Changeset 4777 for TI12-security


Ignore:
Timestamp:
09/01/09 16:30:32 (11 years ago)
Author:
pjkersha
Message:

Refactored Attribute Authority user roles interface to fix setting of custom inputs. Custom keywords/ini parameters may be set via attributeInterface.* settings.

Location:
TI12-security/trunk/python
Files:
12 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/attributeauthority.py

    r4770 r4777  
    7878     
    7979    @type propertyDefaults: dict 
    80     @cvar propertyDefaults: valid configuration property keywords - properties file 
    81     must contain these 
     80    @cvar propertyDefaults: valid configuration property keywords 
     81     
     82    @type attributeInterfacePropertyDefaults: dict 
     83    @cvar attributeInterfacePropertyDefaults: valid configuration property  
     84    keywords for the Attribute Interface plugin 
     85     
     86    @type mapConfigHostDefaults: dict 
     87    @cvar mapConfigHostDefaults: valid configuration property  
     88    keywords for the Map Configuration XML Host element 
    8289     
    8390    @type _confDir: string 
     
    8895    @cvar _propFileName: default file name for properties file under  
    8996    _confDir 
     97     
     98    @type ATTR_INTERFACE_KEYNAME: basestring 
     99    @param ATTR_INTERFACE_KEYNAME: attribute interface parameters key name -  
     100    see _initAttributeInterface for details 
    90101    """ 
    91102 
     
    98109    _confDir = "conf" 
    99110    _propFileName = "attributeAuthority.cfg" 
     111    ATTR_INTERFACE_KEYNAME = 'attributeInterface' 
     112     
     113    attributeInterfacePropertyDefaults = { 
     114        'modFilePath':  '', 
     115        'modName':      NotImplemented, 
     116        'className':    NotImplemented 
     117    } 
    100118     
    101119    # valid configuration property keywords with accepted default values.   
     
    103121    # in the config 
    104122    propertyDefaults = {  
    105         'name':                '', 
    106         'portNum':             -1, 
    107         'useSSL':              False, 
    108         'sslCertFile':         '', 
    109         'sslKeyFile':          '', 
    110         'sslKeyPwd':           '', 
    111         'sslCACertDir':        '', 
    112         'signingCertFilePath': NotImplemented, 
     123        'name':                 '', 
     124        'portNum':              -1, 
     125        'useSSL':               False, 
     126        'sslCertFile':          '', 
     127        'sslKeyFile':           '', 
     128        'sslKeyPwd':            '', 
     129        'sslCACertDir':         '', 
     130        'signingCertFilePath':  NotImplemented, 
    113131        'signingPriKeyFilePath':NotImplemented, 
    114         'signingPriKeyPwd':    None, 
    115         'caCertFilePathList':  [NotImplemented], 
    116         'attCertLifetime':     -1, 
    117         'attCertNotBeforeOff': 0, 
    118         'attCertFileName':     NotImplemented, 
    119         'attCertFileLogCnt':   0, 
    120         'mapConfigFile':       NotImplemented, 
    121         'attCertDir':          NotImplemented, 
    122         'dnSeparator':         '/', 
    123         'userRolesModFilePath':'', 
    124         'userRolesModName':    NotImplemented, 
    125         'userRolesClassName':  NotImplemented, 
    126         'userRolesPropFile':   '' 
     132        'signingPriKeyPwd':     None, 
     133        'caCertFilePathList':   [NotImplemented], 
     134        'attCertLifetime':      -1, 
     135        'attCertNotBeforeOff':  0, 
     136        'attCertFileName':      NotImplemented, 
     137        'attCertFileLogCnt':    0, 
     138        'mapConfigFile':        NotImplemented, 
     139        'attCertDir':           NotImplemented, 
     140        'dnSeparator':          '/', 
     141        ATTR_INTERFACE_KEYNAME: attributeInterfacePropertyDefaults 
    127142    } 
    128143     
     
