[ome-devel] Using omero.gateway.Gateway for sudo-connections

Dominik Lindner (Staff) d.lindner at dundee.ac.uk
Mon Apr 18 08:27:08 BST 2016


Hi Christian,

your example looks alright. And I also just tried it on one of our test servers, no problem.
I have to check if this “sudo” session is a feature which has to be enabled explicitly on the server.

Can you actually log in with this user directly? Just to exclude the possibility that the user might
be disabled from logging in.

In case you only need the user’s datasets, you don’t have to use a “sudo” session by the way,
there’s a method "getDatasets(SecurityContext ctx, long ownerId)” which retrieves the datasets
the user owns.

Regards,
Dominik


> On 15 Apr 2016, at 12:17, Christian Carsten Sachs <c.sachs at fz-juelich.de> wrote:
>
> Hi Dominik,
>
> thanks for the fast response!
>
> I was playing around with these options but so far had no luck. Attached a whole minimal (non)working example:
>
> <<<
>
> Logger logger = new SimpleLogger();
> Gateway gateway = new Gateway(logger);
>
> LoginCredentials ADMIN_CREDENTIALS = new LoginCredentials();
>
> ADMIN_CREDENTIALS.getServer().setHostname("hostname");
> ADMIN_CREDENTIALS.getUser().setUsername("admin");
> ADMIN_CREDENTIALS.getUser().setPassword("password");
>
> ExperimenterData adminUser = gateway.connect(ADMIN_CREDENTIALS);
>
> SecurityContext adminCtx = new SecurityContext(adminUser.getGroupId());
>
> ExperimenterData user = gateway.getFacility(AdminFacility.class).lookupExperimenter(adminCtx, "normalUserName");
>
> SecurityContext ctx = new SecurityContext(user.getGroupId());
>
> // with or without that line
> //ctx = adminCtx;
>
> ctx.setExperimenter(user);
> ctx.sudo();
>
> for(DatasetData d : gateway.getFacility(BrowseFacility.class).getDatasets(ctx)) {
>    System.out.println(d.getName());
> }
>
> >>>
>
> This yields
>
> -! 4/15/16 13:12:15:171 warning: main: null - createSession retry: 1
> -! 4/15/16 13:12:20:186 warning: main: null - createSession retry: 2
> Could not load hierarchy
> omero.gateway.exception.DSOutOfServiceException: Could not derive connector
> at omero.gateway.Gateway.getConnector(Gateway.java:1301)
> at omero.gateway.Gateway.getPojosService(Gateway.java:493)
> at omero.gateway.facility.BrowseFacility.getDatasets(BrowseFacility.java:457)
> ...
>
> (both when I try to set the new experimenter to adminCtx or create a new ctx and set it ...)
>
> Am I doing something wrong?
>
> Thanks a lot,
> best regards,
> Christian Sachs
>
> On 2016-04-15 12:58, Dominik Lindner (Staff) wrote:
>> Hi Christian,
>>
>> it should work when you set the user via SecurityContext.setExperimenter() and set the sudo flag via SecurityContext.sudo().
>> Then operations using this SecurityContext will be performed in the user context.
>>
>> I’ll have to check if we have a working code example in the docs somewhere.
>>
>> Regards,
>> Dominik
>>
>>
>>> On 15 Apr 2016, at 11:47, Christian Carsten Sachs <c.sachs at fz-juelich.de> wrote:
>>>
>>> Hello,
>>>
>>> I'd like to connect to OMERO via Java using a sudo connection, i.e.
>>> login as an admin user, and then perform actions as another user.
>>>
>>> While there is example code at
>>> https://github.com/openmicroscopy/openmicroscopy/blob/master/examples/OmeroClients/sudo.java
>>> the code 'manually' establishes a connection, while the current
>>> developer documentation urges to use the omero.gateway.Gateway class to
>>> manage the connection (as far as I read, this is the modern and
>>> recommended way).
>>>
>>> Is there any way to use omero.gateway.Gateway for a sudo connection?
>>>
>>> I played around with something like this,
>>>
>>> adminUser = gateway.connect(ADMIN_CREDENTIALS);
>>>
>>> adminCtx = new SecurityContext(adminUser.getGroupId());
>>>
>>> user =
>>> gateway.getFacility(AdminFacility.class).lookupExperimenter(adminCtx,
>>> "normalUserName");
>>>
>>> ctx = new SecurityContext(user.getGroupId());
>>>
>>> but using ctx lateron fails; I assume the necessary services are not
>>> properly started/connected, what gateway would normally do upon login;
>>> unfortunately I don't seem to find a way to force the gateway object to
>>> do this lateron for another user ...
>>>
>>> I looked around a bit and have some ideas how it might be done manually
>>> ... within omero.gateway.Gateway, but unfortunately as the necessary
>>> variables appear private I can't really access that from outside code.
>>>
>>> Best regards,
>>> Christian Sachs
>>>
>>>
>>> ------------------------------------------------------------------------------------------------
>>> ------------------------------------------------------------------------------------------------
>>> Forschungszentrum Juelich GmbH
>>> 52425 Juelich
>>> Sitz der Gesellschaft: Juelich
>>> Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
>>> Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
>>> Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
>>> Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
>>> Prof. Dr. Sebastian M. Schmidt
>>> ------------------------------------------------------------------------------------------------
>>> ------------------------------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> ome-devel mailing list
>>> ome-devel at lists.openmicroscopy.org.uk
>>> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel
>>
>>
>> The University of Dundee is a registered Scottish Charity, No: SC015096
>> _______________________________________________
>> ome-devel mailing list
>> ome-devel at lists.openmicroscopy.org.uk
>> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel
>>
> _______________________________________________
> ome-devel mailing list
> ome-devel at lists.openmicroscopy.org.uk
> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel


The University of Dundee is a registered Scottish Charity, No: SC015096


More information about the ome-devel mailing list