Ignore:
Timestamp:
23/08/10 16:32:14 (11 years ago)
Author:
pjkersha
Message:

Incomplete - task 2: XACML-Security Integration

  • implemented caching of authorisation decision statements in the PEP to cut down on calls to authorisation service.
Location:
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/authorisationservice/policy.xml

    r7350 r7357  
    165165                            AttributeId="urn:siteA:security:authz:1.0:attr"  
    166166                            DataType="http://www.w3.org/2001/XMLSchema#string"/> 
    167                         <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:siteA:security:authz:1.0:attr:admin</AttributeValue> 
     167                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">admin</AttributeValue> 
    168168                    </SubjectMatch> 
    169169                </Subject> 

  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/__init__.py

    r7350 r7357  
    2323"/logout?ndg.security.logout.r=/test_logoutWithReturn2QueryArg":  
    2424    "test_logoutWithReturn2QueryArg", 
    25 "/test_logoutWithReturn2QueryArg": "test_logoutWithReturn2QueryArg" 
     25"/test_logoutViaHttpReferrer": "test_logoutViaHttpReferrer" 
    2626    } 
    2727    header = """        <h1>Authorisation Integration Tests:</h1> 
     
    8888</html> 
    8989""" % (AuthZTestApp.header, 
    90        '\n'.join(['<li><a href="%s">%s</a></li>' % (link, link)  
     90       '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    9191                 for link,name in self.method.items() if name != 'default']) 
    9292       ) 
     
    220220        return response 
    221221     
     222    def test_logoutViaHttpReferrer(self, environ, start_response): 
     223        """Test logout - the middleware works out where to return to by checking 
     224        the HTTP_REFERER environ setting 
     225        """ 
     226        response = """<html> 
     227    <head/> 
     228    <body> 
     229        <h1>Logged Out</h1> 
     230        <p>Successfully redirected to specified return to HTTP_REFERER=%s  
     231        following logout.   
     232        <a href="/">Return to tests</a></p> 
     233    </body> 
     234</html> 
     235""" % environ['PATH_INFO'] 
     236 
     237        start_response('200 OK',  
     238                       [('Content-type', 'text/html'), 
     239                        ('Content-length', str(len(response)))]) 
     240        return response 
     241     
    222242    @classmethod 
    223243    def app_factory(cls, globalConfig, **localConfig): 

  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/policy.xml

    r7350 r7357  
    3737        Policy element above 
    3838    --> 
     39    <Rule RuleId="Graphics and CSS" Effect="Permit"> 
     40        <!--  
     41            Public access for graphics and CSS content 
     42        --> 
     43        <Target> 
     44            <Resources> 
     45                <Resource> 
     46                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match"> 
     47                        <ResourceAttributeDesignator 
     48                            AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
     49                            DataType="http://www.w3.org/2001/XMLSchema#anyURI"/> 
     50                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:7080/layout/</AttributeValue> 
     51                    </ResourceMatch> 
     52                </Resource> 
     53            </Resources> 
     54        </Target> 
     55    </Rule> 
     56 
    3957    <Rule RuleId="urn:ndg:security:public-uri" Effect="Permit"> 
    4058        <!--  
     
    5169                            AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
    5270                            DataType="http://www.w3.org/2001/XMLSchema#anyURI"/> 
    53                         <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:7080/(test_401|test_403|test_logoutWithReturn2QueryArg)?$</AttributeValue> 
     71                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:7080/(test_401|test_403|test_logoutViaHttpReferrer|test_logoutWithReturn2QueryArg)?$</AttributeValue> 
    5472                    </ResourceMatch> 
    5573                </Resource> 

  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/securedapp.ini

    r7350 r7357  
    9595pep.sessionKey = beaker.session.ndg.security 
    9696pep.authzServiceURI = https://localhost:7443/AuthorisationService 
     97pep.cacheDecisions = True 
    9798 
    9899# Settings for Policy Information Point used by the Policy Decision Point to 
Note: See TracChangeset for help on using the changeset viewer.