source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/serverapp.py @ 4909

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/serverapp.py@4909
Revision 4909, 3.6 KB checked in by pjkersha, 11 years ago (diff)

Major progress on authentication and authorisation WSGI chain:

  • integration test harness in ndg.security.test.integration.authz
    • chain PEP middleware catches secured URIs. If URI is a secured one, it sets the status to 403.
    • The 403 status is caught by the PDP. The PDP checks for a login cookie, if not set it sets 401 Unauthorized
    • 401 is caught by OpenID handler and sets OpenID signin form response so that the user can login
    • If the user is logged in, the PDP checks authZ credentials (TODO) if not set it sets a 403 status and responds with an access denied message
  • The PDP uses authkit.authenticate.multi.MultiHandler? to trap 403 responses from the PEP and display an access denied message.
  • ndg.security.server.wsgi.pdp needs cleaning up in line with change to use authkit MultiHandler?
Line 
1#!/usr/bin/env python
2"""NDG Security test harness for authorisation middleware
3
4NERC DataGrid Project
5
6"""
7__author__ = "P J Kershaw"
8__date__ = "20/11/08"
9__copyright__ = "(C) 2009 Science and Technology Facilities Council"
10__contact__ = "Philip.Kershaw@stfc.ac.uk"
11__revision__ = "$Id$"
12import os
13from os.path import dirname, abspath, join
14
15class AuthZTestMiddleware(object):
16    method = {
17"/": 'default',
18"/test_401": "test_401",
19"/test_403": "test_403",
20"/test_securedURI": "test_securedURI"
21    }
22
23    def __init__(self, app, globalConfig, **localConfig):
24        self.app = app
25           
26    def __call__(self, environ, start_response):
27       
28        methodName = self.method.get(environ['PATH_INFO'], '').rstrip()
29        if methodName:
30            action = getattr(self, methodName)
31            return action(environ, start_response)
32        elif self.app is not None:
33            return self.app(environ, start_response)
34        else:
35            start_response('404 Not Found', [('Content-type', 'text/plain')])
36            return "Authorisation integration tests: invalid URI"
37           
38    def default(self, environ, start_response):
39        start_response('200 OK', [('Content-type', 'text/plain')])
40        return "Authorisation integration tests"
41
42    def test_401(self, environ, start_response):
43        if 'REMOTE_USER' in environ:
44            response = """<html>
45    <head/>
46    <body>
47        <p>Authenticated!</p>
48        <p><a href="/logout">logout</a></p>
49    </body>
50</html>"""
51            start_response('200 OK', 
52                           [('Content-type', 'text/html'),
53                            ('Content-length', str(len(response)))])
54        else:
55            response = "Trigger OpenID Relying Party..."
56            start_response('401 Unauthorized', 
57                           [('Content-type', 'text/plain'),
58                            ('Content-length', str(len(response)))])
59        return response
60
61    def test_403(self, environ, start_response):
62        if 'REMOTE_USER' in environ:
63            response = """<html>
64    <head/>
65    <body>
66        <p>Authorised!</p>
67        <p><a href="/logout">logout</a></p>
68    </body>
69</html>"""
70            start_response('200 OK', 
71                           [('Content-type', 'text/html'),
72                            ('Content-length', str(len(response)))])
73        else:
74            response = "Trigger AuthZ..."
75            start_response('403 Forbidden', 
76                           [('Content-type', 'text/plain'),
77                            ('Content-length', str(len(response)))])
78        return response
79
80    def test_securedURI(self, environ, start_response):
81        response = "Access allowed"
82        start_response('200 OK', 
83                       [('Content-type', 'text/plain'),
84                        ('Content-length', str(len(response)))])
85        return response
86   
87   
88def app_factory(globalConfig, **localConfig):
89    return AuthZTestMiddleware(None, globalConfig, **localConfig)
90
91def filter_app_factory(app, globalConfig, **localConfig):
92    return AuthZTestMiddleware(app, globalConfig, **localConfig)
93   
94# To start run
95# $ paster serve services.ini or run this file as a script
96# $ ./serverapp.py [port #]
97if __name__ == '__main__':
98    import sys
99    import logging
100    logging.basicConfig(level=logging.DEBUG)
101
102    if len(sys.argv) > 1:
103        port = int(sys.argv[1])
104    else:
105        port = 5800
106       
107    cfgFilePath = os.path.join(dirname(abspath(__file__)), 'services.ini')
108       
109    from paste.httpserver import serve
110    from paste.deploy import loadapp
111   
112    app = loadapp('config:%s' % cfgFilePath)
113    serve(app, host='0.0.0.0', port=port)
Note: See TracBrowser for help on using the repository browser.