Ignore:
Timestamp:
27/11/07 11:15:37 (12 years ago)
Author:
pjkersha
Message:

Important fix for ticket #883 - ensures cookie at users login site is kept in sync with their Session Manager.

ows_server/ndgDiscovery.config: default SM URI goes through Apache now

ows_server/ows_server/controllers/login.py: added call to SessionMgr?.getSessionStatus in LoginController?.index. This checks the users session and if not found on the Session Manager, offers re-login. This is a likely scenario where the user logs off at a remote site removing their session from the Session Manager but leave stale security session cookie details on their home site.

ows_server/ows_server/lib/security_util.py: fix to LoginServiceQuery? - raise new LoginServiceQueryError? type exception

Location:
TI05-delivery/ows_framework/trunk/ows_server
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • TI05-delivery/ows_framework/trunk/ows_server/ndgDiscovery.config

    r2976 r3056  
    1010# 
    1111# the following is the server on which this browse/discovery instance runs! 
     12#server:         http://localhost 
    1213server:         http://localhost:8080 
    1314 
     
    125126# Service addresses 
    126127#sessionMgrURI: https://localhost:5700/SessionManager 
    127 sessionMgrURI: https://glue.badc.rl.ac.uk:50000/SessionManager 
     128sessionMgrURI: https://ndgbeta.badc.rl.ac.uk/SessionManager 
    128129#attAuthorityURI: http://localhost:5000/AttributeAuthority 
    129130attAuthorityURI: http://aa.ceda.rl.ac.uk 
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/controllers/login.py

    r3019 r3056  
    4949        log.debug("LoginController.index ...")    
    5050 
    51         if 'ndgSec' in session:  
    52             # Session is set in this domain - copy its content 
    53             # and return it across http GET to caller 
     51        if 'ndgSec' not in session:  
     52            log.debug('No security session details found - offering login...') 
     53            return render_response('login') 
     54         
     55        # Session is set in this domain - check it  
     56        try:     
     57            smClnt = SessionMgrClient(uri=session['ndgSec']['h'], 
     58                    sslCACertFilePathList=g.securityCfg.sslCACertFilePathList, 
     59                    sslPeerCertCN=g.securityCfg.sslPeerCertCN, 
     60                    signingCertFilePath=g.securityCfg.wssCertFilePath, 
     61                    signingPriKeyFilePath=g.securityCfg.wssPriKeyFilePath, 
     62                    signingPriKeyPwd=g.securityCfg.wssPriKeyPwd, 
     63                    caCertFilePathList=g.securityCfg.wssCACertFilePathList, 
     64                    tracefile=g.securityCfg.tracefile) 
     65                                 
     66        except Exception, e: 
     67            c.xml='Error establishing security context [%s]'%cgi.escape(str(e)) 
     68            return Response(render('content'), code=400) 
     69         
     70        # Check session status 
     71        log.debug('Calling Session Manager "%s" getSessionStatus ' % \ 
     72                  session['ndgSec']['h'] + 'for user "%s" with sid="%s" ...'%\ 
     73                  (session['ndgSec']['u'], session['ndgSec']['sid'])) 
     74        try: 
     75            bSessOK = smClnt.getSessionStatus(sessID=session['ndgSec']['sid']) 
     76        except Exception, e: 
     77            c.xml = "Error checking your session details.  Please re-login" 
     78            log.error("Session Manager getSessionStatus returned: %s" % e) 
     79        return Response(render('login'), code=401) 
     80    
     81        if bSessOK: 
     82            log.debug(\ 
     83        "Session found - redirect back to site requesting credentials ...") 
     84            # ... Return across http GET passing security parameters... 
    5485            return self.__doRedirect() 
    5586        else: 
    56             return render_response('login') 
     87            log.debug("Session wasn't found - re-displaying login...") 
     88            render_response('login') 
    5789 
    5890 
     
    75107            passphrase = request.params['passphrase']                      
    76108                                 
    77         except Exception,e: 
     109        except Exception, e: 
    78110            c.xml='Error establishing security context [%s]'%cgi.escape(str(e)) 
    79111            return Response(render('content'), code=400) 
     
    154186         
    155187        return render_response('wayf') 
     188         
    156189         
    157190    def __doRedirect(self): 
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/controllers/logout.py

    r2991 r3056  
    4343            return self.__redirect() 
    4444         
     45        # Fixed URI to be equal to the session's security settings 'h' param! 
     46        # This contains the location of the Session Manager where the users 
     47        # session is held. 
     48        # 
     49        # Removed sslPeerCertCN setting here - the session manager could at  
     50        # any of a number of different trusted sites where the user logged in 
     51        # from.  There's no way of predicting an alternate SSL cert Common 
     52        # Name through the config file settings 
     53        # 
     54        # P J Kershaw 21/11/2007 
    4555        try: 
    46             smClnt = SessionMgrClient(uri=g.securityCfg.smURI, 
     56            smClnt = SessionMgrClient(uri=session['ndgSec']['h'], 
    4757                    sslCACertFilePathList=g.securityCfg.sslCACertFilePathList, 
    48                     sslPeerCertCN=g.securityCfg.sslPeerCertCN, 
    4958                    signingCertFilePath=g.securityCfg.wssCertFilePath, 
    5059                    signingPriKeyFilePath=g.securityCfg.wssPriKeyFilePath, 
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/lib/security_util.py

    r3019 r3056  
    6969setSecuritySession = SecuritySession 
    7070            
    71   
     71            
     72class LoginServiceQueryError(Exception): 
     73    """Error handling for LoginServiceQuery - a class which handles the  
     74    parsing of security args in a HTTP GET request for the LoginService""" 
     75     
    7276class LoginServiceQuery(object): 
    7377    """Create query string containing security credentials.  This is used by 
     
    138142            keys = dict([(k, request.params[k]) for k in cls.keys]) 
    139143        except KeyError, e: 
    140             OwsError, \ 
     144            LoginServiceQueryError, \ 
    141145                '%s argument is missing from URL returned by Login Service' %\ 
    142146                str(e) 
Note: See TracChangeset for help on using the changeset viewer.