source: TI05-delivery/ows_framework/trunk/ows_server/ows_server/config/ndgMiddleware.py @ 2929

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI05-delivery/ows_framework/trunk/ows_server/ows_server/config/ndgMiddleware.py@2929
Revision 2929, 2.4 KB checked in by pjkersha, 12 years ago (diff)

MAjor change to enable login transactions to operate over https.

ndgDiscovery.config: added sslServer param for https virtual host to serve secured login

ows_server/models/ndgSecurity.py:

  • access config params via g.securityCfg set in ndgMiddleware
  • improved error reporting

ows_server/config/ndgMiddleware.py: added global settings ...

  • sslServer - virtual host for running login transactions over https
  • securityCfg - security configuration parameters

ows_server/controllers/login.py:

  • urlsplit instead of urlparse
  • use ndg.security.common.m2CryptoSSLUtility.HTTPSConnection to check peer cert prior to redirect back to login requestor in LoginController?.doRedirect
  • replace 'setup' with 'before'. Latter is pylons/paste convenience method enabling settings to be made prior to each action
  • removed 'securitySetup' - this is done in ndgMiddleware at start-up
  • Nb. in doRedirect - currently set to always return params over http GET even if requestor and logi service are in the same domain - this is for testing only

ows_server/controllers/logout.py:

  • replace 'setup' with 'before'.
  • removed 'securitySetup' - this is done in ndgMiddleware at start-up

ows_server/lib/security_util.py:

  • Added SecurityConfig? class - a container for security config items held by 'g' global variable.

ows_server/lib/base.py: on setting of security params from LoginService? redirect back to http from https

ows_server/templates/ndgPage.kid: removed Session Manager address from the display - not needed for the user to see.

ows_server/templates/wayf.kid: ensure return URL is switched to https from http so that GET query args are hidden.

Line 
1# ndg middleware
2from paste.deploy import CONFIG
3from ows_server.models.Utilities import myConfig
4from ows_server.lib.security_util import SecurityConfig
5
6class ndgMiddleware:
7   
8    def __init__(self,app,g):
9       
10        #this is the next application in the wsgi stack
11        self.app=app
12       
13        #set up the ndg configuration file
14       
15        #Changed by Dom: CONFIG.get wasn't respecting the %(home)s variable, so moved to app_conf section in ini file.
16        #cf=CONFIG.get('configfile')
17        cf= CONFIG['app_conf']['configfile']
18        cf=myConfig(cf)
19     
20        self.globals=g
21        self.globals.localLink=cf.get('layout','localLink',None)
22        self.globals.localImage=cf.get('layout','localImage',None)
23        self.globals.localAlt=cf.get('layout','localAlt','Visit Local Site')
24        self.globals.ndgLink=cf.get('layout','ndgLink','http://ndg.nerc.ac.uk')
25        self.globals.ndgImage=cf.get('layout','ndgImage',None)
26        self.globals.ndgAlt=cf.get('layout','ndgAlt','Visit NDG')
27        self.globals.stfcLink=cf.get('layout','stfcLink')
28        self.globals.stfcImage=cf.get('layout','stfcImage')
29        self.globals.helpIcon=cf.get('layout','helpIcon')
30        self.globals.LeftAlt=cf.get('layout','HdrLeftAlt')
31        self.globals.LeftLogo=cf.get('layout','HdrLeftLogo')
32        self.globals.pageLogo="bodcHdr"
33        self.globals.icons_xml=cf.get('layout','Xicon')
34        self.globals.icons_prn=cf.get('layout','printer')
35        self.globals.icons_A=cf.get('NDG_A_SERVICE','icon')
36        self.globals.icons_B=cf.get('NDG_B_SERVICE','icon')
37        self.globals.icons_D=cf.get('DISCOVERY','icon')
38        self.globals.icons_R=cf.get('RELATED','icon')
39        self.globals.icons_key=cf.get('layout','key')
40       
41        self.globals.discoveryURL=cf.get('SEARCH','discoveryURL')
42       
43        self.globals.server=cf.get('DEFAULT','server','')
44
45        # Security Related
46        self.globals.wayfuri='%s/wayf'%self.globals.server
47
48        # Use secure connection
49        self.globals.sslServer=cf.get('NDG_SECURITY','sslServer','')
50        self.globals.getCredentials='%s/getCredentials'%self.globals.sslServer       
51        self.globals.logout='%s/logout'%self.globals.server
52        self.globals.securityCfg = SecurityConfig(cf)
53       
54        self.config=cf
55       
56       
57    def __call__(self,environ,start_response):
58       
59        environ['ndgConfig']=self.config
60        return self.app(environ,start_response)
61   
Note: See TracBrowser for help on using the repository browser.