Context Navigation

← Previous Change
Next Change →

NDGSecurity

Timestamp:

11/01/10 15:37:50 (11 years ago)

Author:

pjkersha

Message:

Preparing 1.4 release.

Location:

TI12-security/trunk/NDGSecurity/python

Files:

: 2 added
: 13 edited

ndg_security/setup.py (modified) (1 diff)
ndg_security_client/setup.py (modified) (1 diff)
ndg_security_common/setup.py (modified) (1 diff)
ndg_security_server/ndg/security/server/wsgi/authz/__init__.py (modified) (1 diff)
ndg_security_server/ndg/security/server/wsgi/authz/result_handler/__init__.py (modified) (1 diff)
ndg_security_server/ndg/security/server/wsgi/authz/result_handler/basic.py (modified) (1 diff)
ndg_security_server/ndg/security/server/wsgi/authz/result_handler/redirect.py (added)
ndg_security_server/setup.py (modified) (1 diff)
ndg_security_test/ndg/security/test/config/attributeauthority/sitea/attributeCertificateLog (modified) (1 prop)
ndg_security_test/ndg/security/test/config/attributeauthority/sitea/attributeCertificateLog/ac.xml (modified) (1 diff)
ndg_security_test/ndg/security/test/config/attributeauthority/siteb/attributeCertificateLog (modified) (1 prop)
ndg_security_test/ndg/security/test/unit/credentialwallet (modified) (1 prop)
ndg_security_test/ndg/security/test/unit/wsgi/authz/pep-result-handler-test.ini (added)
ndg_security_test/ndg/security/test/unit/wsgi/authz/test_authz.py (modified) (5 diffs)
ndg_security_test/setup.py (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

TI12-security/trunk/NDGSecurity/python/ndg_security/setup.py

r6134	r6284
42	42	setup(
43	43	name = 'ndg_security',
44		version = '1.3.4',
	44	version = '1.4',
45	45	description = 'NERC DataGrid Security Utilities',
46	46	long_description = _longDescription,

TI12-security/trunk/NDGSecurity/python/ndg_security_client/setup.py

r6134	r6284
44	44	setup(
45	45	name = 'ndg_security_client',
46		version = '1.3.4',
	46	version = '1.4',
47	47	description = 'NERC DataGrid Security Client side interface',
48	48	long_description = _longDescription,

TI12-security/trunk/NDGSecurity/python/ndg_security_common/setup.py

r6134	r6284
69	69	setup(
70	70	name = 'ndg_security_common',
71		version = '1.3.4',
	71	version = '1.4',
72	72	description = 'NERC DataGrid Security package containing common '
73	73	'utilities used by both server and client '

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/authz/init.py

r6271	r6284
755	755	"""
756	756	PIP_MIDDLEWARE_CLASS = SamlPIPMiddleware
757

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/authz/result_handler/init.py

-                      r6271
+                      r6284
 __revision__ = "$Id: $"
 __license__ = "BSD - see LICENSE file in top-level directory"
+from ndg.security.server.wsgi.session import SessionMiddlewareBase
+from ndg.security.server.wsgi.session import (SessionMiddlewareBase,
+    SessionHandlerMiddlewareError, SessionHandlerMiddlewareConfigError)
+class PEPResultHandlerMiddlewareError(SessionHandlerMiddlewareError):
+    """Base exception for PEP Result Handler Middleware implementations"""
+class PEPResultHandlerMiddlewareConfigError(SessionHandlerMiddlewareConfigError):
+    """Configuration errors from PEP Result Handler Middleware implementations
+    """
 class PEPResultHandlerMiddlewareBase(SessionMiddlewareBase):
     """Abstract Base class for Policy Enforcement Point result handler
+    specialisations"""
+    specialisations
+    This class can be overridden to define custom behaviour for the access
+    denied response e.g. include an interface to enable users to register for
+    the dataset from which they have been denied access.  See
+    AuthorizationMiddlewareBase pepResultHandler keyword.
+    Implementations of this class will be invoked if access is denied to a given
+    resource.  An instance is incorporated into the call stack by passing it in
+    to a MultiHandler instance.
+    The MultiHandler is configured in the AuthorizationMiddlewareBase
+    class - see ndg.security.server.wsgi.authz.  The MultiHandler is passed a
+    checker method which determines whether to allow access, or call this
+    interface.   The checker is implemented in the PEPFilter.  See
+    ndg.security.server.wsgi.authz
+    This class includes user session key and isAuthenticated property inherited
+    from SessionMiddlewareBase
+    """
     @SessionMiddlewareBase.initCall

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/authz/result_handler/basic.py

