source: TI05-delivery/ows_framework/trunk/ows_server/ows_server/config/ndgMiddleware.py @ 3901

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI05-delivery/ows_framework/trunk/ows_server/ows_server/config/ndgMiddleware.py@3901
Revision 3901, 5.6 KB checked in by pjkersha, 12 years ago (diff)

Working version with Gatekeeper code moved into it's own package in ndg.security.

All security code now decoupled from ows_server - Single Sign On and Gatekeeper.

ows_server/ndgDiscovery.config: moved Gatekeeper settings into its own NDG_SECURITY.gatekeeper section

ows_server/ows_server/config/ndgMiddleware.py:

  • now initialises PEP class (Policy Enforcement Point aka Gatekeeper) from ndg.security.common.authz.pep and adds as a g var attr.



Index: ows_server/ows_server/controllers/logout.py: remove old commented out code

ows_server/ows_server/controllers/retrieve.py:

ows_server/ows_server/lib/ndgInterface.py: replaced old ndgInterface gatekeeper code with PEP class.

ows_server/ows_server/lib/security_util.py: moved out of ows_server into ndg.security.common

ows_server/ows_server/lib/base.py: tidied up imports

ows_server/ows_server/templates/stubB.kid: code to comment out the CSML entries caused an error for render(). Re-instated commented out section.
Line 
1# ndg middleware
2from paste.deploy import CONFIG
3from ows_server.models.Utilities import myConfig
4
5
6class NDGConfigError(Exception): 
7    '''Errors related to reading from ndg config file'''
8     
9class ndgMiddleware:
10   
11    def __init__(self,app,g):
12       
13        #this is the next application in the wsgi stack
14        self.app=app
15       
16        #set up the ndg configuration file
17       
18        #Changed by Dom: CONFIG.get wasn't respecting the %(home)s variable, so moved to app_conf section in ini file.
19        #cf=CONFIG.get('configfile')
20        cf= CONFIG['app_conf']['configfile']
21        cf=myConfig(cf)
22     
23        self.globals=g
24        self.globals.htdocs=cf.get('DEFAULT','htdocs',None)
25        self.globals.localLink=cf.get('layout','localLink',None)
26        self.globals.localImage=cf.get('layout','localImage',None)
27        self.globals.localAlt=cf.get('layout','localAlt','Visit Local Site')
28        self.globals.ndgLink=cf.get('layout','ndgLink','http://ndg.nerc.ac.uk')
29        self.globals.ndgImage=cf.get('layout','ndgImage',None)
30        self.globals.ndgAlt=cf.get('layout','ndgAlt','Visit NDG')
31        self.globals.stfcLink=cf.get('layout','stfcLink')
32        self.globals.stfcImage=cf.get('layout','stfcImage')
33        self.globals.helpIcon=cf.get('layout','helpIcon')
34        self.globals.LeftAlt=cf.get('layout','HdrLeftAlt')
35        self.globals.LeftLogo=cf.get('layout','HdrLeftLogo')
36        self.globals.pageLogo="bodcHdr"
37        self.globals.icons_xml=cf.get('layout','Xicon')
38        self.globals.icons_plot=cf.get('layout','plot')
39        self.globals.icons_prn=cf.get('layout','printer')
40        self.globals.icons_A=cf.get('NDG_A_SERVICE','icon')
41        self.globals.icons_B=cf.get('NDG_B_SERVICE','icon')
42        self.globals.icons_D=cf.get('DISCOVERY','icon')
43        self.globals.icons_R=cf.get('RELATED','icon')
44        self.globals.icons_key=cf.get('layout','key')
45       
46        self.globals.disclaimer=cf.get('default','disclaimer')
47       
48        self.globals.discoveryURL=cf.get('SEARCH','discoveryURL')
49       
50        self.globals.server=cf.get('DEFAULT','server','')
51
52       
53        # for standalone discovery
54        self.globals.standalone=cf.config.getboolean('DISCOVERY','standalone')       
55
56       
57        # Security Related
58
59        # Single Sign On settings - check for mode of operation:
60        # 1) act as a client to a separate Single Sign On Service
61        # or
62        # 2) Single Sign On service is integrated into THIS service
63        securityEnabled = not self.globals.standalone
64        isSSOClient = cf.config.has_section('NDG_SECURITY.ssoClient') and \
65            securityEnabled
66           
67        isSSOService = cf.config.has_section('NDG_SECURITY.ssoService') and \
68            securityEnabled
69           
70        if isSSOClient and isSSOService:
71            raise NDGConfigError(\
72                "NDG_SECURITY.ssoClient and NDG_SECURITY.ssoService " + \
73                "sections are present in the NDG Config file: " + \
74                "only one or the other may be set")
75 
76        if isSSOClient:
77            try:
78                from \
79            ndg.security.client.ssoclient.ssoclient.config.ssoClientMiddleware\
80                    import SSOMiddleware
81            except ImportError, e:
82                # If standalone flag is not present security must be enabled
83                raise NDGConfigError(\
84                    '%s: importing Single Sign On Client SSOMiddleware: %s' % \
85                        (__name__, e))
86                       
87               
88            SSOMiddleware(app, cf.config, g,
89                          defSection='NDG_SECURITY.ssoClient')
90           
91            self.globals.sslServer = g.ndg.security.client.ssoclient.cfg.sslServer
92            self.globals.wayfuri=g.ndg.security.client.ssoclient.cfg.wayfuri
93            self.globals.logout=g.ndg.security.client.ssoclient.cfg.logoutURI
94           
95        elif isSSOService:
96            try:
97                from ndg.security.server.sso.sso.config.ssoServiceMiddleware \
98                    import SSOMiddleware
99            except ImportError, e:
100                # If standalone flag is not present security must be enabled
101                raise NDGConfigError(\
102                    '%s: importing Single Sign On Service SSOMiddleware: %s' %\
103                        (__name__, e))
104                       
105               
106            SSOMiddleware(app, cf.config, g, 
107                          defSection='NDG_SECURITY.ssoService')
108           
109            self.globals.sslServer=g.ndg.security.server.ssoservice.cfg.sslServer
110            self.globals.wayfuri=g.ndg.security.server.ssoservice.cfg.wayfuri
111            self.globals.logout=g.ndg.security.server.ssoservice.cfg.logoutURI
112            self.globals.getCredentials=g.ndg.security.server.ssoservice.cfg.getCredentials
113
114        # Policy Enforcement Point initialisation
115        if securityEnabled:
116            try:
117                from ndg.security.common.authz.pep import PEP
118            except ImportError, e:
119                # If standalone flag is not present security must be enabled
120                raise NDGConfigError('%s: expecting standalone config ' % \
121                        __name__ + 
122                        'flag set to False for Policy Enforcement Point ' + \
123                        'import: %s' % e)
124           
125            self.globals.pep = PEP(cfg=cf.config, 
126                                   cfgSection='NDG_SECURITY.gatekeeper')
127           
128        self.config=cf
129       
130       
131    def __call__(self,environ,start_response):
132       
133        environ['ndgConfig']=self.config
134        return self.app(environ,start_response)
135   
Note: See TracBrowser for help on using the repository browser.