Ignore:
Timestamp:
29/07/10 21:32:16 (11 years ago)
Author:
pjkersha
Message:

Incomplete - task 2: XACML-Security Integration

  • cleaning out more old modules containing retired NDG2 security functionality
  • progress with ndg.security.test.unit.wsgi.authz.test_authz unit tests integrating SAML/XACML authorisation service to WSGI filter SAML PEP
Location:
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/authorisationservice/authorisation-service.ini

    r7168 r7257  
    3737# This filter is a container for a binding to a SOAP based interface to the 
    3838# Attribute Authority 
    39 paste.filter_app_factory = ndg.saml.test.binding.soap.test_authzservice:TestAuthorisationServiceMiddleware 
    40 queryInterfaceKeyName = AUTHZ_DECISION_QUERY_FUNC 
     39paste.filter_app_factory = ndg.security.server.wsgi.authz.service:AuthorisationServiceMiddleware.filter_app_factory 
     40prefix = authz. 
     41authz.queryInterfaceKeyName = AUTHZ_DECISION_QUERY_FUNC 
     42authz.policyFilePath = %(here)s/policy.xml 
     43authz.xacmlContext.assertionLifetime = 86400 
    4144 
    4245# Logging configuration 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/test_authz.py

    r7168 r7257  
    4141from ndg.saml.xml.etree import (AuthzDecisionQueryElementTree,  
    4242                                ResponseElementTree) 
     43 
    4344 
    4445class TestAuthorisationServiceMiddleware(object): 
     
    124125        return authzDecisionQuery 
    125126 
     127 
    126128class RedirectFollowingAccessDenied(PEPResultHandlerMiddleware): 
    127129     
     
    141143        else: 
    142144            return super(RedirectFollowingAccessDenied, self).__call__( 
    143                                                             environ, 
    144                                                             start_response) 
    145  
    146          
     145                                                                environ, 
     146                                                                start_response) 
     147 
     148 
    147149class TestAuthZMiddleware(object): 
    148150    '''Test Application for the Authentication handler to protect''' 
     
    177179                         str(len(TestAuthZMiddleware.response))), 
    178180                        ('Content-type', 'text/plain')]) 
     181         
    179182        return [TestAuthZMiddleware.response] 
    180183 
     
    195198        BaseTestCase.__init__(self, *args, **kwargs) 
    196199 
    197          
    198200        wsgiapp = loadapp('config:'+SamlWSGIAuthZTestCase.INI_FILE,  
    199201                          relative_to=SamlWSGIAuthZTestCase.THIS_DIR) 
     
    238240 
    239241    def test04Catch403WithLoggedIn(self): 
    240          
    241242        # Check that the application being secured can raise a HTTP 403 
    242243        # response and that this respected by the Authorization middleware 
     
    245246        extra_environ = { 
    246247            self.__class__.SESSION_KEYNAME: 
    247                 BeakerSessionStub(username=SamlWSGIAuthZTestCase.OPENID_URI) 
     248                BeakerSessionStub(username=SamlWSGIAuthZTestCase.OPENID_URI), 
     249            'REMOTE_USER': self.__class__.OPENID_URI 
    248250        } 
    249251        response = self.app.get('/test_403',  
     
    252254 
    253255    def test05Catch401WithNotLoggedInAndSecuredURI(self): 
    254          
    255         # AuthZ middleware grants access because the URI requested is not  
    256         # targeted in the policy 
     256        # AuthZ middleware grants access because the URI requested is has no 
     257        # subject restriction set in the policy rule 
    257258         
    258259        # AuthZ middleware checks for username key in session set by AuthN 
     
    269270        extra_environ = { 
    270271            self.__class__.SESSION_KEYNAME: 
    271                 BeakerSessionStub(username=SamlWSGIAuthZTestCase.OPENID_URI) 
     272                BeakerSessionStub(username=SamlWSGIAuthZTestCase.OPENID_URI), 
     273            'REMOTE_USER': self.__class__.OPENID_URI 
    272274        } 
    273275         
     
    285287        extra_environ = { 
    286288            self.__class__.SESSION_KEYNAME: 
    287                 BeakerSessionStub(username=SamlWSGIAuthZTestCase.OPENID_URI) 
     289                BeakerSessionStub(username=SamlWSGIAuthZTestCase.OPENID_URI), 
     290            'REMOTE_USER': self.__class__.OPENID_URI 
    288291        } 
    289292         
     
    300303        extra_environ = { 
    301304            self.__class__.SESSION_KEYNAME: 
    302                 BeakerSessionStub(username=SamlWSGIAuthZTestCase.OPENID_URI) 
     305                BeakerSessionStub(username=SamlWSGIAuthZTestCase.OPENID_URI), 
     306            'REMOTE_USER': self.__class__.OPENID_URI 
    303307        } 
    304308         
     
    347351        # User is logged in but doesn't have the required credentials for  
    348352        # access 
    349         extra_environ = { 
    350             self.__class__.SESSION_KEYNAME: 
    351                         BeakerSessionStub(username=self.__class__.OPENID_URI) 
    352         } 
    353          
    354         # Expecting redirect response to specified redirect URI 
    355         response = self.app.get('/test_accessDeniedToSecuredURI', 
    356                                 extra_environ=extra_environ, 
    357                                 status=302) 
    358         print(response) 
    359         self.assert_(response.header_dict.get('location') == self.redirectURI) 
     353        raise NotImplementedError('TODO: fix recursion error') 
     354#        extra_environ = { 
     355#            self.__class__.SESSION_KEYNAME: 
     356#                        BeakerSessionStub(username=self.__class__.OPENID_URI) 
     357#        } 
     358#         
     359#        # Expecting redirect response to specified redirect URI 
     360#        response = self.app.get('/test_accessDeniedToSecuredURI', 
     361#                                extra_environ=extra_environ, 
     362#                                status=302) 
     363#        print(response) 
     364#        self.assert_(response.header_dict.get('location') == self.redirectURI) 
    360365         
    361366if __name__ == "__main__": 
Note: See TracChangeset for help on using the changeset viewer.