Ignore:
Timestamp:
30/03/09 15:11:23 (11 years ago)
Author:
pjkersha
Message:

Added capability to pass Session Manager URI over OpenID Attribute Exchange Interface:

  • Added AXInterface interface class to OpenID Provider to set custom AX response
  • Refactored ndg.security.server.wsgi.authn to handle setting of Session Manager URI passed via AuthKit? cookie from OpenID Relying Party
  • AuthKit? cookie user data is deleted once its handed to the NDG Security session management to minimize exposure as plain text in AuthKit? cookie.
Location:
TI12-security/trunk/python/ndg.security.common/ndg/security/common
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml.py

    r5115 r5148  
    769769        Indeterminate result''' 
    770770        raise NotImplementedError() 
     771 
     772 
     773class Apply(Evaluatable): 
     774    '''Represents the XACML ApplyType and ConditionType XML types.''' 
     775 
     776    def __init__(self, function, evals, bagFunction=None, isCondition): 
     777        '''Constructs an Apply object. Throws an 
     778        IllegalArgumentException if the given parameter list 
     779        isn't valid for the given function. 
     780         
     781        @param function the Function to use in evaluating the elements in the  
     782        apply 
     783        @param evals the contents of the apply which will be the parameters 
     784        to the function, each of which is an Evaluatable 
     785        @param bagFunction the higher-order function to use 
     786        @param isCondition true if this Apply is a Condition, False otherwise 
     787        ''' 
     788     
     789        # check that the given inputs work for the function 
     790        inputs = evals 
     791        if bagFunction is not None: 
     792            inputs = [bagFunction] 
     793            inputs += evals 
     794         
     795        function.checkInputs(inputs) 
     796 
     797        # if everything checks out, then store the inputs 
     798        self.function = function 
     799        self.evals = tuple(evals) 
     800        self.bagFunction = bagFunction 
     801        self.isCondition = isCondition 
     802     
     803     
     804    @staticmethod 
     805    def getConditionInstance(root, xpathVersion): 
     806        '''Returns an instance of an Apply based on the given DOM 
     807        root node. This will actually return a special kind of 
     808        Apply, namely an XML ConditionType, which is the root 
     809        of the condition logic in a RuleType. A ConditionType is the same 
     810        as an ApplyType except that it must use a FunctionId that returns 
     811        a boolean value. 
     812         
     813        @param root the DOM root of a ConditionType XML type 
     814        @param xpathVersion the XPath version to use in any selectors or XPath 
     815                            functions, or null if this is unspecified (ie, not 
     816                            supplied in the defaults section of the policy) 
     817         
     818        ''' 
     819        raise NotImplementedError() 
     820          
     821    def getInstance(self, root, factory=None, isCondition=False, xpathVersion): 
     822        '''Returns an instance of Apply based on the given DOM root. 
     823         
     824        @param root the DOM root of an ApplyType XML type 
     825        @param xpathVersion the XPath version to use in any selectors or XPath 
     826                            functions, or null if this is unspecified (ie, not 
     827                            supplied in the defaults section of the policy)''' 
     828         
     829        raise NotImplementedError() 
     830     
     831    @staticmethod 
     832    def getFunction(root, version, factory): 
     833        '''Helper method that tries to get a function instance''' 
     834        raise NotImplementedError() 
     835             
     836    def getFunction(self): 
     837        '''Returns the Function used by this Apply. 
     838         
     839        @return the Function''' 
     840        return function 
     841     
     842    def getChildren(self): 
     843        '''Returns the List of children for this Apply. 
     844        The List contains Evaluatables. The list is 
     845        unmodifiable, and may be empty. 
     846         
     847        @return a List of Evaluatables''' 
     848        return self.evals 
     849     
     850    def getHigherOrderFunction(self): 
     851        '''Returns the higher order bag function used by this Apply 
     852        if it exists, or null if no higher order function is used. 
     853         
     854        @return the higher order Function or null''' 
     855        return self.bagFunction 
     856     
     857    def isCondition(self): 
     858        '''Returns whether or not this ApplyType is actually a ConditionType. 
     859         
     860        @return whether or not this represents a ConditionType''' 
     861        return isCondition 
     862 
     863    def evaluate(self, context): 
     864        '''Evaluates the apply object using the given function. This will in 
     865        turn call evaluate on all the given parameters, some of which may be 
     866        other Apply objects. 
     867         
     868        @param context the representation of the request 
     869         
     870        @return the result of trying to evaluate this apply object''' 
     871        parameters = self.evals 
     872 
     873        # see if there is a higher-order function in here 
     874        if bagFunction != None: 
     875            # this is a special case, so we setup the parameters, starting 
     876            # with the function 
     877            parameters = [bagFunction] 
     878 
     879            # now we evaluate all the parameters, returning INDETERMINATE 
     880            # if that's what any of them return, and otherwise tracking 
     881            # all the AttributeValues that get returned 
     882            for eval in self.evals: 
     883                result = eval.evaluate(context) 
     884                 
     885                # in a higher-order case, if anything is INDETERMINATE, then 
     886                # we stop right away 
     887                if result.indeterminate(): 
     888                    return result 
     889 
     890                parameters.add(result.getAttributeValue()) 
     891             
     892        # now we can call the base function 
     893        return function.evaluate(parameters, context) 
     894          
     895    def getType(self): 
     896        '''Returns the type of attribute that this object will return on a call 
     897        to evaluate. In practice, this will always be the same as 
     898        the result of calling getReturnType on the function used 
     899        by this object. 
     900         
     901        @return the type returned by evaluate''' 
     902        return self.function.getReturnType() 
     903       
     904    def evaluatesToBag(self): 
     905        '''Returns whether or not the Function will return a bag 
     906        of values on evaluation. 
     907         
     908        @return true if evaluation will return a bag of values, false otherwise 
     909        ''' 
     910        return self.function.returnsBag() 
     911 
     912    def encode(self, output, indenter): 
     913        '''Encodes this Apply into its XML representation and 
     914        writes this encoding to the given OutputStream with 
     915        indentation. 
     916         
     917        @param output a stream into which the XML-encoded data is written 
     918        @param indenter an object that creates indentation strings''' 
     919        raise NotImplementedError() 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/utils/classfactory.py

    r5060 r5148  
    3131     
    3232    if className is None: 
    33         _moduleName, className = moduleName.rsplit(moduleName, 1) 
     33        _moduleName, className = moduleName.rsplit('.', 1) 
    3434    else: 
    3535        _moduleName = moduleName 
     
    8989             
    9090            # Import module name specified in properties file 
    91             module = __import__(moduleName) 
    92             components = moduleName.split('.') 
    93             for component in components[1:]: 
    94                 module = getattr(module, component) 
    95  
    9691            importedClass = importClass(moduleName, className=className) 
    9792        finally: 
Note: See TracChangeset for help on using the changeset viewer.