Changeset 3955 for TI12-security/trunk


Ignore:
Timestamp:
28/05/08 10:26:35 (12 years ago)
Author:
pjkersha
Message:

python/ndg.security.server/ndg/security/server/share/ndg-aa: added option for http_proxy setting

python/ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py: make layout section optional

python/ndg.security.server/ndg/security/server/sso/sso/lib/openid_util.py: TypeError? check to ensure request object is accessible

python/ndg.security.server/ndg/security/server/SessionMgr/init.py: allow defaults for 'wssRefInclNS' and 'wssSignedInfoInclNS' properties in case they're not set

security/python/Makefile: added target for making SysV init scripts

python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/*... more experiments for generic SOAP WSGI Middleware

python/ndg.security.common/ndg/security/common/authz/pdp/browse.py: important fix - permissive policy for schema types that are not recognised.

Location:
TI12-security/trunk/python
Files:
2 added
11 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/Makefile

    r3044 r3955  
    4747        ${NDG_EGG_DIST_USER}@${NDG_EGG_DIST_HOST}:${NDG_EGG_DIST_DIR} 
    4848 
    49 # Generate HTML from embedded epydoc text in source code. 
    50 EPYDOC=epydoc 
    51 EPYDOC_OUTDIR=../documentation/epydoc 
    52 EPYDOC_NAME='NDG Security' 
    53 EPYDOC_LOGFILE=epydoc.log 
    54 EPYDOC_FRAMES_OPT=--no-frames 
    55  
    5649# Make ZSI stubs from Session Manager WSDL 
    5750SM_ZSI_STUB_DIRS=./ndg.security.server/ndg/security/server/SessionMgr \ 
     
    7467# Make all ZSI stubs for NDG security 
    7568zsi_wsdl_stubs: sm_zsi_wsdl_stubs aa_zsi_wsdl_stubs 
    76          
     69 
     70 
     71# Generate HTML from embedded epydoc text in source code. 
     72EPYDOC=epydoc 
     73EPYDOC_OUTDIR=../documentation/epydoc 
     74EPYDOC_NAME='NDG Security' 
     75EPYDOC_LOGFILE=epydoc.log 
     76EPYDOC_FRAMES_OPT=--no-frames 
    7777epydoc: 
    7878        ${EPYDOC} ./ndg.security.*/ndg -o ${EPYDOC_OUTDIR} \ 
    7979        --name ${EPYDOC_NAME} ${EPYDOC_FRAMES_OPT} --include-log --graph all -v \ 
    8080        >& ${EPYDOC_LOGFILE} 
     81         
     82# Generate SysV init scripts for Twisted based services 
     83init_scripts: 
     84        cd ./ndg.security.server/ndg/security/server/share && make generateScripts 
     85 
  • TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/config/attributeauthority.py

    r3942 r3955  
    1 import os 
     1import os, sys 
     2import base64 
    23import logging 
    34log = logging.getLogger(__name__) 
    45 
    5 from ZSI import _get_element_nsuri_name, EvaluateException, ParseException 
    6 from ZSI.parse import ParsedSoap 
    76 
    87 
     
    1413         
    1514from ndg.security.common.wsSecurity import SignatureHandler 
    16 from ndg.security.server.twisted import WSSecurityHandlerChainFactory, \ 
    17         WSSecurityHandler 
    18  
    1915from ndg.security.common.X509 import X509Cert, X509CertRead 
    2016 
    21  
    22 class Middleware(object): 
    23              
    24     def __init__(self, app, app_conf): 
    25         log.debug("Middleware.__init__ ...") 
    26         self.attributeAuthorityWS = AttributeAuthorityWS() 
    27         self.app = app 
    28                  
    29     def __call__(self, environ, start_response): 
    30         log.debug("Middleware.__call__") 
    31          
    32         # Apply filter for calls 
    33         if not environ['PATH_INFO'].startswith('/AttributeAuthority'): 
    34                 return self.app(environ, start_response) 
    35          
    36         log.debug("environ=%s" % environ)EDC567*() 
    37          
    38         #ps = ParsedSoap() 
    39         #method =  getattr(self.attributeAuthorityWS, 'soap_%s' % 
    40         #                   _get_element_nsuri_name(ps.body_root)[-1]) 
    41          
    42  
    43         return self.app(environ, start_response) 
    44  
     17from ndgsecurity.config.soap import SOAPMiddleware 
     18 
     19#class AttributeAuthorityMiddleware(object): 
     20#           
     21#    def __init__(self, app, app_conf): 
     22#        log.debug("AttributeAuthorityMiddleware.__init__ ...") 
     23#        self.app = SOAPMiddleware(app, app_conf,  
     24#                                                                 ServiceSOAPBinding=AttributeAuthorityWS(), 
     25#                                                                 pathInfo='/AttributeAuthority') 
     26#                 
     27#    def __call__(self, environ, start_response): 
     28#               log.debug("AttributeAuthorityMiddleware.__call__")                               
     29# 
     30#               #start_response("200 OK", [('Content-type', 'text/xml')]) 
     31#               return self.app(environ, start_response) 
     32        
    4533 
    4634class AttributeAuthorityWS(_AttAuthorityService): 
     
