source: TI12-security/trunk/python/Tests/security.py @ 1018

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/Tests/security.py@1018
Revision 1018, 6.8 KB checked in by pjkersha, 13 years ago (diff)

Tests/SecurityClientTest?.py: mods to run on gabriel.

Tests/security.py: added functionality to get trusted host info.

dist/NDG-Security-0.66.tar.gz: new distro for testing on gabriel.

conf/mapConfig.xml: added loginURI tag for each trusted host - indicate URI for user login useful for forwarding of
login page from remote site.

NDG/AttAuthorityIO.py: include loginURI tag in trusted host info response message.

NDG/SecurityCGI.py: include functionality to get trusted host info from an AttAuthority?

NDG/AttAuthority.py: added loginURI tag for getTrustedHostInfo call.

Line 
1#!/usr/bin/env python
2
3"""Example NDG Security CGI service based on SecurityCGI base class
4
5NERC Data Grid Project
6
7P J Kershaw 25/05/06
8
9Copyright (C) 2006 CCLRC & NERC
10
11This software may be distributed under the terms of the Q Public License,
12version 1.0 or later.
13"""
14from NDG.SecurityCGI import *
15
16
17class TestSecurityCGI(SecurityCGI):
18    """CGI interface test class for NDG Security"""
19   
20    #_________________________________________________________________________
21    def showLogin(self, returnURI=None, **kwargs):
22        """Display initial NDG login form"""
23   
24        if returnURI:
25            returnURIfield = \
26                "<input type=hidden name=returnURI value=\"%s\">" % returnURI
27        else:
28            returnURIfield = ''
29           
30           
31        if bAuthorise:
32            authoriseArg = "<input type=hidden name=authorise value=\"1\">"
33        else:
34            authoriseArg = ""
35   
36   
37        # Set authorisation method default
38        authorisationMethodChk = {  "allowMapping":              '',
39                                    "allowMappingWithPrompt" :   '',
40                                    "noMapping":                 ''}
41   
42        if self.__authorisationMethod is None:
43            # Default to safest option for user
44            authorisationMethodChk["allowMappingWithPrompt"] = ' checked'
45        else:
46            authorisationMethodChk[self.__authorisationMethod] = ' checked'
47   
48
49        print """Content-type: text/html
50       
51<html>"   
52<head>
53<title>%s</title>
54<style type=\"text/css\">
55<!--
56.al {
57text-align: justify
58}
59a{
60text-decoration:none;
61}
62a:hover{
63color:#0000FF;
64}
65    body { font-family: Verdana, sans-serif; font-size: 11}
66    table { font-family: Verdana, sans-serif; font-size: 11}
67-->
68</style>
69</head>
70<body>
71    <script language="javascript">
72        <!--
73            function toggleLayer(layerId)
74            {
75                if (document.getElementById)
76                {
77                    // Standard
78                    var style = document.getElementById(layerId).style;
79                }
80                else if (document.all)
81                {
82                    // Old msie versions
83                    var style = document.all[whichLayer].style;
84                }
85                else if (document.layers)
86                {
87                    // nn4
88                    var style = document.layers[whichLayer].style;
89                }
90                style.visibility = style.visibility == "visible" ? "hidden":"visible";
91            }
92        //-->
93    </script>
94    <h3>NERC Data Grid Site Login (Test)<BR clear=all></h3>
95    <hr>
96   
97    <form action="%s" method="POST">
98   
99    <table bgcolor=#ADD8E6 cellspacing=0 border=0 cellpadding=5>
100    <tbody>
101    <tr><td>User Name:</td> <td><input type=text name=userName value="">
102    </td></tr>
103    <tr>
104        <td>Password:</td>
105        <td><input type=password name=passPhrase></td>
106    </tr>
107    <tr>
108        <td colspan="2" align="right">
109            <a href="javascript:toggleLayer('advSettings');">Advanced Settings</a>
110            <input type=submit value="Login">
111        </td>
112    </tr>
