Changeset 5165 for TI12-security
- Timestamp:
- 02/04/09 16:40:51 (12 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 1 deleted
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/__init__.py
r4840 r5165 1 """NDG Security authorisati nopackage - contains code for Gatekeeper (PEP)1 """NDG Security authorisation package - contains code for Gatekeeper (PEP) 2 2 and authorisation interfaces (PDP) 3 3 4 NERC Data 4 NERC DataGrid Project 5 5 """ 6 6 __author__ = "P J Kershaw" … … 11 11 __contact__ = "Philip.Kershaw@stfc.ac.uk" 12 12 __revision__ = "$Id: __init__.py 3755 2008-04-04 09:11:44Z pjkersha $" 13 14 __all__ = [15 'pdp',16 'pep',] -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml/__init__.py
r5162 r5165 14 14 log = logging.getLogger(__name__) 15 15 16 from ndg.security.common.authz. pdp import PDPInterface16 from ndg.security.common.authz.xacml.cond import FunctionFactory 17 17 18 18 # For parsing: ElementTree helpers … … 63 63 64 64 @classmethod 65 def getInstance(cls, elem):66 67 for elem in elem.getchildren():65 def getInstance(cls, root): 66 67 for elem in root: 68 68 localName = getLocalName(elem) 69 69 if localName == 'Description': … … 107 107 actions = None 108 108 109 for elem in root .getchildren():109 for elem in root: 110 110 localName = getLocalName(elem) 111 111 … … 113 113 subjects = Target._getAttributes(elem, "Subject") 114 114 115 elif name == "Resources":115 elif localName == "Resources": 116 116 resources = Target._getAttributes(elem, "Resource") 117 117 118 elif name == "Actions":118 elif localName == "Actions": 119 119 actions = Target._getAttributes(elem, "Action") 120 120 121 return cls( )121 return cls(subjects=subjects, resources=resources, actions=actions) 122 122 123 123 @staticmethod … … 126 126 matches = [] 127 127 128 for elem in root .getchildren():128 for elem in root: 129 129 localName = getLocalName(elem) 130 130 131 131 if localName == prefix: 132 matches += getMatches(elem, prefix)133 elif name == "Any" + prefix:132 matches += Target._getMatches(elem, prefix) 133 elif localName == "Any" + prefix: 134 134 return None 135 135 … … 141 141 list = [] 142 142 143 for elem in root .getchildren():143 for elem in root: 144 144 localName = getLocalName(elem) 145 145 146 146 if localName == prefix + "Match": 147 list += TargetMatch.getInstance( child, prefix)147 list += TargetMatch.getInstance(elem, prefix) 148 148 149 149 return tuple(list) … … 206 206 207 207 @classmethod 208 def getInstance(cls, root, prefix , xpathVersion):208 def getInstance(cls, root, prefix): 209 209 '''Creates a TargetMatch by parsing a node, using the 210 210 input prefix to determine whether this is a SubjectMatch, … … 222 222 223 223 action = ["Subject", "Resource", "Action"].index(prefix) 224 if action not in self.__class__.types:224 if action not in cls.types: 225 225 raise TypeError("Unknown TargetMatch type: %s" % prefix) 226 226 … … 242 242 # Get the designator or selector being used, and the attribute 243 243 # value paired with it 244 for elem in root .getchildren():244 for elem in root: 245 245 localName = getLocalName(elem) 246 246 -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml/cond.py
