source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/axinterface/sessionmanager.py @ 5285

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/axinterface/sessionmanager.py@5285
Revision 5285, 4.3 KB checked in by pjkersha, 11 years ago (diff)
  • Important fixes to PDP.evaluate to ensure all targets yield permit status for an access control decision.
  • additional debug info for WSGI middleware
  • new OpenID Provider AXInterfaceReloginRequired - allows for case where a session is stale
  • ndg.security.test.unit - put unit tests in this package in parallel to the existing integration test package.
Line 
1"""NDG Security OpenID Provider AX Interface for Session Manager based
2authentication
3
4This enables an OpenID Provider's to return a URI for the associated Session
5Manager
6
7NERC DataGrid Project
8"""
9__author__ = "P J Kershaw"
10__date__ = "27/03/09"
11__copyright__ = "(C) 2009 Science and Technology Facilities Council"
12__license__ = "BSD - see LICENSE file in top-level directory"
13__contact__ = "Philip.Kershaw@stfc.ac.uk"
14__revision__ = "$Id$"
15import logging
16log = logging.getLogger(__name__)
17from string import Template
18from sqlalchemy import create_engine
19
20from ndg.security.server.wsgi.openid.provider.axinterface import \
21    AXInterface, AXInterfaceConfigError, MissingRequiredAttrs
22from ndg.security.server.wsgi.openid.provider import AbstractAuthNInterface   
23   
24class SessionManagerAXInterface(AXInterface):
25    '''Authentication interface class for OpenIDProviderMiddleware to enable
26    authentication to a Session Manager instance running in the same WSGI
27    stack or via a SOAP call to a remote service
28   
29    @type uriKeyName: basestring
30    @cvar uriKeyName: expected key name in config for Session Manager
31    endpoint'''
32   
33    propertyNames = (
34        'sessionManagerURI', 
35        'sessionManagerURITypeURI',
36        'sessionIdTypeURI'
37    )
38   
39    def __init__(self, **cfg):
40        """Copy session manager URI setting from the input config dict
41       
42        @type **cfg: dict
43        @param **cfg: dict containing the Session Manager URI setting
44        @raise AuthNInterfaceConfigError: error with configuration
45        """
46        for name in SessionManagerAXInterface.propertyNames:
47            val = cfg.get(name)
48            if val is None:
49                raise AXInterfaceConfigError("Missing configuration setting: "
50                                             '"%s"' % name)   
51                   
52            setattr(self, name, val)
53       
54    def __call__(self, ax_req, ax_resp, authNInterface):
55        """Add the attributes to the ax_resp object requested in the ax_req
56        object.  If it is not possible to return them, raise
57        MissingRequiredAttrs error
58       
59        @type ax_req: openid.extensions.ax.FetchRequest
60        @param ax_req: attribute exchange request object.  To find out what
61        attributes the Relying Party has requested for example, call
62        ax_req.getRequiredAttrs()
63        @type ax_resp: openid.extensions.ax.FetchResponse
64        @param ax_resp: attribute exchange response object.  This method should
65        update the settings in this object.  Use addValue and setValues methods
66        @type authNInterface: AbstractAuthNInterface
67        @param authNInterface: custom authentication context information set
68        at login.  See
69        ndg.security.server.openid.provider.AbstractAuthNInterface for more
70        information
71        """
72        reqAttrURIs = ax_req.getRequiredAttrs()
73        if self.sessionManagerURITypeURI in reqAttrURIs:
74            log.debug("Adding AX parameter %s=%s ...", 
75                      self.sessionManagerURITypeURI,
76                      self.sessionManagerURI)
77           
78            ax_resp.addValue(self.sessionManagerURITypeURI,
79                             self.sessionManagerURI)
80           
81        if self.sessionIdTypeURI in reqAttrURIs:
82            if not isinstance(authNInterface, AbstractAuthNInterface):
83                raise AXInterfaceConfigError("Expecting "
84                                             "AbstractAuthNInterface derived "
85                                             "type for authNInterface arg; "
86                                             "got: %s" % 
87                                            authNInterface.__class__.__name__)
88               
89            # Check for uninitialised session
90            if not authNInterface.sessionId:
91                raise MissingRequiredAttrs("The Session Manager session ID "
92                                           "is not set to a valid session")
93               
94            # TODO: Check for a stale session ID - would require config params
95            # to set-up a Session Manager client
96               
97            log.debug("Adding AX parameter %s=%s ...", self.sessionIdTypeURI,
98                                                    authNInterface.sessionId)
99           
100            ax_resp.addValue(self.sessionIdTypeURI, authNInterface.sessionId)
Note: See TracBrowser for help on using the repository browser.