType()+COLON+resource.getId());
- attributeDefNameSave.assignDescription(resource.getDescription());
- attributeDefNameSave.assignDisplayName(resource.getName());
- AttributeDefName attributeDefName = attributeDefNameSave.save();
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- // set the inheritance if parent attribute def name is not null
- if (parentAttributeDefName != null) {
- parentAttributeDefName.getAttributeDefNameSetDelegate().addToAttributeDefNameSet(attributeDefName);
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- RoleServiceImpl roleService = new RoleServiceImpl();
- //TODO remove the session being passed
- Group readRole = roleService.createRole(resource.getId()+"_"+READ.name(), grouperSession);
- Group writeRole = roleService.createRole(resource.getId()+"_"+WRITE.name(), grouperSession);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- readRole.getPermissionRoleDelegate().assignRolePermission(READ.name(), attributeDefName, PermissionAllowed.ALLOWED);
- writeRole.getPermissionRoleDelegate().assignRolePermission(WRITE.name(), attributeDefName, PermissionAllowed.ALLOWED);
- writeRole.getRoleInheritanceDelegate().addRoleToInheritFromThis(readRole);
-
- // give the write role to ownerId
- roleService.assignRoleToUser(resource.getOwnerId(), resource.getId()+"_"+WRITE.name(), grouperSession);
-
-=======
-
- readRole.getPermissionRoleDelegate().assignRolePermission(READ.name(), attributeDefName, PermissionAllowed.ALLOWED);
- writeRole.getPermissionRoleDelegate().assignRolePermission(WRITE.name(), attributeDefName, PermissionAllowed.ALLOWED);
- writeRole.getRoleInheritanceDelegate().addRoleToInheritFromThis(readRole);
-
- // give the write role to ownerId
- roleService.assignRoleToUser(resource.getOwnerId(), resource.getId()+"_"+WRITE.name(), grouperSession);
-
->>>>>>> adding more files
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- public void deleteResource(String resourceId, ResourceType resourceType) throws ResourceNotFoundException {
- if (resourceId == null || resourceType == null) {
- throw new IllegalArgumentException("resouceId "+resourceId+" is null or resourceType"+resourceType+" is null.");
- }
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- AttributeDefName attributeDefName = AttributeDefNameFinder.findByName(resourceType.getStemFromResourceType()+COLON+resourceId, false);
- if (attributeDefName == null) {
- throw new ResourceNotFoundException(resourceId +" was not found.");
- }
- RoleServiceImpl roleService = new RoleServiceImpl();
- // delete all the children resources and roles
- for (AttributeDefName childAttributeDefName: attributeDefName.getAttributeDefNameSetDelegate().getAttributeDefNamesImpliedByThis()) {
- childAttributeDefName.delete();
- // don't change the order since write inherits read
- roleService.deleteRole(childAttributeDefName.getExtension()+"_"+WRITE.name(), grouperSession);
- roleService.deleteRole(childAttributeDefName.getExtension()+"_"+READ.name(), grouperSession);
- }
- attributeDefName.delete();
- // don't change the order since write inherits read
- roleService.deleteRole(resourceId+"_"+WRITE.name(), grouperSession);
- roleService.deleteRole(resourceId+"_"+READ.name(), grouperSession);
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- public Resource getResource(String resourceId, ResourceType resourceType) throws ResourceNotFoundException {
- if (resourceId == null || resourceType == null) {
- throw new IllegalArgumentException("resouceId "+resourceId+" is null or resourceType"+resourceType+" is null.");
- }
- GrouperSession grouperSession = null;
- Resource resource = null;
- try {
- grouperSession = GrouperSession.startRootSession();
- AttributeDefName attributeDefName = AttributeDefNameFinder.findByName(resourceType.getStemFromResourceType()+COLON+resourceId, false);
- if (attributeDefName == null) {
- throw new ResourceNotFoundException(resourceId +" was not found.");
- }
- resource = new Resource(resourceId, resourceType);
- resource.setDescription(attributeDefName.getDescription());
- resource.setName(attributeDefName.getDisplayExtension());
- Set<AttributeDefName> parentAttributeDefNames = attributeDefName.getAttributeDefNameSetDelegate().getAttributeDefNamesThatImplyThisImmediate();
- if (parentAttributeDefNames != null && parentAttributeDefNames.size() > 0) {
- resource.setParentResourceId(parentAttributeDefNames.iterator().next().getExtension());
- }
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
- return resource;
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- /**
- *
-=======
-
- /**
- *
->>>>>>> adding more files
- * @param userId
- * @param resourceType
- * @param actions - write or read
- * @param pageNumber - 1 index based
- * @param pageSize - items to fetch
- * @return
- * @throws SubjectNotFoundException
- */
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- public Set<Resource> getAccessibleResourcesForUser(String userId, ResourceType resourceType,
- PermissionAction action, boolean pagination, Integer pageNumber, Integer pageSize) throws SubjectNotFoundException {
-
-=======
- public Set<Resource> getAccessibleResourcesForUser(String userId, ResourceType resourceType,
- PermissionAction action, boolean pagination, Integer pageNumber, Integer pageSize) throws SubjectNotFoundException {
-
->>>>>>> adding more files
- if (userId == null || resourceType == null || action == null) {
- throw new IllegalArgumentException("Invalid input");
- }
- if (pagination && (pageNumber < 0 || pageSize < 1)) {
- throw new IllegalArgumentException("Invalid pagination properties");
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
-
-=======
-
- GrouperSession grouperSession = null;
- try {
- grouperSession = GrouperSession.startRootSession();
-
->>>>>>> adding more files
- PermissionFinder permissionFinder = new PermissionFinder();
- permissionFinder.addPermissionDef(PERMISSIONS_ATTRIBUTE_DEF);
- permissionFinder.addAction(action.name());
- Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, false);
- if (subject == null) {
- throw new SubjectNotFoundException("userId "+userId+" was not found.");
- }
- permissionFinder.addSubject(subject);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- Stem stem = StemFinder.findByName(grouperSession, resourceType.getStemFromResourceType(), true);
- permissionFinder.assignPermissionNameFolder(stem);
- permissionFinder.assignPermissionNameFolderScope(Scope.ONE);
- if (pagination) {
- QueryOptions queryOptions = new QueryOptions();
- queryOptions.paging(pageSize, pageNumber, false);
- permissionFinder.assignQueryOptions(queryOptions);
- }
- Set<PermissionEntry> permissions = permissionFinder.findPermissions();
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- Set<Resource> resources = new HashSet<Resource>();
- for (PermissionEntry entry: permissions) {
- Resource resource = new Resource(entry.getAttributeDefName().getExtension(), resourceType);
- resource.setName(entry.getAttributeDefNameDispName());
- resources.add(resource);
- }
- return resources;
-
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
-
- }
-
- // action can be read or write only
- public Set<String> getAllAccessibleUsers(String resourceId, ResourceType resourceType, PermissionAction action) {
-
- if (resourceId == null || resourceType == null || action == null) {
- throw new IllegalArgumentException("Invalid input");
- }
-
-=======
-
- Set<Resource> resources = new HashSet<Resource>();
- for (PermissionEntry entry: permissions) {
- Resource resource = new Resource(entry.getAttributeDefNameDispName(), resourceType);
- resource.setName(entry.getAttributeDefName().getDisplayExtension());
-
- //TODO: Discuss it with Suresh and Supun. It might cause some performance issues. We probably should not populate the parent id since caller will already have it.
-// Set<AttributeDefName> parentAttributeDefNames = entry.getAttributeDefName().getAttributeDefNameSetDelegate().getAttributeDefNamesThatImplyThisImmediate();
-// if (parentAttributeDefNames != null && parentAttributeDefNames.size() > 0) {
-// resource.setParentResourceId(parentAttributeDefNames.iterator().next().getExtension());
-// }
-
- resources.add(resource);
-
- }
-
- return resources;
-
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
-
- }
-
- // action can be read or write only
- public Set<String> getAllAccessibleUsers(String resourceId, ResourceType resourceType, PermissionAction action) {
-
- if (resourceId == null || resourceType == null || action == null) {
- throw new IllegalArgumentException("Invalid input");
- }
-
->>>>>>> adding more files
- GrouperSession grouperSession = null;
- Set<String> userIds = new HashSet<String>();
- try {
- grouperSession = GrouperSession.startRootSession();
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- PermissionFinder permissionFinder = new PermissionFinder();
- permissionFinder.addPermissionDef(PERMISSIONS_ATTRIBUTE_DEF);
- permissionFinder.addAction(action.name());
-
- Stem stem = StemFinder.findByName(grouperSession, resourceType.getStemFromResourceType(), true);
- permissionFinder.assignPermissionNameFolder(stem);
- permissionFinder.assignPermissionNameFolderScope(Scope.ONE);
- permissionFinder.addRole(AiravataGrouperUtil.ROLES_STEM_NAME+ ":" + resourceId + "_" + action.toString());
- Set<PermissionEntry> permissions = permissionFinder.findPermissions();
-
-=======
-
- PermissionFinder permissionFinder = new PermissionFinder();
- permissionFinder.addPermissionDef(PERMISSIONS_ATTRIBUTE_DEF);
- permissionFinder.addAction(action.name());
-
- Stem stem = StemFinder.findByName(grouperSession, resourceType.getStemFromResourceType(), true);
- permissionFinder.assignPermissionNameFolder(stem);
- permissionFinder.assignPermissionNameFolderScope(Scope.ONE);
- Set<PermissionEntry> permissions = permissionFinder.findPermissions();
-
->>>>>>> adding more files
- for (PermissionEntry entry: permissions) {
- if (entry.getSubjectSourceId().equals(SUBJECT_SOURCE)) {
- userIds.add(entry.getSubjectId());
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- return userIds;
-
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
-
- }
-
-=======
-
- return userIds;
-
- } finally {
- GrouperSession.stopQuietly(grouperSession);
- }
-
- }
-
->>>>>>> adding more files
- private void validateResource(Resource resource) {
- if (resource.getResourceType() == null) {
- throw new IllegalArgumentException("Resource type is a required field");
- }
- if ((resource.getResourceType().equals(EXPERIMENT) || resource.getResourceType().equals(DATA)) && resource.getParentResourceId() == null) {
- throw new IllegalArgumentException("Resource type Experiment or Data must provide valid parent resource id");
- }
- if (resource.getOwnerId() == null) {
- throw new IllegalArgumentException("Resource ownerId is a required field.");
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- public static void main(String[] args) {
- ResourceServiceImpl resourceService = new ResourceServiceImpl();
-
-=======
-
- public static void main(String[] args) {
- ResourceServiceImpl resourceService = new ResourceServiceImpl();
-
->>>>>>> adding more files
- // create a Project resource
