source: TI12-security/trunk/python/ @ 5555

Subversion URL:
Revision 5555, 1004 bytes checked in by pjkersha, 11 years ago (diff)

OpenID Relying Party flexible configuration

Fixed security WSGI configuration so that the OpenID Relying Party can run in the same middleware as the application it protects or independently in the security services middleware stack. There are two applications involved in applying security:

  1. the app to be secured
  2. app running security services

  1. is configured with middleware to intercept requests and apply the security policy. 2. runs services such as the Attribute Authority and OpenID Provider used by 1. The OpenID Relying Party can now be incorporated in either. For cases where an application runs in a different domain to the security services stack it's easier to deploy a Relying Party with the app in 1. as otherwise cookies set by the RP won't be in the scope of the secured app. 2. is useful for where the app is in the same domain as 2. and there's a need to run the RP over SSL.

Configurations can be set at deployment from Paste ini file pipeline settings.

1#!/usr/bin/env python
2"""NDG Security test harness for authorisation middleware used to secure an
5NERC DataGrid Project
7__author__ = "P J Kershaw"
8__date__ = "20/11/08"
9__copyright__ = "(C) 2009 Science and Technology Facilities Council"
10__license__ = "BSD - See top-level directory for LICENSE file"
11__contact__ = ""
12__revision__ = "$Id$"
15# To start run
16# $ paster serve services.ini or run this file as a script
17# $ ./ [port #]
18if __name__ == '__main__':
19    import sys
20    import os
21    from os.path import dirname, abspath
22    import logging
23    logging.basicConfig(level=logging.DEBUG)
25    if len(sys.argv) > 1:
26        port = int(sys.argv[1])
27    else:
28        port = 7080
30    cfgFilePath = os.path.join(dirname(abspath(__file__)), 'securedapp.ini')
32    from paste.httpserver import serve
33    from paste.deploy import loadapp
35    app = loadapp('config:%s' % cfgFilePath)
36    serve(app, host='', port=port)
Note: See TracBrowser for help on using the repository browser.