source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/unit/wsgi/authz/test.ini @ 5330

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/unit/wsgi/authz/test.ini@5330
Revision 5330, 2.0 KB checked in by pjkersha, 11 years ago (diff)

Completed AuthorizationMiddleware? unit tests ndg.security.test.unit.wsgi.authz:

  • Test 8, 'test08AccessDeniedForAdminQueryArg' tries out the use case for a URI which can display additional content for users with admin privileges. The caller needs to be able to display the correct content according to whether the user has admin rights or not:
    1. the caller invokes /securedURI?admin=1
    2. if the user has admin, rights the PDP will grant access and the PEP will deliver this URI.
    3. if the user doesn't have admin rights, a special overloaded PEP result handler class detects that access was denied for the admin URI and redirects the user to a modified URI subtracting the admin flag. The application code can then deliver the appropriate content minus admin privileges.
Line 
1#
2# AuthZ WSGI Testing environment configuration
3#
4# The %(here)s variable will be replaced with the parent directory of this file
5#
6[DEFAULT]
7testConfigDir = %(here)s/../../../config
8
9[server:main]
10use = egg:Paste#http
11host = 0.0.0.0
12port = 5000
13
14[pipeline:main]
15pipeline = AuthZFilter TestApp
16
17[app:TestApp]
18paste.app_factory = ndg.security.test.unit.wsgi.authz.test_authz:TestAuthZMiddleware
19
20[filter:AuthZFilter]
21paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
22prefix = authz.
23policy.filePath = %(here)s/policy.xml
24
25authz.pepResultHandler = ndg.security.test.unit.wsgi.authz.test_authz.RedirectFollowingAccessDenied
26
27# Settings for Policy Information Point used by the Policy Decision Point to
28# retrieve subject attributes from the Attribute Authority associated with the
29# resource to be accessed
30pip.sslCACertFilePathList=
31
32# List of CA certificates used to verify the signatures of
33# Attribute Certificates retrieved
34pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
35
36#
37# WS-Security Settings for call to Session Manager
38
39# Signature of an outbound message
40
41# Certificate associated with private key used to sign a message.  The sign
42# method will add this to the BinarySecurityToken element of the WSSE header. 
43# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
44# As an alternative, use signingCertChain - see below...
45
46# PEM encode cert
47pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
48
49# PEM encoded private key file
50pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
51
52# Password protecting private key.  Leave blank if there is no password.
53pip.wssecurity.signingPriKeyPwd=
54
55# For signature verification.  Provide a space separated list of file paths
56pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
57
58# ValueType for the BinarySecurityToken added to the WSSE header
59pip.wssecurity.reqBinSecTokValType=X509v3
60
61# Add a timestamp element to an outbound message
62pip.wssecurity.addTimestamp=True
Note: See TracBrowser for help on using the repository browser.