    202217                 
    203218            except Exception, e: 
    204                 raise AttributeAuthorityError('CA certificate "%s" is invalid: %s'%\ 
    205                                         (caCert.dn, e)) 
     219                raise AttributeAuthorityError('CA certificate "%s" is ' 
     220                                              'invalid: %s'% (caCert.dn, e)) 
    206221         
    207222        # Issuer details - serialise using the separator string set in the 
     
    212227        self.__issuerSerialNumber = self.__cert.serialNumber 
    213228         
    214         # Load host sites custom user roles interface to enable the AA to 
    215         # assign roles in an attribute certificate on a getAttCert request 
    216         self.__userRoles = instantiateClass(self._prop['userRolesModName'], 
    217                      self._prop['userRolesClassName'], 
    218                      moduleFilePath=self._prop.get('userRolesModFilePath'), 
    219                      objectType=AAUserRoles, 
    220                      classProperties=self._prop.get('userRolesPropFile')) 
    221  
     229        # Load user - user attribute look-up plugin  
     230        self._initAttributeInterface() 
     231         
    222232        attCertFilePath = os.path.join(self._prop['attCertDir'], 
    223233                                       self._prop['attCertFileName']) 
     
    278288                                                (self._prop['attCertDir'],  
    279289                                                 osError.strerror)) 
    280  
     290    def _initAttributeInterface(self): 
     291        '''Load host sites custom user roles interface to enable the AA to 
     292        # assign roles in an attribute certificate on a getAttCert request''' 
     293        keyName = AttributeAuthority.ATTR_INTERFACE_KEYNAME 
     294         
     295        modName = self._prop[keyName].pop('modName') 
     296        className = self._prop[keyName].pop('className')       
     297        modFilePath = self._prop[keyName].pop('modFilePath')  
     298                       
     299        self._attributeInterface = instantiateClass(modName, 
     300                                         className, 
     301                                         moduleFilePath=modFilePath, 
     302                                         objectType=AttributeInterface, 
     303                                         classProperties=self._prop[keyName]) 
    281304         
    282305    # Methods for Attribute Authority dictionary like behaviour         
     
    938961        log.debug('Calling getRoles for user "%s" ...' % userId) 
    939962         
    940         # Call to AAUserRoles derived class.  Each Attribute Authority 
    941         # should define it's own roles class derived from AAUserRoles to 
     963        # Call to AttributeInterface derived class.  Each Attribute Authority 
     964        # should define it's own roles class derived from AttributeInterface to 
    942965        # define how roles are accessed 
    943966        try: 
    944             return self.__userRoles.getRoles(userId) 
     967            return self._attributeInterface.getRoles(userId) 
    945968 
    946969        except Exception, e: 
     
    10871110        self.addHandler(fileLog) 
    10881111                        
    1089 class AAUserRolesError(Exception): 
     1112class AttributeInterfaceError(Exception): 
    10901113    """Exception handling for NDG Attribute Authority User Roles interface 
    10911114    class.""" 
    10921115 
    10931116 
    1094 class AAUserRoles: 
     1117class AttributeInterface(object): 
    10951118    """An abstract base class to define the user roles interface to an 
    10961119    Attribute Authority. 
     
    11041127    # User defined class may wish to specify a URI for a database interface or 
    11051128    # path for a user roles configuration file 
    1106     def __init__(self, dbURI=None, filePath=None): 
     1129    def __init__(self, **prop): 
    11071130        """User Roles base class - derive from this class to define 
    11081131        roles interface to Attribute Authority 
    11091132         
    1110         @type dbURI: string 
    1111         @param dbURI: database connection URI 
    1112         @type filePath: string 
    1113         @param filePath: file path for properties file containing settings 
     1133        @type prop: dict 
     1134        @param prop: custom properties to pass to this class 
    11141135        """ 
    1115         pass 
    1116  
    1117  
    1118     def userIsRegistered(self, userId): 
    1119         """Virtual method - Derived method should return True if user is known 
    1120         otherwise False 
    1121          
    1122         Nb. this method is not used by AttributeAuthority class and so does NOT need  
    1123         to be implemented in a derived class. 
    1124          
    1125         @type userId: string  
    1126         @param userId: user Distinguished Name to look up. 
    1127         @rtype: bool 
    1128         @return: True if user is registered, False otherwise""" 
    1129         raise NotImplementedError( 
    1130             self.userIsRegistered.__doc__.replace('\n       ','')) 
    11311136 
    11321137 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthority.cfg

