Changeset 4863
- Timestamp:
- 23/01/09 21:53:34 (12 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 511 added
- 1 deleted
- 22 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/ssoclient/config/ssoClientMiddleware.py
r3918 r4863 14 14 class common: 15 15 class sso: 16 cfg = None 16 class cfg: 17 '''Placeholder for server and sslServer attributes''' 18 class state: 19 '''State information - return to URL should be set each 20 time a new page is loaded. In ows_server this is handled 21 by setting it in ndgPage.kid a template that is extended by 22 all Browse pages.''' 23 returnToURL = '' 24 b64encReturnToURL = '' 17 25 18 26 class SSOMiddleware(object): … … 23 31 self.app = app 24 32 25 ndg.security.c lient.ssoclient.cfg = SSOClientConfig(cfg, **kw)33 ndg.security.common.sso.cfg = SSOClientConfig(cfg, **kw) 26 34 appGlobals.ndg = ndg 27 35 -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/utils/classfactory.py
r4855 r4863 21 21 22 22 def instantiateClass(moduleName, className, moduleFilePath=None, 23 objectType=None, class Properties={}):23 objectType=None, classArgs=(), classProperties={}): 24 24 ''' 25 25 Create and return an instance of the specified class … … 40 40 ''' 41 41 42 log.debug("Instantiating class , %s" % className)42 log.debug("Instantiating class '%s'" % className) 43 43 44 44 # ensure that classproperties is a dict - NB, it may be passed in as a null … … 65 65 66 66 # Import module name specified in properties file 67 importModule = __import__(moduleName)67 module = __import__(moduleName) 68 68 components = moduleName.split('.') 69 69 for component in components[1:]: 70 importModule = getattr(importModule, component)70 module = getattr(module, component) 71 71 72 import Class = getattr(importModule, className)72 importedClass = getattr(module, className) 73 73 finally: 74 74 # revert back to original sys path, if necessary … … 84 84 85 85 # Check class inherits from AAproxy abstract base class 86 if objectType and not issubclass(import Class, objectType):86 if objectType and not issubclass(importedClass, objectType): 87 87 raise ClassFactoryError("Specified class %s must be derived from %s" % 88 88 (className, objectType)) … … 90 90 # Instantiate class 91 91 try: 92 object = importClass(**classProperties) 92 if classArgs: 93 object = importedClass(*classArgs, **classProperties) 94 else: 95 object = importedClass(**classProperties) 96 93 97 log.info('Instantiated "%s" class from module, "%s"' % (className, 94 98 moduleName)) … … 96 100 97 101 except Exception, e: 98 log.error("Instantiating class, %s: %s" %(importClass.__name__,e))102 log.error("Instantiating class, %s: %s" % (importedClass.__name__, e)) 99 103 raise 100 104 -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/default_deployment/services.ini_tmpl
r4855 r4863 12 12 # date: 30/11/05 13 13 # Copyright: (C) 2008 STFC 14 # license: This software may be distributed under the terms of the Q Public 15 # License, version 1.0 or later. 14 # license: BSD - see LICENSE file in top-level directory 16 15 # Contact: Philip.Kershaw@stfc.ac.uk 17 16 # Revision: $$Id$$ -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/full_deployment/services.ini_tmpl
r4855 r4863 13 13 # date: 30/11/05 14 14 # Copyright: (C) 2008 STFC 15 # license: This software may be distributed under the terms of the Q Public 16 # License, version 1.0 or later. 15 # license: BSD - see LICENSE file in top-level directory 17 16 # Contact: Philip.Kershaw@stfc.ac.uk 18 17 # Revision: $$Id$$ -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/full_deployment/sso/sso.cfg_tmpl