r5162 r5165 10 10 __contact__ = "Philip.Kershaw@stfc.ac.uk" 11 11 __revision__ = "$Id$" 12 class FunctionBase(XacmlBase): 12 import logging 13 log = logging.getLogger(__name__) 14 15 from ndg.security.common.utils import UniqList 16 17 class FunctionBase(object): 13 18 FUNCTION_NS = "urn:oasis:names:tc:xacml:1.0:function:" 19 supportedIdentifiers = () 14 20 15 21 def __init__(self, … … 97 103 # TODO: Condition classes - minimal implementation until opportunity to fully 98 104 # implement 99 class Function( XacmlBase):105 class Function(object): 100 106 def __init__(self, *arg, **kw): 101 107 raise NotImplementedError() … … 221 227 } 222 228 223 typeMap = {NAME_STRING_EQUAL: basestring}229 typeMap = {NAME_STRING_EQUAL: "http://www.w3.org/2001/XMLSchema#string"} 224 230 225 231 def __init__(self, functionName, **kw): … … 349 355 pass 350 356 351 class FunctionFactory(XacmlBase): 357 358 class FunctionFactoryProxy(object): 359 '''A simple proxy interface used to install new <FunctionFactory>s. 360 The three kinds of factory (Target, Condition, and General) are tied 361 together in this interface because implementors writing new factories 362 should always implement all three types and provide them together''' 363 364 @classmethod 365 def getTargetFactory(cls): 366 raise NotImplementedError() 367 368 @classmethod 369 def getConditionFactory(cls): 370 raise NotImplementedError() 371 372 @classmethod 373 def getGeneralFactory(cls): 374 raise NotImplementedError() 375 376 377 class FunctionFactory(object): 352 378 '''Factory used to create all functions. There are three kinds of factories: 353 379 general, condition, and target. These provide functions that can be used … … 360 386 creating multiple instances that all do the same thing.''' 361 387 362 defaultFactoryProxy = StandardFunctionFactory() 388 class defaultFactoryProxy(FunctionFactoryProxy): 389 @classmethod 390 def getTargetFactory(cls): 391 return StandardFunctionFactory.getTargetFactory() 392 393 @classmethod 394 def getConditionFactory(cls): 395 return StandardFunctionFactory.getConditionFactory() 396 397 @classmethod 398 def getGeneralFactory(cls): 399 return StandardFunctionFactory.getGeneralFactory() 363 400 364 401 @classmethod … … 426 463 @param root the DOM root containing info used to create the function 427 464 ''' 428 raise NotImplementedError()429 430 431 class FunctionFactoryProxy(XacmlBase):432 '''A simple proxy interface used to install new FunctionFactorys.433 The three kinds of factory (Target, Condition, and General) are tied434 together in this interface because implementors writing new factories435 should always implement all three types and provide them together'''436 def getTargetFactory():437 raise NotImplementedError()438 439 def getConditionFactory():440 raise NotImplementedError()441 442 def getGeneralFactory():443 465 raise NotImplementedError() 444 466 … … 530 552 531 553 for function in supportedFunctions: 532 self.functionMap[function.functionId] = function 554 if function.functionId not in self.functionMap: 555 self.functionMap[function.functionId] = function 533 556 534 557 for id in supportedAbstractFunctions.keys(): … … 655 678 "factory" % identity) 656 679 680 getSupportedFunctions = lambda cls: [cls(i) for i in cls.supportedIdentifiers] 657 681 658 682 class StandardFunctionFactory(BaseFunctionFactory): … … 697 721 so there is no notion of supersetting since that's only used for 698 722 correctly propagating new functions.''' 699 super(StandardFunctionFactory, self).__init__(supportedFunctions, 700 supportedAbstractFunctions) 723 super(StandardFunctionFactory, self).