    r4770 r4777  
    5151dnSeparator: 
    5252 
    53 # Settings for custom AAUserRoles derived class to get user roles for given user ID 
    54 userRolesModFilePath: $NDGSEC_DIR/conf 
    55 userRolesModName: userRoles 
    56 userRolesClassName: UserRoles 
    57 userRolesPropFile: $NDGSEC_DIR/conf/userRoles.cfg 
     53# Settings for custom AttributeInterface derived class to get user roles for given user ID 
     54attributeInterface.modFilePath: $NDGSEC_DIR/conf 
     55attributeInterface.modName: userRoles 
     56attributeInterface.className: UserRoles 
     57attributeInterface.propFile: $NDGSEC_DIR/conf/userRoles.cfg 
    5858 
    5959# 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/userRoles.py

    r4770 r4777  
    1414 
    1515 
    16 from ndg.security.server.attributeauthority import AAUserRoles 
     16from ndg.security.server.attributeauthority import AttributeInterface 
    1717 
    1818 
    19 class UserRoles(AAUserRoles): 
     19class UserRoles(AttributeInterface): 
    2020    """User Roles class dynamic import for Attribute Authority.  Customize 
    2121    according to your site's user role allocation system""" 
     
    2828        to initialise the user roles interface. e.g. the file could contain 
    2929        user database settings.  The file path passed corresponds to the  
    30         userRolesPropFile element in the attAuthorityProperties.xml file. 
     30        attributeInterface.propFile element in the attAuthorityProperties.xml file. 
    3131        """ 
    3232        pass 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/full_deployment/services.ini_tmpl

    r4775 r4777  
    149149next = cascade 
    150150 
    151 # Put OpenID Provider and Static URL parser together in a cascade 
     151# Put Single Sign On and Static URL parser together in a cascade to shoe horn 
     152# static URL content serving for OpenID Provider 
    152153[composit:cascade] 
    153154use = egg:Paste#cascade 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini

    r4775 r4777  
    4343attributeAuthority.mapConfigFile: $NDGSEC_UNITTEST_CONFIG_DIR/attributeauthority/sitea/siteAMapConfig.xml 
    4444 
    45 # Settings for custom AAUserRoles derived class to get user roles for given  
     45# Settings for custom AttributeInterface derived class to get user roles for given  
    4646# user ID 
    47 attributeAuthority.userRolesModFilePath: $NDGSEC_UNITTEST_CONFIG_DIR/attributeauthority/sitea 
    48 attributeAuthority.userRolesModName: siteAUserRoles 
    49 attributeAuthority.userRolesClassName: TestUserRoles 
     47attributeAuthority.attributeInterface.modFilePath: $NDGSEC_UNITTEST_CONFIG_DIR/attributeauthority/sitea 
     48attributeAuthority.attributeInterface.modName: siteAUserRoles 
     49attributeAuthority.attributeInterface.className: TestUserRoles 
    5050 
    5151# Config for XML signature of Attribute Certificate 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/sitea/site-a.ini

    r4770 r4777  
    4141attributeAuthority.mapConfigFile: %(here)s/siteAMapConfig.xml 
    4242 
    43 # Settings for custom AAUserRoles derived class to get user roles for given  
     43# Settings for custom AttributeInterface derived class to get user roles for given  
    4444# user ID 
    45 attributeAuthority.userRolesModFilePath: %(here)s 
    46 attributeAuthority.userRolesModName: siteAUserRoles 
    47 attributeAuthority.userRolesClassName: TestUserRoles 
     45attributeAuthority.attributeInterface.modFilePath: %(here)s 
     46attributeAuthority.attributeInterface.modName: siteAUserRoles 
     47attributeAuthority.attributeInterface.className: TestUserRoles 
    4848 
    4949# Config for XML signature of Attribute Certificate 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/sitea/siteAAttributeAuthority.cfg

