source: TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/authz/pep.py @ 7164

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/authz/pep.py@7164
Revision 7164, 4.4 KB checked in by pjkersha, 9 years ago (diff)

Fixes to Attribute Authority for SAML SOAP binding code forked into ndg.saml

Line 
1'''
2Created on 11 Jul 2010
3
4@author: pjkersha
5'''
6from webob import Request
7
8from ndg.saml.saml2.binding.soap.client.authzdecisionquery import \
9                                            AuthzDecisionQuerySslSOAPBinding
10
11class SamlPepConfigError(Exception):
12    """Error with SAML PEP configuration settings"""
13   
14   
15class SamlPepMiddleware(object):
16    '''Policy Enforcement Point for ESG with SAML based Interface
17   
18    @ivar __client: SAML authorisation decision query client
19    @type __client: ndg.saml.saml2.binding.soap.client.authzdecisionquery.AuthzDecisionQuerySslSOAPBinding
20    '''
21    AUTHZ_DECISION_QUERY_PARAMS_PREFIX = 'authzDecisionQuery.'
22    AUTHZ_SERVICE_URI_PARAM_NAME = 'authzServiceURI'
23   
24    __slots__ = ('_app', '__client', '__authzServiceURI')
25   
26    def __init__(self, app):
27        '''
28        Add reference to next WSGI middleware/app and create a SAML
29        authorisation decision query client interface
30        '''
31        self._app = app
32        self.__client = AuthzDecisionQuerySslSOAPBinding()
33        self.__authzServiceURI = None
34       
35    def initialise(self, prefix='', **kw):
36        '''Initialise object from keyword settings
37       
38        @type global_conf: dict       
39        @param global_conf: PasteDeploy global configuration dictionary
40        @type prefix: basestring
41        @param prefix: prefix for configuration items
42        @type app_conf: dict       
43        @param app_conf: PasteDeploy application specific configuration
44        dictionary
45        @raise SamlPepConfigError: no "authzServiceURI" setting
46        '''
47        queryPrefix = prefix + self.__class__.AUTHZ_DECISION_QUERY_PARAMS_PREFIX
48        self.__client.parseKeywords(prefix=queryPrefix)
49        authzServiceUriParamName = prefix + \
50                                    self.__class__.AUTHZ_SERVICE_URI_PARAM_NAME
51                                   
52        self.__authzServiceURI = kw.get(authzServiceUriParamName)
53        if self.__authzServiceURI is None:
54            raise SamlPepConfigError('No %r setting for the authorisation '
55                                     'service URI' % authzServiceUriParamName)
56       
57    @classmethod
58    def filter_app_factory(cls, app, global_conf, prefix='', **app_conf):
59        """Set-up using a Paste app factory pattern. 
60       
61        @type app: callable following WSGI interface
62        @param app: next middleware application in the chain     
63        @type global_conf: dict       
64        @param global_conf: PasteDeploy global configuration dictionary
65        @type prefix: basestring
66        @param prefix: prefix for configuration items
67        @type app_conf: dict       
68        @param app_conf: PasteDeploy application specific configuration
69        dictionary
70        """
71        app = cls(app)
72        app.initialise(prefix=prefix, **app_conf)
73       
74        return app
75               
76    def __call__(self, environ, start_response):
77        """Intercept request and call authorisation service to make an access
78        control decision
79       
80        @type environ: dict
81        @param environ: WSGI environment variables dictionary
82        @type start_response: function
83        @param start_response: standard WSGI start response function
84        @rtype: iterable
85        @return: response
86        """
87        request = Request(environ)
88        self.__client.resourceURI = request.url
89        print dir(self.__client)
90        self.__client.subjectID = request.remote_user
91       
92        self.__client.send(uri=self.__authzServiceURI)
93
94    def _createAuthzDecisionQuery(self,
95                                  resourceURI, 
96                            subject):
97        """Create SAML authorisation decision query object ready for dispatch
98        """
99#        query = AuthzDecisionQuery()
100#        query.version = SAMLVersion(SAMLVersion.VERSION_20)
101#        query.id = str(uuid4())
102#        query.issueInstant = datetime.utcnow()
103#       
104#        query.issuer = Issuer()
105#        query.issuer.format = Issuer.X509_SUBJECT
106#        query.issuer.value = issuer
107#                       
108#        query.subject = Subject() 
109#        query.subject.nameID = NameID()
110#        query.subject.nameID.format = "urn:ndg:saml:test:openid"
111#        query.subject.nameID.value = subject
112#   
113#        query.resource = resource
114#                 
115#        query.actions.append(Action())
116#        query.actions[0].namespace = actionNs
117#        query.actions[0].value = action   
118#
119#        return query       
Note: See TracBrowser for help on using the repository browser.