Filesystem Group Service Tutorial

Filesystem Group Service Tutorial

Prerequisites: You should be able to edit groups with theGroups Managerchannel and know how to publish a channel using theChannel Managerchannel.This tutorial assumes a base distribution, like the Quick-start, of uPortal version 2.2 or greater. However, it should work with a locally configured instance of uPortal if you substitute the names of your own users for the sample names. The instructions assume Windows, but the Mac and Unix substitutions are pretty obvious.

1. Create a directory called C:\temp\myGroups\org.jasig.portal.security.IPerson.
In this directory, using a text editor like Notepad, create a new file named Special_Developers (not Special_Developers.txt). Add the following 2 lines containing names of portal users:

  • student
  • faculty

Save the file. You have now created a group calledSpecial_Developersthat contains 2 members,studentandfaculty.

2. Edit your composite groups configuration file, properties/groups/compositeGroupServices.xml and comment in the filesystem group service.  Change the groups root attribute to

"C:/temp/myGroups".
 <service groupsRoot="C:/temp/myGroups">
    <name>filesystem</name>
    <service_factory>org.jasig.portal.groups.ReferenceIndividualGroupServiceFactory</service_factory>
    <entity_store_factory>org.jasig.portal.groups.filesystem.FileSystemGroupStoreFactory</entity_store_factory>
    <group_store_factory>org.jasig.portal.groups.filesystem.FileSystemGroupStoreFactory</group_store_factory>
    <entity_searcher_factory>org.jasig.portal.groups.filesystem.FileSystemEntitySearcherFactory</entity_searcher_factory>
    <internally_managed>false</internally_managed>
    <caching_enabled>false</caching_enabled>
  </service>

Save your changes. You have now made the group you just created available to the composite group service via a component service named filesystem.

3. Start up your portal.

4. Log on as student. You should not see the Channel Adminlink in the header sinces tudent does not have permission to render the Channel Manager channel. Logout Student.

5. Logon as admin. In Groups Manager(on the Admin Tools tab), expand Everyone, expand Staff, and select Developers (You are going to make Special_Developers a member of Developers.)

6. Lock Developers for update and choose Add Members.

7. Search for a Group of Persons containing "Special". Groups Manager should find your new group. Select Special_Developers and add it to Developers.

8. Unlock Developers and select Special_Developers. It should have 2 members, Faculty User and Student User.

9. Still logged on as admin, publish a new channel, giving access only to the group Special_Developers. Logout admin.

10. Log on as student. You should now see the Channel Admin link in the header and be able to publish channels since members of Developers have permission to render Channel Manager and student is now a member of developers via Special_Developers.

11. Subscribe to the new channel via the User Preferences channel.

12. Log off student and log on as developer.

13. Try to subscribe to the new channel via the User Preferenceschannel. You should not be able to see the new channel. Both developer and Special_Developers are members of Developers, but only members of Special_Developers have subscribe permission for the new channel.

14. Log off developer and log on as faculty. You should now be able to subscribe to the new channel. Do so.

15. Using your text editor, edit Special_Developers and remove faculty from the group by commenting out the faculty line:

  • student
  • #faculty

16. Still logged on as faculty, refresh your browser. The new channel should still successfully render. Why? Although faculty is no longer a member of Special_Developers,the filesystem group service is externally-managed (you edited it with a text editor). While the filesystem service itself stays up-to-date by checking file timestamps, it has no way of knowing what has changed or that previously-cached membership information for a particular group member is now out of sync.

17. On the other hand, if you remove Special_Developers from Developers using Groups Manager, this change will be visible in real time because Developers belongs to an internally-managed service. As soon as you refresh faculty's browser, the Channel Admin link will disappear from the header. You'll need 2 different user agents (browser types) on your workstation to try this, one for faculty and one for admin to make the change in Groups Manager.)

18. Log off and log on once again as faculty. This time, the new channel should fail to render, and the Error Channel should appear in its place with the annoying "You are not authorized to view this channel" message. The Channel Admin link should also be gone from the header. The memberships for faculty are now correctly assessed because membership information for a user is un-cached when the user's session is destroyed.