113    <input type=hidden name=authenticate value="1">
114    %s"""  % (self.scriptName, returnURIfield)
115   
116        print \
117    """</tbody></table>
118    <br>
119    <div id="advSettings" style="position: relative; visibility: hidden;">
120        <h4>Role Mapping for access to other trusted sites</h4>
121        <p>Your account has roles or <i>privileges</i> which determine what data you have access to.  If you access data at another NDG trusted site, these roles can be mapped to local roles at that site to help you gain access:
122        </p>
123        <table bgcolor=#ADD8E6 cellspacing=0 border=0 cellpadding=5>
124        <tbody>
125        <tr>
126        <td>
127            <input type="radio" name="authorisationMethod" value="allowMapping"%s>
128        </td>
129            <td>
130                Allow my roles to be mapped to local roles at other NDG trusted sites.
131            </td>
132        </tr>
133        <tr>
134            <td>
135                <input type="radio" name="authorisationMethod" value="allowMappingWithPrompt"%s>
136            </td>
137        <td>
138            Allow my roles to be mapped, but prompt me so that I may choose which roles to map before gaining access.
139        </td>
140        <tr>
141        <td>
142            <input type="radio" name="authorisationMethod" value="noMapping"%s>
143        </td>
144        <td>
145            Don't allow mapping of my roles.
146        </td>
147        </tr>
148        </tbody>
149        </table>
150    </div>
151    </form>
152</body>
153</html>""" % (authorisationMethodChk['allowMapping'], \
154              authorisationMethodChk['allowMappingWithPrompt'], \
155              authorisationMethodChk['noMapping'])
156   
157        # end of showLogin()
158   
159   
160    def showHomeSiteSelect(self, **kwargs):
161
162        if not self.trustedHostInfo:
163            self.getTrustedHostInfo()   
164               
165        print """Content-type: text/html
166               
167<html>
168<head>
169    <title>Select site to retrieve credentials</title>
170    <style type=\"text/css\">
171    <!--
172    .al {
173    text-align: justify
174    }
175    a{
176    text-decoration:none;
177    }
178    a:hover{
179    color:#0000FF;
180    }
181        body { font-family: Verdana, sans-serif; font-size: 11}
182        table { font-family: Verdana, sans-serif; font-size: 11}
183    -->
184    </style>
185</head>
186<body>
187    <form action="%s" method="POST">
188    <table bgcolor=#ADD8E6 cellspacing=0 border=0 cellpadding=5>
189    <tbody>
190    <tr>
191      <td>
192        <select name="requestURI">       
193          <option value="">Select your home site...""" % self.scriptName
194         
195        for hostname, uri in self.trustedHostInfo.items():
196            print "<option value=\"%s\">%s" % (uri, hostname)
197               
198        print \
199"""     </select>
200      </td>
201      <td align="right">
202        <input type=submit value="Go">
203      </td>
204    </tr>
205    </tbody>
206    </table>
207    </form>
208</body></html>"""
209   
210        # end of showHomeSiteSelect()
211
212       
213       
214if __name__ == "__main__":
215   
216    smWSDL = "http://gabriel.bnsc.rl.ac.uk/sessionMgr.wsdl"
217    aaWSDL = 'http://gabriel.bnsc.rl.ac.uk/attAuthority.wsdl'
218   
219    smPubKeyFilePath = "/usr/local/NDG/conf/certs/gabriel-sm-cert.pem"
220    aaPubKeyFilePath = "/usr/local/NDG/conf/certs/gabriel-aa-cert.pem"
221   
222    clntPubKeyFilePath = "../certs/GabrielCGI-cert.pem"
223    clntPriKeyFilePath = "../certs/GabrielCGI-key.pem"
224   
225    returnURI = "https://gabriel.bnsc.rl.ac.uk/cgi-bin/security.py"
226   
227    securityCGI = SecurityCGI(smWSDL,
228                              aaWSDL,
229                              smPubKeyFilePath=smPubKeyFilePath,
230                              aaPubKeyFilePath=aaPubKeyFilePath,
231                              clntPubKeyFilePath=clntPubKeyFilePath,
232                              clntPriKeyFilePath=clntPriKeyFilePath,
233                              returnURI=returnURI)
234    securityCGI()
Note: See TracBrowser for help on using the repository browser.