Changeset 3960 for TI12-security/trunk


Ignore:
Timestamp:
29/05/08 16:07:00 (12 years ago)
Author:
pjkersha
Message:

Fixes following new NDG beta deployment on glue:

  • PDP sends warning if user not logged in rather than raising exception.
  • Added new invalid user attrs exception
Location:
TI12-security/trunk/python
Files:
10 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/development.ini

    r3942 r3960  
    1010smtp_server = localhost 
    1111error_email_from = paste@localhost 
     12wsseCfgFilePath=wssecurity.cfg 
    1213 
    1314[server:main] 
  • TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/config/middleware.py

    r3955 r3960  
    1515from ndgsecurity.config.attributeauthority import AttributeAuthorityWS 
    1616from ndgsecurity.config.soap import SOAPMiddleware 
     17from ndgsecurity.config.wssecurity import SignatureVerificationMiddleware 
    1718 
    1819def make_app(global_conf, full_stack=True, **app_conf): 
     
    4142 
    4243    # CUSTOM MIDDLEWARE HERE (filtered by error handling middlewares) 
     44    app = SignatureVerificationMiddleware(app, global_conf) 
    4345    app = SOAPMiddleware(app, global_conf, 
    44                         ServiceSOAPBinding=AttributeAuthorityWS(), 
    45                         pathInfo='/AttributeAuthority') 
     46                         ServiceSOAPBinding=AttributeAuthorityWS(), 
     47                         pathInfo='/AttributeAuthority') 
    4648     
    4749    if asbool(full_stack): 
  • TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/config/soap.py

    r3955 r3960  
    7070#        if soap is not None: 
    7171#            return self._writeResponse(request, soap) 
     72        self.app(environ, start_response) 
    7273        start_response("200 OK", [('Content-type', 'text/xml')]) 
    73         return soapOut #self.app(environ, start_response) 
     74        return soapOut  
  • TI12-security/trunk/python/Tests/pylonsAttributeAuthority/ndgsecurity/ndgsecurity/config/wssecurity.py

    r3955 r3960  
     1import logging 
     2log = logging.getLogger(__name__) 
    13 
     4from ZSI.parse import ParsedSoap 
     5from ZSI.writer import SoapWriter 
     6from ndg.security.common.wsSecurity import SignatureHandler 
    27 
    38class SignatureMiddleware(object): 
     
    712     
    813    def __call__(self, environ, start_response): 
     14 
     15        ps = ParsedSoap(soapIn) 
     16        self.signatureHandler.sign(ps) 
    917        return self.app(environ, start_response) 
    1018     
    11 class SignatureVerificationMiddleware(): 
     19class SignatureVerificationMiddleware(object): 
    1220    def __init__(self, app, app_conf): 
     21        log.debug("SignatureVerificationMiddleware.__init__ ...") 
    1322        self.app = app 
    14         pass 
     23        self.signatureHandler = SignatureHandler( 
     24                                        cfg=app_conf.get('wsseCfgFilePath')) 
    1525     
    1626    def __call__(self, environ, start_response): 
     27         
     28        soapIn = environ['wsgi.input'].getvalue() 
     29        log.debug("Verifying signature...") 
     30         
     31        ps = ParsedSoap(soapIn) 
     32        self.signatureHandler.verify(ps) 
    1733        return self.app(environ, start_response) 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/pdp/__init__.py

    r3897 r3960  
    4444        PDPError.__init__(self, msg or PDPMissingResourceConstraints.__doc__) 
    4545 
     46class PDPMissingUserHandleAttr(PDPError): 
     47    """User session information is not set correctly""" 
     48    def __init__(self, msg=None): 
     49        PDPError.__init__(self, msg or PDPMissingUserHandleAttr.__doc__) 
     50         
    4651class PDPUnknownResourceType(PDPError): 
    4752    """The type for requested resource is not known""" 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/pdp/browse.py

    r3955 r3960  
    2828from ndg.security.common.authz.pdp import PDPInterface, PDPError, \ 
    2929    PDPUserAccessDenied, PDPUserNotLoggedIn, PDPMissingResourceConstraints, \ 
    30     PDPUnknownResourceType, PDPUserInsufficientPrivileges 
     30    PDPUnknownResourceType, PDPUserInsufficientPrivileges, \ 
     31    PDPMissingUserHandleAttr 
    3132     
    3233from ndg.security.common.SessionMgr import SessionMgrClient, SessionNotFound,\ 
     
    293294        except KeyError, e: 
    294295            log.error("User handle missing key %s" % e) 
    295             raise PDPUserNotLoggedIn() 
     296            raise PDPMissingUserHandleAttr() 
    296297         
    297298        except TypeError, e: 
    298             log.error("No User handle set - raising PDPUserNotLoggedIn: %s"%e) 
    299             raise PDPUserNotLoggedIn() 
     299            log.warning("No User handle set - user is not logged in: %s" % e) 
    300300             
    301301        # Resource handle contains URI and ElementTree resource security  
     