    r4770 r4777  
    4040mapConfigFile: %(here)s/siteAMapConfig.xml 
    4141 
    42 # Settings for custom AAUserRoles derived class to get user roles for given  
     42# Settings for custom AttributeInterface derived class to get user roles for given  
    4343# user ID 
    44 userRolesModFilePath: %(here)s 
    45 userRolesModName: siteAUserRoles 
    46 userRolesClassName: TestUserRoles 
    47 userRolesPropFile:  
     44attributeInterface.modFilePath: %(here)s 
     45attributeInterface.modName: siteAUserRoles 
     46attributeInterface.className: TestUserRoles 
     47attributeInterface.propertiesFilePath:  
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/sitea/siteAUserRoles.py

    r4770 r4777  
    1414 
    1515 
    16 from ndg.security.server.attributeauthority import AAUserRoles 
     16from ndg.security.server.attributeauthority import AttributeInterface 
    1717 
    1818 
    19 class TestUserRoles(AAUserRoles): 
     19class TestUserRoles(AttributeInterface): 
    2020    """Test User Roles class dynamic import for Attribute Authority""" 
    2121 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/siteb/site-b.ini

    r4770 r4777  
    4141attributeAuthority.mapConfigFile: %(here)s/siteBMapConfig.xml 
    4242 
    43 # Settings for custom AAUserRoles derived class to get user roles for given  
     43# Settings for custom AttributeInterface derived class to get user roles for given  
    4444# user ID 
    45 attributeAuthority.userRolesModFilePath: %(here)s 
    46 attributeAuthority.userRolesModName: siteBUserRoles 
    47 attributeAuthority.userRolesClassName: TestUserRoles 
     45attributeAuthority.attributeInterface.modFilePath: %(here)s 
     46attributeAuthority.attributeInterface.modName: siteBUserRoles 
     47attributeAuthority.attributeInterface.className: TestUserRoles 
    4848 
    4949# Config for XML signature of Attribute Certificate 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/siteb/siteBAttAuthority.cfg

    r4770 r4777  
    3636mapConfigFile: %(here)s/siteBMapConfig.xml 
    3737 
    38 # Settings for custom AAUserRoles derived class to get user roles for given user ID 
    39 userRolesModFilePath: %(here)s 
    40 userRolesModName: siteBUserRoles 
    41 userRolesClassName: TestUserRoles 
    42 userRolesPropFile:  
     38# Settings for custom AttributeInterface derived class to get user roles for given user ID 
     39attributeInterface.modFilePath: %(here)s 
     40attributeInterface.modName: siteBUserRoles 
     41attributeInterface.className: TestUserRoles 
     42attributeInterface.propertiesFilePath:  
    4343 
    4444 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/siteb/siteBUserRoles.py

    r4770 r4777  
    1414 
    1515 
    16 from ndg.security.server.attributeauthority import AAUserRoles 
     16from ndg.security.server.attributeauthority import AttributeInterface 
    1717 
    1818 
    19 class TestUserRoles(AAUserRoles): 
     19class TestUserRoles(AttributeInterface): 
    2020    """Test User Roles class dynamic import for Attribute Authority""" 
    2121 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/sessionmanager/session-manager.ini

    r4770 r4777  
    9797# Add a timestamp element to an outbound message 
    9898sessionManager.credentialWallet.wssecurity.addTimestamp: True 
    99  
    100 # For WSSE 1.1 - service returns signature confirmation containing signature  
    101 # value sent by client 
    102 sessionManager.credentialWallet.wssecurity.applySignatureConfirmation: True 
    10399 
    104100# Authentication service properties  
Note: See TracChangeset for help on using the changeset viewer.