Ignore:
Timestamp:
24/02/10 09:40:47 (11 years ago)
Author:
pjkersha
Message:

ndg.security.test.unit.saml.test_soapauthzdecisioninterface: Working Authorisation Service unit test with ndg.security.server.wsgi.authzservice.AuthzServiceMiddleware?. This is called via paste.fixture but it itself is a client to the SAML Attribute Authority running with paster over SSL.

Location:
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/__init__.py

    r6069 r6617  
    4040                                                    ssl_context=ssl_context) 
    4141     
    42     def _getPasteServer(self): 
     42    @property 
     43    def pasteServer(self): 
    4344        return self.__pasteServer 
    4445     
    45     pasteServer = property(fget=_getPasteServer) 
    46      
    47     def _getThread(self): 
     46    @property 
     47    def thread(self): 
    4848        return self.__thread 
    49      
    50     thread = property(fget=_getThread) 
    5149     
    5250    def start(self): 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/authz-service.ini

    r6615 r6617  
    4747# Attribute Authorities 
    4848authz.pip.attributeQuery.subjectIdFormat = urn:esg:openid 
    49 authz.pip.attributeQuery.verifyTimeConditions = True 
     49authz.pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string 
     50authz.pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca 
     51authz.pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt 
     52authz.pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/policy-1.1.xml

    r6615 r6617  
    44     
    55    <Target> 
    6         <URIPattern>http://localhost/dap/data/.*</URIPattern> 
     6        <URIPattern>^http://localhost/dap/data/.*</URIPattern> 
    77        <Attributes> 
    88            <Attribute> 
    99                <Name>urn:siteA:security:authz:1.0:attr:staff</Name> 
    10                 <AttributeAuthorityURI>https://localhost:5443/AttributeAuthority</AttributeAuthorityURI> 
     10                <AttributeAuthorityURI>https://localhost:5443/AttributeAuthority/saml</AttributeAuthorityURI> 
    1111            </Attribute> 
    1212        </Attributes>         
    1313    </Target> 
    1414    <Target> 
    15         <URIPattern>^/test_accessDeniedToSecuredURI$</URIPattern> 
     15        <URIPattern>^http://localhost/dap/data/test_accessDeniedToSecuredURI$</URIPattern> 
    1616        <Attributes> 
    1717            <Attribute> 
    1818                <Name>urn:siteA:security:authz:1.0:attr:forbidden</Name> 
    19                 <AttributeAuthorityURI>https://localhost:5443/AttributeAuthority</AttributeAuthorityURI> 
     19                <AttributeAuthorityURI>https://localhost:5443/AttributeAuthority/saml</AttributeAuthorityURI> 
    2020            </Attribute> 
    2121            <Attribute> 
    2222                <Name>urn:siteA:security:authz:1.0:attr:keepout</Name> 
    23                 <AttributeAuthorityURI>https://localhost:5443/AttributeAuthority</AttributeAuthorityURI> 
     23                <AttributeAuthorityURI>https://localhost:5443/AttributeAuthority/saml</AttributeAuthorityURI> 
    2424            </Attribute> 
    2525        </Attributes> 
     
    3131            <Attribute> 
    3232                <Name>urn:siteA:security:authz:1.0:attr:staff</Name> 
    33                 <AttributeAuthorityURI>https://localhost:5443/AttributeAuthority</AttributeAuthorityURI> 
     33                <AttributeAuthorityURI>https://localhost:5443/AttributeAuthority/saml</AttributeAuthorityURI> 
    3434            </Attribute> 
    3535        </Attributes>         
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/test_soapauthzdecisioninterface.py

    r6615 r6617  
    198198    CONFIG_FILENAME = 'authz-service.ini' 
    199199    RESOURCE_URI = 'http://localhost/dap/data/my.nc.dods?time[0:1:0]' 
     200    ACCESS_DENIED_RESOURCE_URI = 'http://localhost/dap/data/test_accessDeniedToSecuredURI' 
    200201     
    201202    def __init__(self, *arg, **kw): 
     
    205206                                                                    *arg, **kw) 
    206207        self.startSiteAAttributeAuthority(withSSL=True, port=5443) 
     208         
     209    def test02AccessDenied(self): 
     210        cls = SOAPAuthzServiceMiddlewareTestCase 
     211        query = self._createAuthzDecisionQuery( 
     212                                        resource=cls.ACCESS_DENIED_RESOURCE_URI) 
     213        request = self._makeRequest(query=query) 
     214         
     215        header = { 
     216            'soapAction': "http://www.oasis-open.org/committees/security", 
     217            'Content-length': str(len(request)), 
     218            'Content-type': 'text/xml' 
     219        } 
     220        response = self.app.post('/authorisationservice/',  
     221                                 params=request,  
     222                                 headers=header,  
     223                                 status=200) 
     224        print("Response status=%d" % response.status) 
     225        samlResponse = self._getSAMLResponse(response.body) 
     226 
     227        self.assert_(samlResponse.status.statusCode.value == \ 
     228                     StatusCode.SUCCESS_URI) 
     229        self.assert_(samlResponse.inResponseTo == query.id) 
     230        self.assert_(samlResponse.assertions[0].subject.nameID.value == \ 
     231                     query.subject.nameID.value) 
     232        self.assert_(samlResponse.assertions[0]) 
     233        self.assert_(samlResponse.assertions[0].authzDecisionStatements[0]) 
     234        self.assert_(samlResponse.assertions[0].authzDecisionStatements[0 
     235                                            ].decision == DecisionType.DENY)    
    207236     
    208237     
Note: See TracChangeset for help on using the changeset viewer.