- Resource projectResource = new Resource("project resource id", PROJECT);
- projectResource.setDescription("project resource description");
- projectResource.setName("project resource name");
- projectResource.setOwnerId("airavata_id_1");
- resourceService.createResource(projectResource);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- // create an Experiment resource
- Resource experimentResource = new Resource("experiment resource id", EXPERIMENT);
- experimentResource.setDescription("experiment resource description");
- experimentResource.setName("experiment resource name");
- experimentResource.setParentResourceId("project resource id");
- experimentResource.setOwnerId("airavata_id_1");
- resourceService.createResource(experimentResource);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- //create another experiment resource within the same project resource
- Resource experimentResource1 = new Resource("experiment resource id1", ResourceType.EXPERIMENT);
- experimentResource1.setDescription("experiment resource description1");
- experimentResource1.setName("experiment resource name1");
- experimentResource1.setParentResourceId("project resource id");
- experimentResource1.setOwnerId("airavata_id_1");
- resourceService.createResource(experimentResource1);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- // create a data file resource
- Resource dataResource = new Resource("data resource id", ResourceType.DATA);
- dataResource.setDescription("data resource description");
- dataResource.setName("data resource name");
- dataResource.setParentResourceId("experiment resource id1");
- dataResource.setOwnerId("airavata_id_1");
- resourceService.createResource(dataResource);
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- // get the experiment resource and it should have parent set to project
- Resource resource = resourceService.getResource("experiment resource id1", EXPERIMENT);
- System.out.println(resource);
-
- Set<Resource> accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_1", EXPERIMENT, WRITE, true, 1, 2);
- System.out.println("accessible resources on page 1 are "+accessibleResourcesForUser.size());
-
-
- //share the experiment with airavata_id_2
- PermissionServiceImpl permissionService = new PermissionServiceImpl();
- permissionService.grantPermission("airavata_id_2", SubjectType.PERSON, "experiment resource id1", EXPERIMENT, WRITE);
-
- // create a group of users
- GroupServiceImpl groupService = new GroupServiceImpl();
- org.apache.airavata.grouper.group.Group group = new org.apache.airavata.grouper.group.Group("airavata test group id", "airavata_id_1");
-=======
-
- // get the experiment resource and it should have parent set to project
- Resource resource = resourceService.getResource("experiment resource id1", EXPERIMENT);
- System.out.println(resource);
-
- Set<Resource> accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_1", EXPERIMENT, WRITE, true, 1, 2);
- System.out.println("accessible resources on page 1 are "+accessibleResourcesForUser.size());
-
-
- //share the experiment with airavata_id_2
- PermissionServiceImpl permissionService = new PermissionServiceImpl();
- permissionService.grantPermission("airavata_id_2", SubjectType.PERSON, "experiment resource id1", EXPERIMENT, WRITE);
-
- // create a group of users
- GroupServiceImpl groupService = new GroupServiceImpl();
- org.apache.airavata.grouper.group.Group group = new org.apache.airavata.grouper.group.Group();
- group.setId("airavata test group id");
->>>>>>> adding more files
- group.setName("airavata test group name");
- group.setDescription("airavata test group description");
- List<String> members = new ArrayList<String>();
- members.add("airavata_id_3");
- members.add("airavata_id_4");
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- group.setMembers(members);
- groupService.createGroup(group);
-
- // now share the same experiment with this group as well
- permissionService.grantPermission("airavata test group id", SubjectType.GROUP, "experiment resource id1", EXPERIMENT, READ);
-
- accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_3", EXPERIMENT, READ, true, 1, 2);
- System.out.println("accessible resources on page 1 are "+accessibleResourcesForUser.size());
-
- // get all resources, or no pagination
- accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_1", EXPERIMENT, READ, false, 1, 2);
- System.out.println("accessible resources without pagination are "+accessibleResourcesForUser.size());
-
-=======
- group.setUsers(members);
- groupService.createOrUpdateGroup(group);
-
- // now share the same experiment with this group as well
- permissionService.grantPermission("airavata test group id", SubjectType.GROUP, "experiment resource id1", EXPERIMENT, READ);
-
- accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_3", EXPERIMENT, READ, true, 1, 2);
- System.out.println("accessible resources on page 1 are "+accessibleResourcesForUser.size());
-
- // get all resources, or no pagination
- accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_1", EXPERIMENT, READ, false, 1, 2);
- System.out.println("accessible resources without pagination are "+accessibleResourcesForUser.size());
-
->>>>>>> adding more files
- Set<String> allAccessibleUsers = resourceService.getAllAccessibleUsers("experiment resource id1", EXPERIMENT, READ);
- System.out.println("users who have read access on experiment resource id1 are "+allAccessibleUsers);
-
- //delete the project resource, it will delete all the children/experiment resources and roles as well
- resourceService.deleteResource("project resource id", PROJECT);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceType.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceType.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceType.java
deleted file mode 100755
index 5b80bfa..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceType.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- *
- */
-package org.apache.airavata.grouper.resource;
-
-import static org.apache.airavata.grouper.AiravataGrouperUtil.DATA_STEM_NAME;
-import static org.apache.airavata.grouper.AiravataGrouperUtil.EXPERIMENT_STEM_NAME;
-import static org.apache.airavata.grouper.AiravataGrouperUtil.OTHER_STEM_NAME;
-import static org.apache.airavata.grouper.AiravataGrouperUtil.PROJECT_STEM_NAME;
-
-/**
- * @author vsachdeva
- *
- */
-public enum ResourceType {
-
- PROJECT,
- EXPERIMENT,
- DATA,
- OTHER;
-
- public ResourceType getParentResoruceType() {
-
- switch (this) {
- case EXPERIMENT:
- return PROJECT;
- case DATA:
- return EXPERIMENT;
- default:
- return null;
- }
- }
-
- public String getStemFromResourceType() {
-
- switch (this) {
- case PROJECT:
- return PROJECT_STEM_NAME;
- case EXPERIMENT:
- return EXPERIMENT_STEM_NAME;
- case DATA:
- return DATA_STEM_NAME;
- case OTHER:
- return OTHER_STEM_NAME;
- default:
- return null;
- }
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/java/org/apache/airavata/grouper/role/RoleServiceImpl.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/role/RoleServiceImpl.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/role/RoleServiceImpl.java
deleted file mode 100755
index 0351e35..0000000
--- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/role/RoleServiceImpl.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/**
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- *
-=======
- *
->>>>>>> adding more files
- */
-package org.apache.airavata.grouper.role;
-
-import edu.internet2.middleware.grouper.*;
-import edu.internet2.middleware.grouper.exception.GroupNotFoundException;
-import edu.internet2.middleware.grouper.group.TypeOfGroup;
-import edu.internet2.middleware.grouper.misc.SaveMode;
-import edu.internet2.middleware.subject.Subject;
-import edu.internet2.middleware.subject.SubjectNotFoundException;
-
-import static org.apache.airavata.grouper.AiravataGrouperUtil.*;
-
-/**
- * @author vsachdeva
- *
- */
-public class RoleServiceImpl {
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-
- public Group createRole(String roleId, GrouperSession session) {
-
-=======
-
-
- public Group createRole(String roleId, GrouperSession session) {
-
->>>>>>> adding more files
- GrouperSession grouperSession = null;
- Group role = null;
- try {
- grouperSession = session != null? session : GrouperSession.startRootSession();
- GroupSave groupSave = new GroupSave(grouperSession);
- groupSave.assignTypeOfGroup(TypeOfGroup.role);
- groupSave.assignGroupNameToEdit(ROLES_STEM_NAME+COLON+roleId);
- groupSave.assignName(ROLES_STEM_NAME+COLON+roleId);
- groupSave.assignDisplayExtension(roleId);
- groupSave.assignDescription(roleId);
- groupSave.assignSaveMode(SaveMode.INSERT_OR_UPDATE);
- groupSave.assignCreateParentStemsIfNotExist(true);
- role = groupSave.save();
- } finally {
- if (session == null) {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
- return role;
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
-=======
-
->>>>>>> adding more files
- public void deleteRole(String roleId, GrouperSession session) {
- GrouperSession grouperSession = null;
- try {
- grouperSession = session != null? session : GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group role = GroupFinder.findByName(grouperSession, ROLES_STEM_NAME+COLON+roleId, false);
- if (role != null) {
- role.delete();
- }
- } finally {
- if (session == null) {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- public void assignRoleToUser(String userId, String roleId, GrouperSession session) throws GroupNotFoundException, SubjectNotFoundException {
-
-=======
-
- public void assignRoleToUser(String userId, String roleId, GrouperSession session) throws GroupNotFoundException, SubjectNotFoundException {
-
->>>>>>> adding more files
- GrouperSession grouperSession = null;
- try {
- grouperSession = session != null? session : GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group role = GroupFinder.findByName(grouperSession, ROLES_STEM_NAME+COLON+roleId, false);
- if (role == null) {
- throw new GroupNotFoundException("Role "+roleId+" was not found.");
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
- Subject subject = SubjectFinder.findById(userId, false);
-=======
- Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, false);
->>>>>>> adding more files
- if (subject == null) {
- throw new SubjectNotFoundException("userId "+userId+" was not found.");
- }
- role.addMember(subject, false);
- } finally {
- if (session == null) {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- }
-
-=======
-
- }
-
->>>>>>> adding more files
- public void removeRoleFromUser(String userId, String roleId, GrouperSession session) throws GroupNotFoundException, SubjectNotFoundException {
- GrouperSession grouperSession = null;
- try {
- grouperSession = session != null? session : GrouperSession.startRootSession();
- edu.internet2.middleware.grouper.Group role = GroupFinder.findByName(grouperSession, ROLES_STEM_NAME+COLON+roleId, false);
- if (role == null) {
- throw new GroupNotFoundException("Role "+roleId+" was not found.");
- }
- Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, false);