r4773 r4863 26 26 tracefile: None 27 27 #tracefile: sys.stderr 28 29 # Service addresses30 sessionMgrURI: http://localhost:8000/SessionManager31 32 # If the Attribute Authority URI is commented out the service will try to33 # connect to an Attribute Authority instance in the local WSG stack34 #attributeAuthorityURI: http://localhost:8000/AttributeAuthority35 28 36 29 # WS-Security signature handler - set a config file with 'wssCfgFilePath' -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/openid_util.py
r4742 r4863 141 141 142 142 try: 143 hosts = aaClnt.get AllHostsInfo()143 hosts = aaClnt.getTrustedHostInfo() 144 144 except Exception, e: 145 145 c.xml = ('Error getting a list of trusted sites for login. ' -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/templates/ndg/security/login.kid
r3960 r4863 1 1 <html py:extends="'ndgPage.kid'" xmlns="http://www.w3.org/1999/xhtml" xmlns:py="http://purl.org/kid/ns#"> 2 2 <head> 3 <replace py:replace="pagehead()"/> 4 </head> 5 <body> 6 <div py:replace="header()"/> 7 <div py:replace="loginContent()"/> 8 <div py:replace="footer(showLoginStatus=False)"/> 9 </body> 10 3 11 <div py:def="loginForm()" class="loginForm"> 4 12 <form action="$g.ndg.security.server.sso.cfg.getCredentials" method="POST"> … … 8 16 <td><input type="text" name="username" value=""/></td> 9 17 </tr><tr> 10 <td>Pass -phrase:</td>18 <td>Password:</td> 11 19 <td><input type="password" name="passphrase"/></td> 12 20 </tr><tr> 13 21 <td colspan="2" align="right"> 14 22 <input type="submit" value="Login"/> 15 23 </td> 16 24 </tr> … … 19 27 </div> 20 28 21 <head> 22 <replace py:replace="pagehead()"/> 23 </head> 24 <body> 25 <div py:replace="header()"/> 26 <div class="loginContent" style="text-indent:5px"> 27 <h4>Login</h4> 28 <div py:replace="loginForm()"/> 29 <p>${c.xml}</p> 30 </div> 31 <div py:replace="footer(showLoginStatus=False)"/> 32 </body> 33 29 <div py:def="loginContent(heading='Login')" class="loginContent" style="text-indent:5px"> 30 <h4>$heading</h4> 31 <div py:replace="loginForm()"/> 32 <p>${c.xml}</p> 33 </div> 34 34 </html> -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/templates/ndg/security/ndgPage.kid
r3942 r4863 107 107 <input type="submit" value="Login"/> 108 108 </form> 109 </span> 110 111 112 109 </span> 113 110 </html> -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/templates/ndg/security/wayf.kid
r4773 r4863 1 <html py:extends="'ndgPage.kid'" xmlns="http://www.w3.org/1999/xhtml" xmlns:py="http://purl.org/kid/ns#"> 2 <div py:if="len(g.ndg.security.server.sso.state.trustedIdPs) > 0" py:def="trustedSitesList()" class="trustedSitesList" style="text-indent:5px"> 3 <h4> Where are you from? </h4> 4 <p> You can login in at a trusted partner site: 5 <?python 6 # Sort alphabetically 7 providerNames = g.ndg.security.server.sso.state.trustedIdPs.keys() 8 providerNames.sort() 9 ?> 10 <ul py:for="h in providerNames"> 11 <li> <a href="${g.ndg.security.server.sso.state.trustedIdPs[h]}?r=${g.ndg.security.common.sso.state.b64encReturnToURL}">${h}</a></li> 12 </ul> 13 </p> 14 <p py:if="g.ndg.security.server.sso.cfg.enableOpenID==True">Alternatively, sign in with OpenID:</p> 1 <html py:extends="'login.kid'" xmlns="http://www.w3.org/1999/xhtml" xmlns:py="http://purl.org/kid/ns#"> 2 <head> 3 <replace py:replace="pagehead()"/> 4 <style py:if="g.ndg.security.server.sso.cfg.enableOpenID==True"> 5 input.openid-identifier { 6 background: