source: TI12-security/trunk/python/ @ 5330

Subversion URL:
Revision 5330, 462 bytes checked in by pjkersha, 11 years ago (diff)

Completed AuthorizationMiddleware? unit tests

  • Test 8, 'test08AccessDeniedForAdminQueryArg' tries out the use case for a URI which can display additional content for users with admin privileges. The caller needs to be able to display the correct content according to whether the user has admin rights or not:
    1. the caller invokes /securedURI?admin=1
    2. if the user has admin, rights the PDP will grant access and the PEP will deliver this URI.
    3. if the user doesn't have admin rights, a special overloaded PEP result handler class detects that access was denied for the admin URI and redirects the user to a modified URI subtracting the admin flag. The application code can then deliver the appropriate content minus admin privileges.
1WSGI Authorization Middleware Unit Tests
3These tests call via
4paste.fixture.  An attribute authority service needs to be running in order
5for the middleware to check user attributes,  In a separate terminal start
6this service:
8$ python ../../../config/attributeauthority/sitea/
10Then, to run the tests:
12$ python
14P J Kershaw 22/05/09
Note: See TracBrowser for help on using the repository browser.