source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/dap/server.ini @ 5280

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/dap/server.ini@5280
Revision 5280, 3.6 KB checked in by pjkersha, 10 years ago (diff)

Further improvements to the authorization middleware:

  • PEPFilter no longer explicitly calls the PEPResultHandlerMiddleware (This latter class is the WSGI component which handles the access denied response that the server returns). This is not necessary as it can set a 403 response in order to trigger multiHandlerIntercept callback function set in the MultiHandler? instance. This responds to all 403 type status codes by invoking the PEPResultHandlerMiddleware.
  • ndg.security.common.authz.msi: improvements to the PDP, PIP and Response classes.
  • ndg.security.test.integration.dap: added integration test for secured pyDAP service
Line 
1#
2# pyDAP Test config
3#
4# The %(here)s variable will be replaced with the parent directory of this file
5#
6[server:main]
7use = egg:Paste#http
8# Change to 0.0.0.0 to make public
9host = 127.0.0.1
10port = 8080
11
12[app:static]
13use = egg:Paste#static
14document_root = %(here)s/data
15
16[app:pydap]
17use = egg:dap
18name = My-Server
19root = %(here)s/data
20verbose = 0
21template = %(here)s/template
22
23[app:staticLayout]
24use = egg:Paste#static
25document_root = %(here)s/layout
26
27[filter-app:dapApp]
28use = egg:Paste#httpexceptions
29next = cascade
30
31# Composite for OpenID Provider to enable settings for picking up static
32# content
33[composit:cascade]
34use = egg:Paste#cascade
35app1 = static
36app2 = staticLayout
37app3 = pydap
38catch = 404
39
40[pipeline:main]
41pipeline = AuthenticationFilter AuthorizationFilter dapApp
42
43[filter:AuthenticationFilter]
44paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
45prefix = authN.
46
47# Set redirect for OpenID Relying Party in the Security Services app instance
48#authN.redirectURI = https://localhost/verify
49authN.redirectURI = http://localhost:7443/verify
50
51# Beaker Session set-up
52beaker.session.key = ndg.security.session
53beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
54beaker.cache.data_dir = %(here)s/authn/beaker/pki/cache
55beaker.session.data_dir = %(here)s/authn/beaker/sessions
56
57# AuthKit Set-up
58authkit.setup.method=cookie
59
60# This cookie name and secret MUST agree with the name used by the security web
61# services app
62authkit.cookie.name=ndg.security.auth
63authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
64authkit.cookie.signoutpath = /logout
65
66[filter:AuthorizationFilter]
67paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
68prefix = authz.
69policy.filePath = %(here)s/authz/policy.xml
70
71# Settings for Policy Information Point used by the Policy Decision Point to
72# retrieve subject attributes from the Attribute Authority associated with the
73# resource to be accessed
74pip.sslCACertFilePathList=
75
76# List of CA certificates used to verify the signatures of
77# Attribute Certificates retrieved
78pip.caCertFilePathList=%(here)s/pki/ca/ndg-test-ca.crt
79
80#
81# WS-Security Settings for call to Session Manager
82
83# Signature of an outbound message
84
85# Certificate associated with private key used to sign a message.  The sign
86# method will add this to the BinarySecurityToken element of the WSSE header. 
87# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
88# As an alternative, use signingCertChain - see below...
89
90# PEM encode cert
91pip.wssecurity.signingCertFilePath=%(here)s/pki/wsse-server.crt
92
93# PEM encoded private key file
94pip.wssecurity.signingPriKeyFilePath=%(here)s/pki/wsse-server.key
95
96# Password protecting private key.  Leave blank if there is no password.
97pip.wssecurity.signingPriKeyPwd=
98
99# For signature verification.  Provide a space separated list of file paths
100pip.wssecurity.caCertFilePathList=%(here)s/pki/ca/ndg-test-ca.crt
101
102# ValueType for the BinarySecurityToken added to the WSSE header
103pip.wssecurity.reqBinSecTokValType=X509v3
104
105# Add a timestamp element to an outbound message
106pip.wssecurity.addTimestamp=True
107
108# Logging configuration
109[loggers]
110keys = root, ndg
111
112[handlers]
113keys = console,logfile
114
115[formatters]
116keys = generic
117
118[logger_root]
119level = INFO
120handlers = console
121
122[logger_ndg]
123level = DEBUG
124handlers = logfile
125qualname = ndg
126
127[handler_console]
128class = StreamHandler
129args = (sys.stderr,)
130level = NOTSET
131formatter = generic
132
133[handler_logfile]
134class = handlers.RotatingFileHandler
135level=NOTSET
136formatter=generic
137args=(os.path.join('./', 'log', 'server.log'), 'a', 100000, 10)
138
139[formatter_generic]
140format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
141datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.