url($g.ndg.security.server.sso.cfg.server/layout/openid-inputicon.gif) no-repeat; 7 background-color: #fff; 8 background-position: 0 50%; 9 padding-left: 18px; 10 } 11 </style> 12 </head> 13 <body> 14 <div py:replace="header()"/> 15 <div py:replace="loginContent(heading='Home Login')"/> 16 <div py:replace="trustedSiteHeading()"/> 17 <div py:replace="trustedSitesList()"/> 18 <div py:replace="openIDSignin()"/> 19 <div py:replace="footer(showLoginStatus=False)"/> 20 </body> 21 22 <div py:def="trustedSiteHeading()" class="trustedSiteHeading" style="text-indent:5px"> 23 <h4>Trusted Site Login</h4> 15 24 </div> 16 <div py:if="len(g.ndg.security.server.sso.state.trustedIdPs) == 0" py:def="trustedSitesListNotAvailable()" class="trustedSitesListNotAvailable" style="text-indent:5px"> 17 <h4>Where are you from?</h4> 25 26 <div py:if="len(g.ndg.security.server.sso.state.trustedIdPs) > 0" py:def="trustedSitesList()" class="trustedSitesList" style="text-indent:5px"> 27 <p>You can also login via one of our trusted partner sites if you have an acount with one of them: 28 <?python 29 # Sort alphabetically 30 providerNames = g.ndg.security.server.sso.state.trustedIdPs.keys() 31 providerNames.sort() 32 ?> 33 <ul py:for="h in providerNames"> 34 <li> <a href="${g.ndg.security.server.sso.state.trustedIdPs[h]}?r=${g.ndg.security.common.sso.state.b64encReturnToURL}">${h}</a></li> 35 </ul> 36 </p> 18 37 </div> 38 19 39 <div py:if="g.ndg.security.server.sso.cfg.enableOpenID==True" py:def="openIDSignin()" class="openIDSignin" style="text-indent:5px"> 20 40 <form action="$g.ndg.security.server.sso.cfg.server/verify" method="post"> 21 22 23 24 25 26 27 28 29 30 31 32 33 34 41 <table cellspacing="0" border="0" cellpadding="5"> 42 <tr> 43 <td>OpenID:</td> 44 <td> 45 <input type="text" name="openid" value="" class='openid-identifier'/> 46 </td> 47 <td align="right"> 48 <input type="submit" name="authform" value="Go"/> 49 </td> 50 <td> 51 <a href="http://openid.net/what/" target="_blank"><small>What's this?</small></a> 52 </td> 53 </tr> 54 </table> 35 55 </form> 36 56 </div> 37 38 <head> 39 <style> 40 input.openid-identifier { 41 background: url($g.ndg.security.server.sso.cfg.server/layout/openid-inputicon.gif) no-repeat; 42 background-color: #fff; 43 background-position: 0 50%; 44 padding-left: 18px; 45 } 46 </style> 47 <replace py:replace="pagehead()"/> 48 </head> 49 <body> 50 <div py:replace="header()"/> 51 <replace py:replace="trustedSitesList()"/> 52 <replace py:replace="trustedSitesListNotAvailable()"/> 53 <replace py:replace="openIDSignin()"/> 54 <div py:replace="footer(showLoginStatus=False)"/> 55 </body> 57 56 58 </html> -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/__init__.py
r4855 r4863 16 16 """Base class for NDG Security Middleware classes""" 17 17 propertyDefaults = { 18 'mountPath': None,18 'mountPath': '/', 19 19 } 20 20 … … 26 26 ''' 27 27 self._app = app 28 self._environ = None28 self._environ = {} 29 29 self._pathInfo = None 30 30 self._path = None … … 40 40 # Similarly, filter keyword input 41 41 self.