- if (subject == null) {
- throw new SubjectNotFoundException("userId "+userId+" was not found.");
- }
- role.deleteMember(subject, false);
- } finally {
- if (session == null) {
- GrouperSession.stopQuietly(grouperSession);
- }
- }
- }
-<<<<<<< 10f30a96f6478fb045ae6e0cdb15b25614581856
-
- public static void main(String[] args) {
- RoleServiceImpl roleServiceImpl = new RoleServiceImpl();
-
- roleServiceImpl.createRole("test_role", null);
-
- roleServiceImpl.assignRoleToUser("test.subject.3", "test_role", null);
-
-=======
-
- public static void main(String[] args) {
- RoleServiceImpl roleServiceImpl = new RoleServiceImpl();
-
- roleServiceImpl.createRole("test_role", null);
-
- roleServiceImpl.assignRoleToUser("test.subject.3", "test_role", null);
-
->>>>>>> adding more files
- //roleServiceImpl.deleteRole("test_role", null);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/Owasp.CsrfGuard.overlay.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/Owasp.CsrfGuard.overlay.properties b/modules/group-manager/src/main/resources/Owasp.CsrfGuard.overlay.properties
deleted file mode 100755
index fb7f668..0000000
--- a/modules/group-manager/src/main/resources/Owasp.CsrfGuard.overlay.properties
+++ /dev/null
@@ -1,78 +0,0 @@
-org.owasp.csrfguard.Logger=edu.internet2.middleware.grouper.grouperUi.csrf.CsrfGuardLogger
-
-org.owasp.csrfguard.TokenPerPage=false
-
-org.owasp.csrfguard.action.Redirect.Page=%servletContext%/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=csrf
-
-org.owasp.csrfguard.configuration.provider.factory=org.owasp.csrfguard.config.overlay.ConfigurationOverlayProviderFactory
-
-org.owasp.csrfguard.Config.Print = false
-
-# to see how error handling works, edit grouperUi.js
-org.owasp.csrfguard.Ajax=true
-
-
-org.owasp.csrfguard.unprotected.DefaultGrouper=%servletContext%/
-org.owasp.csrfguard.unprotected.GrouperHome=%servletContext%/home.do
-org.owasp.csrfguard.unprotected.GrouperDir=%servletContext%/grouper/*
-org.owasp.csrfguard.unprotected.GrouperExternal=%servletContext%/grouperExternal/index.html
-org.owasp.csrfguard.unprotected.GrouperExternalAppHtml=%servletContext%/grouperExternal/appHtml/*
-org.owasp.csrfguard.unprotected.GrouperExternalPublicAssets=%servletContext%/grouperExternal/public/assets/*
-org.owasp.csrfguard.unprotected.GrouperExternalPublicNetworkGraph=%servletContext%/grouperExternal/public/networkGraph/*
-org.owasp.csrfguard.unprotected.GrouperGifs=^/grouper/grouperExternal/public/.*\\.gif$
-org.owasp.csrfguard.unprotected.GrouperJpgs=^/grouper/grouperExternal/public/.*\\.jpg$
-org.owasp.csrfguard.unprotected.GrouperPngs=^/grouper/grouperExternal/public/.*\\.png$
-org.owasp.csrfguard.unprotected.GrouperUi=%servletContext%/grouperUi/
-org.owasp.csrfguard.unprotected.GrouperUiIndex=%servletContext%/grouperUi/index.html
-org.owasp.csrfguard.unprotected.GrouperUiAppHtml=%servletContext%/grouperUi/appHtml/*
-org.owasp.csrfguard.unprotected.GrouperI2mi=%servletContext%/i2mi/*
-org.owasp.csrfguard.unprotected.GrouperScripts=%servletContext%/scripts/*
-org.owasp.csrfguard.unprotected.GrouperStatus=%servletContext%/status
-org.owasp.csrfguard.unprotected.GrouperIndex=%servletContext%/index.jsp
-org.owasp.csrfguard.unprotected.GrouperOwaspJavascript=%servletContext%/grouperExternal/public/OwaspJavaScriptServlet
-
-org.owasp.csrfguard.unprotected.GrouperStrutsAddSaved=^%servletContext%/addSaved[^.]+\\.do$
-org.owasp.csrfguard.unprotected.GrouperStrutsBrowse=^%servletContext%/browse[^.]+\\.do$
-org.owasp.csrfguard.unprotected.GrouperStrutsCancel=^%servletContext%/cancel[^.]+\\.do$
-org.owasp.csrfguard.unprotected.GrouperStrutserror=%servletContext%/error.do
-org.owasp.csrfguard.unprotected.GrouperStrutsfilterError=%servletContext%/filterError.do
-org.owasp.csrfguard.unprotected.GrouperStrutshelp=%servletContext%/help.do
-org.owasp.csrfguard.unprotected.GrouperStrutslogin=%servletContext%/login.do
-org.owasp.csrfguard.unprotected.GrouperStrutsCallLogin=%servletContext%/callLogin.do
-org.owasp.csrfguard.unprotected.GrouperStrutslogout=%servletContext%/logout.do
-org.owasp.csrfguard.unprotected.GrouperStrutsPopulate=^%servletContext%/populate[^.]+\\.do$
-org.owasp.csrfguard.unprotected.GrouperStrutsuserAudit=%servletContext%/userAudit.do
-#http://localhost:8090/grouper/populateSearchSubjects.do
-
-
-org.owasp.csrfguard.unprotected.GrouperSimpleMembershipUpdateImportExportExportSubjectIdsCsv=%servletContext%/grouperUi/app/SimpleMembershipUpdateImportExport.exportSubjectIdsCsv/*
-org.owasp.csrfguard.unprotected.GrouperSimpleMembershipUpdateImportExportExportAllCsv=%servletContext%/grouperUi/app/SimpleMembershipUpdateImportExport.exportAllCsv/*
-
-org.owasp.csrfguard.unprotected.GrouperUiV2MainIndex=%servletContext%/grouperUi/app/UiV2Main.index
-org.owasp.csrfguard.unprotected.GrouperUiV2MainIndexMain=%servletContext%/grouperUi/app/UiV2Main.indexMain
-org.owasp.csrfguard.unprotected.GrouperUiV2MainFolderMenu=%servletContext%/grouperUi/app/UiV2Main.folderMenu
-org.owasp.csrfguard.unprotected.GrouperUiV2GroupAddMemberFilter=%servletContext%/grouperUi/app/UiV2Group.addMemberFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2GroupImportGroupExportSubmit=%servletContext%/grouperUi/app/UiV2GroupImport.groupExportSubmit
-org.owasp.csrfguard.unprotected.GrouperUiV2StemCopyParentFolderFilter=%servletContext%/grouperUi/app/UiV2Stem.stemCopyParentFolderFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2StemCreateGroupParentFolderFilter=%servletContext%/grouperUi/app/UiV2Stem.createGroupParentFolderFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2StemCreateStemParentFolderFilter=%servletContext%/grouperUi/app/UiV2Stem.createStemParentFolderFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2SubjectAddToGroupFilter=%servletContext%/grouperUi/app/UiV2Subject.addToGroupFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2GroupUpdateFilter=%servletContext%/grouperUi/app/UiV2Group.groupUpdateFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2GroupCompositeFilter=%servletContext%/grouperUi/app/UiV2Group.groupCompositeFactorFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2StemAddMemberFilter=%servletContext%/grouperUi/app/UiV2Stem.addMemberFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2ExternalEntitiesAddGroupFilter=%servletContext%/grouperUi/app/UiV2ExternalEntities.addGroupFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2SubjectAddToStemFilter=%servletContext%/grouperUi/app/UiV2Subject.addToStemFilter
-org.owasp.csrfguard.unprotected.GrouperUiV2SubjectAddToAttributeDefFilter=%servletContext%/grouperUi/app/UiV2Subject.addToAttributeDefFilter
-org.owasp.csrfguard.unprotected.GrouperExternalPublicIndex=%servletContext%/grouperExternal/public/UiV2Public.index
-# TODO take this out and error page should not be post
-org.owasp.csrfguard.unprotected.GrouperExternalPublicPostIndex=%servletContext%/grouperExternal/public/UiV2Public.postIndex
-org.owasp.csrfguard.unprotected.GrouperUiV2Export=^%servletContext%/grouperUi/app/UiV2GroupImport\\.groupExportSubmit/.*$
-
-
-
-# Allows the developer to specify the value of the Cache-Control header in the HTTP response
-# when serving the dynamic JavaScript file. The default value is private, maxage=28800.
-# Caching of the dynamic JavaScript file is intended to minimize traffic and improve performance.
-# Note that the Cache-Control header is always set to "no-store" when either the "Rotate"
-# "TokenPerPage" options is set to true in Owasp.CsrfGuard.properties.
-org.owasp.csrfguard.JavascriptServlet.cacheControl = private, maxage=1800
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/Owasp.CsrfGuard.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/Owasp.CsrfGuard.properties b/modules/group-manager/src/main/resources/Owasp.CsrfGuard.properties
deleted file mode 100755
index 97e655e..0000000
--- a/modules/group-manager/src/main/resources/Owasp.CsrfGuard.properties
+++ /dev/null
@@ -1,403 +0,0 @@
-# The OWASP CSRFGuard Project, BSD License
-# Eric Sheridan (eric@infraredsecurity.com), Copyright (c) 2011
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# 3. Neither the name of OWASP nor the names of its contributors may be used
-# to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# From: https://github.com/esheri3/OWASP-CSRFGuard/blob/master/csrfguard-test/src/main/webapp/WEB-INF/csrfguard.properties
-
-# Common substitutions
-# %servletContext% is the servlet context (e.g. the configured app prefix or war file name, or blank.
-# e.g. if you deploy a default warfile as someApp.war, then %servletContext% will be /someApp
-# if there isnt a context it will be the empty string. So to use this in the configuration, use e.g. %servletContext%/something.html
-# which will translate to e.g. /someApp/something.html
-
-# Logger
-#
-# The logger property (org.owasp.csrfguard.Logger) defines the qualified class name of
-# the object responsible for processing all log messages produced by CSRFGuard. The default
-# CSRFGuard logger is org.owasp.csrfguard.log.ConsoleLogger. This class logs all messages
-# to System.out which JavaEE application servers redirect to a vendor specific log file.
-# Developers can customize the logging behavior of CSRFGuard by implementing the
-# org.owasp.csrfguard.log.ILogger interface and setting the logger property to the new
-# logger's qualified class name. The following configuration snippet instructs OWASP CSRFGuard
-# to capture all log messages to the console:
-#
-# org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.ConsoleLogger
-org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.JavaLogger
-
-# Which configuration provider factory you want to use. The default is org.owasp.csrfguard.config.PropertiesConfigurationProviderFactory
-# Another configuration provider has more features including config overlays: org.owasp.csrfguard.config.overlay.ConfigurationOverlayProviderFactory
-# The default configuration provider is: org.owasp.csrfguard.config.overlay.ConfigurationAutodetectProviderFactory
-# which will look for an overlay file, it is there, and the factory inside that file is set it will use it, otherwise will be PropertiesConfigurationProviderFactory
-# it needs to implement org.owasp.csrfguard.config.ConfigurationProviderFactory
-org.owasp.csrfguard.configuration.provider.factory = org.owasp.csrfguard.config.overlay.ConfigurationAutodetectProviderFactory
-
-
-# If csrfguard filter is enabled
-org.owasp.csrfguard.Enabled = true
-
-# If csrf guard filter should check even if there is no session for the user
-# Note: this changed around 2014/04, the default behavior used to be to
-# not check if there is no session. If you want the legacy behavior (if your app
-# is not susceptible to CSRF if the user has no session), set this to false
-org.owasp.csrfguard.ValidateWhenNoSessionExists = true
-
-# New Token Landing Page
-#
-# The new token landing page property (org.owasp.csrfguard.NewTokenLandingPage) defines where
-# to send a user if the token is being generated for the first time, and the use new token landing
-# page boolean property (org.owasp.csrfguard.UseNewTokenLandingPage) determines if any redirect happens.
