06/02/09 16:56:59 (12 years ago)

Major progress on authentication and authorisation WSGI chain:

  • integration test harness in ndg.security.test.integration.authz
    • chain PEP middleware catches secured URIs. If URI is a secured one, it sets the status to 403.
    • The 403 status is caught by the PDP. The PDP checks for a login cookie, if not set it sets 401 Unauthorized
    • 401 is caught by OpenID handler and sets OpenID signin form response so that the user can login
    • If the user is logged in, the PDP checks authZ credentials (TODO) if not set it sets a 403 status and responds with an access denied message
  • The PDP uses authkit.authenticate.multi.MultiHandler? to trap 403 responses from the PEP and display an access denied message.
  • ndg.security.server.wsgi.pdp needs cleaning up in line with change to use authkit MultiHandler?
26 added

Note: See TracChangeset for help on using the changeset viewer.