Changeset 4890

Timestamp:

30/01/09 13:46:56 (12 years ago)

Author:

pjkersha

Message:

• fixed inclusion of badc templates and static content for SSO in ndg.security.server egg
• fix to SSO logout controller to use WSGI client wrapper for Session Manager call
• Refactored SM and AA WSGI client wrappers adding a base class in clientbase module and including check for match for URI request by client to URI endpoint of WSGI service running locally.

Location:

TI12-security/trunk/python

Files:

• ndg.security.server/ndg/security/server/sso/sso/controllers/login.py (modified) (1 diff)
• ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py (modified) (6 diffs)
• ndg.security.server/ndg/security/server/wsgi/soap.py (modified) (1 diff)
• ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py (modified) (9 diffs)
• ndg.security.server/ndg/security/server/wsgi/utils/clientbase.py (added)
• ndg.security.server/ndg/security/server/wsgi/utils/sessionmanagerclient.py (modified) (12 diffs)
• ndg.security.server/setup.py (modified) (1 diff)
• ndg.security.test/ndg/security/test/combinedservices/services.ini (modified) (3 diffs)
• ndg.security.test/ndg/security/test/combinedservices/singlesignonservice/sso.cfg (modified) (1 diff)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/login.py

@@ -1 +1 @@
 """Single Sign On Service Login Controller
 
-NERC Data Grid Project
+NERC DataGrid Project
 """
 __author__ = "P J Kershaw"

TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py

@@ +1 @@
+"""Single Sign On Service Logout Controller
+
+NERC DataGrid Project
+"""
+__author__ = "P J Kershaw"
+__date__ = "10/12/08"
+__copyright__ = "(C) 2009 Science and Technology Facilities Council"
+__license__ = "BSD - see LICENSE file in top-level directory"
+__contact__ = "Philip.Kershaw@stfc.ac.uk"
+__revision__ = '$Id$'
 from ndg.security.server.sso.sso.lib.base import *
 from ndg.security.common.pylons.security_util import SecuritySession
@@ -8 +18 @@
 from urlparse import urlsplit, urlunsplit
 
-from ndg.security.common.sessionmanager import SessionManagerClient
+from ndg.security.server.wsgi.utils.sessionmanagerclient import \
+    WSGISessionManagerClient, SessionExpired, AttributeRequestDenied
 
 
@@ -31 +42 @@
         
         try:
-            smClnt = SessionManagerClient(uri=session['ndgSec']['h'],
-                                      tracefile=cfg.tracefile,
-                                      **cfg.wss)       
+            smClnt = WSGISessionManagerClient(uri=session['ndgSec']['h'],
+                        environ=request.environ,
+                        tracefile=cfg.tracefile,
+                        sslCACertFilePathList=self.cfg.sslCACertFilePathList,
+                        **cfg.wss)       
         except Exception, e:
             log.error("logout - creating Session Manager client: %s" % e)
@@ -39 +52 @@
         
         # Disconnect from Session Manager
-        log.info('Calling Session Manager "%s" disconnect for logout...' % \
+        log.info('Calling Session Manager "%s" disconnect for logout...' %
                  session['ndgSec']['h'])
         try:
@@ -84 +97 @@
             getCredentialsIdx = b64decReturnTo.rfind('/getCredentials')
             if getCredentialsIdx != -1:
-                log.debug(\
-                    "Reverting request URL from getCredentials to login...")
+                log.debug("Reverting request URL from getCredentials to "
+                          "login...")
                 b64decReturnTo = b64decReturnTo[:getCredentialsIdx] + '/login'
             
@@ -98 +111 @@
 
             # and now go back to whence we had come
-            log.debug("LogoutController._redirect: redirect to %s" % \
+            log.debug("LogoutController._redirect: redirect to %s" %
                                                               b64decReturnTo)
             h.redirect_to(b64decReturnTo)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/soap.py

