source: TI12-security/trunk/NDGSecurity/python/Tests/security.py @ 7080

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/Tests/security.py@7080
Revision 7080, 7.6 KB checked in by pjkersha, 9 years ago (diff)
  • Property svn:keywords set to Id
Line 
1#!/usr/local/NDG/ActivePython-2.4/bin/python
2
3"""Example NDG Security CGI service based on SecurityCGI base class
4
5NERC Data Grid Project
6
7P J Kershaw 25/05/06
8
9Copyright (C) 2009 Science and Technology Facilities Council
10
11"""
12import os
13from ndg.security.SecurityCGI import *
14
15
16class TestSecurityCGI(SecurityCGI):
17    """CGI interface test class for NDG Security"""
18
19
20    #_________________________________________________________________________
21    def showLogin(self, returnURI=None, bAuthorise=False, **kwargs):
22        """Display initial NDG login form"""
23
24        if returnURI:
25            returnURIfield = \
26             "<input type=hidden name=\"returnURI\" value=\"%s\">" % returnURI
27        else:
28            returnURIfield = ''
29
30
31        if bAuthorise:
32            authoriseField = \
33                "<input type=hidden name=\"authorise\" value=\"1\">"
34        else:
35            authoriseField = ""
36
37
38        # Set authorisation method default
39        authorisationMethodChk = {  "allowMapping":              '',
40                                    "allowMappingWithPrompt" :   '',
41                                    "noMapping":                 ''}
42
43        if self._authorisationMethod is None:
44            # Default to safest option for user
45            authorisationMethodChk["allowMappingWithPrompt"] = ' checked'
46        else:
47            authorisationMethodChk[self._authorisationMethod] = ' checked'
48
49
50        print """Content-type: text/html
51
52<html>
53<head>
54<title>NDG Login</title>
55<style type=\"text/css\">
56<!--
57.al {
58text-align: justify
59}
60a{
61text-decoration:none;
62}
63a:hover{
64color:#0000FF;
65}
66    body { font-family: Verdana, sans-serif; font-size: 11}
67    table { font-family: Verdana, sans-serif; font-size: 11}
68-->
69</style>
70</head>
71<body>
72    <script language="javascript">
73        <!--
74            function toggleLayer(layerId)
75            {
76                if (document.getElementById)
77                {
78                    // Standard
79                    var style = document.getElementById(layerId).style;
80                }
81                else if (document.all)
82                {
83                    // Old msie versions
84                    var style = document.all[whichLayer].style;
85                }
86                else if (document.layers)
87                {
88                    // nn4
89                    var style = document.layers[whichLayer].style;
90                }
91                style.visibility = style.visibility == "visible" ?
92"hidden":"visible";            }
93        //-->
94    </script>
95    <h3>NERC Data Grid Site Login (Test)<BR clear=all></h3>
96    <hr>
97
98    <form action="%s" method="POST">
99
100    <table bgcolor=#ADD8E6 cellspacing=0 border=0 cellpadding=5>
101    <tbody>
102    <tr>
103      <td>User Name:</td>
104      <td><input type=text name="userName" value=""></td>
105    </tr>
106    <tr>
107      <td>Password:</td>
108      <td><input type=password name="passPhrase"></td>
109    </tr>
110    <tr>
111      <td colspan="2" align="right">
112        <a href="javascript:toggleLayer('advSettings');">
113        Advanced Settings
114        </a>
115        <input type=submit value="Login">
116      </td>
117    </tr>
118    <input type=hidden name="authenticate" value="1">
119    </tbody>
120    </table>
121    %s
122    %s
123    </form>
124</body>
125</html>"""  % (self.scriptName, returnURIfield, authoriseField)
126
127        print \
128"""    </tbody>
129    </table>
130    <br>
131    <div id="advSettings" style="position: relative; visibility: hidden;">
132      <h4>Role Mapping for access to other trusted sites</h4>
133      <p>Your account has roles or <i>privileges</i> which determine what data
134you have access to.  If you access data at another NDG trusted site, these
135roles can be mapped to local roles at that site to help you gain access:
136      </p>
137    <table bgcolor=#ADD8E6 cellspacing=0 border=0 cellpadding=5>
138    <tbody>
139      <tr>
140        <td><input type="radio" name="authorisationMethod"
141value="allowMapping"%s>
142        </td>
143        <td>
144        Allow my roles to be mapped to local roles at other NDG trusted sites.
145        </td>
146      </tr>
147      <tr>
148        <td>
149          <input type="radio" name="authorisationMethod"
150value="allowMappingWithPrompt"%s>
151        </td>
152        <td>
153            Allow my roles to be mapped, but prompt me so that I may choose
154which roles to map before gaining access.
