香港六合彩
DESCRIPTION
怎么了?,说:逗你玩儿的了然后香港六合彩的眼圈又红起来,低下 头说:你还这么关心我干嘛?我已经有男朋友了TRANSCRIPT
![Page 1: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/1.jpg)
Setting up the Grouper and Signet Databases
Joy Veronneau
Cornell University
Identity Management
November 7, 2006
![Page 2: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/2.jpg)
![Page 3: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/3.jpg)
![Page 4: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/4.jpg)
Introduction
• Grouper and Signet rely on Hibernate technology to integrate with a variety of RDBMS systems.
• Also see the Signet and Grouper Wikis for Hibernate configuration information.
![Page 5: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/5.jpg)
Let’s talk about
first…
![Page 6: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/6.jpg)
grouper.hibernate.properties
• See sample grouper/conf/grouper.hibernate.properties in Appendix 2 of handout.
• Comes pre-populated for HSQLDB, PostgreSQL, and Oracle - just comment and uncomment the appropriate sections.
• Hibernate uses JDBC - fill in:– hibernate.connection.driver_class (JDBC driver classname)– hibernate.connection.url (JDBC URL for the database)– hibernate.connection.username (database user)– hibernate.connection.password (database user’s password)
![Page 7: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/7.jpg)
Grouper/Oracle Example
• At Cornell, we are using an Oracle database for the groups registry.
![Page 8: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/8.jpg)
Grouper/Oracle cont’d
• Remember to uncomment this line if you are using Oracle:
(You can also fix any spelling mistakes you might find.)
![Page 9: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/9.jpg)
Ready, Set …
• If your configuration is ready, the next thing you need to do is initialize your database.
• Don’t forget to put your classes.jar file in the grouper/lib directory (e.g. oracle-classes12.jar)
• You may want to edit your log4j.properties file if you haven’t already.
![Page 10: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/10.jpg)
Go!• Switch into the grouper directory and type “ant
schemaexport” - this command generates the DDL (Data Definition Language) appropriate for your configured RDBMS and installs the tables.
• Then type “ant db-init”. This command populates various tables with required logical schema information and creates the root naming stem of the Groups Registry.
• These ant commands will produce errors if you haven’t configured your log files correctly in log4j.properties. But the commands will still work after Grouper complains a little.
![Page 11: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/11.jpg)
Grouper FAQ Number 2:
Q: "ant schemaexport" creates 14 tables, 2 of which are "subject" and "subjectattribute". Do I need these?
A: No. They are there only to support the quickstart demo and testing the API. They can safely be removed or ignored *if* your subjects are coming from another source, e.g. an LDAP directory.
![Page 12: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/12.jpg)
Grouper FAQ Number 6:Q: I am using Oracle for my Grouper database, and
when I try to add more groups or members, I am getting this error: "hibernate commit error: Could not execute JDBC batch update." What causes that?
A: One cause may be that you have run out of tablespace - try extending your tablespace for the Grouper database.
Cornell currently has the tablespace set to 1Gb, just a rough guess based on preliminary data loads.
![Page 13: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/13.jpg)
Grouper/Oracle cont’d
• The Oracle database schema has been modified between version 1.0 and 1.1 of Grouper. If you are upgrading from 1.0, you should export the GROUPER_MEMBERSHIPS table, reorder the columns and import the GROUPER_MEMBERSHIPS table for much better performance.
![Page 14: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/14.jpg)
Audience Participation
• Any experience using Grouper with PostgreSQL or HSQLDB?
![Page 15: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/15.jpg)
Special Grouper Subjects:GrouperAll
• The GrouperAll subject is hard-wired.• GrouperAll means *any* subject.• When you select “Assign the following default
privileges for everyone” in the UI, you are actually assigning them to the “GrouperAll” subject.
• You will see GrouperAll appear in the UI when you look at who has group privileges such as VIEW and READ.
![Page 16: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/16.jpg)
![Page 17: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/17.jpg)
Special Grouper Subjects:GrouperSystem
• The super-user…• If you are using an SSO system and/or outside
subject sources, you probably won’t be able to sign on as GrouperSystem but…
• You can create a Grouper “wheel” group whose members are the security equivalent to “GrouperSystem”.
