Changeset 4890


Ignore:
Timestamp:
30/01/09 13:46:56 (11 years ago)
Author:
pjkersha
Message:
  • fixed inclusion of badc templates and static content for SSO in ndg.security.server egg
  • fix to SSO logout controller to use WSGI client wrapper for Session Manager call
  • Refactored SM and AA WSGI client wrappers adding a base class in clientbase module and including check for match for URI request by client to URI endpoint of WSGI service running locally.
Location:
TI12-security/trunk/python
Files:
1 added
8 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/login.py

    r4840 r4890  
    11"""Single Sign On Service Login Controller 
    22 
    3 NERC Data Grid Project 
     3NERC DataGrid Project 
    44""" 
    55__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py

    r4384 r4890  
     1"""Single Sign On Service Logout Controller 
     2 
     3NERC DataGrid Project 
     4""" 
     5__author__ = "P J Kershaw" 
     6__date__ = "10/12/08" 
     7__copyright__ = "(C) 2009 Science and Technology Facilities Council" 
     8__license__ = "BSD - see LICENSE file in top-level directory" 
     9__contact__ = "Philip.Kershaw@stfc.ac.uk" 
     10__revision__ = '$Id$' 
    111from ndg.security.server.sso.sso.lib.base import * 
    212from ndg.security.common.pylons.security_util import SecuritySession 
     
    818from urlparse import urlsplit, urlunsplit 
    919 
    10 from ndg.security.common.sessionmanager import SessionManagerClient 
     20from ndg.security.server.wsgi.utils.sessionmanagerclient import \ 
     21    WSGISessionManagerClient, SessionExpired, AttributeRequestDenied 
    1122 
    1223 
     
    3142         
    3243        try: 
    33             smClnt = SessionManagerClient(uri=session['ndgSec']['h'], 
    34                                       tracefile=cfg.tracefile, 
    35                                       **cfg.wss)        
     44            smClnt = WSGISessionManagerClient(uri=session['ndgSec']['h'], 
     45                        environ=request.environ, 
     46                        tracefile=cfg.tracefile, 
     47                        sslCACertFilePathList=self.cfg.sslCACertFilePathList, 
     48                        **cfg.wss)        
    3649        except Exception, e: 
    3750            log.error("logout - creating Session Manager client: %s" % e) 
     
    3952         
    4053        # Disconnect from Session Manager 
    41         log.info('Calling Session Manager "%s" disconnect for logout...' % \ 
     54        log.info('Calling Session Manager "%s" disconnect for logout...' % 
    4255                 session['ndgSec']['h']) 
    4356        try: 
     
    8497            getCredentialsIdx = b64decReturnTo.rfind('/getCredentials') 
    8598            if getCredentialsIdx != -1: 
    86                 log.debug(\ 
    87                     "Reverting request URL from getCredentials to login...") 
     99                log.debug("Reverting request URL from getCredentials to " 
     100                          "login...") 
    88101                b64decReturnTo = b64decReturnTo[:getCredentialsIdx] + '/login' 
    89102             
     
    98111 
    99112            # and now go back to whence we had come 
    100             log.debug("LogoutController._redirect: redirect to %s" % \ 
     113            log.debug("LogoutController._redirect: redirect to %s" % 
    101114                                                              b64decReturnTo) 
    102115            h.redirect_to(b64decReturnTo) 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/soap.py

    r4855 r4890  
    7575            # Remove equivalent keyword if present 
    7676            kw.pop('referencedFilters', None) 
     77             
     78        # The endpoint that this services will be referenced from externally. 
     79        # e.g. the Session Manager client running locally can check the 
     80        # input URI and compare with this value to see if the request is  
     81        # actually to the local Session Manager instance 
     82        if 'publishedURI' in self.app_conf: 
     83            self.publishedURI = self.app_conf.pop('publishedURI') 
    7784             
    7885 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py

    r4855 r4890  
    1010__copyright__ = "(C) 2009 Science and Technology Facilities Council" 
    1111__contact__ = "Philip.Kershaw@stfc.ac.uk" 
     12__license__ = "BSD - see LICENSE file in top-level directory" 
    1213__revision__ = "$Id$" 
    1314import logging 
     
