source: TI12-security/trunk/MyProxyLogonWebService/myproxy/server/wsgi/app.py @ 6938

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/MyProxyLogonWebService/myproxy/server/wsgi/app.py@6938
Revision 6938, 3.7 KB checked in by pjkersha, 9 years ago (diff)

Incomplete - task 5: MyProxy? Logon HTTPS Interface

  • Added middleware for get trust roots interface
Line 
1"""HTTPS proxy to MyProxy server WSGI Application
2 
3NERC DataGrid Project
4"""
5__author__ = "P J Kershaw"
6__date__ = "21/05/10"
7__copyright__ = "(C) 2010 Science and Technology Facilities Council"
8__license__ = "BSD - see LICENSE file in top-level directory"
9__contact__ = "Philip.Kershaw@stfc.ac.uk"
10__revision__ = "$Id: $"
11from myproxy.server.wsgi.httpbasicauth import HttpBasicAuthMiddleware
12from myproxy.server.wsgi.middleware import (MyProxyClientMiddleware,
13                                            MyProxyGetTrustRootsMiddleware)
14     
15       
16class MyProxyApp(object):
17    """HTTP interface to MyProxy logon and get trsut roots.  This interfaces
18    creates a MyProxy client instance with a HTTP Basic Auth based web service
19    interface to pass username/passphrase for MyProxy logon calls. 
20   
21    This WSGI must be run over HTTPS to ensure confidentiality of
22    username/passphrase credentials.  PKI based verification of requests
23    should be done out of band of this app e.g. in other filter middleware or
24    Apache SSL configuration.
25    """
26    PARAM_PREFIX = 'myproxy.'
27    GET_TRUSTROOTS_PARAM_PREFIX = 'getTrustRoots.'
28    HTTPBASICAUTH_REALM_OPTNAME = 'httpbasicauth.realm'
29   
30    @classmethod
31    def app_factory(cls, global_conf, prefix=PARAM_PREFIX, **app_conf): 
32        """Function following Paste app factory signature
33       
34        @type global_conf: dict       
35        @param global_conf: PasteDeploy global configuration dictionary
36        @type prefix: basestring
37        @param prefix: prefix for configuration items
38        @type app_conf: dict       
39        @param app_conf: PasteDeploy application specific configuration
40        dictionary
41        """
42        # This app             
43        app = cls()
44       
45        # HTTP Basic auth middleware - a container for MyProxy logon
46        httpBasicAuthMWare = HttpBasicAuthMiddleware.filter_app_factory(app, 
47                                                                global_conf, 
48                                                                prefix=prefix, 
49                                                                **app_conf)
50       
51        # MyProxy get trust roots middleware
52        getTrustRootsPrefix = prefix + cls.GET_TRUSTROOTS_PARAM_PREFIX
53        getTrustRootsMWare = MyProxyGetTrustRootsMiddleware.filter_app_factory(
54                                                    httpBasicAuthMWare, 
55                                                    global_conf, 
56                                                    prefix=getTrustRootsPrefix)
57       
58        # Middleware to hold a MyProxy client and expose interface in environ
59        app = MyProxyClientMiddleware.filter_app_factory(getTrustRootsMWare, 
60                                                         global_conf, 
61                                                         prefix=prefix,
62                                                         **app_conf)
63       
64        # Set HTTP Basic Auth to use the MyProxy client logon for its
65        # authentication method
66        httpBasicAuthMWare.authnFuncEnvironKeyName = app.logonFuncEnvironKeyName
67       
68        # Mirror callback function setting in HTTP Basic Auth middleware so
69        # that it correctly picks up the authentication function
70        realmOptName = prefix + cls.HTTPBASICAUTH_REALM_OPTNAME
71        httpBasicAuthMWare.realm = app_conf[realmOptName]
72       
73        return app
74   
75    def __call__(self, environ, start_response):
76        """Catch case where request path doesn't match mount point for app"""
77        status = response = '404 Not Found'
78        start_response(status,
79                       [('Content-type', 'text/plain'),
80                        ('Content-length', str(len(response)))])
81        return [response]
82       
83
84
Note: See TracBrowser for help on using the repository browser.