__init__( 724 supportedFunctions=supportedFunctions, 725 supportedAbstractFunctions=supportedAbstractFunctions) 701 726 702 727 self.supportedFunctions = supportedFunctions 703 728 self.supportedAbstractFunctions = supportedAbstractFunctions 704 729 705 706 707 708 def _initTargetFunctions(self): 730 @classmethod 731 def _initTargetFunctions(cls): 709 732 '''Private initializer for the target functions. This is only ever 710 733 called once.''' 711 734 log.info("Initializing standard Target functions") 712 735 713 # Emulate a list with unique items using a dict with only the keys set 714 StandardFunctionFactory.targetFunctions = {} 736 cls.targetFunctions = UniqList() 715 737 716 738 # add EqualFunction 717 StandardFunctionFactory.targetFunctions.fromkeys( 718 EqualFunction.supportedIdentifiers) 739 cls.targetFunctions.extend(getSupportedFunctions(EqualFunction)) 719 740 720 741 # add LogicalFunction 721 StandardFunctionFactory.targetFunctions.fromkeys( 722 LogicalFunction.supportedIdentifiers) 742 cls.targetFunctions.extend(getSupportedFunctions(LogicalFunction)) 723 743 724 744 # add NOfFunction 725 StandardFunctionFactory.targetFunctions.fromkeys( 726 NOfFunction.supportedIdentifiers) 745 cls.targetFunctions.extend(getSupportedFunctions(NOfFunction)) 727 746 728 747 # add NotFunction 729 StandardFunctionFactory.targetFunctions.fromkeys( 730 NotFunction.supportedIdentifiers) 748 cls.targetFunctions.extend(getSupportedFunctions(NotFunction)) 731 749 732 750 # add ComparisonFunction 733 StandardFunctionFactory.targetFunctions.fromkeys( 734 ComparisonFunction.supportedIdentifiers) 751 cls.targetFunctions.extend(getSupportedFunctions(ComparisonFunction)) 735 752 736 753 # add MatchFunction 737 StandardFunctionFactory.targetFunctions.fromkeys( 738 MatchFunction.supportedIdentifiers) 739 740 StandardFunctionFactory.targetAbstractFunctions = {} 741 742 743 def _initConditionFunctions(self): 754 cls.targetFunctions.extend(getSupportedFunctions(MatchFunction)) 755 756 cls.targetAbstractFunctions = {} 757 758 @classmethod 759 def _initConditionFunctions(cls): 744 760 '''Private initializer for the condition functions. This is only ever 745 761 called once.''' 746 762 log.info("Initializing standard Condition functions") 747 763 748 if StandardFunctionFactory.targetFunctions is None:764 if cls.targetFunctions is None: 749 765 self._initTargetFunctions() 750 766 751 StandardFunctionFactory.conditionFunctions = \ 752 StandardFunctionFactory.targetFunctions.copy() 767 cls.conditionFunctions = cls.targetFunctions.copy() 753 768 754 769 # add condition functions from BagFunction 755 conditionFunctions. fromkeys(ConditionBagFunction.supportedIdentifiers)770 conditionFunctions.extend(getSupportedFunctions(ConditionBagFunction)) 756 771 757 772 # add condition functions from SetFunction 758 conditionFunctions. fromkeys(ConditionSetFunction.supportedIdentifiers)773 conditionFunctions.extend(getSupportedFunctions(ConditionSetFunction)) 759 774 760 775 # add condition functions from HigherOrderFunction 761 conditionFunctions.fromkeys(HigherOrderFunction.supportedIdentifiers) 762 763 StandardFunctionFactory.conditionAbstractFunctions = \ 764 StandardFunctionFactory.targetAbstractFunctions.copy() 765 766 767 def _initGeneralFunctions(self): 776 conditionFunctions.extend(getSupportedFunctions(HigherOrderFunction)) 777 778 cls.conditionAbstractFunctions = cls.targetAbstractFunctions.copy() 779 780 @classmethod 781 def _initGeneralFunctions(cls): 768 782 '''Private initializer for the general functions. This is only ever 769 783 called once.''' … … 771 785 log.info("Initializing standard General functions") 772 786 773 if StandardFunctionFactory.conditionFunctions is None:787 if cls.conditionFunctions is None: 774 788 self._initConditionFunctions() 775 789 776 StandardFunctionFactory.generalFunctions = \ 777 StandardFunctionFactory.conditionFunctions.copy() 790 cls.generalFunctions = cls.conditionFunctions.copy() 778 791 779 792 # add AddFunction 780 StandardFunctionFactory.generalFunctions.fromkeys( 781 AddFunction.supportedIdentifiers) 793 cls.generalFunctions.extend(getSupportedFunctions(AddFunction)) 782 794 783 795 # add