    2324    """Configuration error""" 
    2425     
    25 class WSGIAttributeAuthorityClient(object): 
     26class WSGIAttributeAuthorityClient(WSGIClientBase): 
    2627    """Client interface to Attribute Authority for WSGI based applications 
    2728     
     
    3334    environKey = "ndg.security.server.wsgi.attributeAuthorityFilter" 
    3435             
    35     _refInEnviron=lambda self: self._environKey in self._environ 
    36      
    37     # Define as property for convenient call syntax 
    38     refInEnviron = property(fget=_refInEnviron, 
    39                             doc="return True if a Attribute Authority " 
    40                                 "instance is available in WSGI environ") 
    41      
    4236    _getRef = lambda self:self._environ[self._environKey].serviceSOAPBinding.aa 
    4337    ref = property(fget=_getRef, doc="Attribute Authority local instance") 
    4438 
    45      
    46     def __init__(self, environKey=None, environ={}, **soapClientKw): 
     39    def __init__(self, environKey=None, environ={}, **clientKw): 
    4740 
    4841        log.debug("WSGIAttributeAuthorityClient.__init__ ...") 
     
    5447         
    5548        if soapClientKw.get('uri'): 
    56             self._soapClient = AttributeAuthorityClient(**soapClientKw) 
     49            self._client = AttributeAuthorityClient(**clientKw) 
    5750        else: 
    58             self._soapClient = None 
    59               
    60     def _setEnviron(self, environ): 
    61         if not isinstance(environ, dict): 
    62             raise TypeError("Expecting dict type for 'environ' property") 
    63         self._environ = environ 
    64          
    65     def _getEnviron(self, environ): 
    66         return self._environ 
    67      
    68     environ = property(fget=_getEnviron,  
    69                        fset=_setEnviron,  
    70                        doc="WSGI environ dictionary") 
     51            self._client = None 
    7152             
    7253    def getHostInfo(self): 
     
    8263            return self.ref.hostInfo 
    8364         
    84         elif self._soapClient is None:             
     65        elif self._client is None:             
    8566            raise WSGIAttributeAuthorityClientConfigError("No reference to a " 
    8667                        "local Attribute Authority is set and no SOAP client " 
    87                         "to a remote service has been initialized") 
     68                        "to a remote service has been initialised") 
    8869        else:             
    8970            # Make connection to remote service 
    90             return self._soapClient.getHostInfo() 
     71            return self._client.getHostInfo() 
    9172         
    9273         
     
    10788            # Connect to local instance 
    10889            return self.ref.getTrustedHostInfo(**kw) 
    109         elif self._soapClient is None:             
     90        elif self._client is None:             
    11091            raise WSGIAttributeAuthorityClientConfigError("No reference to a " 
    11192                        "local Attribute Authority is set and no SOAP client " 
    112                         "to a remote service has been initialized") 
     93                        "to a remote service has been initialised") 
    11394        else: 
    11495            # Make connection to remote service 
    115             return self._soapClient.getTrustedHostHostInfo(**kw) 
     96            return self._client.getTrustedHostHostInfo(**kw) 
    11697 
    11798 
     
    130111            allHostsInfo.update(self.ref.getTrustedHostInfo()) 
    131112            return allHostsInfo 
    132         elif self._soapClient is None:             
     113        elif self._client is None:             
    133114            raise WSGIAttributeAuthorityClientConfigError("No reference to a " 
    134115                        "local Attribute Authority is set and no SOAP client " 
    135                         "to a remote service has been initialized") 
     116                        "to a remote service has been initialised") 
    136117        else: 
    137118            # Make connection to remote service 
    138             return self._soapClient.getAllHostsInfo() 
     119            return self._client.getAllHostsInfo() 
    139120 
    140121 
     
    160141 
    161142            return self.ref.getAttCert(**kw) 
    162         elif self._soapClient is None:             
     143        elif self._client is None:             
    163144            raise WSGIAttributeAuthorityClientConfigError("No reference to a " 
    164145                        "local Attribute Authority is set and no SOAP client " 
    165                         "to a remote service has been initialized") 
     146                        "to a remote service has been initialised") 
    166147        else: 
    167148            # Make connection to remote service 
     