    7159                pdb.set_trace() 
    7260                 
    73         request, response = AttAuthorityService.soap_getAttCert(self, ps) 
     61        request, response = _AttAuthorityService.soap_getAttCert(self, ps) 
    7462 
    7563        # Derive designated holder cert differently according to whether 
    7664        # a signed message is expected from the client 
    77         if srv.aa['useSignatureHandler']: 
     65        if self.aa['useSignatureHandler']: 
    7866            # Get certificate corresponding to private key that signed the 
    7967            # message - i.e. the user's proxy 
     
    10795                pdb.set_trace() 
    10896                 
    109         request, response = AttAuthorityService.soap_getHostInfo(self, ps) 
    110          
    111         response.Hostname = srv.aa.hostInfo.keys()[0] 
    112         response.AaURI = srv.aa.hostInfo[response.Hostname]['aaURI'] 
    113         response.AaDN = srv.aa.hostInfo[response.Hostname]['aaDN'] 
    114         response.LoginURI = srv.aa.hostInfo[response.Hostname]['loginURI'] 
     97        request, response = _AttAuthorityService.soap_getHostInfo(self, ps) 
     98         
     99        response.Hostname = self.aa.hostInfo.keys()[0] 
     100        response.AaURI = self.aa.hostInfo[response.Hostname]['aaURI'] 
     101        response.AaDN = self.aa.hostInfo[response.Hostname]['aaDN'] 
     102        response.LoginURI = self.aa.hostInfo[response.Hostname]['loginURI'] 
    115103        response.LoginServerDN = \ 
    116                 srv.aa.hostInfo[response.Hostname]['loginServerDN'] 
     104                self.aa.hostInfo[response.Hostname]['loginServerDN'] 
    117105        response.LoginRequestServerDN = \ 
    118                 srv.aa.hostInfo[response.Hostname]['loginRequestServerDN'] 
     106                self.aa.hostInfo[response.Hostname]['loginRequestServerDN'] 
    119107 
    120108        return request, response 
     
    132120                pdb.set_trace() 
    133121                 
    134         request, response = AttAuthorityService.soap_getAllHostsInfo(self, ps) 
    135          
    136  
    137         trustedHostInfo = srv.aa.getTrustedHostInfo() 
     122        request, response = _AttAuthorityService.soap_getAllHostsInfo(self, ps) 
     123         
     124 
     125        trustedHostInfo = self.aa.getTrustedHostInfo() 
    138126 
    139127                # Convert ready for serialization 
     
    143131        hosts = [response.new_hosts()] 
    144132         
    145         hosts[0].Hostname = srv.aa.hostInfo.keys()[0] 
     133        hosts[0].Hostname = self.aa.hostInfo.keys()[0] 
    146134         
    147135        hosts[0].AaURI = \ 
    148                 srv.aa.hostInfo[hosts[0].Hostname]['aaURI'] 
     136                self.aa.hostInfo[hosts[0].Hostname]['aaURI'] 
    149137        hosts[0].AaDN = \ 
    150                 srv.aa.hostInfo[hosts[0].Hostname]['aaDN'] 
    151  
    152         hosts[0].LoginURI = srv.aa.hostInfo[hosts[0].Hostname]['loginURI'] 
     138                self.aa.hostInfo[hosts[0].Hostname]['aaDN'] 
     139 
     140        hosts[0].LoginURI = self.aa.hostInfo[hosts[0].Hostname]['loginURI'] 
    153141        hosts[0].LoginServerDN = \ 
    154                 srv.aa.hostInfo[hosts[0].Hostname]['loginServerDN'] 
     142                self.aa.hostInfo[hosts[0].Hostname]['loginServerDN'] 
    155143        hosts[0].LoginRequestServerDN = \ 
    156                 srv.aa.hostInfo[hosts[0].Hostname]['loginRequestServerDN'] 
     144                self.aa.hostInfo[hosts[0].Hostname]['loginRequestServerDN'] 
    157145         
    158146                # ... then append info for other trusted attribute authorities... 
     