• If you are a member of the “wheel” group, the UI gives you a choice whether to act as yourself with normal privileges, or as “admin” which means “GrouperSystem”.
![Page 18: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/18.jpg)
Setting up the Grouper Wheel Group
• See instructions in the Wiki Documentation section: “Initializing Administration of Grouper Privileges.”
• Use gsh to create the group, and edit the grouper.properties file.
• Sample grouper.properties file in Appendix 4 of handout.
• Joy sez: “Make a script, you will have to do this more than once when you are starting out!”
![Page 19: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/19.jpg)
The gsh Utility (Grouper Shell)
• My favorite utility - a tool for interacting with the Grouper API.
• Script (batch) and interactive modes.• The Grouper Wiki has instructions for how to
build and use it. • Use special gsh commands or *any* API
command.
![Page 20: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/20.jpg)
Useful gsh Variables
![Page 21: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/21.jpg)
Create “wheel” Group - Sample gsh Script
![Page 22: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/22.jpg)
Grouper XML Export
• Exported XML may be used for: * provisioning other systems * reporting * backups * switching database backends - including to upgraded schemas (required by new Grouper API versions) in the same database
![Page 23: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/23.jpg)
Grouper XML Import
• Useful for: * loading - adding to or updating existing Stems, Groups and Group Types. Whole or partial Grouper registries can be exported, and subsequently imported at a specified Stem (or the Root Stem if not specified) in the new instance. * initializing a new, empty registry to a known state - useful for demos, testing and system recovery
![Page 24: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/24.jpg)
Sample Grouper XML export command
• Remember to create an export.properties file.
• From grouper directory, this will export the cu:ga stem which has the wheel group in it:
ant xml-export -Dcmd="GrouperSystem -name cu:ga x.xml"
![Page 25: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/25.jpg)
What the Export xml Looks Like
![Page 26: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/26.jpg)
Setting up the
Database
![Page 27: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/27.jpg)
Set Up the Signet Database
• Instructions on the Signet Wiki• The DDL for each supported database is found in
the signet/sql directory. • Signet currently provides DDL for:
* HSQL * Oracle * Postgres * Sybase
• Execute with your favorite tool (Aqua for Mac, dbArtisan for Windows)
![Page 28: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/28.jpg)
Copy Your Driver
• For Oracle this is oracle-classes12.jar
• An appropriate driver must be installed in two places, as there are two parts to Signet that operate independently - the Web application and the utilities.* signet/lib
* signet/webapp/signet/WEB-INF/lib
![Page 29: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/29.jpg)
Two Different Versions of Hibernate?
• It’s just an accident that Signet uses XML for the Hibernate configuration and Grouper doesn’t.
• Currently Grouper (& Subject) use v2.1.8 of Hibernate. Signet uses some earlier v2.
• Normalization of third party libraries common to Signet and Grouper is being addressed.
![Page 30: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/30.jpg)
Edit signet/config/hibernate.cfg.xml
• See sample hibernate.cfg.xml in Appendix 3 of handout.
• Configures your JDBC connection.• Edit two copies of the hibernate.cfg.xml
file:– signet/config/hibernate.cfg.xml– signet/webapp/signet/WEB-INF/classes/
hibernate.cfg.xml
![Page 31: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/31.jpg)
Sample signet/config/hibernate.cfg.xml for Oracle
![Page 32: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/32.jpg)
The Special “Signet” Subject
• Built into Signet• The Signet subject is the source of granted
privileges over internal Signet system actions as described below.
• The Signet subject is the actor on any system-initiated action, e.g., it will be identified as the "revoker" when a lifecycle event (expiration or affiliation change) causes the automatic revocation of services.
![Page 33: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/33.jpg)
“Signet” Subject - more
• The Signet subject has hard-wired granting powers over all functions in all subsystems. Note that Signet can extend capabilities to others (can grant), but cannot itself act on those privileges.
![Page 34: 香港六合彩](https://reader034.vdocuments.mx/reader034/viewer/2022051616/5575eeb8d8b42af74e8b5113/html5/thumbnails/34.jpg)
Giving the Signet System Administrator Initial Power
• Use the Signet proxy tool to grant System Administrator privileges (described in the Wiki)
• ./run.sh grant [email protected]
• Possible commands: grant, revoke, list