-# UseNewTokenLandingPage defaults to false if NewTokenLandingPage is not specified, and to true
-# if it is specified.. If UseNewTokenLandingPage is set true then this request is generated
-# using auto-posting forms and will only contain the CSRF prevention token parameter, if
-# applicable. All query-string or form parameters sent with the original request will be
-# discarded. If this property is not defined, CSRFGuard will instead auto-post the user to the
-# original context and servlet path. The following configuration snippet instructs OWASP CSRFGuard to
-# redirect the user to %servletContext%/index.html when the user visits a protected resource
-# without having a corresponding CSRF token present in the HttpSession object:
-#
-# org.owasp.csrfguard.NewTokenLandingPage=%servletContext%/index.html
-
-
-# Protected Methods
-#
-# The protected methods property (org.owasp.csrfguard.ProtectedMethods) defines a comma
-# separated list of HTTP request methods that should be protected by CSRFGuard. The default
-# list is an empty list which will cause all HTTP methods to be protected, thus preserving
-# legacy behavior. This setting allows the user to inform CSRFGuard that only requests of the
-# given types should be considered for protection. All HTTP methods not in the list will be
-# considered safe (i.e. view only / unable to modify data). This should be used only when the
-# user has concrete knowledge that all requests made via methods not in the list
-# are safe (i.e. do not apply an action to any data) since it can actually introduce new
-# security vulnerabilities. For example: the user thinks that all actionable requests are
-# only available by POST requests when in fact some are available via GET requests. If the
-# user has excluded GET requests from the list then they have introduced a vulnerability.
-# The following configuration snippet instructs OWASP CSRFGuard to protect only the POST,
-# PUT, and DELETE HTTP methods.
-#
-# org.owasp.csrfguard.ProtectedMethods=POST,PUT,DELETE
-
-# or you can configure all to be protected, and specify which is unprotected. This is the preferred approach
-
-# org.owasp.csrfguard.UnprotectedMethods=GET
-
-# Unique Per-Page Tokens
-#
-# The unique token per-page property (org.owasp.csrfguard.TokenPerPage) is a boolean value that
-# determines if CSRFGuard should make use of unique per-page (i.e. URI) prevention tokens as
-# opposed to unique per-session prevention tokens. When a user requests a protected resource,
-# CSRFGuard will determine if a page specific token has been previously generated. If a page
-# specific token has not yet been previously generated, CSRFGuard will verify the request was
-# submitted with the per-session token intact. After verifying the presence of the per-session token,
-# CSRFGuard will create a page specific token that is required for all subsequent requests to the
-# associated resource. The per-session CSRF token can only be used when requesting a resource for
-# the first time. All subsequent requests must have the per-page token intact or the request will
-# be treated as a CSRF attack. This behavior can be changed with the org.owasp.csrfguard.TokenPerPagePrecreate
-# property. Enabling this property will make CSRFGuard calculate the per page token prior to a first
-# visit. This option only works with JSTL token injection and is useful for preserving the validity of
-# links if the user pushes the back button. There may be a performance impact when enabling this option
-# if the .jsp has a large number of proctected links that need tokens to be calculated.
-# Use of the unique token per page property is currently experimental
-# but provides a significant amount of improved security. Consider the exposure of a CSRF token using
-# the legacy unique per-session model. Exposure of this token facilitates the attacker's ability to
-# carry out a CSRF attack against the victim's active session for any resource exposed by the web
-# application. Now consider the exposure of a CSRF token using the experimental unique token per-page
-# model. Exposure of this token would only allow the attacker to carry out a CSRF attack against the
-# victim's active session for a small subset of resources exposed by the web application. Use of the
-# unique token per-page property is a strong defense in depth strategy significantly reducing the
-# impact of exposed CSRF prevention tokens. The following configuration snippet instructs OWASP
-# CSRFGuard to utilize the unique token per-page model:
-#
-# org.owasp.csrfguard.TokenPerPage=true
-# org.owasp.csrfguard.TokenPerPagePrecreate=false
-org.owasp.csrfguard.TokenPerPage=true
-org.owasp.csrfguard.TokenPerPagePrecreate=false
-
-# Token Rotation
-#
-# The rotate token property (org.owasp.csrfguard.Rotate) is a boolean value that determines if
-# CSRFGuard should generate and utilize a new token after verifying the previous token. Rotation
-# helps minimize the window of opportunity an attacker has to leverage the victim's stolen token
-# in a targeted CSRF attack. However, this functionality generally causes navigation problems in
-# most applications. Specifically, the 'Back' button in the browser will often cease to function
-# properly. When a user hits the 'Back' button and interacts with the HTML, the browser may submit
-# an old token causing CSRFGuard to incorrectly believe this request is a CSRF attack in progress
-# (i.e. a 'false positive'). Users can prevent this scenario by preventing the caching of HTML pages
-# containing FORM submissions using the cache-control header. However, this may also introduce
-# performance problems as the browser will have to request HTML on a more frequent basis. The following
-# configuration snippet enables token rotation:
-#
-# org.owasp.csrfguard.Rotate=true
-
-# Ajax and XMLHttpRequest Support
-#
-# The Ajax property (org.owasp.csrfguard.Ajax) is a boolean value that indicates whether or not OWASP
-# CSRFGuard should support the injection and verification of unique per-session prevention tokens for
-# XMLHttpRequests. To leverage Ajax support, the user must not only set this property to true but must
-# also reference the JavaScript DOM Manipulation code using a script element. This dynamic script will
-# override the send method of the XMLHttpRequest object to ensure the submission of an X-Requested-With
-# header name value pair coupled with the submission of a custom header name value pair for each request.
-# The name of the custom header is the value of the token name property and the value of the header is
-# always the unique per-session token value. This custom header is analogous to the HTTP parameter name
-# value pairs submitted via traditional GET and POST requests. If the X-Requested-With header was sent
-# in the HTTP request, then CSRFGuard will look for the presence and ensure the validity of the unique
-# per-session token in the custom header name value pair. Note that verification of these headers takes
-# precedence over verification of the CSRF token supplied as an HTTP parameter. More specifically,
-# CSRFGuard does not verify the presence of the CSRF token if the Ajax support property is enabled and
-# the corresponding X-Requested-With and custom headers are embedded within the request. The following
-# configuration snippet instructs OWASP CSRFGuard to support Ajax requests by verifying the presence and
-# correctness of the X-Requested-With and custom headers:
-#
-# org.owasp.csrfguard.Ajax=true
-org.owasp.csrfguard.Ajax=true
-
-# The default behavior of CSRFGuard is to protect all pages. Pages marked as unprotected will not be protected.
-# If the Protect property is enabled, this behavior is reversed. Pages must be marked as protected to be protected.
-# All other pages will not be protected. This is useful when the CsrfGuardFilter is aggressively mapped (ex: /*),
-# but you only want to protect a few pages.
-#
-# org.owasp.csrfguard.Protect=true
-
-# Unprotected Pages:
-#
-# The unprotected pages property (org.owasp.csrfguard.unprotected.*) defines a series of pages that
-# should not be protected by CSRFGuard. Such configurations are useful when the CsrfGuardFilter is
-# aggressively mapped (ex: /*). The syntax of the property name is org.owasp.csrfguard.unprotected.[PageName],
-# where PageName is some arbitrary identifier that can be used to reference a resource. The syntax of
-# defining the uri of unprotected pages is the same as the syntax used by the JavaEE container for uri mapping.
-# Specifically, CSRFGuard will identify the first match (if any) between the requested uri and an unprotected
-# page in order of declaration. Match criteria is as follows:
-#
-# Case 1: exact match between request uri and unprotected page
-# Case 2: longest path prefix match, beginning / and ending /*
-# Case 3: extension match, beginning *.
-# Case 4: if the value starts with ^ and ends with $, it will be evaulated as a regex. Note that before the
-# regex is compiled, any common variables will be substituted (e.g. %servletContext%)
-# Default: requested resource must be validated by CSRFGuard
-#
-# The following code snippet illustrates the four use cases over four examples. The first two examples
-# (Tag and JavaScriptServlet) look for direct URI matches. The third example (Html) looks for all resources
-# ending in a .html extension. The next example (Public) looks for all resources prefixed with the URI path /MySite/Public/*.
-# The last example looks for resources that end in Public.do
-#
-# org.owasp.csrfguard.unprotected.Tag=%servletContext%/tag.jsp
-# org.owasp.csrfguard.unprotected.JavaScriptServlet=%servletContext%/JavaScriptServlet
-# org.owasp.csrfguard.unprotected.Html=*.html
-# org.owasp.csrfguard.unprotected.Public=%servletContext%/Public/*
-# regex example starts with ^ and ends with $, and the %servletContext% is evaluated before the regex
-# org.owasp.csrfguard.unprotected.PublicServlet=^%servletContext%/.*Public\.do$
-org.owasp.csrfguard.unprotected.Default=%servletContext%/
-org.owasp.csrfguard.unprotected.Upload=%servletContext%/upload.html
-org.owasp.csrfguard.unprotected.JavaScriptServlet=%servletContext%/JavaScriptServlet
-org.owasp.csrfguard.unprotected.Ajax=%servletContext%/ajax.html
-org.owasp.csrfguard.unprotected.Error=%servletContext%/error.html
-org.owasp.csrfguard.unprotected.Index=%servletContext%/index.html
-org.owasp.csrfguard.unprotected.JavaScript=%servletContext%/javascript.html
-org.owasp.csrfguard.unprotected.Tag=%servletContext%/tag.jsp
-org.owasp.csrfguard.unprotected.Redirect=%servletContext%/redirect.jsp
-org.owasp.csrfguard.unprotected.Forward=%servletContext%/forward.jsp
-org.owasp.csrfguard.unprotected.Session=%servletContext%/session.jsp
-
-# Actions: Responding to Attacks
-#
-# The actions directive (org.owasp.csrfguard.action.*) gives the user the ability to specify one or more
-# actions that should be invoked when a CSRF attack is detected. Every action must implement the
-# org.owasp.csrfguard.action.IAction interface either directly or indirectly through the
-# org.owasp.csrfguard.action.AbstractAction helper class. Many actions accept parameters that can be specified
-# along with the action class declaration. These parameters are consumed at runtime and impact the behavior of
-# the associated action.
