Peter DiCamillo 5 months ago
|
We’re upgrading to Grouper 2.5, and I have 2.5.57 running in maturity level 1 containers. Now I need to add back the legacy Admin UI. Is that possible? I found these directions, but there’s no mention of 2.5 and containers: https://spaces.at.internet2.edu/pages/viewpage.action?pageId=132976920
|
Chris Hyzer 5 months ago
|
you need the admin ui or just some lite uis? i.e. what exactly minimally do you really need?Chris Hyzer 5 months ago
|
its best to not add that stuff back in, having old struts is a security concern (edited) Chris Hyzer 5 months ago
|
at penn we do have some "lite uis" still in the container (built in subimage) and it works finePeter DiCamillo 5 months ago
|
The minimum we need is the ability to manage legacy group types and attributes in the UI. That’s the group types section of Edit group in the Admin UI and Edit attributes, plus displaying the current types & attribute values as part of the group info.Chris Hyzer 5 months ago
|
and using the "attribute assign" screen is not good enough?Chris Hyzer 5 months ago
|
three thoughts...
|
Maybe attribute assign screen is good enough
|
Is this for provisioning? We could use the provisioning screen for this though we need to explore that with a conversation
|
We could consider adding more features to the current UI to accommodate you if you can send some screenshots that shows how users use the screen and legacy attributes :)Peter DiCamillo 5 months ago
|
The assign attribute screen is too low level. This is for provisioning, for use with our local change log consumer. For example, we can set a group type LDAPVisble to provision a group to LDAP, and set an attribute LDAPGroupName to specify the group name in LDAP.Chris Hyzer 5 months ago
|
might you consider using the new provisioning framework for that? there is a specific screen for provisioning and you can specify a group name there tooChris Hyzer 5 months ago
|
you can also see activity, when provisionable, when provisioned, errors, etc. a lot of compelling featuresPeter DiCamillo 5 months ago
|
Eventually, but that would be big project.Chris Hyzer 5 months ago
|
Would you consider using provisioning attributes / screens, but the provisioner does nothing, and your change log consumer keys off of provisioning attributes instead of legacy attributes?Peter DiCamillo 5 months ago
|
That might be a possibility. I don’t see anything useful on those screens now since we have no provisioners defined.Peter DiCamillo 5 months ago
|
However, we have a huge number of groups that would need attributes changed.Peter DiCamillo 5 months ago
|
My preference would be to get 2.5 in place first, then after that we could work on eliminating the Admin UI.Chris Hyzer 5 months ago
|
ok, then yes, you should be able to get the admin ui in there... you need an example or more docs?Peter DiCamillo 5 months ago
|
I’d like a description of the general process when containers are being used. Also, I noticed that the .tar.gz file on the directions page is very old, and there are differences if I build that file from the current source.Chris Hyzer 5 months ago
|
@Chad Redman will get back to you on this :slightly_smiling_face:Peter DiCamillo 5 months ago
|
Ok, thanksPeter DiCamillo 4 months ago
|
I tried to see how far I could get with this. I followed the directions at https://spaces.at.internet2.edu/pages/viewpage.action?pageId=132976920, but applied to updates to slashRoot/opt/grouper/grouperWebapp to get them into the container. The container contents looks ok. However, Tomcat gets errors trying to start the Grouper app.Peter DiCamillo 4 months ago
|
@Chad Redman @mchyzer I’m hoping I can get some help with resolving the errors. (edited) Chris Hyzer 4 months ago
|
what errors? :slightly_smiling_face:Peter DiCamillo 4 months ago
|
Following the directions, I get this error
|
error deploying grouper
|
java.lang.IllegalArgumentException: Filter mapping specifies an unknown filter name [GrouperUi]
|
I found that web.xml references the GrouperUi filter but had no <filter> element for it. So I added these lines to web.xml
|
<filter>
|
<filter-name>GrouperUi</filter-name>
|
<filter-class>edu.internet2.middleware.grouper.ui.GrouperUiFilter</filter-class>
|
</filter>
|
That eliminated the error, but then I got a new error:
|
Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/grouper]]
|
Caused by: java.lang.NullPointerException
|
at edu.internet2.middleware.grouper.j2ee.CommonServletContainerInitializer.onStartup(CommonServletContainerInitializer.java:66) ~[?:?]Peter DiCamillo 4 months ago
|
I looked at line 66, it’s
|
grouperUiFilter.addMappingForUrlPatterns(null, false, "*.jsp");Peter DiCamillo 4 months ago
|
That’s as far as I could go.Chad Redman 4 months ago
|
yes, those lines should be doing the same thing as what the web.xml lines are doing. I will try this out laterPeter DiCamillo 4 months ago
|
Which lines are you referring to?Chad Redman 4 months ago
|
that line 66 and the few lines before
|
String grouperUiFilterName = "GrouperUi";
|
Class grouperUiFilterClass = Class.forName("edu.internet2.middleware.grouper.ui.GrouperUiFilter");
|
Dynamic grouperUiFilter = context.addFilter(grouperUiFilterName, grouperUiFilterClass);
|
grouperUiFilter.addMappingForUrlPatterns(null, false, "*.jsp");Chris Hyzer 4 months ago
|
this did used to work, and then grouper diverged from the state where it did work. Some issues I see:
|
As you state, we no longer use a web.xml
|
There are replaces of grouper-ui.base.properties and Owasp.CsrfGuard.overlay.properties and we cant do that
|
The class GroupContainer.class has been replaced, and we cant do that
|
and thats just the first issues :slightly_smiling_face:Chris Hyzer 4 months ago
|
im kind of thinking we should add the things you need in the current ui...
