source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py @ 3914

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py@3914
Revision 3914, 6.8 KB checked in by pjkersha, 12 years ago (diff)
  • New ndg.security.common.zsi_util.httpproxy.ProxyHTTPConnection class replaces urllib2client - easier to fit into existing ZSI client framework.
  • Further OpenID integration into Single Sign On Service. User now authenticates OK but patches needed to AuthKit? + need to handle return_to URL dynamically according to page visited before WAYF call.
Line 
1'''
2Security middleware - set-up configuration items
3
4P J Kershaw 18/03/08
5'''
6from os.path import expandvars as xpdvars
7import logging
8log = logging.getLogger(__name__)
9
10class ndg:
11    '''Class structure to define a namespace for SSO Service config attached
12    Pylons global variable 'g'
13    '''
14    class security:
15        class server:
16            class ssoservice:
17                cfg = None
18        class client:
19            '''Client class is also needed for BaseController handler to handle
20            responses from Single Sign On IdP'''
21            class ssoclient:
22                class cfg:
23                    '''Placeholder for server and sslServer attributes'''
24
25class SSOMiddleware:
26           
27    def __init__(self, app, cfg, appGlobals, **kw):
28        log.debug("SSOMiddleware.__init__ ...")
29        self.app = app
30        ndg.security.server.ssoservice.cfg = SSOServiceConfig(cfg, **kw)
31       
32        # Copy into client for the benefit of
33        # ndg.security.client.ssoclient.ssoclient.lib.base.BaseController
34        # used to process responses back from SSO IdP
35        ndg.security.client.ssoclient.cfg.server = \
36            ndg.security.server.ssoservice.cfg.server
37        ndg.security.client.ssoclient.cfg.sslServer = \
38            ndg.security.server.ssoservice.cfg.sslServer
39           
40        appGlobals.ndg = ndg
41        self.globals = appGlobals
42       
43    def __call__(self, environ, start_response):
44       
45        return self.app(environ, start_response)
46
47
48import sys
49from ConfigParser import SafeConfigParser as ConfigParser
50from ndg.security.common.wssecurity import WSSecurityConfig
51
52class SSOServiceConfigError(Exception):
53    """Handle errors from parsing security config items"""
54       
55class SSOServiceConfig(object):
56    """Get Security related parameters from the Pylons NDG config file"""
57
58    def __init__(self, cfg=None, **parseKw):
59        '''Get PKI settings for Attribute Authority and Session Manager from
60        the configuration file
61       
62        @type cfg: config file object or string
63        @param cfg: reference to NDG configuration file or config file object
64        '''
65       
66        self.wss = {}
67       
68        if isinstance(cfg, basestring):
69            # Assume file path to be read
70            self.read(cfg)
71        else:
72            # Assume existing config type object
73            self.cfg = cfg
74
75        if self.cfg:
76            self.parse(**parseKw)
77
78       
79    def read(self, cfgFilePath):
80        '''Read content of config file into object'''
81        self.cfg = ConfigParser()
82        self.cfg.read(cfgFilePath)
83 
84
85    def parse(self, 
86              defSection='DEFAULT', 
87              layoutSection='layout',
88              wssSection='WSSecurity'):
89        '''Extract content of config file object into self'''
90             
91        if self.cfg.has_option(defSection, 'tracefile'):       
92            self.tracefile = eval(self.cfg.get(defSection,'tracefile'))   
93        else:
94            self.tracefile = None
95           
96        self.smURI = self.cfg.get(defSection, 'sessionMgrURI')       
97        self.aaURI = self.cfg.get(defSection, 'attAuthorityURI')
98       
99        # ... for SSL connections to security web services
100        try:
101            self.sslCACertFilePathList = \
102            xpdvars(self.cfg.get(defSection, 'sslCACertFilePathList')).split()
103               
104        except AttributeError:
105            raise SSOServiceConfigError, \
106                        'No "sslCACertFilePathList" security setting'
107
108
109        # HTTP Proxy setting for web service connections...
110       
111        # Override an http_proxy env setting 
112        if self.cfg.has_option(defSection, 'httpProxyHost'):
113            self.httpProxyHost = self.cfg.get(defSection, 'httpProxyHost')
114        else:
115            self.httpProxyHost = None
116       
117        # Set this to True if the http_proxy environment variable should be
118        # ignored in this case
119        if self.cfg.has_option(defSection, 'ignoreHttpProxyEnv'):
120            self.ignoreHttpProxyEnv = self.cfg.getboolean(defSection, 
121                                                          'ignoreHttpProxyEnv')
122        else:
123            self.ignoreHttpProxyEnv = False
124           
125           
126        # If no separate WS-Security config file is set then read these params
127        # from the current config file
128        if self.cfg.has_option(defSection, 'wssCfgFilePath'):
129            path = self.cfg.get(defSection,'wssCfgFilePath', None) 
130            wssCfgFilePath = xpdvars(path)
131        else:
132            wssCfgFilePath = None
133           
134        wss = WSSecurityConfig(cfg=wssCfgFilePath or self.cfg)
135        wss.parse(section=wssSection)
136
137       
138        # Cast to standard dict because WSSecurityConfig object can't be
139        # passed via **kw and dict(wss) doesn't work
140        # TODO: check for cleaner solution - dict(wss)
141        self.wss = dict(wss.items())
142
143
144        # Hostname
145        self.server = self.cfg.get(defSection, 'server', '')
146
147        # For secure connections
148        self.sslServer = self.cfg.get(defSection, 'sslServer', '')
149       
150        # These URLs are referred from template files
151        self.getCredentials = '%s/getCredentials' % self.sslServer       
152        self.logoutURI = '%s/logout' % self.server
153                     
154        # Where Are You From URI         
155        self.wayfuri='%s/wayf' % self.server
156
157        # Flag to enable OpenID interface
158        try:
159            self.enableOpenID = self.cfg.getboolean(defSection, 'enableOpenID')
160        except ConfigParser.NoOptionError:
161            self.enableOpenID = False
162           
163        self.localLink=self.cfg.get(layoutSection, 'localLink', None)
164        self.localImage=self.cfg.get(layoutSection, 'localImage', None)
165        self.localAlt=self.cfg.get(layoutSection, 'localAlt', 
166                                   'Visit Local Site')
167        self.ndgLink=self.cfg.get(layoutSection, 'ndgLink', 
168                                  'http://ndg.nerc.ac.uk')
169        self.ndgImage=self.cfg.get(layoutSection, 'ndgImage', None)
170        self.ndgAlt=self.cfg.get(layoutSection, 'ndgAlt','Visit NDG')
171        self.stfcLink=self.cfg.get(layoutSection, 'stfcLink')
172        self.stfcImage=self.cfg.get(layoutSection, 'stfcImage')
173        self.helpIcon=self.cfg.get(layoutSection, 'helpIcon')
174        self.LeftAlt=self.cfg.get(layoutSection, 'HdrLeftAlt')
175        self.LeftLogo=self.cfg.get(layoutSection, 'HdrLeftLogo')
176        self.pageLogo="bodcHdr"
177        self.icons_xml=self.cfg.get(layoutSection,'Xicon')
178        self.icons_plot=self.cfg.get(layoutSection,'plot')
179        self.icons_prn=self.cfg.get(layoutSection, 'printer')
180       
181        self.disclaimer = self.cfg.get('DEFAULT', 'disclaimer')
182           
183           
184    def __repr__(self):
185        return '\n'.join(["%s=%s" % (k,v) for k,v in self.__dict__.items() \
186                if k[:2] != "__"])
187   
Note: See TracBrowser for help on using the repository browser.