-#
-# The syntax for defining and configuring CSRFGuard actions is relatively straight forward. Let us assume we wish
-# to redirect the user to a default page when a CSRF attack is detected. A redirect action already exists within
-# the CSRFGuard bundle and is available via the class name org.owasp.csrfguard.actions.Redirect. In order to enable
-# this action, we capture the following declaration in the Owasp.CsrfGuard.properties file:
-#
-# syntax: org.owasp.csrfguard.action.[actionName]=[className]
-# example: org.owasp.csrfguard.action.class.Redirect=org.owasp.csrfguard.actions.Redirect
-#
-# The aforementioned directive declares an action called "Redirect" (i.e. [actionName]) referencing the Java class
-# "org.owasp.csrfguard.actions.Redirect" (i.e. [className]). Anytime a CSRF attack is detected, the Redirect action
-# will be executed. You may be asking yourself, "but how do I specify where the user is redirected?"; this is where
-# action parameters come into play. In order to specify the redirect location, we capture the following declaration
-# in the Owasp.CsrfGuard.properties file:
-#
-# syntax: org.owasp.csrfguard.action.[actionName].[parameterName]=[parameterValue]
-# example: org.owasp.csrfguard.action.Redirect.ErrorPage=%servletContext%/error.html
-#
-# The aforementioned directive declares an action parameter called "ErrorPage" (i.e. [parameterName]) with the value
-# of "%servletContext%/error.html" (i.e. [parameterValue]) for the action "Redirect" (i.e. [actionName]). The
-# Redirect action expects the "ErrorPage" parameter to be defined and will redirect the user to this location when
-# an attack is detected.
-#
-#org.owasp.csrfguard.action.Empty=org.owasp.csrfguard.action.Empty
-org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log
-org.owasp.csrfguard.action.Log.Message=potential cross-site request forgery (CSRF) attack thwarted (user:%user%, ip:%remote_ip%, method:%request_method%, uri:%request_uri%, error:%exception_message%)
-#org.owasp.csrfguard.action.Invalidate=org.owasp.csrfguard.action.Invalidate
-org.owasp.csrfguard.action.Redirect=org.owasp.csrfguard.action.Redirect
-org.owasp.csrfguard.action.Redirect.Page=%servletContext%/error.html
-#org.owasp.csrfguard.action.RequestAttribute=org.owasp.csrfguard.action.RequestAttribute
-#org.owasp.csrfguard.action.RequestAttribute.AttributeName=Owasp_CsrfGuard_Exception_Key
-org.owasp.csrfguard.action.Rotate=org.owasp.csrfguard.action.Rotate
-#org.owasp.csrfguard.action.SessionAttribute=org.owasp.csrfguard.action.SessionAttribute
-#org.owasp.csrfguard.action.SessionAttribute.AttributeName=Owasp_CsrfGuard_Exception_Key
-#org.owasp.csrfguard.action.Error=org.owasp.csrfguard.action.Error
-#org.owasp.csrfguard.action.Error.Code=403
-#org.owasp.csrfguard.action.Error.Message=Security violation.
-
-# Token Name
-#
-# The token name property (org.owasp.csrfguard.TokenName) defines the name of the HTTP parameter
-# to contain the value of the OWASP CSRFGuard token for each request. The following configuration
-# snippet sets the CSRFGuard token parameter name to the value OWASP_CSRFTOKEN:
-#
-# org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
-org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
-
-# Session Key
-#
-# The session key property (org.owasp.csrfguard.SessionKey) defines the string literal used to save
-# and lookup the CSRFGuard token from the session. This value is used by the filter and the tag
-# libraries to retrieve and set the token value in the session. Developers can use this key to
-# programmatically lookup the token within their own code. The following configuration snippet sets
-# the session key to the value OWASP_CSRFTOKEN:
-#
-# org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN
-org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN
-
-# Token Length
-#
-# The token length property (org.owasp.csrfguard.TokenLength) defines the number of characters that
-# should be found within the CSRFGuard token. Note that characters are delimited by dashes (-) in groups
-# of four. For cosmetic reasons, users are encourage to ensure the token length is divisible by four.
-# The following configuration snippet sets the token length property to 32 characters:
-#
-# org.owasp.csrfguard.TokenLength=32
-org.owasp.csrfguard.TokenLength=32
-
-# Pseudo-random Number Generator
-#
-# The pseudo-random number generator property (org.owasp.csrfguard.PRNG) defines what PRNG should be used
-# to generate the OWASP CSRFGuard token. Always ensure this value references a cryptographically strong
-# pseudo-random number generator algorithm. The following configuration snippet sets the pseudo-random number
-# generator to SHA1PRNG:
-#
-# org.owasp.csrfguard.PRNG=SHA1PRNG
-org.owasp.csrfguard.PRNG=SHA1PRNG
-
-# Pseudo-random Number Generator Provider
-
-# The pseudo-random number generator provider property (org.owasp.csrfguard.PRNG.Provider) defines which
-# provider's implementation of org.owasp.csrfguard.PRNG we should utilize. The following configuration
-# snippet instructs the JVM to leverage SUN's implementation of the algorithm denoted by the
-# org.owasp.csrfguard.PRNG property:
-
-# org.owasp.csrfguard.PRNG.Provider=SUN
-org.owasp.csrfguard.PRNG.Provider=SUN
-
-# If not specifying the print config option in the web.xml, you can specify it here, to print the config
-# on startup
-org.owasp.csrfguard.Config.Print = true
-
-###########################
-## Javascript servlet settings if not set in web.xml
-## https://www.owasp.org/index.php/CSRFGuard_3_Token_Injection
-###########################
-
-# leave this blank and blank in web.xml and it will read from META-INF/csrfguard.js from the jarfile
-# Denotes the location of the JavaScript template file that should be consumed and dynamically
-# augmented by the JavaScriptServlet class. The default value is WEB-INF/Owasp.CsrfGuard.js.
-# Use of this property and the existence of the specified template file is required.
-org.owasp.csrfguard.JavascriptServlet.sourceFile =
-
-# Boolean value that determines whether or not the dynamic JavaScript code should be strict
-# with regards to what links it should inject the CSRF prevention token. With a value of true,
-# the JavaScript code will only place the token in links that point to the same exact domain
-# from which the HTML originated. With a value of false, the JavaScript code will place the
-# token in links that not only point to the same exact domain from which the HTML originated,
-# but sub-domains as well.
-org.owasp.csrfguard.JavascriptServlet.domainStrict = true
-
-# Allows the developer to specify the value of the Cache-Control header in the HTTP response
-# when serving the dynamic JavaScript file. The default value is private, maxage=28800.
-# Caching of the dynamic JavaScript file is intended to minimize traffic and improve performance.
-# Note that the Cache-Control header is always set to "no-store" when either the "Rotate"
-# "TokenPerPage" options is set to true in Owasp.CsrfGuard.properties.
-org.owasp.csrfguard.JavascriptServlet.cacheControl = private, maxage=28800
-
-# Allows the developer to specify a regular expression describing the required value of the
-# Referer header. Any attempts to access the servlet with a Referer header that does not
-# match the captured expression is discarded. Inclusion of referer header checking is to
-# help minimize the risk of JavaScript Hijacking attacks that attempt to steal tokens from
-# the dynamically generated JavaScript. While the primary defenses against JavaScript
-# Hijacking attacks are implemented within the dynamic JavaScript itself, referer header
-# checking is implemented to achieve defense in depth.
-org.owasp.csrfguard.JavascriptServlet.refererPattern = .*
-
-# Similar to javascript servlet referer pattern, but this will make sure the referer of the
-# javascript servlet matches the domain of the request. If there is no referer (proxy strips it?)
-# then it will not fail. Generally this is a good idea to be true.
-org.owasp.csrfguard.JavascriptServlet.refererMatchDomain = true
-
-# Boolean value that determines whether or not the dynamic JavaScript code should
-# inject the CSRF prevention token as a hidden field into HTML forms. The default
-# value is true. Developers are strongly discouraged from disabling this property
-# as most server-side state changing actions are triggered via a POST request.
-org.owasp.csrfguard.JavascriptServlet.injectIntoForms = true
-
-# Boolean value that determines whether or not the dynamic JavaScript code should
-# inject the CSRF prevention token in the query string of src and href attributes.
-# Injecting the CSRF prevention token in a URL resource increases its general risk
-# of exposure to unauthorized parties. However, most JavaEE web applications respond
-# in the exact same manner to HTTP requests and their associated parameters regardless
-# of the HTTP method. The risk associated with not protecting GET requests in this
-# situation is perceived greater than the risk of exposing the token in protected GET
-# requests. As a result, the default value of this attribute is set to true. Developers
-# that are confident their server-side state changing controllers will only respond to
-# POST requests (i.e. discarding GET requests) are strongly encouraged to disable this property.
-org.owasp.csrfguard.JavascriptServlet.injectIntoAttributes = true
-
-
-org.owasp.csrfguard.JavascriptServlet.xRequestedWith = OWASP CSRFGuard Project
-
-###########################
-## Config overlay settings if you have the provider above set to ConfigurationOverlayProvider
-## This CSRF config provider uses Internet2 Configuration Overlays (documented on Internet2 wiki)
-## By default the configuration is read from the Owasp.CsrfGuard.properties
-## (which should not be edited), and the Owasp.CsrfGuard.overlay.properties overlays
-## the base settings. See the Owasp.CsrfGuard.properties for the possible
-## settings that can be applied to the Owasp.CsrfGuard.overlay.properties
-###########################
-
-# comma separated config files that override each other (files on the right override the left)
-# each should start with file: or classpath:
-# e.g. classpath:Owasp.CsrfGuard.properties, file:c:/temp/myFile.properties
-org.owasp.csrfguard.configOverlay.hierarchy = classpath:Owasp.CsrfGuard.properties, classpath:Owasp.CsrfGuard.overlay.properties
-
-# seconds between checking to see if the config files are updated
-org.owasp.csrfguard.configOverlay.secondsBetweenUpdateChecks = 60
-
-
-###########################
-
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/README.txt
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/README.txt b/modules/group-manager/src/main/resources/README.txt
deleted file mode 100755
index 5fd8001..0000000
--- a/modules/group-manager/src/main/resources/README.txt
+++ /dev/null
@@ -1,21 +0,0 @@
-====
- Copyright 2014 Internet2
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-====
-
-- All of the config files which have ".example" in them are examples of the real config files, with the same name without the ".example" in the name
-- So copy each of the *.example* files to a name without .example in it, and customize to your environment.