@@ -75 +75 @@
             # Remove equivalent keyword if present
             kw.pop('referencedFilters', None)
+            
+        # The endpoint that this services will be referenced from externally.
+        # e.g. the Session Manager client running locally can check the
+        # input URI and compare with this value to see if the request is 
+        # actually to the local Session Manager instance
+        if 'publishedURI' in self.app_conf:
+            self.publishedURI = self.app_conf.pop('publishedURI')
             
 

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py

@@ -10 +10 @@
 __copyright__ = "(C) 2009 Science and Technology Facilities Council"
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
+__license__ = "BSD - see LICENSE file in top-level directory"
 __revision__ = "$Id$"
 import logging
@@ -23 +24 @@
     """Configuration error"""
     
-class WSGIAttributeAuthorityClient(object):
+class WSGIAttributeAuthorityClient(WSGIClientBase):
     """Client interface to Attribute Authority for WSGI based applications
     
@@ -33 +34 @@
     environKey = "ndg.security.server.wsgi.attributeAuthorityFilter"
             
-    _refInEnviron=lambda self: self._environKey in self._environ
-    
-    # Define as property for convenient call syntax
-    refInEnviron = property(fget=_refInEnviron,
-                            doc="return True if a Attribute Authority "
-                                "instance is available in WSGI environ")
-    
     _getRef = lambda self:self._environ[self._environKey].serviceSOAPBinding.aa
     ref = property(fget=_getRef, doc="Attribute Authority local instance")
 
-    
-    def __init__(self, environKey=None, environ={}, **soapClientKw):
+    def __init__(self, environKey=None, environ={}, **clientKw):
 
         log.debug("WSGIAttributeAuthorityClient.__init__ ...")
@@ -54 +47 @@
         
         if soapClientKw.get('uri'):
-            self._soapClient = AttributeAuthorityClient(**soapClientKw)
+            self._client = AttributeAuthorityClient(**clientKw)
         else:
-            self._soapClient = None
-             
-    def _setEnviron(self, environ):
-        if not isinstance(environ, dict):
-            raise TypeError("Expecting dict type for 'environ' property")
-        self._environ = environ
-        
-    def _getEnviron(self, environ):
-        return self._environ
-    
-    environ = property(fget=_getEnviron, 
-                       fset=_setEnviron, 
-                       doc="WSGI environ dictionary")
+            self._client = None
             
     def getHostInfo(self):
@@ -82 +63 @@
             return self.ref.hostInfo
         
-        elif self._soapClient is None:            
+        elif self._client is None:            
             raise WSGIAttributeAuthorityClientConfigError("No reference to a "
                         "local Attribute Authority is set and no SOAP client "
-                        "to a remote service has been initialized")
+                        "to a remote service has been initialised")
         else:            
             # Make connection to remote service
-            return self._soapClient.getHostInfo()
+            return self._client.getHostInfo()
         
         
@@ -107 +88 @@
             # Connect to local instance
             return self.ref.getTrustedHostInfo(**kw)
-        elif self._soapClient is None:            
+        elif self._client is None:            
             raise WSGIAttributeAuthorityClientConfigError("No reference to a "
                         "local Attribute Authority is set and no SOAP client "
-                        "to a remote service has been initialized")
+                        "to a remote service has been initialised")
         else:
             # Make connection to remote service
-            return self._soapClient.getTrustedHostHostInfo(**kw)
+            return self._client.getTrustedHostHostInfo(**kw)
 
 
@@ -130 +111 @@
             allHostsInfo.update(self.ref.getTrustedHostInfo())
             return allHostsInfo
-        elif self._soapClient is None:            
+        elif self._client is None:            
             raise WSGIAttributeAuthorityClientConfigError("No reference to a "
                         "local Attribute Authority is set and no SOAP client "
-                        "to a remote service has been initialized")
+                        "to a remote service has been initialised")
         else:
             # Make connection to remote service
-            return self._soapClient.getAllHostsInfo()
+            return self._client.getAllHostsInfo()
 