    187175                 
    188176        request, response = \ 
    189                         AttAuthorityService.soap_getTrustedHostInfo(self, ps) 
    190          
    191         trustedHostInfo = srv.aa.getTrustedHostInfo(role=request.Role) 
     177                        _AttAuthorityService.soap_getTrustedHostInfo(self, ps) 
     178         
     179        trustedHostInfo = self.aa.getTrustedHostInfo(role=request.Role) 
    192180 
    193181                # Convert ready for serialization 
     
    222210                pdb.set_trace() 
    223211                 
    224         request, response = AttAuthorityService.soap_getX509Cert(self, ps) 
    225          
    226         x509Cert = X509CertRead(srv.aa['certFile']) 
     212        request, response = _AttAuthorityService.soap_getX509Cert(self, ps) 
     213         
     214        x509Cert = X509CertRead(self.aa['certFile']) 
    227215        response.X509Cert = base64.encodestring(x509Cert.asDER()) 
    228216        return request, response 
  • TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/config/middleware.py

    r3942 r3955  
    1313from ndgsecurity.config.environment import load_environment 
    1414 
    15 from ndgsecurity.config.attributeauthority import Middleware as AAMiddleware 
     15from ndgsecurity.config.attributeauthority import AttributeAuthorityWS 
     16from ndgsecurity.config.soap import SOAPMiddleware 
    1617 
    1718def make_app(global_conf, full_stack=True, **app_conf): 
     
    4041 
    4142    # CUSTOM MIDDLEWARE HERE (filtered by error handling middlewares) 
    42     app = AAMiddleware(app, global_conf) 
     43    app = SOAPMiddleware(app, global_conf, 
     44                        ServiceSOAPBinding=AttributeAuthorityWS(), 
     45                        pathInfo='/AttributeAuthority') 
    4346     
    4447    if asbool(full_stack): 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttAuthority/__init__.py

    r3942 r3955  
    184184        if self._transport != ProxyHTTPConnection: 
    185185            log.info("Ignoring httpProxyHost setting: transport class is " +\ 
    186                      " not ProxyHTTPConnection type") 
     186                     "not ProxyHTTPConnection type") 
    187187            return 
    188188         
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/SessionMgr/__init__.py

    r3942 r3955  
    239239        if self._transport != ProxyHTTPConnection: 
    240240            log.info("Ignoring httpProxyHost setting: transport class is " +\ 
    241                      " not ProxyHTTPConnection type") 
     241                     "not ProxyHTTPConnection type") 
    242242            return 
    243243         
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/pdp/browse.py

    r3942 r3955  
    159159        query.  If role is None, no security is set''' 
    160160         
    161         if self.resrcURI.schema == 'DIF': 
    162             log.info('DIF record found - no security applied') 
    163             return None, None # no access control 
    164          
    165         elif self.resrcURI.schema == 'NDG-B0': 
     161        if self.resrcURI.schema == 'NDG-B0': 
    166162            log.info(\ 
    167163            'Checking for constraints for MOLES B0 document ...') 
     
    198194                                    BrowsePDP.aaElemName)             
    199195        else: 
    200             log.error('unknown schema type "%s"' % \ 
    201                       self.resrcURI.schema) 
    202             raise PDPUnknownResourceType() 
     196            log.warning('No access control set for schema type: "%s"' % \ 
     197                        self.resrcURI.schema) 
     198            return None, None # no access control 
     199         
    203200 
    204201        # Execute queries for role and Attribute Authority elements and extract 
     
    299296         
    300297        except TypeError, e: 
    301             log.error("Invalid User handle: %s" % e) 
     298            log.error("No User handle set - raising PDPUserNotLoggedIn: %s"%e) 
    302299            raise PDPUserNotLoggedIn() 
    303300             
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/SessionMgr/__init__.py

    r3652 r3955  
    940940            # 
    941941            wssSignatureHandlerKw = { 
    942             'refC14nKw': {'unsuppressedPrefixes': self.__prop['wssRefInclNS']}, 
     942            'refC14nKw': {'unsuppressedPrefixes':  
     943                          self.__prop.get('wssRefInclNS', [])}, 
    943944            'signedInfoC14nKw':{'unsuppressedPrefixes': 
    944                                 self.__prop['wssSignedInfoInclNS']}} 
     945                                self.__prop.get('wssSignedInfoInclNS', [])}} 
    945946 
    946947            try:    
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/share/ndg-aa

    r2942 r3955  
    2424uid="globus" 
    2525gid="globus" 
     26 
     27# Allow for a site proxy - if not set correctly, Web Service clients from this 
     28# service to services at other sites won't work 
     29#export http_proxy= 
    2630 
    2731# Suggested location for NDG Security settings 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py