-- e.g. copy sources.example.xml to sources.xml, then customize
-- the .example shows you which files need customization, and will not prompt you to commit the real file to CVS (since it is ignored and not stored in CVS)
-- note some files without .example also might need customization (e.g. grouper.properties)
\ No newline at end of file
[4/7] airavata git commit: WIP
Posted by sc...@apache.org.
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/ehcache.xml
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/ehcache.xml b/modules/group-manager/src/main/resources/ehcache.xml
deleted file mode 100755
index 9b6dcc1..0000000
--- a/modules/group-manager/src/main/resources/ehcache.xml
+++ /dev/null
@@ -1,1517 +0,0 @@
-<!--
-
- Copyright 2014 Internet2
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
--->
-<ehcache updateCheck="false">
-
- <!-- Sets the path to the directory where cache .data files are created. -->
- <diskStore path="java.io.tmpdir"/>
-
-
- <!--
- Default Cache configuration. These will applied to caches
- programmatically created through the CacheManager.
-
- The following attributes are required for defaultCache:
-
- maxInMemory - Sets the maximum number of objects that
- will be created in memory
- eternal - Sets whether elements are eternal. If
- eternal, timeouts are ignored and the
- element is never expired.
- timeToIdleSeconds - Sets the time to idle for an element
- before it expires. Is only used if the
- element is not eternal. Idle time is now -
- last accessed time
- timeToLiveSeconds - Sets the time to live for an element
- before it expires. Is only used if the
- element is not eternal. TTL is now -
- creation time
- overflowToDisk - Sets whether elements can overflow to
- disk when the in-memory cache has reached
- the maxInMemory limit.
- -->
- <defaultCache
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO"
- maxElementsInMemory="500"
- eternal="false"
- timeToIdleSeconds="1"
- timeToLiveSeconds="1"
- overflowToDisk="false"
- />
-
- <!--
- Predefined caches. Add your cache configuration settings here.
- If you do not have a configuration for your cache a WARNING
- will be issued when the CacheManager starts
- -->
-
-<!--
- Grouper Caches
--->
-
- <!-- class: HibernateMemberDAO -->
-<!--
- <cache name="edu.internet2.middleware.grouper.HibernateMemberDAO.FindByUuid"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="5"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- />
--->
-
- <!-- class: HibernateMemberDAO -->
-
- <!-- class: Hib3MemberDAO -->
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3MemberDAO.FindBySubject"
- maxElementsInMemory="5000"
- eternal="false"
- timeToIdleSeconds="5"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- class: Hib3MemberDAO -->
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3MembershipDAO"
- maxElementsInMemory="10000"
- eternal="false"
- timeToIdleSeconds="5"
- timeToLiveSeconds="5"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeAssignActionDAO.FindByAttributeDefId"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="5"
- timeToLiveSeconds="5"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeAssignDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="5"
- timeToLiveSeconds="5"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- Queries -->
-
-<!--
- Hibernate Query Caches
--->
-
- <cache name="org.hibernate.cache.internal.StandardQueryCache"
- maxElementsInMemory="500"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="org.hibernate.cache.spi.UpdateTimestampsCache"
- maxElementsInMemory="5000"
- eternal="true"
- overflowToDisk="true"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.RegistrySubject"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="1"
- timeToLiveSeconds="1"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.GroupTypeTuple"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="1"
- timeToLiveSeconds="1"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.Field"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="1"
- timeToLiveSeconds="1"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.RegistrySubjectAttribute"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="1"
- timeToLiveSeconds="1"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.AuditType"
- maxElementsInMemory="500"
- eternal="false"
- timeToIdleSeconds="1"
- timeToLiveSeconds="1"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.Attribute"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="1"
- timeToLiveSeconds="1"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.Composite"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="1"
- timeToLiveSeconds="1"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.GroupType"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="1"
- timeToLiveSeconds="1"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.Membership"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="1"
- timeToLiveSeconds="1"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.Group"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="1"
- timeToLiveSeconds="1"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.Stem"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="1"
- timeToLiveSeconds="1"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.Member"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="1"
- timeToLiveSeconds="1"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see StemDAO#findByName(...) -->
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3StemDAO.FindByName"
- maxElementsInMemory="2000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see StemDAO#findByUuid(...) -->
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3StemDAO.FindByUuid"
- maxElementsInMemory="2000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see GroupDAO#findByName(...) -->
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO.FindByName"
- maxElementsInMemory="2000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see GroupDAO#findByIdIndex(...) -->
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO.FindByIdIndex"
- maxElementsInMemory="2000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
-
- <!-- @see GroupDAO#findByIdIndex(...) -->
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO.FindByIdIndexSecure"
- maxElementsInMemory="2000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
-
- <!-- @see GroupDAO#findByUuid(...) -->
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO.FindByUuid"
- maxElementsInMemory="2000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefDAO.FindByUuidsSecure"
- maxElementsInMemory="2000"
- eternal="false"
- timeToIdleSeconds="5"
- timeToLiveSeconds="5"
- overflowToDisk="false"
- statistics="false"
- />
-
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefNameDAO.FindByUuidsSecure"
- maxElementsInMemory="2000"
- eternal="false"
- timeToIdleSeconds="5"
- timeToLiveSeconds="5"
- overflowToDisk="false"
- statistics="false"
- />
-
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefNameDAO.FindByName"
- maxElementsInMemory="2000"
- eternal="false"
- timeToIdleSeconds="5"
- timeToLiveSeconds="5"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefNameDAO.FindByNameCache"
- maxElementsInMemory="2000"
- eternal="false"
- timeToIdleSeconds="60"
- timeToLiveSeconds="60"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.audit.AuditType"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.changeLog.ChangeLogType"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="ImmediateMembershipEntry"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.permissions.role.RoleSet"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.attr.AttributeDefNameSet"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.attr.assign.AttributeAssignActionSetView"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.attr.AttributeDef"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="MembershipEntry"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.attr.assign.AttributeAssign"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.attr.AttributeDefName"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.attr.finder.AttributeDefNameFinder.findByNameCache"
- maxElementsInMemory="2000"
- eternal="false"
- timeToIdleSeconds="60"
- timeToLiveSeconds="60"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.attr.AttributeDefScope"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.attr.AttributeDefNameSetView"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.permissions.role.RoleSetView"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.attr.assign.AttributeAssignActionSet"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.changeLog.ChangeLogConsumer"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.attr.assign.AttributeAssignValue"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.attr.assign.AttributeAssignAction"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefScopeDAO.FindByUuidOrName"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="20"
- timeToLiveSeconds="20"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefNameDAO.FindByUuidOrName"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeAssignValueDAO.FindByAttributeAssignId"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib.Hib3AttributeAssignDAO.FindByAttributeTypeDefNameId"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib.Hib3AttributeDefDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib.Hib3AttributeDefDAO.FindByIdIndex"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3ChangeLogEntryDAO.FindBySequenceNumber"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="5"
- timeToLiveSeconds="5"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3FieldDAO.FindAll"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="5"
- timeToLiveSeconds="5"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefDAO.FindByName"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="5"
- timeToLiveSeconds="5"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefDAO.FindByAttributeDefNameIdSecure"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="5"
- timeToLiveSeconds="5"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITField"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITFieldDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITAttributeAssign"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITAttributeAssignAction"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITAttributeAssignActionSet"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITAttributeAssignValue"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITAttributeAssignValueView"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITAttributeDef"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITAttributeDefName"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITAttributeDefNameSet"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITGroup"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITGroupSet"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITMember"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITMembership"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITMembershipView"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITPermissionAllView"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITRoleSet"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.pit.PITStem"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignActionDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignActionSetDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignValueDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeDefDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeDefNameDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeDefNameSetDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITGroupDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITGroupSetDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITMemberDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITMembershipDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITRoleSetDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITStemDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignActionDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignActionSetDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignValueDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeDefDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeDefNameDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeDefNameSetDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITGroupDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITGroupSetDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITMemberDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITMembershipDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITRoleSetDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITStemDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITFieldDAO.FindBySourceIdActive"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
-
-
- <cache name="edu.internet2.middleware.grouper.group.GroupSet"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
-
- <cache name="edu.internet2.middleware.grouper.externalSubjects.ExternalSubject"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
-
- <cache name="edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectAttribute"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
-
- <cache name="edu.internet2.middleware.grouper.attr.value.AttributeAssignValue"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO.FindByUuidsSecure"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO.FindByNamesSecure"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefDAO.FindById"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3StemDAO.FindByCurrentName"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3StemDAO.FindByIdIndex"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3StemDAO.FindByAlternateName"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupTypeTupleDAO.FindByUuidOrKey"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3CompositeDAO.FindByUuidOrName"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupSetDAO.FindSelfStem"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupSetDAO.FindSelfGroup"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3FieldDAO.FindByUuidOrName"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeAssignActionDAO.FindByUuidOrName"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefNameDAO.FindAll"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeAssignDAO.FindByUuidOrKey"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupSetDAO.FindByOwnerMemberFieldParentAndType"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AuditTypeDAO.FindByCategory"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AuditTypeDAO.FindByUuidOrName"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="10"