    169150                kw['userX509Cert'] = kw.pop('holderX509Cert') 
    170151                 
    171             return self._soapClient.getAttCert(**kw) 
     152            return self._client.getAttCert(**kw) 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/sessionmanagerclient.py

    r4855 r4890  
    33Client interface to Session Manager for WSGI based applications 
    44 
    5 NERC Data Grid Project 
    6  
     5NERC DataGrid Project 
    76""" 
    87__author__ = "P J Kershaw" 
    98__date__ = "27/11/08" 
    109__copyright__ = "(C) 2009 Science and Technology Facilities Council" 
     10__license__ = "BSD - see LICENSE file in top-level directory" 
    1111__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    1212__revision__ = "$Id$" 
    13  
    1413import logging 
    1514log = logging.getLogger(__name__) 
     
    1817import os 
    1918 
     19from ndg.security.server.wsgi.utils.clientbase import WSGIClientBase 
    2020from ndg.security.server.wsgi.utils.attributeauthorityclient import \ 
    2121    WSGIAttributeAuthorityClient 
     
    8888    """Configuration error for WSGI Session Manager Client""" 
    8989     
    90 class WSGISessionManagerClient(object): 
     90class WSGISessionManagerClient(WSGIClientBase): 
    9191    """Client interface to Session Manager for WSGI based applications 
    9292     
     
    108108    environKey = "ndg.security.server.wsgi.sessionManagerFilter" 
    109109    attributeAuthorityEnvironKey = WSGIAttributeAuthorityClient.environKey 
    110      
    111     _refInEnviron = lambda self: self._environKey in self._environ 
    112      
    113     # Define as property for convenient call syntax 
    114     refInEnviron = property(fget=_refInEnviron, 
    115                             doc="return True if a Session Manager instance is " 
    116                                 "available in WSGI environ") 
    117      
     110         
    118111    _getRef = lambda self:self._environ[self._environKey].serviceSOAPBinding.sm 
    119     ref = property(fget=_getRef, doc="Session Manager local instance") 
     112    ref = property(fget=_getRef, doc="local session manager instance") 
    120113 
    121114     
     
    136129         
    137130        if soapClientKw.get('uri'): 
    138             self._soapClient = SessionManagerClient(**soapClientKw) 
    139         else: 
    140             self._soapClient = None 
    141      
    142     def _setEnviron(self, environ): 
    143         if not isinstance(environ, dict): 
    144             raise TypeError("Expecting dict type for 'environ' property") 
    145         self._environ = environ 
    146          
    147     def _getEnviron(self, environ): 
    148         return self._environ 
    149      
    150     environ = property(fget=_getEnviron,  
    151                        fset=_setEnviron,  
    152                        doc="WSGI environ dictionary") 
    153      
     131            self._client = SessionManagerClient(**soapClientKw) 
     132        else: 
     133            self._client = None 
     134 
     135    
    154136    def connect(self, username, **kw): 
    155137        """Request a new user session from the Session Manager 
     
    168150            res = self.ref.connect(username=username, **kw) 
    169151             
    170         elif self._soapClient is None:             
     152        elif self._client is None:             
    171153            raise WSGISessionManagerClientConfigError("No reference to a " 
    172154                        "local Session Manager is set and no SOAP client " 
     
    180162             
    181163            # Make connection to remote service 
    182             res = self._soapClient.connect(username, **kw) 
     164            res = self._client.connect(username, **kw) 
    183165     
    184166            # Convert from unicode because unicode causes problems with 
     
    209191            self.ref.deleteUserSession(**kw) 
    210192             
    211         elif self._soapClient is None:             
     193        elif self._client is None:             
    212194            raise WSGISessionManagerClientConfigError("No reference to a " 
    213195                        "local Session Manager is set and no SOAP client " 
     
    217199                kw['userDN'] = kw.pop('userX509Cert').dn 
    218200                 
    219             self._soapClient.disconnect(**kw) 
     201            self._client.disconnect(**kw) 
    220202         
    221203     
     