 
@@ -160 +141 @@
 
             return self.ref.getAttCert(**kw)
-        elif self._soapClient is None:            
+        elif self._client is None:            
             raise WSGIAttributeAuthorityClientConfigError("No reference to a "
                         "local Attribute Authority is set and no SOAP client "
-                        "to a remote service has been initialized")
+                        "to a remote service has been initialised")
         else:
             # Make connection to remote service
@@ -169 +150 @@
                 kw['userX509Cert'] = kw.pop('holderX509Cert')
                 
-            return self._soapClient.getAttCert(**kw)
+            return self._client.getAttCert(**kw)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/sessionmanagerclient.py

@@ -3 +3 @@
 Client interface to Session Manager for WSGI based applications
 
-NERC Data Grid Project
-
+NERC DataGrid Project
 """
 __author__ = "P J Kershaw"
 __date__ = "27/11/08"
 __copyright__ = "(C) 2009 Science and Technology Facilities Council"
+__license__ = "BSD - see LICENSE file in top-level directory"
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = "$Id$"
-
 import logging
 log = logging.getLogger(__name__)
@@ -18 +17 @@
 import os
 
+from ndg.security.server.wsgi.utils.clientbase import WSGIClientBase
 from ndg.security.server.wsgi.utils.attributeauthorityclient import \
     WSGIAttributeAuthorityClient
@@ -88 +88 @@
     """Configuration error for WSGI Session Manager Client"""
     
-class WSGISessionManagerClient(object):
+class WSGISessionManagerClient(WSGIClientBase):
     """Client interface to Session Manager for WSGI based applications
     
@@ -108 +108 @@
     environKey = "ndg.security.server.wsgi.sessionManagerFilter"
     attributeAuthorityEnvironKey = WSGIAttributeAuthorityClient.environKey
-    
-    _refInEnviron = lambda self: self._environKey in self._environ
-    
-    # Define as property for convenient call syntax
-    refInEnviron = property(fget=_refInEnviron,
-                            doc="return True if a Session Manager instance is "
-                                "available in WSGI environ")
-    
+        
     _getRef = lambda self:self._environ[self._environKey].serviceSOAPBinding.sm
-    ref = property(fget=_getRef, doc="Session Manager local instance")
+    ref = property(fget=_getRef, doc="local session manager instance")
 
     
@@ -136 +129 @@
         
         if soapClientKw.get('uri'):
-            self._soapClient = SessionManagerClient(**soapClientKw)
-        else:
-            self._soapClient = None
-    
-    def _setEnviron(self, environ):
-        if not isinstance(environ, dict):
-            raise TypeError("Expecting dict type for 'environ' property")
-        self._environ = environ
-        
-    def _getEnviron(self, environ):
-        return self._environ
-    
-    environ = property(fget=_getEnviron, 
-                       fset=_setEnviron, 
-                       doc="WSGI environ dictionary")
-    
+            self._client = SessionManagerClient(**soapClientKw)
+        else:
+            self._client = None
+
+   
     def connect(self, username, **kw):
         """Request a new user session from the Session Manager
@@ -168 +150 @@
             res = self.ref.connect(username=username, **kw)
             
-        elif self._soapClient is None:            
+        elif self._client is None:            
             raise WSGISessionManagerClientConfigError("No reference to a "
                         "local Session Manager is set and no SOAP client "
@@ -180 +162 @@
             
             # Make connection to remote service
-            res = self._soapClient.connect(username, **kw)
+            res = self._client.connect(username, **kw)
     
             # Convert from unicode because unicode causes problems with
@@ -209 +191 @@
             self.ref.deleteUserSession(**kw)
             
-        elif self._soapClient is None:            
+        elif self._client is None:            
             raise WSGISessionManagerClientConfigError("No reference to a "
                         "local Session Manager is set and no SOAP client "
@@ -217 +199 @@
                 kw['userDN'] = kw.pop('userX509Cert').dn
                 