    322322                     (self.resrcURI, self.username)) 
    323323            return 
    324          
     324 
    325325        # TODO: OpenID users have no session with the Session Manager 
    326326        if not self.userSessID: 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py

    r3918 r3960  
    1414    def index(self): 
    1515        ''' NDG equivalent to Shibboleth WAYF ''' 
    16          
     16        log.debug("WayfController.index ...") 
    1717        # Check for return to arg in query.  This is necessary only if the  
    1818        # WAYF query originates from a different service to this one 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/templates/ndg/security/login.kid

    r3918 r3960  
    33    <div py:def="loginForm()" class="loginForm"> 
    44        <form action="$g.ndg.security.server.sso.cfg.getCredentials" method="POST"> 
    5             <!-- 
    6             <input type="hidden" name="r" value="${g.ndg.security.common.sso.b64encReturnToURL}"/> 
    7             --> 
    85            <table cellspacing="0" border="0" cellpadding="5"> 
    96                <tr> 
     
    1512                </tr><tr> 
    1613                    <td colspan="2" align="right"> 
    17                     <input type="submit" value="Login"/></td> 
     14                        <input type="submit" value="Login"/> 
     15                    </td> 
    1816                </tr> 
    1917            </table> 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/templates/ndg/security/wayf.kid

    r3918 r3960  
    11<html py:extends="'ndgPage.kid'" xmlns="http://www.w3.org/1999/xhtml" xmlns:py="http://purl.org/kid/ns#"> 
    2     <div py:def="trustedSitesList()" class="trustedSitesList" style="text-indent:5px">         
     2    <div py:if="len(g.ndg.security.server.sso.state.trustedIdPs) > 0" py:def="trustedSitesList()" class="trustedSitesList" style="text-indent:5px">         
    33        <h4> Where are you from? </h4> 
    44        <p> You can login in at a trusted partner site: 
     
    1212                </ul> 
    1313            </p> 
     14                <p>Alternatively, sign in with OpenID:</p> 
    1415        </div> 
    15          
     16    <div py:if="len(g.ndg.security.server.sso.state.trustedIdPs) == 0" py:def="trustedSitesListNotAvailable()" class="trustedSitesListNotAvailable" style="text-indent:5px">         
     17                <h4>Where are you from?</h4> 
     18        </div> 
    1619    <div py:def="openIDSignin()" class="openIDSignin" style="text-indent:5px"> 
    17                 <p>Alternatively, sign in with OpenID:</p> 
    1820                <form action="$g.ndg.security.server.sso.cfg.server/verify" method="post"> 
    1921                  <table cellspacing="0" border="0" cellpadding="5"> 
    2022                    <tr> 
    2123                        <td>OpenID:</td>  
    22                         <td><input type="text" name="openid" value="" class='openid-identifier'/></td> 
     24                        <td> 
     25                                <input type="text" name="openid" value="" class='openid-identifier'/> 
     26                        </td> 
    2327                        <td align="right"> 
    24                         <input type="submit" name="authform" value="Go"/></td> 
     28                                <input type="submit" name="authform" value="Go"/> 
     29                        </td> 
     30                        <td> 
     31                                <a href="http://openid.net/what/" target="_blank"><small>What's this?</small></a> 
     32                        </td> 
    2533                    </tr> 
    2634                  </table> 
     
    4250        <div py:replace="header()"/> 
    4351        <replace py:replace="trustedSitesList()"/> 
     52        <replace py:replace="trustedSitesListNotAvailable()"/> 
    4453        <replace py:replace="openIDSignin()"/> 
    4554        <div py:replace="footer(showLoginStatus=False)"/> 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/wsSecurity/server/wssecurity.cfg

    r3755 r3960  
    4545signingPriKeyPwd= 
    4646 
    47 # Set CA certificates for verification of chain of trust for inbound messages 
    48 # Set a directory from which to pick up CA cert files or ... 
    49 caCertDirPath= 
    50  
    51 # Provide a space separated list of file paths 
    52 caCertFilePathList=$NDGSEC_WSSESRV_UNITTEST_DIR/ndg-test-ca.crt 
    53  
    5447# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
    5548# signed message.  See __setReqBinSecTokValType method and binSecTokValType  
     
    9386# ... or provide file path PEM encode cert here 
    9487verifyingCertFilePath= 
     88 
     89# Set CA certificates for verification of chain of trust for inbound messages 
     90# Set a directory from which to pick up CA cert files or ... 
     91caCertDirPath= 
     92 
     93# Provide a space separated list of file paths 
     94caCertFilePathList=$NDGSEC_WSSESRV_UNITTEST_DIR/ndg-test-ca.crt 
Note: See TracChangeset for help on using the changeset viewer.