    r3918 r3955  
    178178            self.enableOpenID = False 
    179179             
    180         self.localLink=self.cfg.get(layoutSection, 'localLink', None) 
    181         self.localImage=self.cfg.get(layoutSection, 'localImage', None) 
    182         self.localAlt=self.cfg.get(layoutSection, 'localAlt',  
    183                                    'Visit Local Site') 
    184         self.ndgLink=self.cfg.get(layoutSection, 'ndgLink',  
    185                                   'http://ndg.nerc.ac.uk') 
    186         self.ndgImage=self.cfg.get(layoutSection, 'ndgImage', None) 
    187         self.ndgAlt=self.cfg.get(layoutSection, 'ndgAlt','Visit NDG') 
    188         self.stfcLink=self.cfg.get(layoutSection, 'stfcLink') 
    189         self.stfcImage=self.cfg.get(layoutSection, 'stfcImage') 
    190         self.helpIcon=self.cfg.get(layoutSection, 'helpIcon') 
    191         self.LeftAlt=self.cfg.get(layoutSection, 'HdrLeftAlt') 
    192         self.LeftLogo=self.cfg.get(layoutSection, 'HdrLeftLogo') 
    193         self.pageLogo="bodcHdr" 
    194         self.icons_xml=self.cfg.get(layoutSection,'Xicon') 
    195         self.icons_plot=self.cfg.get(layoutSection,'plot') 
    196         self.icons_prn=self.cfg.get(layoutSection, 'printer') 
    197          
    198         self.disclaimer = self.cfg.get('DEFAULT', 'disclaimer') 
     180        # Optional - only required for a standalone SSO deployment 
     181        if self.cfg.has_section(layoutSection): 
     182            self.localLink=self.cfg.get(layoutSection, 'localLink', None) 
     183            self.localImage=self.cfg.get(layoutSection, 'localImage', None) 
     184            self.localAlt=self.cfg.get(layoutSection, 'localAlt',  
     185                                       'Visit Local Site') 
     186            self.ndgLink=self.cfg.get(layoutSection, 'ndgLink',  
     187                                      'http://ndg.nerc.ac.uk') 
     188            self.ndgImage=self.cfg.get(layoutSection, 'ndgImage', None) 
     189            self.ndgAlt=self.cfg.get(layoutSection, 'ndgAlt','Visit NDG') 
     190            self.stfcLink=self.cfg.get(layoutSection, 'stfcLink') 
     191            self.stfcImage=self.cfg.get(layoutSection, 'stfcImage') 
     192            self.helpIcon=self.cfg.get(layoutSection, 'helpIcon') 
     193            self.LeftAlt=self.cfg.get(layoutSection, 'HdrLeftAlt') 
     194            self.LeftLogo=self.cfg.get(layoutSection, 'HdrLeftLogo') 
     195            self.pageLogo="bodcHdr" 
     196            self.icons_xml=self.cfg.get(layoutSection,'Xicon') 
     197            self.icons_plot=self.cfg.get(layoutSection,'plot') 
     198            self.icons_prn=self.cfg.get(layoutSection, 'printer') 
     199         
     200        if self.cfg.has_option(defSection, 'disclaimer'): 
     201            self.disclaimer = self.cfg.get(defSection, 'disclaimer') 
     202        else: 
     203            self.disclaimer = '' 
    199204             
    200205             
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/openid_util.py

    r3942 r3955  
    5353     
    5454    # Check for return from OpenID login 
    55     if 'REMOTE_USER' in request.environ: 
     55    try: 
     56        userSet = 'REMOTE_USER' in request.environ 
     57    except TypeError, e: 
     58        # Request object may not be registered - crude fix here wrapping it a 
     59        # catch 
     60        # TODO: referencing environ outside a controller 
     61        log.info("Keying 'REMOTE_USER' in request.environ: %s" % e) 
     62        userSet = False 
     63         
     64    if userSet: 
    5665        if not g.ndg.security.common.sso.state.returnToURL: 
    5766            log.error("No returnToURL set for redirect following OpenID " + \ 
     
    6271            h.redirect_to(g.ndg.security.common.sso.state.returnToURL) 
    6372 
    64      
    6573    state = g.ndg.security.common.sso.state 
    6674    cfg =  g.ndg.security.common.sso.cfg 
     
    131139            'Please report the error to your site administrator.' 
    132140        log.error("AttAuthorityClient getAllHostsInfo call: %s" % e)   
    133         return render('ndg.security.kid', template_name='ndg.security.error') 
     141        return buffet.render('ndg.security.kid',  
     142                             template_name='ndg.security.error', 
     143                             namespace=dict(h=h, g=config['pylons.g'], c=c)) 
    134144         
    135145    g.ndg.security.server.sso.state.trustedIdPs = \ 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/attAuthorityClientTest.cfg

    r3942 r3955  
    1212# setting for test6GetMappedAttCert 
    1313uri = http://localhost:5010/AttributeAuthority 
    14 #uri = https://localhost:5000/AttributeAuthority 
     14#uri = http://localhost:5000/AttributeAuthority 
    1515 
    1616# For https connections only.  !Omit ssl* settings if using http! 
Note: See TracChangeset for help on using the changeset viewer.