-                      r6271
+                      r6284
     is incorporated into the call stack by passing it in to a MultiHandler
     instance.  The MultiHandler is configured in the AuthorizationMiddlewareBase
+    class below.  The MultiHandler is passed a checker method which determines
+    whether to allow access, or call this interface.   The checker is
+    implemented in the AuthorizationHandler.  See below ...
+    This class can be overridden to define custom behaviour for the access
+    denied response e.g. include an interface to enable users to register for
+    the dataset from which they have been denied access.  See
+    AuthorizationMiddlewareBase pepResultHandler keyword.
+    class - see ndg.security.server.wsgi.authz.  The MultiHandler is passed a
+    checker method which determines whether to allow access, or call this
+    interface.   The checker is implemented in the PEPFilter.  See
+    ndg.security.server.wsgi.authz
     PEPResultHandlerMiddlewareBase (SessionMiddlewareBase) base class defines

TI12-security/trunk/NDGSecurity/python/ndg_security_server/setup.py

r6202	r6284
64	64	setup(
65	65	name = 'ndg_security_server',
66		version = '1.3.4',
	66	version = '1.4',
67	67	description = 'Server side components for running NERC DataGrid '
68	68	'Security Services',

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/attributeCertificateLog
- Property svn:ignore set to
  ac.xml.*

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/attributeCertificateLog/ac.xml

-                      r6107
+                      r6284
+<?xml version="1.0" encoding="utf-8"?>
+<attributeCertificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" targetNamespace="urn:ndg:security:attributeCertificate">
+    <acInfo>
+        <version>1.0</version>
+        <holder>/CN=server/O=NDG Security Test/OU=WS-Security Unittest</holder>
+        <issuer>/CN=AttributeAuthority/O=NDG Security Test/OU=Site A</issuer>
+        <issuerName>Site A</issuerName>
+        <issuerSerialNumber>253</issuerSerialNumber>
+        <userId>testuser</userId>
+        <validity>
+            <notBefore>2010 01 11 14 22 41</notBefore>
+            <notAfter>2010 01 11 22 22 41</notAfter>
+        </validity>
+        <attributes>
+            <roleSet>
+                <role>
+                    <name>urn:siteA:security:authz:1.0:attr:postdoc</name>
+                </role>
+                <role>
+                    <name>urn:siteA:security:authz:1.0:attr:staff</name>
+                </role>
+                <role>
+                    <name>urn:siteA:security:authz:1.0:attr:undergrad</name>
+                </role>
+                <role>
+                    <name>urn:siteA:security:authz:1.0:attr:coapec</name>
+                </role>
+                <role>
+                    <name>urn:siteA:security:authz:1.0:attr:rapid</name>
+                </role>
+            </roleSet>
+        </attributes>
+        <provenance>original</provenance>
+    </acInfo>
+<ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xmlns"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>ncqStnMQekAQXXUITV4pPmzQMjA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>CQhhukNd+aiVMWnr7EvnU9pPmVSF0n8M4+giwwfOxZhyox/G4ZL/4iwQocRJPblkBMCvgoEcEgDm
+Qq2RXzmQsqO3Q5LZFdtBUNJBJTRnxbPgpIP2z6YzK617e5qkXftdDvWZrrzkWBen1jBN8DhuOlcQ
+rFt0JKBEGTO1ELjLzDY=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICBTCCAW6gAwIBAgICAP0wDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH
+MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNTE2MzUy
+NFoXDTEzMTIxNDE2MzUyNFowSjEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx
+DzANBgNVBAsTBlNpdGUgQTEbMBkGA1UEAxMSQXR0cmlidXRlQXV0aG9yaXR5MIGf
+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCntf+hUxFKXx/KY3LXy/RYc/yqhfIL
+M8h95c14n/WdSqh8rK3VxkUu5gujlEgCHafI2AjNZJZqJfKG7ZucYmRcnXbCX1qP
+IGKa+TllbIWdsa5y/IF/Do2AoPMJnTNJ2U1IBfPQXbO5Sd49OvfTi4Cldk89872R
+IuzPmLIDcFydgQIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJKoZIhvcN
+AQEEBQADgYEAWD04scBB91kWT8qXKZyN2EZ5nBFqs6REXtI+ddOaZt7VtiaHYMXA
+mcRW/kCw8YgS+Ull+mZpAwpWUU9kR/A5dbiIDDRbxlz4BJCeMgkO/OxU31zmvqqa
+UyGXPhtaTuo8DG2uSr5XDk6GnJ5sb0WB3UgsRh7V4ryWkStImCSGY=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></attributeCertificate>

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/siteb/attributeCertificateLog
- Property svn:ignore set to
  ac.xml
  ac.xml.1
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/credentialwallet
- Property svn:ignore set to
  NDGCredentialWalletPickle.dat
  SAMLCredentialWalletPickle.dat