|
identifying marker attributes or string single valued attributes to be displayed in group info
|
identifying marker attributes or string single valued attributes to be edited in the group edit screen
|
correct?Chad Redman 4 months ago
|
What is the old feature you are using the admin ui for? Maybe it's going to be easier to add a new jsp using the current apiPeter DiCamillo 4 months ago
|
It’s what I wrote at the start of the thread, “The minimum we need is the ability to manage legacy group types and attributes in the UI. That’s the group types section of Edit group in the Admin UI and Edit attributes, plus displaying the current types & attribute values as part of the group info.”Chad Redman 4 months ago
|
Those group types show up under attribute assignments? Probably with a legacy as part of the attribute name?Chris Hyzer 4 months ago
|
yeah, let me take a quick pass at this...Chris Hyzer 4 months ago
|
i assume VIEWers can view these attributes and ADMINs can edit them, irrespective of the attribute privileges...Peter DiCamillo 4 months ago
|
Are there no longer the Attrubute read and Attribute update ACLs?Peter DiCamillo 4 months ago
|
But ADMINs should be able to read and update in any case.Chris Hyzer 4 months ago
|
there are, so it should honor who can READ or UPDATE the attribute definitions right?Peter DiCamillo 4 months ago
|
Yes, either ADMIN or has the required attribute ACL.Chris Hyzer 4 months ago
|
well, for attributes, you need ADMIN or ATTR_READ on the group side, and ADMIN or READ on the attribute side to see it. You need ADMIN or ATTR_UPDATE on the group side, and ADMIN or UPDATE on the attribute side to see it. Is that what you want? :slightly_smiling_face:Peter DiCamillo 4 months ago
|
I think so. If that’s how it’s always worked, that’s fine.Peter DiCamillo 4 months ago
|
We want our existing ACLs from 2.3 to work as they have been.Peter DiCamillo 4 months ago
|
I can make some screen shots from the Admin UI if that would be useful.Peter DiCamillo 4 months ago
|
3 files
|
Group Summary.jpg
|
Edit Group.jpg
|
Edit Attributes.jpgChris Hyzer 4 months ago
|
do you have an env which is upgraded and i can see what the legacy attributes look like? :slightly_smiling_face:Chris Hyzer 4 months ago
|
ie what the types converted toPeter DiCamillo 4 months ago
|
I have a test Grouper 2.6.4 with a database that includes groups with the legacy group types and attributes. For the group in the screenshots, it has these underlying attributes in 2.3:
|
etc:legacy:attribute:legacyGroupType_CanvasGroup (marker)
|
etc:legacy:attribute:legacyGroupType_CanvasGroupControls (marker)
|
etc:legacy:attribute:legacyAttribute_canvasGroupTitle = "Intermediate Microeconomics"
|
etc:legacy:attribute:legacyAttribute_canvasSectionsType = "separate"
|
etc:legacy:attribute:legacyGroupType_LDAPVisible (marker)
|
etc:legacy:attribute:legacyAttribute_lastLDAPUpdate = "event:20211025131428"
|
That comes from a group info program I have. (edited) Chris Hyzer 4 months ago
|
so this is assignable to groups?
|
etc:legacy:attribute:legacyGroupType_CanvasGroup
|
and this is assignable to group assignments?
|
etc:legacy:attribute:legacyGroupType_CanvasGroupControlsPeter DiCamillo 4 months ago
|
Those are both different group types. It’s the attributes that are assigned to the group type assignments, such as
|
etc:legacy:attribute:legacyAttribute_canvasGroupTitle = "Intermediate Microeconomics"Peter DiCamillo 4 months ago
|
(The group types are assignable to groups.)Chris Hyzer 4 months ago
|
ok gotcha
|
Added to your saved itemsPeter DiCamillo 3 months ago
|
@mchyzer How are thing going with this? Will a new jsp be a workable solution?Peter DiCamillo 3 months ago
|
@mchyzer Making sure you saw my question.Chris Hyzer 3 months ago
|
yes it will be, I started working on it, not sure if it will be in 2.6.5 or 2.6.6...Peter DiCamillo 3 months ago
|
Great, thanksPeter DiCamillo 1 hour ago
|
@mchyzer Any update on this? Did it make it into 2.6.7?Chris Hyzer 13 minutes ago
|
such good timing! :slightly_smiling_face: we have a first pass of this in 2.6.8... I think there is more to do for 2.6.9 though...
|
https://todos.internet2.edu/browse/GRP-3890
|
Right now you can edit a boolean or a string value for an attribute assigned to a group. I think we need the part where if you check the checkbox then more settings are available indented (e.g. assignment on assignment), right?Peter DiCamillo 8 minutes ago
|
Yes, when a group type is added, then the attributes associated with that type should be editable.Chris Hyzer 2 minutes ago
|
and before the group type is added, then you dont even see the attributes right? you see them when you check the box?
|
NewPeter DiCamillo < 1 minute ago
|
Yes, that’s correct. The attributes logically belong to their group type.
|
Improvement
Minor