-            self._soapClient.disconnect(**kw)
+            self._client.disconnect(**kw)
         
     
@@ -233 +215 @@
             return self.ref.getSessionStatus(**kw)
         
-        elif self._soapClient is None:            
-            raise WSGISessionManagerClientConfigError("No reference to a "
-                        "local Session Manager is set and no SOAP client "
-                        "to a remote service has been initialized")
-        else:
-            return self._soapClient.getSessionStatus(**kw)
+        elif self._client is None:            
+            raise WSGISessionManagerClientConfigError("No reference to a "
+                        "local Session Manager is set and no SOAP client "
+                        "to a remote service has been initialized")
+        else:
+            return self._client.getSessionStatus(**kw)
     
 
@@ -272 +254 @@
             return self.ref.getAttCert(**kw)
     
-        elif self._soapClient is None:            
+        elif self._client is None:            
             raise WSGISessionManagerClientConfigError("No reference to a "
                         "local Session Manager is set and no SOAP client "
@@ -303 +285 @@
                             'this keyword')
 
-            return self._soapClient.getAttCert(**kw)
+            return self._client.getAttCert(**kw)

TI12-security/trunk/python/ndg.security.server/setup.py

@@ -90 +90 @@
         'ndg.security.server.sso': ['*.ini', '*.cfg', '*.txt'],
         'ndg.security.server.sso.sso': ['public/*.*', 'public/layout/*.*'],
-        'ndg.security.server.sso.sso.badc_site': ['public/*.*', 'public/layout/*.*'],
+        'ndg.security.server.sso.sso.badc_site': [
+            'public/*.*', 
+            'public/layout/*.*',
+            'public/layout/logos/*.*',
+            'public/layout/styles/*.*',
+            'public/layout/tabs/*.*'
+        ],
         'ndg.security.server.sso.sso.templates.ndg.security': ['*.kid'],
         'ndg.security.server.sso.sso.badc_site.templates.ndg.security': ['*.kid'],

TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini

@@ -140 +140 @@
 use = egg:Paste#http
 host = 0.0.0.0
-port = 5000
+port = 8000
 
 [filter-app:mainApp]
@@ -242 +242 @@
 path = /AttributeAuthority
 
+# External endpoint for this Attribute Authority - must agree with setting used
+# to invoke this service set in:
+# * serverapp.py 
+# * or port in [server:main] if calling with paster serve services.ini
+# * or something else e.g. proxied through Apache?
+# This setting is used by Attribute Authority clients in this WSGI stack to see
+# if a request is being made to the local service or to another Attribute 
+# Authority running elsewhere
+publishedURI = http://localhost:8000%(path)s
+
 # Enable ?wsdl query argument to list the WSDL content
 enableWSDLQuery = True
@@ -279 +289 @@
                                         filter:AttributeAuthorityFilter
 
-# Path from URL for Session Manager in this Paste deployment
+# Path from URI for Session Manager in this Paste deployment
 path = /SessionManager
+
+# External endpoint for this Session Manager - must agree with setting used to
+# invoke this service set in:
+# * serverapp.py 
+# * or port in [server:main] if calling with paster serve services.ini
+# * or something else e.g. proxied through Apache?
+# This setting is used by Session Manager clients in this WSGI stack to see if
+# a request is being made to the local service or to another session manager
+# running elsewhere
+publishedURI = http://localhost:8000%(path)s
 
 # Enable ?wsdl query argument to list the WSDL content

TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singlesignonservice/sso.cfg

@@ -15 +15 @@
 # Switch to alternative location to pick up public/ dir containing static 
 # content such as graphics and stylesheets
-#configDir=/home/pjkersha/workspace/security/python/ndg.security.server/ndg/security/server/sso/sso/badc_site
+#configDir=%(here)s
 
 # Switch from default templates package to templates/ in alternative directory