Ignore:
Timestamp:
16/11/07 11:37:21 (12 years ago)
Author:
pjkersha
Message:

More complete logging info access request - #854

ows_server/models/ndgSecurity.py:

  • additional uri arg corresponding to data granule ID
  • access granted log message now includes the above

ows_server/lib/ndgInterface.py: modified HandleSecurity? call to include data granule ID.

Location:
TI05-delivery/ows_framework/trunk/ows_server/ows_server
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/lib/ndgInterface.py

    r2881 r3018  
    197197                s=x.tree.find('{http://ndg.nerc.ac.uk/csml}AccessControlPolicy/{http://ndg.nerc.ac.uk/csml}dgSecurityCondition') 
    198198                if s is not None: 
    199                     status,message=HandleSecurity(s,securityTokens) 
     199                    status,message=HandleSecurity(uri,s,securityTokens) 
    200200                    if not status: return 0,'<p> Access Denied for %s </p><p>%s</p>'%(uri,message) 
    201201        return 1,x 
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/models/ndgSecurity.py

    r2949 r3018  
    1414    AttributeRequestDenied 
    1515     
    16 def HandleSecurity(securityElement, securityTokens): 
    17     return SecurityHandler(securityElement, securityTokens)() 
     16def HandleSecurity(*args): 
     17    return SecurityHandler(*args)() 
    1818 
    1919class URLCannotBeOpened(Exception): 
     
    3434    InvalidSecurityCondition = 'Invalid Security Condition' 
    3535 
    36     def __init__(self, securityElement, securityTokens): 
     36    def __init__(self, uri, securityElement, securityTokens): 
    3737        """Initialise settings for WS-Security and SSL for SOAP 
    3838        call to Session Manager 
    3939         
    40         @type: ? TODO: set type 
    41         @param securityElement: CSML security constraint containing role and 
    42         Attribute Authority URI 
     40        @type uri: string 
     41        @param uri: URI corresponding to data granule ID 
     42         
     43        @type securityElement: ElementTree Element 
     44        @param securityElement: MOLES security constraint containing role and 
     45        Attribute Authority URI. In xml, could look like: 
     46        <moles:effect>allow</moles:effect> 
     47            <moles:simpleCondition> 
     48            <moles:dgAttributeAuthority>https://glue.badc.rl.ac.uk/AttributeAuthority</moles:dgAttributeAuthority> 
     49            <moles:attrauthRole>coapec</moles:attrauthRole> 
     50        </moles:simpleCondition> 
     51        NB: xmlns:moles="http://ndg.nerc.ac.uk/moles 
    4352         
    4453        @type: pylons.session 
     
    4655        tokens""" 
    4756         
     57        self.uri = uri 
    4858        self.securityElement = securityElement 
    4959        self.securityTokens = securityTokens 
     
    5565 
    5666 
    57     def checkAccess(self, securityElement=None, securityTokens=None): 
     67    def checkAccess(self,  
     68                    uri=None,  
     69                    securityElement=None,  
     70                    securityTokens=None): 
    5871        """Make an access control decision based on whether the user is 
    5972        authenticated and has the required roles 
     73         
     74        @type uri: string 
     75        @param uri: URI corresponding to data granule ID 
    6076         
    6177        @type: ElementTree Element 
     
    7591        # tokens and element may be set from __init__ or as args to this  
    7692        # method.  If the latter copy them into self   
     93        if uri: 
     94            self.uri = uri 
     95             
    7796        if securityTokens: 
    7897            self.securityTokens = securityTokens 
     
    186205            return False, self.__class__.InvalidAttributeCertificate 
    187206         
    188         log.info(\ 
    189  'Gatekeeper: access granted for user "%s" to "%s" secured with role "%s"' % \ 
    190                  (attCert.userId, self.securityElement, self.reqRole) + \ 
    191                  'with attribute certificate:\n\n%s' % attCert)   
     207        log.info('Gatekeeper - access granted for user "%s" '%attCert.userId+\ 
     208                 'to "%s" secured with role "%s" ' % (self.uri,self.reqRole)+\ 
     209                 'using attribute certificate:\n\n%s' % attCert) 
    192210                      
    193211        return True, self.__class__.AccessAllowedMsg 
Note: See TracChangeset for help on using the changeset viewer.