__class__._filterOpts(opt, local_conf, prefix=prefix) 42 43 # Update options from keywords - matching app_conf ones will be44 # overwritten45 opt.update(local_conf)46 42 47 43 # Set options as object attributes … … 56 52 self.setPathInfo() 57 53 self.setPath() 58 54 55 @staticmethod 56 def initCall(__call__): 57 '''Decorator to __call__ to enable convenient attribute initialisation 58 ''' 59 def __call__wrapper(self, environ, start_response): 60 self._initCall(environ) 61 return __call__(self, environ, start_response) 62 63 return __call__wrapper 64 59 65 def _setResponse(self, 60 66 environ, … … 114 120 115 121 @classmethod 116 def _filterOpts(cls, opt, newOpt, prefix='' ):122 def _filterOpts(cls, opt, newOpt, prefix='', propertyDefaults=None): 117 123 '''Convenience utility to filter input options set in __init__ via 118 124 app_conf or keywords … … 128 134 defOpt class variable 129 135 ''' 136 if propertyDefaults is None: 137 propertyDefaults = cls.propertyDefaults 138 130 139 badOpt = [] 131 140 for k,v in newOpt.items(): … … 134 143 filtK = '_'.join(subK.split('.')) 135 144 else: 136 filtK = k 145 #filtK = k 146 continue 137 147 138 if filtK not in cls.propertyDefaults:148 if filtK not in propertyDefaults: 139 149 badOpt += [k] 140 150 else: -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/__init__.py
r4855 r4863 22 22 import paste.request 23 23 from paste.util.import_string import eval_import 24 25 from authkit.authenticate import AuthKitConfigError26 27 24 from openid.extensions import sreg, ax 28 25 from openid.server import server … … 1158 1155 1159 1156 class RenderingInterfaceConfigError(RenderingInterfaceError): 1160 """Error with Authentication configuration. Raise from __init__"""1157 """Error with configuration settings. Raise from __init__""" 1161 1158 errorMsg = "RenderingInterface configuration error" 1162 1159 -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/renderinginterface/buffet/__init__.py
r4855 r4863 3 3 4 4 NERC Data Grid Project 5 6 5 """ 7 6 __author__ = "P J Kershaw" … … 10 9 __contact__ = "Philip.Kershaw@stfc.ac.uk" 11 10 __revision__ = "$Id$" 11 __license__ = "BSD - see LICENSE file in top-level directory" 12 12 import logging 13 13 log = logging.getLogger(__name__) … … 19 19 # interface 20 20 from ndg.security.server.wsgi.openid.provider import RenderingInterface, \ 21 AuthNInterfaceConfigError21 RenderingInterfaceConfigError 22 22 23 23 # Boiler plate to create renderer … … 58 58 setattr(self, i, opt[i]) 59 59 except KeyError, e: 60 raise AuthNInterfaceConfigError("Missing property: %s" % e)60 raise RenderingInterfaceConfigError("Missing property: %s" % e) 61 61 62 62 self._buffet = OpenIDProviderRenderingBuffet(self.templateType, -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/relyingparty/__init__.py
r4855 r4863 14 14 log = logging.getLogger(__name__) 15 15 16 from authkit.authenticate import AuthKitConfigError 16 import authkit.authenticate 17 import beaker.middleware 18 17 19 from ndg.security.server.wsgi import NDGSecurityMiddlewareBase 20 from ndg.security.common.utils.classfactory import instantiateClass 18 21 19 22 class OpenIDRelyingPartyMiddlewareError(Exception): … … 25 28 class OpenIDRelyingPartyMiddleware(NDGSecurityMiddlewareBase): 26 29 '''Implementation of OpenID Relying Party based on AuthKit''' 30 propertyDefaults = { 31 'signinInterfaceMiddlewareClass': None 32 } 33 propertyDefaults.update(NDGSecurityMiddlewareBase.propertyDefaults) 34 35 def __init__(self, app, global_conf, prefix='openid.relyingparty.', 36 **app_conf): 37 """Add AuthKit and Beaker middleware dependencies to WSGI stack 38 39 @type app: callable following WSGI interface signature 40 @param app: next middleware application in the chain 41 @type global_conf: dict 42 @param global_conf: PasteDeploy application global configuration - 43 must follow format of propertyDefaults class variable 44 @type prefix: basestring 45 @param prefix: prefix for OpenID Relying Party configuration