Changeset 4500 for TI12-security


Ignore:
Timestamp:
27/11/08 10:13:08 (11 years ago)
Author:
pjkersha
Message:

Added and tested dbauthn module to Session Manager authentication interfaces. This uses SQLAlchemy to enable the Session Manager to use database based authentication as an alternative to MyProxy.

  • added optional settings to sessionmanager unit test to enable testing for this - tested vs. a PostGres? db.
Location:
TI12-security/trunk/python
Files:
1 added
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/AttCert.py

    r4404 r4500  
    902902                dtDeltaLifeTime = timedelta(seconds=self.__lifetime) 
    903903            except Exception, e: 
    904                 raise AttCertError, "Invalid Certificate lifetime set %.3f" %\ 
    905                                    self.__lifetime 
     904                raise AttCertError("Invalid Certificate lifetime set %.3f" % 
     905                                   self.__lifetime) 
    906906             
    907907            # Add certificate lifetime to calculate not after time 
     
    10131013         
    10141014         
    1015     #_________________________________________________________________________     
    10161015    def isValidVersion(self): 
    10171016        """Check Attribute Certificate XML file version 
     
    10241023 
    10251024 
    1026     #_________________________________________________________________________     
    10271025    def isValid(self, 
    10281026                raiseExcep=False, 
     
    10711069        if chkVersion and not self.isValidVersion(): 
    10721070            if raiseExcep: 
    1073                 raise AttCertError, 'Attribute Certificate version is ' + \ 
    1074                                    self.__dat['version'] + ' but version ' + \ 
    1075                                    AttCert.version + ' expected' 
     1071                raise AttCertError('Attribute Certificate version is %s ' 
     1072                                   'but version %s expected' % 
     1073                                   (self.__dat['version'], AttCert.version)) 
    10761074            return False 
    10771075 
    10781076        if chkProvenance and not self.isValidProvenance(): 
    10791077            if raiseExcep: 
    1080                 raise AttCertError, \ 
    1081                     "Attribute Certificate Provenance must be set to \"" + \ 
    1082                     "\" or \"".join(AttCert.__validProvenanceSettings) + "\"" 
     1078                raise AttCertError( 
     1079                    "Attribute Certificate Provenance must be set to \"" 
     1080                    "\" or \"".join(AttCert.__validProvenanceSettings) + "\"") 
    10831081            return False 
    10841082 
    1085         # Handle exception from XMLSecDocc.isValidSig() regardless of 
     1083        # Handle exception from XMLSecDoc.isValidSig() regardless of 
    10861084        # raiseExcep flag setting 
    10871085        if chkSig: 
     
    10911089            except InvalidSignature, e: 
    10921090                 if raiseExcep: 
    1093                      raise AttCertError, e 
     1091                     raise AttCertError(e) 
    10941092                 else: 
    10951093                     return False 
     
    10981096        return True 
    10991097 
    1100  
    1101 #_____________________________________________________________________________ 
    11021098# Alternative AttCert constructors 
    11031099def AttCertRead(filePath): 
     
    11091105    return attCert 
    11101106 
    1111 #_________________________________________________________________________     
    11121107def AttCertParse(attCertTxt): 
    11131108    """Create a new attribute certificate from string of file content""" 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/authnservice/basicauthn.py

    r4404 r4500  
    11""" 
    2 Basic Authentication interface - extending the SessionManager AbstractAuthNService  
    3 interface - to allow use with SessionManager 
     2Basic Authentication interface - extending the SessionManager  
     3AbstractAuthNService interface - to allow use with SessionManager 
    44 
    55NERC Data Grid Project 
     
    1919from ndg.security.server.sessionmanager import SessionManager, \ 
    2020    AbstractAuthNService, AuthNServiceInvalidCredentials, AuthNServiceError 
    21 from ndg.security.common.myproxy import MyProxyClient 
    2221 
    2322class BasicAuthN(AbstractAuthNService): 
     
    2827        '''Instantiate object taking in settings from the input 
    2928        properties''' 
    30         accounts = prop.get('basicAuthN_accounts', []).split() 
    31         self.accounts = dict([tuple(account.split(':')) \ 
    32                               for account in accounts]) 
     29        accounts = prop.get('accounts', []).split() 
     30        self.accounts=dict([tuple(account.split(':')) for account in accounts]) 
    3331        
    3432    def logon(self, username, passphrase): 
     
    4240        ''' 
    4341        try: 
    44             md5Passwd = hashlib.sha224(passphrase).hexdigest() 
     42            md5Passwd = hashlib.md5(passphrase).hexdigest() 
    4543        except Exception, e: 
    4644            raise AuthNServiceError("%s exception raised making a digest of " 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sessionmanager.py

    r4405 r4500  
    328328        '''Load Authentication Service Interface from property settings''' 
    329329        authNProp = self.__prop[SessionManager.AUTHN_KEYNAME] 
    330         authNModFilePath = authNProp.get('moduleFilePath') 
    331          
    332         self.__authNService = instantiateClass(authNProp.get('moduleName'), 
    333                                                authNProp.get('className'), 
     330        authNModFilePath = authNProp.pop('moduleFilePath', None) 
     331         
     332        self.__authNService = instantiateClass(authNProp.pop('moduleName'), 
     333                                               authNProp.pop('className'), 
    334334                                               moduleFilePath=authNModFilePath, 
    335335                                               objectType=AbstractAuthNService,  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/sessionMgr.cfg

    r4402 r4500  
    121121# Specific settings for BasicAuthN Session Manager authentication plugin 
    122122# This sets up two test accounts.  Passwords are MD5 encrypted 
    123 authNService.basicAuthN.accounts: testuser:776767df1f96e3b773eceffad55c61eae53ea31fef3563732046a7a6 ndg-user:d63dc919e201d7bc4c825630d2cf25fdc93d4b2f0d46706d29038d01 
     123authNService.accounts: testuser:e16b2ab8d12314bf4efbd6203906ea6c ndg-user:e16b2ab8d12314bf4efbd6203906ea6c 
    124124 
     125## Example settings for Database based authentication - requires access to a 
     126# database; uses SQLAlchemy for Python database bindings 
     127#authNService.moduleName: ndg.security.server.authnservice.dbauthn 
     128#authNService.className: DatabaseAuthN 
     129#authNService.connectionString: postgres://testuser:testpassword@localhost/testUserDb 
     130## This query must return zero rows for invalid credentials entered 
     131#authNService.sqlQuery: select username from users where username = '%%(username)s' and md5_passwd = '%%(password)s' 
     132#authNService.isMD5EncodedPwd: True 
    125133 
Note: See TracChangeset for help on using the changeset viewer.