Ignore:
Timestamp:
25/02/09 13:52:50 (11 years ago)
Author:
pjkersha
Message:

ndg.security.server.wsgi.authn: AuthNMiddleware and AuthNRedirectMiddleware catch HTTP 401 responses from a WSGI application stack to be protected and redirect to OpenID Relying Party middleware running on an application server running NDG Security services.

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securedapp.ini

    r5016 r5037  
    1212 
    1313[pipeline:main] 
    14 pipeline = AuthNRedirectFilter 
     14pipeline = SessionMiddlewareFilter 
     15                   AuthenticationFilter 
    1516           TestApp 
    1617 
    1718[app:TestApp] 
    18 paste.app_factory = ndg.security.test.wsgi.authn.test_authn:TestAuthNMiddleware 
     19paste.app_factory = ndg.security.test.integration.authz.securedapp:TestAuthNMiddleware 
    1920 
    20 [filter:AuthNRedirectFilter] 
     21#______________________________________________________________________________ 
     22# Beaker Session Middleware (used by Authentication Filter) 
     23[filter:SessionMiddlewareFilter] 
     24paste.filter_app_factory=beaker.middleware:SessionMiddleware 
     25#beaker.session.key = sso 
     26beaker.session.secret = somesecret 
     27 
     28# If you'd like to fine-tune the individual locations of the cache data dirs 
     29# for the Cache data, or the Session saves, un-comment the desired settings 
     30# here: 
     31beaker.cache.data_dir = %(here)s/beaker/cache 
     32beaker.session.data_dir = %(here)s/beaker/sessions 
     33 
     34[filter:AuthenticationFilter] 
    2135paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthNRedirectHandlerMiddleware 
    2236prefix = authN. 
    23 authN.redirectURI = http://localhost:80443/verify 
     37 
     38# Set redirect for OpenID Relying Party in the Security Services app instance 
     39authN.redirectURI = http://localhost:7443/verify 
     40 
     41# AuthKit Set-up 
     42authkit.setup.method=cookie 
     43authkit.cookie.secret=secret encryption string 
     44authkit.cookie.signoutpath = /logout 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securedapp.py

    r5016 r5037  
    1111            status = "401 Unauthorized" 
    1212             
    13         elif environ['PATH_INFO'] == '/test_401WithLoggedIn': 
    14             status = "401 Unauthorized" 
    15             environ['REMOTE_USER'] = 'testuser'             
    16              
    17         elif environ['PATH_INFO'] == '/test_200WithNotLoggedIn': 
    18             status = "200 OK" 
    19              
    20         elif environ['PATH_INFO'] == '/test_200WithLoggedIn': 
    21             environ['REMOTE_USER'] = 'testuser' 
    22             status = "200 OK" 
    2313        else: 
    2414            status = "404 Not found" 
    2515                 
    26         start_response(status, 
    27                        [('Content-length',  
    28                          str(len(TestAuthNMiddleware.response))), 
    29                         ('Content-type', 'text/plain')]) 
    30         return [TestAuthNMiddleware.response] 
     16#        start_response(status, 
     17#                       [('Content-length',  
     18#                         str(len(TestAuthNMiddleware.response))), 
     19#                        ('Content-type', 'text/plain')]) 
     20#        return [TestAuthNMiddleware.response] 
     21        return self._setResponse(environ, start_response) 
     22     
     23    def _setResponse(self, environ, start_response): 
     24        if 'REMOTE_USER' in environ: 
     25            response = """<html> 
     26    <head/> 
     27    <body> 
     28        <p>Authenticated!</p> 
     29        <p><a href="/logout">logout</a></p> 
     30    </body> 
     31</html>""" 
     32            start_response('200 OK',  
     33                           [('Content-type', 'text/html'), 
     34                            ('Content-length', str(len(response)))]) 
     35        else: 
     36            response = "Trigger OpenID Relying Party..." 
     37            start_response('401 Unauthorized',  
     38                           [('Content-type', 'text/plain'), 
     39                            ('Content-length', str(len(response)))]) 
     40        return [response] 
    3141     
    3242def app_factory(globalConfig, **localConfig): 
     
    4151if __name__ == '__main__': 
    4252    import sys 
     53    import os 
     54    from os.path import dirname, abspath 
    4355    import logging 
    4456    logging.basicConfig(level=logging.DEBUG) 
     
    4759        port = int(sys.argv[1]) 
    4860    else: 
    49         port = 80080 
     61        port = 7080 
    5062         
    5163    cfgFilePath = os.path.join(dirname(abspath(__file__)), 'securedapp.ini') 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securityservices.ini

    r5017 r5037  
    1818use = egg:Paste#http 
    1919host = 0.0.0.0 
    20 port = 5800 
     20port = 7443 
    2121 
    2222# Play with this pipeline at your peril! ... 
     
    4242 
    4343[app:AuthZTestApp] 
    44 paste.app_factory = ndg.security.test.integration.authz.serverapp:app_factory 
     44paste.app_factory = ndg.security.test.integration.authz.securityservicesapp:app_factory 
    4545 
    4646[filter:PEPMiddlewareFilter] 
     
    9999authkit.openid.session.secret = random string 
    100100 
    101 authkit.openid.baseurl = http://localhost:5800 
     101authkit.openid.baseurl = http://localhost:7443 
    102102 
    103103# Template for signin 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securityservicesapp.py

    r5017 r5037  
    3737             
    3838    def default(self, environ, start_response): 
    39         start_response('200 OK', [('Content-type', 'text/plain')]) 
    40         return "Authorisation integration tests" 
     39        if 'REMOTE_USER' in environ: 
     40            response = """<html> 
     41    <head/> 
     42    <body> 
     43        <p>Authenticated!</p> 
     44        <p><a href="/logout">logout</a></p> 
     45    </body> 
     46</html>""" 
     47            start_response('200 OK',  
     48                           [('Content-type', 'text/html'), 
     49                            ('Content-length', str(len(response)))]) 
     50        else: 
     51            response = "Authorisation integration tests" 
     52            start_response('200 OK',  
     53                           [('Content-type', 'text/html'), 
     54                            ('Content-length', str(len(response)))]) 
     55        return response 
    4156 
    4257    def test_401(self, environ, start_response): 
     
    102117        port = int(sys.argv[1]) 
    103118    else: 
    104         port = 80443 
     119        port = 7443 
    105120         
    106     cfgFilePath = os.path.join(dirname(abspath(__file__)), 'services.ini') 
     121    cfgFilePath = os.path.join(dirname(abspath(__file__)),  
     122                               'securityservices.ini') 
    107123         
    108124    from paste.httpserver import serve 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/wsgi/authn/test.ini

    r5015 r5037  
    2121paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthNRedirectHandlerMiddleware 
    2222prefix = authN. 
    23 authN.redirectURI = /redirect2here 
     23#authN.redirectURI = /redirect2here 
     24authN.redirectURI = http://localhost:5800/verify 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/wsgi/authn/test_authn.py

    r5015 r5037  
    2828import paste.fixture 
    2929from paste.deploy import loadapp 
    30  
    31 from ndg.security.server.wsgi.authn import AuthNRedirectHandlerMiddleware 
    32  
    3330 
    3431class TestAuthNMiddleware(object): 
Note: See TracChangeset for help on using the changeset viewer.