source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/unit/wsgi/authz/policy.xml @ 5330

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/unit/wsgi/authz/policy.xml@5330
Revision 5330, 1.4 KB checked in by pjkersha, 11 years ago (diff)

Completed AuthorizationMiddleware? unit tests ndg.security.test.unit.wsgi.authz:

  • Test 8, 'test08AccessDeniedForAdminQueryArg' tries out the use case for a URI which can display additional content for users with admin privileges. The caller needs to be able to display the correct content according to whether the user has admin rights or not:
    1. the caller invokes /securedURI?admin=1
    2. if the user has admin, rights the PDP will grant access and the PEP will deliver this URI.
    3. if the user doesn't have admin rights, a special overloaded PEP result handler class detects that access was denied for the admin URI and redirects the user to a modified URI subtracting the admin flag. The application code can then deliver the appropriate content minus admin privileges.
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<Policy PolicyId="AuthZUnitTests" xmlns="urn:ndg:security:authz:1.0:policy">
3    <Description>Restrict access for Authorization unit tests</Description>
4   
5    <Target>
6        <URIPattern>^/test_accessGrantedToSecuredURI$</URIPattern>
7        <Attributes>
8            <Attribute>urn:siteA:security:authz:1.0:attr:staff</Attribute>
9        </Attributes>
10        <AttributeAuthority>
11            <uri>http://localhost:5000/AttributeAuthority</uri>
12        </AttributeAuthority>
13    </Target>
14    <Target>
15        <URIPattern>^/test_accessDeniedToSecuredURI$</URIPattern>
16        <Attributes>
17            <Attribute>urn:siteA:security:authz:1.0:attr:forbidden</Attribute>
18            <Attribute>urn:siteA:security:authz:1.0:attr:keepout</Attribute>
19        </Attributes>
20        <AttributeAuthority>
21            <uri>http://localhost:5000/AttributeAuthority</uri>
22        </AttributeAuthority>
23    </Target>
24    <Target>
25        <!--
26            Special extra target puts additional restriction in place if
27            admin query argument is set
28        -->
29        <URIPattern>^/test_accessGrantedToSecuredURI\?admin=1$</URIPattern>
30        <Attributes>
31            <Attribute>urn:siteA:security:authz:1.0:attr:admin</Attribute>
32        </Attributes>
33        <AttributeAuthority>
34            <uri>http://localhost:5000/AttributeAuthority</uri>
35        </AttributeAuthority>
36    </Target>
37</Policy>
Note: See TracBrowser for help on using the repository browser.