155        </td>
156        <tr>
157        <td>
158          <input type="radio" name="authorisationMethod" value="noMapping"%s>
159        </td>
160        <td>
161          Don't allow mapping of my roles.
162        </td>
163        </tr>
164      </tbody>
165      </table>
166    </div>
167    </form>
168</body>
169</html>""" % (authorisationMethodChk['allowMapping'], \
170              authorisationMethodChk['allowMappingWithPrompt'], \
171              authorisationMethodChk['noMapping'])
172
173        # end of showLogin()
174
175
176    def showIdPsiteSelect(self, **kwargs):
177
178        if not self.trustedHostInfo:
179            self.getTrustedHostInfo()
180
181        print """Content-type: text/html
182
183<html>
184<head>
185    <title>Select site to retrieve credentials</title>
186    <style type=\"text/css\">
187    <!--
188    .al {
189    text-align: justify
190    }
191    a{
192    text-decoration:none;
193    }
194    a:hover{
195    color:#0000FF;
196    }
197        body { font-family: Verdana, sans-serif; font-size: 11}
198        table { font-family: Verdana, sans-serif; font-size: 11}
199    -->
200    </style>
201</head>
202<body>
203    <form action="%s" method="POST">
204    <table bgcolor=#ADD8E6 cellspacing=0 border=0 cellpadding=5>
205    <tbody>
206    <tr>
207      <td>
208        <select name="requestURI">
209          <option value="">Select your home site...""" % self.scriptName
210
211        for hostname, info in self.trustedHostInfo.items():
212            print "<option value=\"%s\">%s" % (info['loginURI'], hostname)
213
214        print \
215"""     </select>
216      </td>
217      <td align="right">
218        <input type=submit value="Go">
219      </td>
220    </tr>
221    </tbody>
222    </table>
223    </form>
224</body>
225</html>"""
226
227        # end of showIdPsiteSelect()
228
229
230    #_________________________________________________________________________
231    def showCredsReceived(self,
232                              sessCookie,
233                                                  pageTitle='',
234                                                  hdrTxt='',
235                                                  bodyTxt=''):
236        """Called from receiveCredsResponse() once a cookie has been created.
237        Makes a page to set the cookie and display to the user that they have
238        been authenticated.  Derived class should override this method as
239        required"""
240        print """Content-type: text/html
241%s
242
243<html>
244<head>
245<title>NDG Authentication</title>
246    <style type=\"text/css\">
247    <!--
248    .al {
249    text-align: justify
250    }
251    a{
252    text-decoration:none;
253    }
254    a:hover{
255    color:#0000FF;
256    }
257        body { font-family: Verdana, sans-serif; font-size: 11}
258        table { font-family: Verdana, sans-serif; font-size: 11}
259    -->
260    </style>
261</head>
262<body>
263    New cookie set from credentials transfered from other domain
264</body>
265</html>""" % sessCookie.output()
266
267
268#_____________________________________________________________________________
269if __name__ == "__main__":
270
271    smWSDL = "http://gabriel.bnsc.rl.ac.uk/sessionMgr.wsdl"
272    aaWSDL = 'http://gabriel.bnsc.rl.ac.uk/attAuthority.wsdl'
273
274    smCertFilePath = "/usr/local/NDG/conf/certs/gabriel-sm-cert.pem"
275    aaCertFilePath = "/usr/local/NDG/conf/certs/gabriel-aa-cert.pem"
276
277    clntCertFilePath = "../certs/GabrielCGI-cert.pem"
278    clntPriKeyFilePath = "../certs/GabrielCGI-key.pem"
279
280    securityCGI = TestSecurityCGI(smWSDL,
281                                  aaWSDL,
282                                                                  scriptName=os.path.basename(__file__),
283                                  smCertFilePath=smCertFilePath,
284                                  aaCertFilePath=aaCertFilePath,
285                                  clntCertFilePath=clntCertFilePath,
286                                  clntPriKeyFilePath=clntPriKeyFilePath)
287    securityCGI()
Note: See TracBrowser for help on using the repository browser.