- timeToLiveSeconds="10"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AuditEntryDAO.FindByActingUser"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="120"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see CachingAccessResolver#hasPrivilege(...) -->
- <cache name="edu.internet2.middleware.grouper.privs.CachingAccessResolver.HasPrivilege"
- maxElementsInMemory="500"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="30"
- overflowToDisk="false"
- statistics="false"
- />
-
-
-
- <!-- Naming privilege resolving caching -->
-
- <!-- @see CachingNamingResolver#hasPrivilege(...) -->
- <cache name="edu.internet2.middleware.grouper.privs.CachingNamingResolver.HasPrivilege"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="30"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- attribute def resolving caching -->
-
- <cache name="edu.internet2.middleware.grouper.privs.CachingAttrDefResolver.HasPrivilege"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="30"
- overflowToDisk="false"
- />
-
-
- <!-- Subject resolving caching -->
-
- <!-- @see CachingResolver#find(...) -->
- <cache name="edu.internet2.middleware.grouper.subj.CachingResolver.Find"
- maxElementsInMemory="5000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="30"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see CachingResolver#findAll(...) -->
- <cache name="edu.internet2.middleware.grouper.subj.CachingResolver.FindAll"
- maxElementsInMemory="5000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="30"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see CachingResolver#findPage(...) -->
- <cache name="edu.internet2.middleware.grouper.subj.CachingResolver.FindPage"
- maxElementsInMemory="5000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="30"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see CachingResolver#findByIdentifier(...) -->
- <cache name="edu.internet2.middleware.grouper.subj.CachingResolver.FindByIdentifier"
- maxElementsInMemory="5000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="30"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see CachingResolver#findByIdOrIdentifier(...) -->
- <cache name="edu.internet2.middleware.grouper.subj.CachingResolver.FindByIdOrIdentifier"
- maxElementsInMemory="5000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="30"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.attr.AttributeDefName.CanAdminAttributeDef"
- maxElementsInMemory="5000"
- eternal="false"
- timeToIdleSeconds="5"
- timeToLiveSeconds="5"
- overflowToDisk="false"
- />
-
- <!-- @see WheelCache#isWheelMember(...) -->
- <cache name="edu.internet2.middleware.grouper.privs.WheelCache.isWheelMember"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see Membership#getGroup(...) -->
- <cache name="edu.internet2.middleware.grouper.Membership.getGroup"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see Membership#getStem(...) -->
- <cache name="edu.internet2.middleware.grouper.Membership.getStem"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see Membership#getAttributeDef(...) -->
- <cache name="edu.internet2.middleware.grouper.Membership.getAttributeDef"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see Hib3MemberDAO#exists(...) -->
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3MemberDAO.exists"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- @see Hib3MemberDAO#findBySubject/Uuid(...) -->
- <cache name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3MemberDAO.find"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
- <cache name="AttributeAssignBaseDelegate.allAttributeAssignsCache"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="1200"
- timeToLiveSeconds="1200"
- overflowToDisk="false"
- statistics="false"
- />
- <cache name="edu.internet2.middleware.grouper.entity.EntitySubject.EntityAttributeIdCache"
- maxElementsInMemory="5000"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="30"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- this is the cache of groups used by user data. will be a small cache, but can last a long time (10 minutes) -->
- <cache name="edu.internet2.middleware.grouper.userData.GrouperUserDataUtils.userDataGroupCache"
- maxElementsInMemory="100"
- eternal="false"
- timeToIdleSeconds="600"
- timeToLiveSeconds="600"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- this is the cache of memberships used by user data. will last a long time (10 minutes) -->
- <cache name="edu.internet2.middleware.grouper.userData.GrouperUserDataUtils.userDataMembershipCache"
- maxElementsInMemory="100"
- eternal="false"
- timeToIdleSeconds="600"
- timeToLiveSeconds="600"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- this is the cache of attribute values used by user data. will last not a long time (2 minutes) -->
- <cache name="edu.internet2.middleware.grouper.userData.GrouperUserDataUtils.userDataAttributeValueCache"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="120"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- this is the cache of results for user data. will last not a long time (2 minutes) -->
- <cache name="edu.internet2.middleware.grouper.userData.GrouperUserDataUtils.userDataResultCache"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="120"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- cache of attribute def names for legacy attributes. note, this must be short for tests to work, in prod can be longer -->
- <cache name="edu.internet2.middleware.grouper.GroupType.attributeDefNameFromTypeIdCache"
- maxElementsInMemory="200"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="30"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- cache of set of attribute def names for legacy attributes. note, this must be short for tests to work, in prod can be longer -->
- <cache name="edu.internet2.middleware.grouper.GroupType.legacyAttributesFromTypeIdCache"
- maxElementsInMemory="200"
- eternal="false"
- timeToIdleSeconds="30"
- timeToLiveSeconds="30"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- cache of recently created stem names to prevent race conditions of multiple threads creating the same stem -->
- <cache name="edu.internet2.middleware.grouper.Stem.stemCreatedCache"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="120"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.Stem.stemLocksCache"
- maxElementsInMemory="1000"
- eternal="false"
- timeToIdleSeconds="120"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <!-- cache of recently created member objects to prevent race conditions of multiple threads creating the same member -->
- <cache name="edu.internet2.middleware.grouper.MemberFinder.memberCreatedCache"
- maxElementsInMemory="5000"
- eternal="false"
- timeToIdleSeconds="120"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.MemberFinder.memberLocksCache"
- maxElementsInMemory="5000"
- eternal="false"
- timeToIdleSeconds="120"
- timeToLiveSeconds="120"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.util.GrouperUtil.objectHasAttributeCache"
- maxElementsInMemory="5000"
- eternal="false"
- timeToIdleSeconds="60"
- timeToLiveSeconds="60"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.messaging.GrouperBuiltinMessagingSystem.messageCache"
- maxElementsInMemory="100"
- eternal="false"
- timeToIdleSeconds="60"
- timeToLiveSeconds="60"
- overflowToDisk="false"
- statistics="false"
- />
-
- <cache name="edu.internet2.middleware.grouper.hooks.examples.MembershipOneInFolderMaxHook.membershipOneAttribute"
- maxElementsInMemory="5000"
- eternal="false"
- timeToIdleSeconds="60"
- timeToLiveSeconds="60"
- overflowToDisk="false"
- statistics="false"
- />
-
-</ehcache>
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/grouper-loader.base.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper-loader.base.properties b/modules/group-manager/src/main/resources/grouper-loader.base.properties
deleted file mode 100755
index 6379f03..0000000
--- a/modules/group-manager/src/main/resources/grouper-loader.base.properties
+++ /dev/null
@@ -1,351 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# Grouper loader uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper-loader.base.properties
-# (which should not be edited), and the grouper-loader.properties overlays
-# the base settings. See the grouper-loader.base.properties for the possible
-# settings that can be applied to the grouper.properties
-
-
-########################################
-## Config chaining hierarchy
-########################################
-
-# comma separated config files that override each other (files on the right override the left)
-# each should start with file: or classpath:
-# e.g. classpath:grouper-loader.example.properties, file:c:/something/myconfig.properties
-loader.config.hierarchy = classpath:grouper-loader.base.properties, classpath:grouper-loader.properties
-
-# seconds between checking to see if the config files are updated
-loader.config.secondsBetweenUpdateChecks = 60
-
-
-########################################
-## General settings
-########################################
-
-
-# auto-add grouper loader types and attributes when grouper starts up if they are not there
-loader.autoadd.typesAttributes = true
-
-# if a transaction should be used when loading groups. If not, then
-# commits will happen as the group is loaded (and memory usage might be
-# less intensive, and caching settings need to be set right)
-loader.use.transactions = false
-
-# number of threads in the loader threadpool. Only this number of jobs can run at once
-# jobs which are on deck will block, or will fail if the blocking timeout occurs
-# a job is running if it is loading (not just scheduled)
-loader.thread.pool.size=10
-
-# if should use threads in the loader for add/remove member
-loader.use.membershipThreads=true
-
-# number of threads to use for each group job (not shared among jobs)
-loader.membershipThreadPoolSize=10
-
-# if should use threads in the loader for each group in a group of groups
-loader.use.groupThreads=true
-
-# number of threads to use for each list of groups job (not shared among jobs)
-loader.groupThreadPoolSize=20
-
-# number of days to retain db logs in table grouperloader_log. -1 is forever. default is 7
-loader.retain.db.logs.days=7
-
-# number of days to retain db rows in grouper_change_log_entry. -1 is forever. default is 14
-loader.retain.db.change_log_entry.days=14
-
-# if you want queries which do not specify subject source to come from a certain
-# source, specify here (improves performance so it doesnt search through all sources)
-default.subject.source.id =
-
-#if using a sql table, and specifying the name like string, then should the group (in addition to memberships)
-# be removed if not used anywhere else?
-loader.sqlTable.likeString.removeGroupIfNotUsed = true
-
-# if using a sql table, and specifying the name like string, then should the group be removed even when the group is member of some other group.
-# loader.sqlTable.likeString.removeGroupIfNotUsed has to be true for this to work
-# https://bugs.internet2.edu/jira/browse/GRP-1132
-loader.sqlTable.likeString.removeGroupIfMemberOfAnotherGroup = false
-
-# by default the top folder for an ldap group of groups is the folder where the config group lives.
-# set to false if you want to be able to provision groups to anywhere
-loader.ldap.requireTopStemAsStemFromConfigGroup = true
-
-# if you dont specify a groupNameExpression, groups will be loaded into this folder
-# if this property doesnt exist, it will be groups: if it is blank, then there is no top level folder
-# e.g. loader:groups
-loader.ldap.defaultGroupFolder = groups:
-
-# if the loader should check to see too many users were removed, if so, then error out and
-# wait for manual intervention
-loader.failsafe.use = false
-
-# if a group has a size less than this (default 200), then make changes including blanking it out
-loader.failsafe.minGroupSize = 200
-
-# if a group with more members than the loader.failsafe.minGroupSize have more than this percent (default 30)
-# removed, then log it as error, fail the job, and don't actually remove the members
-# In order to run the job, an admin would need to change this param in the config,
-# and run the job manually, then change this config back
-loader.failsafe.maxPercentRemove = 30
-
-# Comma separated list of stems under which the display name changes in stems are allowed.
-# eg: loader.allowStemDisplayNameChangesUnderStems=school:courses:english, school:faculty
-loader.allowStemDisplayNameChangesUnderStems =
-
-#################################
-## Performance enhancements
-#################################
-
-# if you want to bulk retrieve subjects to add/remove
-loader.bulkLookupSubjects = true
-
-#################################
-## DB connections
-#################################
-# specify the db connection with user, pass, url, and driver class
-# the string after "db." is the name of the connection, and it should not have
-# spaces or other special chars in it
-#db.warehouse.user = mylogin
-#note the password can be stored encrypted in an external file
-#db.warehouse.pass = secret
-#db.warehouse.url = jdbc:mysql://localhost:3306/grouper
-
-## note: you probably dont have to enter a driver, it will detect from URL. If it
-## cant detect, then specify it here
-#db.warehouse.driver =
-
-#################################
-## LDAP connections
-#################################
-# specify the ldap connection with user, pass, url
-# the string after "ldap." is the ID of the connection, and it should not have
-# spaces or other special chars in it. In this case is it "personLdap"
-
-#note the URL should start with ldap: or ldaps: if it is SSL.
-#It should contain the server and port (optional if not default), and baseDn,
-#e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu
-#ldap.personLdap.url = ldaps://ldapserver.school.edu:636/dc=school,dc=edu
-
-# load this vt-ldap config file before the configs here. load from classpath
-#ldap.personLdap.configFileFromClasspath = ldap.personLdap.properties
-
-#optional, if authenticated
-#ldap.personLdap.user = uid=someapp,ou=people,dc=myschool,dc=edu
-
-#optional, if authenticated, note the password can be stored encrypted in an external file
-#ldap.personLdap.pass = secret
-
-#optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS...