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/test_authz.py

-                      r6264
+                      r6284
 mkPath = lambda file: jnPath(os.environ['NDGSEC_COMBINED_SRVS_UNITTEST_DIR'],
                              file)
+from ConfigParser import SafeConfigParser
 import paste.fixture
 …
 from ndg.security.test.unit import BaseTestCase
 from ndg.security.server.wsgi import NDGSecurityMiddlewareBase
+from ndg.security.server.wsgi.authz.result_handler.basic import \
+    PEPResultHandlerMiddleware
+from ndg.security.server.wsgi.authz.result_handler.redirect import \
+    HTTPRedirectPEPResultHandlerMiddleware
 from ndg.security.server.wsgi.authz import (NdgPIPMiddlewareConfigError,
+                                            SamlPIPMiddlewareConfigError,
+                                            PEPResultHandlerMiddleware)
+                                            SamlPIPMiddlewareConfigError)
 from ndg.security.common.authz.msi import Response
 …
 class NdgWSGIAuthZTestCase(BaseTestCase):
+    INI_FILE = 'ndg-test.ini'
+    THIS_DIR = os.path.dirname(os.path.abspath(__file__))
     def __init__(self, *args, **kwargs):
         BaseTestCase.__init__(self, *args, **kwargs)
+        here_dir = os.path.dirname(os.path.abspath(__file__))
+        wsgiapp = loadapp('config:ndg-test.ini', relative_to=here_dir)
+        wsgiapp = loadapp('config:'+NdgWSGIAuthZTestCase.INI_FILE,
+                          relative_to=NdgWSGIAuthZTestCase.THIS_DIR)
         self.app = paste.fixture.TestApp(wsgiapp)
 …
 class SamlWSGIAuthZTestCase(BaseTestCase):
+    INI_FILE = 'saml-test.ini'
+    THIS_DIR = os.path.dirname(os.path.abspath(__file__))
     def __init__(self, *args, **kwargs):
         BaseTestCase.__init__(self, *args, **kwargs)
+        here_dir = os.path.dirname(os.path.abspath(__file__))
+        wsgiapp = loadapp('config:saml-test.ini', relative_to=here_dir)
+        wsgiapp = loadapp('config:'+SamlWSGIAuthZTestCase.INI_FILE,
+                          relative_to=SamlWSGIAuthZTestCase.THIS_DIR)
         self.app = paste.fixture.TestApp(wsgiapp)
 …
+class PEPResultHandlerTestCase(BaseTestCase):
+    INI_FILE = 'pep-result-handler-test.ini'
+    THIS_DIR = os.path.dirname(os.path.abspath(__file__))
+    INI_FILEPATH = jnPath(THIS_DIR, INI_FILE)
+    def __init__(self, *arg, **kw):
+        BaseTestCase.__init__(self, *arg, **kw)
+        here_dir = os.path.dirname(os.path.abspath(__file__))
+        wsgiapp = loadapp('config:'+PEPResultHandlerTestCase.INI_FILE,
+                          relative_to=PEPResultHandlerTestCase.THIS_DIR)
+        self.app = paste.fixture.TestApp(wsgiapp)
+        cfg = SafeConfigParser(dict(here=PEPResultHandlerTestCase.THIS_DIR))
+        cfg.read(jnPath(PEPResultHandlerTestCase.INI_FILEPATH))
+        self.redirectURI = cfg.get('filter:AuthZFilter',
+                                   'authz.pepResultHandler.redirectURI')
+        self.startSiteAAttributeAuthority(withSSL=True,
+            port=SamlWSGIAuthZTestCase.SITEA_SSL_ATTRIBUTEAUTHORITY_PORTNUM)
+    def testRedirectPEPResultHandlerMiddleware(self):
+        # User is logged in but doesn't have the required credentials for
+        # access
+        extra_environ = {
+            'beaker.session.ndg.security':
+                BeakerSessionStub(username=PEPResultHandlerTestCase.OPENID_URI)
+        }
+        # Expecting redirect response to specified redirect URI
+        response = self.app.get('/test_accessDeniedToSecuredURI',
+                                extra_environ=extra_environ,
+                                status=302)
+        print(response)
+        self.assert_(response.header_dict.get('location') == self.redirectURI)
 if __name__ == "__main__":
     unittest.main()

TI12-security/trunk/NDGSecurity/python/ndg_security_test/setup.py

r6202	r6284
20	20	setup(
21	21	name = 'ndg_security_test',
22		version = '1.3.4',
	22	version = '1.4',
23	23	description = 'NERC DataGrid Security Unit tests',
24	24	long_description = 'Unit tests client - server side',

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 6284 for TI12-security/trunk/NDGSecurity

Legend:

Download in other formats: