source: TI12-security/trunk/MyProxyServerUtils/myproxy/server/wsgi/app.py @ 6897

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/MyProxyServerUtils/myproxy/server/wsgi/app.py@6897
Revision 6897, 3.4 KB checked in by pjkersha, 10 years ago (diff)

Fixed setting of authentication realm for HTTP Basic Auth middleware and improved interface to callback function by providing a exception type for the callback function to use to pass back message and HTTP status code.

Line 
1"""HTTPS proxy to MyProxy server WSGI Application
2 
3NERC DataGrid Project
4"""
5__author__ = "P J Kershaw"
6__date__ = "21/05/10"
7__copyright__ = "(C) 2010 Science and Technology Facilities Council"
8__license__ = "BSD - see LICENSE file in top-level directory"
9__contact__ = "Philip.Kershaw@stfc.ac.uk"
10__revision__ = "$Id: $"
11from myproxy.server.wsgi.httpbasicauth import HttpBasicAuthMiddleware
12from myproxy.server.wsgi.middleware import MyProxyClientMiddleware
13     
14       
15class MyProxyLogonMiddlewareConfigError(Exception):
16    """Configuration error with MyProxyLogonMiddleware"""
17   
18   
19class MyProxyLogonApp(object):
20    """HTTP interface to MyProxy logon.  This interfaces creates a MyProxy
21    client instance with a HTTP Basic Auth based web service interface
22    to pass username/passphrase for MyProxy logon calls. 
23   
24    This WSGI must be run over HTTPS to ensure confidentiality of
25    username/passphrase credentials.  PKI based verification of requests
26    should be done out of band of this app e.g. in other filter middleware or
27    Apache SSL configuration.
28    """
29    PARAM_PREFIX = 'myproxy.logon.'
30    HTTPBASICAUTH_REALM_OPTNAME = 'httpbasicauth.realm'
31   
32    @classmethod
33    def app_factory(cls, global_conf, prefix=PARAM_PREFIX, **app_conf): 
34        """Function following Paste app factory signature
35       
36        @type global_conf: dict       
37        @param global_conf: PasteDeploy global configuration dictionary
38        @type prefix: basestring
39        @param prefix: prefix for configuration items
40        @type app_conf: dict       
41        @param app_conf: PasteDeploy application specific configuration
42        dictionary
43        """
44        logonFuncEnvKeyNameOptName = prefix + \
45                        MyProxyClientMiddleware.LOGON_FUNC_ENV_KEYNAME_OPTNAME
46       
47        logonFuncEnvironKeyName = app_conf.get(logonFuncEnvKeyNameOptName,
48                                MyProxyClientMiddleware.LOGON_FUNC_ENV_KEYNAME)
49                       
50        app = MyProxyLogonApp()
51        httpBasicAuthMWare = HttpBasicAuthMiddleware.filter_app_factory(app, 
52                                                                global_conf, 
53                                                                prefix=prefix, 
54                                                                **app_conf)
55       
56        app = MyProxyClientMiddleware.filter_app_factory(httpBasicAuthMWare, 
57                                                         global_conf, 
58                                                         prefix=prefix,
59                                                         **app_conf)
60       
61        # Set HTTP Basic Auth to use the MyProxy client logon for its
62        # authentication method
63        httpBasicAuthMWare.authnFuncEnvironKeyName = app.logonFuncEnvironKeyName
64       
65        # Mirror callback function setting in HTTP Basic Auth middleware so
66        # that it correctly picks up the authentication function
67        realmOptName = prefix + cls.HTTPBASICAUTH_REALM_OPTNAME
68        httpBasicAuthMWare.realm = app_conf[realmOptName]
69       
70        return app
71   
72    def __call__(self, environ, start_response):
73        """Catch case where request path doesn't match mount point for app"""
74        status = response = '404 Not Found'
75        start_response(status,
76                       [('Content-type', 'text/plain'),
77                        ('Content-length', str(len(response)))])
78        return [response]
79       
80
81
Note: See TracBrowser for help on using the repository browser.