SubtractFunction 784 StandardFunctionFactory.generalFunctions.fromkeys( 785 SubtractFunction.supportedIdentifiers) 796 cls.generalFunctions.extend(getSupportedFunctions(SubtractFunction)) 786 797 787 798 # add MultiplyFunction 788 StandardFunctionFactory.generalFunctions.fromkeys( 789 MultiplyFunction.supportedIdentifiers) 799 cls.generalFunctions.extend(getSupportedFunctions(MultiplyFunction)) 790 800 791 801 # add DivideFunction 792 StandardFunctionFactory.generalFunctions.fromkeys( 793 DivideFunction.supportedIdentifiers) 802 cls.generalFunctions.extend(getSupportedFunctions(DivideFunction)) 794 803 795 804 # add ModFunction 796 StandardFunctionFactory.generalFunctions.fromkeys( 797 ModFunction.supportedIdentifiers) 805 cls.generalFunctions.extend(getSupportedFunctions(ModFunction)) 798 806 799 807 # add AbsFunction 800 StandardFunctionFactory.generalFunctions.fromkeys( 801 AbsFunction.supportedIdentifiers) 808 cls.generalFunctions.extend(getSupportedFunctions(AbsFunction)) 802 809 803 810 # add RoundFunction 804 StandardFunctionFactory.generalFunctions.fromkeys( 805 RoundFunction.supportedIdentifiers) 811 cls.generalFunctions.extend(getSupportedFunctions(RoundFunction)) 806 812 807 813 # add FloorFunction 808 StandardFunctionFactory.generalFunctions.fromkeys( 809 FloorFunction.supportedIdentifiers) 814 cls.generalFunctions.extend(getSupportedFunctions(FloorFunction)) 810 815 811 816 # add DateMathFunction 812 StandardFunctionFactory.generalFunctions.fromkeys( 813 DateMathFunction.supportedIdentifiers) 817 cls.generalFunctions.extend(getSupportedFunctions(DateMathFunction)) 814 818 815 819 # add general functions from BagFunction 816 StandardFunctionFactory.generalFunctions.fromkeys( 817 GeneralBagFunction.supportedIdentifiers) 820 cls.generalFunctions.extend(getSupportedFunctions(GeneralBagFunction)) 818 821 819 822 # add NumericConvertFunction 820 StandardFunctionFactory.generalFunctions.fromkeys(821 NumericConvertFunction.supportedIdentifiers)823 cls.generalFunctions.extend(getSupportedFunctions( 824 NumericConvertFunction)) 822 825 823 826 # add StringNormalizeFunction 824 StandardFunctionFactory.generalFunctions.fromkeys(825 StringNormalizeFunction.supportedIdentifiers)827 cls.generalFunctions.extend(getSupportedFunctions( 828 StringNormalizeFunction)) 826 829 827 830 # add general functions from SetFunction 828 StandardFunctionFactory.generalFunctions.fromkeys( 829 GeneralSetFunction.supportedIdentifiers) 830 831 StandardFunctionFactory.generalAbstractFunctions = \ 832 StandardFunctionFactory.conditionAbstractFunctions.copy() 831 cls.generalFunctions.extend(getSupportedFunctions(GeneralSetFunction)) 832 833 cls.generalAbstractFunctions = cls.conditionAbstractFunctions.copy() 833 834 834 835 # Add the map function's proxy 835 StandardFunctionFactory.generalAbstractFunctions[ 836 MapFunction.NAME_MAP] = MapFunctionProxy() 836 cls.generalAbstractFunctions[MapFunction.NAME_MAP] = MapFunctionProxy() 837 837 838 838 @classmethod … … 846 846 847 847 @return a FunctionFactory for target functions''' 848 if StandardFunctionFactory.targetFactory is None:849 if StandardFunctionFactory.targetFunctions is None:850 StandardFunctionFactory._initTargetFunctions()848 if cls.targetFactory is None: 849 if cls.targetFunctions is None: 850 cls._initTargetFunctions() 851 851 852 if StandardFunctionFactory.targetFactory is None: 853 StandardFunctionFactory.targetFactory=StandardFunctionFactory( 854 StandardFunctionFactory.targetFunctions, 855 StandardFunctionFactory.targetAbstractFunctions) 856 857 return StandardFunctionFactory.targetFactory 852 if cls.targetFactory is None: 853 cls.targetFactory=cls(cls.targetFunctions, 