-#ldap.personLdap.tls = false
-
-#optional, if using sasl
-#ldap.personLdap.saslAuthorizationId =
-#ldap.personLdap.saslRealm =
-
-#optional (note, time limit is for search operations, timeout is for connection timeouts),
-#most of these default to vt-ldap defaults. times are in millis
-#validateOnCheckout defaults to true if all other validate methods are false
-#ldap.personLdap.batchSize =
-#ldap.personLdap.countLimit =
-#ldap.personLdap.timeLimit =
-#ldap.personLdap.timeout =
-#ldap.personLdap.minPoolSize =
-#ldap.personLdap.maxPoolSize =
-#ldap.personLdap.validateOnCheckIn =
-#ldap.personLdap.validateOnCheckOut =
-#ldap.personLdap.validatePeriodically =
-#ldap.personLdap.validateTimerPeriod =
-#ldap.personLdap.pruneTimerPeriod =
-# if there is a max size limit on ldap server, then this will retrieve results in pages
-#ldap.personLdap.pagedResultsSize =
-# set to 'follow' if using AD and using paged results size and need this for some reason (generally you shouldnt)
-#ldap.personLdap.referral =
-
-
-##################################
-## LDAP loader settings
-##################################
-
-# el classes to add to the el context for the EL to calculate subejct ids or group names etc.
-# Comma-separated fully qualified classnamesm will be registered by the non-fully qualified
-# uncapitalized classname. So you register a.b.SomeClass, it will be available by variable: someClass
-loader.ldap.el.classes =
-
-
-##################################
-## Daily report
-##################################
-#quartz cron-like schedule for daily grouper report, the default is 7am every day: 0 0 7 * * ?
-#leave blank to disable this
-daily.report.quartz.cron =
-
-#comma separated email addresses to email the daily report, e.g. a@b.c, b@c.d
-daily.report.emailTo =
-
-#days on which usdu should run with daily report (comma separated)
-#blank means run never. e.g. to run on all days: monday, tuesday, wednesday, thursday, friday, saturday, sunday
-daily.report.usdu.daysToRun = monday, tuesday, wednesday, thursday, friday, saturday, sunday
-
-#days on which bad membership finder should run with daily report (comma separated)
-#blank means run never. e.g. to run on all days: monday, tuesday, wednesday, thursday, friday, saturday, sunday
-daily.report.badMembership.daysToRun = monday, tuesday, wednesday, thursday, friday, saturday, sunday
-
-#if you put a directory here, the daily reports will be saved there, and you can
-#link up to a web service or store them or whatever. e.g. /home/grouper/reports/
-daily.report.saveInDirectory =
-
-##################################
-## enabled / disabled cron
-##################################
-
-#quartz cron-like schedule for enabled/disabled daemon. Note, this has nothing to do with the changelog
-#leave blank to disable this, the default is 12:01am, 11:01am, 3:01pm every day: 0 1 0,11,15 * * ?
-changeLog.enabledDisabled.quartz.cron = 0 1 0,11,15 * * ?
-
-##################################
-## Change log
-##################################
-
-# should the change log temp to change log daemon run? Note, this should be true
-changeLog.changeLogTempToChangeLog.enable = true
-
-#quartz cron-like schedule for change log temp to change log daemon, the default is 50 seconds after every minute: 50 * * * * ?
-changeLog.changeLogTempToChangeLog.quartz.cron =
-
-# Should the change log include flattened memberships?
-changeLog.includeFlattenedMemberships = true
-
-# Should the change log include flattened privileges?
-changeLog.includeFlattenedPrivileges = true
-
-# Should the change log include roles that have had permission changes?
-changeLog.includeRolesWithPermissionChanges = false
-
-# Should the change log include non-flattened (immediate and composite only) memberships?
-changeLog.includeNonFlattenedMemberships = false
-
-# Should the change log include non-flattened (immediate only) privileges?
-changeLog.includeNonFlattenedPrivileges = false
-
-
-#specify the consumers here. specify the consumer name after the changeLog.consumer. part. This example is "psp"
-#but it could be changeLog.consumer.myConsumerName.class
-#the class must extend edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase
-# changeLog.consumer.psp.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer
-
-#the quartz cron is a cron-like string. it defaults to every minute on the minute (since the temp to change log job runs
-#at 10 seconds to each minute). it defaults to this: 0 * * * * ?
-#though it will stagger each one by 2 seconds
-# http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger
-# changeLog.consumer.psp.quartzCron = 0 * * * * ?
-
-# To retry processing a change log entry if an error occurs, set retryOnError to true. Defaults to false.
-# changeLog.consumer.psp.retryOnError = false
-
-# To run full provisioning synchronizations periodically, provide the class name which provides a 'public void fullSync()' method.
-# changeLog.psp.fullSync.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer
-
-# Schedule full synchronizations. Defaults to 5 am : 0 0 5 * * ?.
-# changeLog.psp.fullSync.quartzCron = 0 0 5 * * ?
-
-# Run a full synchronization job at startup. Defaults to false.
-# changeLog.psp.fullSync.runAtStartup = false
-
-# Omit diff responses from bulk response to conserve memory.
-# changeLog.psp.fullSync.omitDiffResponses = true
-
-# Omit sync responses from bulk response to conserve memory.
-# changeLog.psp.fullSync.omitSyncResponses = true
-
-
-#changeLog.consumer.printTest.class = edu.internet2.middleware.grouper.changeLog.consumer.PrintTest
-#changeLog.consumer.printTest.quartzCron =
-
-#rules consumer, needed for some of the Grouper rule types to run (e.g. flattenedMembershipRemove, flattenedMembershipAdd)
-changeLog.consumer.grouperRules.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.RuleConsumer
-changeLog.consumer.grouperRules.quartzCron =
-
-#consumer for syncing groups to other groupers
-changeLog.consumer.syncGroups.class = edu.internet2.middleware.grouper.client.GroupSyncConsumer
-changeLog.consumer.syncGroups.quartzCron =
-
-
-
-###################################
-## XMPP notifications
-## (note, uncomment the consumer class and cron above)
-## this will get grouper ws getMembers rest lite xmp:
-## http://anonsvn.internet2.edu/cgi-bin/viewvc.cgi/i2mi/trunk/grouper-ws/grouper-ws/doc/samples/getMembers/WsSampleGetMembersRestLite_xml.txt?view=log
-###################################
-
-## general xmpp configuration
-xmpp.server.host = jabber.school.edu
-xmpp.server.port = 5222
-xmpp.user = username
-# note, pass can be in an external file with morphstring
-xmpp.pass =
-xmpp.resource = grouperServer
-
-###################################
-## Rules config
-###################################
-
-# when the rules validations and daemons run. Leave blank to not run
-rules.quartz.cron = 0 0 7 * * ?
-
-#####################################
-## ESB integration
-#####################################
-
-#changeLog.consumer.awsJira.quartzCron = 0/15 * * * * ?
-#changeLog.consumer.awsJira.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
-#changeLog.consumer.awsJira.elfilter = event.eventType eq 'MEMBERSHIP_ADD' || event.eventType eq 'MEMBERSHIP_ADD'
-#changeLog.consumer.awsJira.noSensitiveData = true
-## if you want to encrypt messages, set this to an implementation of edu.internet2.middleware.grouperClient.encryption.GcEncryptionInterface
-#changeLog.consumer.awsJira.encryptionImplementation = edu.internet2.middleware.grouperClient.encryption.GcSymmetricEncryptAesCbcPkcs5Padding
-## this is a key or could be encrypted in a file as well like other passwords
-## generate a key with: java -cp grouperClient.jar edu.internet2.middleware.grouperClient.encryption.GcGenerateKey
-#changeLog.consumer.awsJira.encryptionKey = abc123
-## if you dont want to send the first 4 of the sha hash base 64 of the secret
-#changeLog.consumer.awsJira.dontSendShaBase64secretFirst4 = abc123
-#changeLog.consumer.awsJira.publisher.class = edu.internet2.middleware.grouperAwsChangelog.GrouperAwsEsbPublisher
-#changeLog.consumer.awsJira.publisher.awsAccessKey = ABCXYZ
-#changeLog.consumer.awsJira.publisher.awsSecretKey = 123REWQ
-#changeLog.consumer.awsJira.publisher.awsRegion = US_EAST_1
-#changeLog.consumer.awsJira.publisher.awsSnsTopicArn = arn:aws:sns:us-east-1:123:name
-
-#changeLog.consumer.xmppTest.quartzCron =
-#changeLog.consumer.xmppTest.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
-#changeLog.consumer.xmppTest.elfilter = event.eventType eq 'GROUP_DELETE' || event.eventType eq 'GROUP_ADD' || event.eventType eq 'MEMBERSHIP_DELETE' || event.eventType eq 'MEMBERSHIP_ADD'
-#changeLog.consumer.xmppTest.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbXmppPublisher
-#changeLog.consumer.xmppTest.publisher.server = jabber.school.edu
-#changeLog.consumer.xmppTest.publisher.port = 5222
-#changeLog.consumer.xmppTest.publisher.username = jabberuser
-#changeLog.consumer.xmppTest.publisher.password = /home/whatever/pass/jabberuserEncrypted.pass
-#changeLog.consumer.xmppTest.publisher.recipient = system1@school.edu
-#changeLog.consumer.xmppTest.publisher.addSubjectAttributes = NETID
-##note, on the content type header, activemq might need: application/x-www-form-urlencoded
-#changeLog.consumer.xmppTest.publisher.contentTypeHeader = application/json; charset=utf-8
-##note, on the stringRequestEntityPrefix, activemq might need: data=
-#changeLog.consumer.xmppTest.publisher.stringRequestEntityPrefix =
-##note, on the stringRequestEntityContentType, activemq might need: application/x-www-form-urlencoded
-#changeLog.consumer.xmppTest.publisher.stringRequestEntityContentType = application/json
-
-
http://git-wip-us.apache.org/repos/asf/airavata/blob/d8eaa415/modules/group-manager/src/main/resources/grouper-loader.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper-loader.properties b/modules/group-manager/src/main/resources/grouper-loader.properties
deleted file mode 100755
index 0f63983..0000000
--- a/modules/group-manager/src/main/resources/grouper-loader.properties
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# Grouper loader uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper-loader.base.properties
-# (which should not be edited), and the grouper-loader.properties overlays
-# the base settings. See the grouper-loader.base.properties for the possible
-# settings that can be applied to the grouper.properties
-
-db.warehouse.user=root
-db.warehourse.pass=
-db.warehouse.url=jdbc:mysql://localhost:3306/loader_grouper