source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/dap/authz/policy.xml @ 5280

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/dap/authz/policy.xml@5280
Revision 5280, 1.1 KB checked in by pjkersha, 10 years ago (diff)

Further improvements to the authorization middleware:

  • PEPFilter no longer explicitly calls the PEPResultHandlerMiddleware (This latter class is the WSGI component which handles the access denied response that the server returns). This is not necessary as it can set a 403 response in order to trigger multiHandlerIntercept callback function set in the MultiHandler? instance. This responds to all 403 type status codes by invoking the PEPResultHandlerMiddleware.
  • ndg.security.common.authz.msi: improvements to the PDP, PIP and Response classes.
  • ndg.security.test.integration.dap: added integration test for secured pyDAP service
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<Policy PolicyId="pyDAP" xmlns="urn:ndg:security:authz:1.0:policy">
3    <Description>Restrict access for Authorization integration tests</Description>
4   
5    <Target>
6        <URIPattern>^/sample.*$</URIPattern>
7        <Attributes>
8            <Attribute>urn:siteA:security:authz:1.0:attr:staff</Attribute>
9        </Attributes>
10        <AttributeAuthority>
11<!--            <uri>https://localhost/AttributeAuthority</uri>
12-->
13            <uri>http://localhost:7443/AttributeAuthority</uri>
14        </AttributeAuthority>
15    </Target>
16    <Target>
17        <URIPattern>^/sresa1b_ncar_ccsm3_0_run1_200001.nc.das$</URIPattern>
18        <Attributes>
19            <Attribute>urn:siteA:security:authz:1.0:attr:forbidden</Attribute>
20            <Attribute>urn:siteA:security:authz:1.0:attr:keepout</Attribute>
21        </Attributes>
22        <AttributeAuthority>
23<!--            <uri>https://localhost/AttributeAuthority</uri>
24-->           
25            <uri>http://localhost:7443/AttributeAuthority</uri>
26        </AttributeAuthority>
27    </Target>
28</Policy>
Note: See TracBrowser for help on using the repository browser.