items 46 @type app_conf: dict 47 @param app_conf: application specific configuration - must follow 48 format of propertyDefaults class variable""" 49 50 # Check for sign in template settings 51 if prefix+'signinInterfaceMiddlewareClass' in app_conf: 52 if 'authkit.openid.template.obj' in app_conf: 53 log.warning("OpenID Relying Party " 54 "'signinInterfaceMiddlewareClass' " 55 "setting overrides 'authkit.openid.template.obj' " 56 "AuthKit setting") 57 58 moduleName, className = \ 59 app_conf[prefix+'signinInterfaceMiddlewareClass'].rsplit('.',1) 60 61 signinInterfacePrefix = prefix+'signinInterface.' 62 classProperties = {'prefix': signinInterfacePrefix} 63 classProperties.update(app_conf) 64 app = instantiateClass(moduleName, className, 65 objectType=SigninInterface, 66 classArgs=(app, global_conf), 67 classProperties=classProperties) 68 69 # Delete sign in interface middleware settings 70 for conf in app_conf, global_conf or {}: 71 for k in conf.keys(): 72 if k.startswith(signinInterfacePrefix): 73 del conf[k] 74 75 app_conf['authkit.openid.template.string']=app.makeTemplate() 76 77 app = authkit.authenticate.middleware(app, app_conf) 78 app = beaker.middleware.SessionMiddleware(app) 79 80 super(OpenIDRelyingPartyMiddleware, self).__init__(app, 81 global_conf, 82 prefix=prefix, 83 **app_conf) 84 85 def __call__(self, environ, start_response): 86 return self._app(environ, start_response) 87 88 class SigninInterfaceError(Exception): 89 """Base class for SigninInterface exceptions 90 91 A standard message is raised set by the msg class variable but the actual 92 exception details are logged to the error log. The use of a standard 93 message enables callers to use its content for user error messages. 94 95 @type msg: basestring 96 @cvar msg: standard message to be raised for this exception""" 97 userMsg = ("An internal error occurred with the page layout, Please " 98 "contact your system administrator") 99 errorMsg = "SigninInterface error" 100 101 def __init__(self, *arg, **kw): 102 if len(arg) > 0: 103 msg = arg[0] 104 else: 105 msg = self.__class__.errorMsg 106 107 log.error(msg) 108 Exception.__init__(self, msg, **kw) 109 110 class SigninInterfaceInitError(SigninInterfaceError): 111 """Error with initialisation of SigninInterface. Raise from __init__""" 112 errorMsg = "SigninInterface initialisation error" 113 114 class SigninInterfaceConfigError(SigninInterfaceError): 115 """Error with configuration settings. Raise from __init__""" 116 errorMsg = "SigninInterface configuration error" 117 118 class SigninInterface(NDGSecurityMiddlewareBase): 119 """Base class for sign in rendering. This is implemented as WSGI 120 middleware to enable additional middleware to be added into the call 121 stack e.g. StaticFileParser to enable rendering of graphics and other 122 static content in the Sign In page""" 123 124 def getTemplateFunc(self): 125 """Return template function for AuthKit to render OpenID Relying 126 Party Sign in page""" 127 raise NotImplementedError() 128 129 def __call__(self, environ, start_response): 130 return self._app(self, environ, start_response) -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/pep/__init__.py
r4855 r4863 32 32 self.charset = '; charset=utf-8' 33 33 34 @NDGSecurityMiddlewareBase.initCall 34 35 def __call__(self, environ, start_response): 35 36 log.debug("Calling PEPMiddleware.__call__ ...") 36 self._initCall(environ)37 37 38 38 # TODO: Is a security session set? -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/ssl.py