854 cls.targetAbstractFunctions) 855 856 return cls.targetFactory 858 857 859 858 … … 870 869 @return a FunctionFactory for condition functions 871 870 ''' 872 if StandardFunctionFactory.conditionFactory is None:873 if StandardFunctionFactory.conditionFunctions is None:874 StandardFunctionFactory._initConditionFunctions()871 if cls.conditionFactory is None: 872 if cls.conditionFunctions is None: 873 cls._initConditionFunctions() 875 874 876 if StandardFunctionFactory.conditionFactory is None: 877 StandardFunctionFactory.conditionFactory = \ 878 StandardFunctionFactory( 879 StandardFunctionFactory.conditionFunctions, 880 StandardFunctionFactory.conditionAbstractFunctions) 881 882 return StandardFunctionFactory.conditionFactory 875 if cls.conditionFactory is None: 876 cls.conditionFactory = cls(cls.conditionFunctions, 877 cls.conditionAbstractFunctions) 878 879 return cls.conditionFactory 883 880 884 881 … … 894 891 @return a FunctionFactory for all functions''' 895 892 896 if StandardFunctionFactory.generalFactory is None:897 if StandardFunctionFactory.generalFunctions is None:898 StandardFunctionFactory._initGeneralFunctions()893 if cls.generalFactory is None: 894 if cls.generalFunctions is None: 895 cls._initGeneralFunctions() 899 896 900 StandardFunctionFactory.generalFactory = \ 901 StandardFunctionFactory( 902 StandardFunctionFactory.generalFunctions, 903 StandardFunctionFactory.generalAbstractFunctions) 897 cls.generalFactory = cls(cls.generalFunctions, 898 cls.generalAbstractFunctions) 904 899 905 return StandardFunctionFactory.generalFactory900 return cls.generalFactory 906 901 907 902 … … 930 925 functions''' 931 926 932 general = StandardFunctionFactory.getGeneralFactory()927 general = cls.getGeneralFactory() 933 928 934 929 newGeneral=BaseFunctionFactory(general.getStandardFunctions(), 935 930 general.getStandardAbstractFunctions()) 936 931 937 condition = StandardFunctionFactory.getConditionFactory()932 condition = cls.getConditionFactory() 938 933 939 934 newCondition = BaseFunctionFactory(newGeneral, … … 941 936 condition.getStandardAbstractFunctions()) 942 937 943 target = StandardFunctionFactory.getTargetFactory()938 target = cls.getTargetFactory() 944 939 newTarget = BaseFunctionFactory(newCondition, 945 940 target.getStandardFunctions(), … … 948 943 return BasicFunctionFactoryProxy(newTarget, newCondition, newGeneral) 949 944 950 951 952 953 945 def addFunction(self, function): 954 946 '''Always throws an exception, since support for new functions may not -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/utils/__init__.py
r4131 r5165 1 """Utilities package for NDG Security 2 3 NERC DataGrid Project 4 """ 5 __author__ = "P J Kershaw" 6 __date__ = "02/04/09" 7 __copyright__ = "" 8 __license__ = "BSD - see LICENSE file in top-level directory" 9 __contact__ = "Philip.Kershaw@stfc.ac.uk" 10 __revision__ = '$Id: $' 11 12 class UniqList(list): 13 """Extended version of list type to enable a list with unique items""" 14 def extend(self, iter): 15 super(UniqList, self).extend([i for i in iter if i not in self]) 16 17 def __iadd__(self, iter): 18 raise TypeError("+= operator not possible on UniqList. Try the extend " 19 "method intead") -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securedapp.ini
r5157 r5165 12 12 13 13 [pipeline:main] 14 #pipeline = AuthenticationFilter 15 ## PDPMiddlewareFilter 16 # AuthorizationFilter 17 # AuthZTestApp 18 pipeline = AuthenticationFilter 19 AuthorizationFilter 20 AuthZTestApp 14 pipeline = AuthenticationFilter AuthorizationFilter AuthZTestApp 21 15 22 16 [app:AuthZTestApp]
Note: See TracChangeset
for help on using the changeset viewer.