source: TI12-security/trunk/MyProxyWebService/myproxy/server/wsgi/app.py @ 6943

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/MyProxyWebService/myproxy/server/wsgi/app.py@6943
Revision 6943, 4.0 KB checked in by pjkersha, 9 years ago (diff)

Incomplete - task 5: MyProxy? Logon HTTPS Interface

  • Working myproxy-ws-get-trustroots.sh http client shell script.
Line 
1"""HTTPS proxy to MyProxy server WSGI Application
2 
3NERC DataGrid Project
4"""
5__author__ = "P J Kershaw"
6__date__ = "21/05/10"
7__copyright__ = "(C) 2010 Science and Technology Facilities Council"
8__license__ = "BSD - see LICENSE file in top-level directory"
9__contact__ = "Philip.Kershaw@stfc.ac.uk"
10__revision__ = "$Id: $"
11from myproxy.server.wsgi.httpbasicauth import HttpBasicAuthMiddleware
12from myproxy.server.wsgi.middleware import (MyProxyClientMiddleware,
13                                            MyProxyGetTrustRootsMiddleware)
14     
15       
16class MyProxyApp(object):
17    """HTTP interface to MyProxy logon and get trsut roots.  This interfaces
18    creates a MyProxy client instance with a HTTP Basic Auth based web service
19    interface to pass username/passphrase for MyProxy logon calls. 
20   
21    This WSGI must be run over HTTPS to ensure confidentiality of
22    username/passphrase credentials.  PKI based verification of requests
23    should be done out of band of this app e.g. in other filter middleware or
24    Apache SSL configuration.
25    """
26    PARAM_PREFIX = 'myproxy.'
27    LOGON_PARAM_PREFIX = 'logon.'
28    GET_TRUSTROOTS_PARAM_PREFIX = 'getTrustRoots.'
29    HTTPBASICAUTH_REALM_OPTNAME = 'httpbasicauth.realm'
30   
31    @classmethod
32    def app_factory(cls, global_conf, prefix=PARAM_PREFIX, **app_conf): 
33        """Function following Paste app factory signature
34       
35        @type global_conf: dict       
36        @param global_conf: PasteDeploy global configuration dictionary
37        @type prefix: basestring
38        @param prefix: prefix for configuration items
39        @type app_conf: dict       
40        @param app_conf: PasteDeploy application specific configuration
41        dictionary
42        """
43        # This app             
44        app = cls()
45       
46        # HTTP Basic auth middleware - a container for MyProxy logon
47        logonPrefix = prefix + cls.LOGON_PARAM_PREFIX
48        httpBasicAuthMWare = HttpBasicAuthMiddleware.filter_app_factory(app, 
49                                                            global_conf, 
50                                                            prefix=logonPrefix, 
51                                                            **app_conf)
52       
53        # MyProxy get trust roots middleware
54        getTrustRootsPrefix = prefix + cls.GET_TRUSTROOTS_PARAM_PREFIX
55        getTrustRootsMWare = MyProxyGetTrustRootsMiddleware.filter_app_factory(
56                                                    httpBasicAuthMWare, 
57                                                    global_conf, 
58                                                    prefix=getTrustRootsPrefix,
59                                                    **app_conf)
60       
61        # Middleware to hold a MyProxy client and expose interface in environ
62        app = MyProxyClientMiddleware.filter_app_factory(getTrustRootsMWare, 
63                                                         global_conf, 
64                                                         prefix=prefix,
65                                                         **app_conf)
66       
67        # Set HTTP Basic Auth to use the MyProxy client logon for its
68        # authentication method
69        httpBasicAuthMWare.authnFuncEnvironKeyName = app.logonFuncEnvironKeyName
70       
71        # Set Get trust roots middleware to use the MyProxyClient environ key
72        # name set by MyProxyClientMiddleware
73        getTrustRootsMWare.clientEnvironKeyName = app.clientEnvironKeyName
74       
75        # Pick up HTTP Basic Auth realm setting
76        realmOptName = prefix + cls.HTTPBASICAUTH_REALM_OPTNAME
77        httpBasicAuthMWare.realm = app_conf[realmOptName]
78       
79        return app
80   
81    def __call__(self, environ, start_response):
82        """Catch case where request path doesn't match mount point for app"""
83        status = response = '404 Not Found'
84        start_response(status,
85                       [('Content-type', 'text/plain'),
86                        ('Content-length', str(len(response)))])
87        return [response]
88       
89
90
Note: See TracBrowser for help on using the repository browser.