r4855 r4863 70 70 "peer certificate must validate against " 71 71 "one") 72 72 73 @NDGSecurityMiddlewareBase.initCall 73 74 def __call__(self, environ, start_response): 74 75 75 76 log.debug("Calling SSLClientAuthNMiddleware.__call__ ...") 76 self._initCall(environ)77 77 78 78 if not self.isSSLRequest: -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/serverapp.py
r4855 r4863 177 177 os.environ['NDGSEC_COMBINED_SRVS_UNITTEST_DIR']=abspath(dirname(__file__)) 178 178 179 # To start the Site A Attribute Authorityrun180 # $ paster serve s ite-a.ini or run this file as a script181 # $ ./s iteAServerApp.py [port #]179 # To start run 180 # $ paster serve services.ini or run this file as a script 181 # $ ./serverapp.py [port #] 182 182 if __name__ == '__main__': 183 183 import sys … … 195 195 from paste.deploy import loadapp 196 196 197 from paste.urlparser import StaticURLParser198 from paste.cascade import Cascade199 200 197 app = loadapp('config:%s' % cfgFilePath) 201 198 serve(app, host='0.0.0.0', port=port) -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini
r4855 r4863 11 11 # date: 30/11/05 12 12 # Copyright: (C) 2009 Science and Technology Facilities Council 13 # license: This software may be distributed under the terms of the Q Public 14 # License, version 1.0 or later. 13 # license: BSD - see LICENSE file in top-level directory 15 14 # Contact: Philip.Kershaw@stfc.ac.uk 16 15 # Revision: $Id$ … … 172 171 # Debug mode will enable the interactive debugging tool, allowing ANYONE to 173 172 # execute malicious code after an exception is raised. 174 set debug = false173 set debug = true 175 174 176 175 configfile = %(here)s/singleSignOnService/sso.cfg … … 195 194 authkit.openid.urltouser = ndg.security.server.sso.sso.lib.openid_util:url2user 196 195 197 # Chain of SOAPMiddleware filters196 # Chain of Middleware filters 198 197 [pipeline:main] 199 198 pipeline = wsseSignatureVerificationFilter -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/sso.cfg
r4773 r4863 14 14 tracefile: None 15 15 #tracefile: sys.stderr 16 17 # Service addresses18 sessionMgrURI: http://localhost:8000/SessionManager19 20 # If the Attribute Authority URI is commented out the service will try to21 # connect to an Attribute Authority instance in the local WSG stack22 #attributeAuthorityURI: http://localhost:8000/AttributeAuthority23 16 24 17 # WS-Security signature handler - set a config file with 'wssCfgFilePath' … … 50 43 51 44 # Flag to enable OpenID login 52 #enableOpenID: True45 enableOpenID: True 53 46 54 47 # Service addresses - connect to a remote service or provide a key to WSGI -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/sitea/siteAMapConfig.xml
r4718 r4863 6 6 <loginURI>https://localhost/login</loginURI> 7 7 <aaDN>/O=NDG/OU=Site A/CN=AttributeAuthority</aaDN> 8 8 <loginServerDN>/C=UK/ST=Oxfordshire/O=STFC/OU=BADC/CN=localhost</loginServerDN> 9 9 <loginRequestServerDN>/C=UK/ST=Oxfordshire/O=STFC/OU=BADC/CN=localhost</loginRequestServerDN> 10 10 </thisHost> -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/sslclientauthnmiddleware/test.ini
r4770 r4863 7 7 # date: 11/12/08 8 8 # Copyright: (C) 2009 Science and Technology Facilities Council 9 # license: This software may be distributed under the terms of the Q Public 10 # License, version 1.0 or later. 9 # license: BSD - see LICENSE file in top-level directory 11 10 # Contact: Philip.Kershaw@stfc.ac.uk 12 11 # Revision: $Id$
Note: See TracChangeset
for help on using the changeset viewer.