    233215            return self.ref.getSessionStatus(**kw) 
    234216         
    235         elif self._soapClient is None:             
    236             raise WSGISessionManagerClientConfigError("No reference to a " 
    237                         "local Session Manager is set and no SOAP client " 
    238                         "to a remote service has been initialized") 
    239         else: 
    240             return self._soapClient.getSessionStatus(**kw) 
     217        elif self._client is None:             
     218            raise WSGISessionManagerClientConfigError("No reference to a " 
     219                        "local Session Manager is set and no SOAP client " 
     220                        "to a remote service has been initialized") 
     221        else: 
     222            return self._client.getSessionStatus(**kw) 
    241223     
    242224 
     
    272254            return self.ref.getAttCert(**kw) 
    273255     
    274         elif self._soapClient is None:             
     256        elif self._client is None:             
    275257            raise WSGISessionManagerClientConfigError("No reference to a " 
    276258                        "local Session Manager is set and no SOAP client " 
     
    303285                            'this keyword') 
    304286 
    305             return self._soapClient.getAttCert(**kw) 
     287            return self._client.getAttCert(**kw) 
  • TI12-security/trunk/python/ndg.security.server/setup.py

    r4884 r4890  
    9090        'ndg.security.server.sso': ['*.ini', '*.cfg', '*.txt'], 
    9191        'ndg.security.server.sso.sso': ['public/*.*', 'public/layout/*.*'], 
    92         'ndg.security.server.sso.sso.badc_site': ['public/*.*', 'public/layout/*.*'], 
     92        'ndg.security.server.sso.sso.badc_site': [ 
     93            'public/*.*',  
     94            'public/layout/*.*', 
     95            'public/layout/logos/*.*', 
     96            'public/layout/styles/*.*', 
     97            'public/layout/tabs/*.*' 
     98        ], 
    9399        'ndg.security.server.sso.sso.templates.ndg.security': ['*.kid'], 
    94100        'ndg.security.server.sso.sso.badc_site.templates.ndg.security': ['*.kid'], 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini

    r4873 r4890  
    140140use = egg:Paste#http 
    141141host = 0.0.0.0 
    142 port = 5000 
     142port = 8000 
    143143 
    144144[filter-app:mainApp] 
     
    242242path = /AttributeAuthority 
    243243 
     244# External endpoint for this Attribute Authority - must agree with setting used 
     245# to invoke this service set in: 
     246# * serverapp.py  
     247# * or port in [server:main] if calling with paster serve services.ini 
     248# * or something else e.g. proxied through Apache? 
     249# This setting is used by Attribute Authority clients in this WSGI stack to see 
     250# if a request is being made to the local service or to another Attribute  
     251# Authority running elsewhere 
     252publishedURI = http://localhost:8000%(path)s 
     253 
    244254# Enable ?wsdl query argument to list the WSDL content 
    245255enableWSDLQuery = True 
     
    279289                                        filter:AttributeAuthorityFilter 
    280290 
    281 # Path from URL for Session Manager in this Paste deployment 
     291# Path from URI for Session Manager in this Paste deployment 
    282292path = /SessionManager 
     293 
     294# External endpoint for this Session Manager - must agree with setting used to 
     295# invoke this service set in: 
     296# * serverapp.py  
     297# * or port in [server:main] if calling with paster serve services.ini 
     298# * or something else e.g. proxied through Apache? 
     299# This setting is used by Session Manager clients in this WSGI stack to see if 
     300# a request is being made to the local service or to another session manager 
     301# running elsewhere 
     302publishedURI = http://localhost:8000%(path)s 
    283303 
    284304# Enable ?wsdl query argument to list the WSDL content 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singlesignonservice/sso.cfg

    r4883 r4890  
    1515# Switch to alternative location to pick up public/ dir containing static  
    1616# content such as graphics and stylesheets 
    17 #configDir=/home/pjkersha/workspace/security/python/ndg.security.server/ndg/security/server/sso/sso/badc_site 
     17#configDir=%(here)s 
    1818 
    1919# Switch from default templates package to templates/ in alternative directory 
Note: See TracChangeset for help on using the changeset viewer.