Changeset 5165 for TI12-security

Timestamp:

02/04/09 16:40:51 (11 years ago)

Author:

pjkersha

Message:

More progress with condition functions for access control

Location:

TI12-security/trunk/python

Files:

• ndg.security.common/ndg/security/common/authz/__init__.py (modified) (2 diffs)
• ndg.security.common/ndg/security/common/authz/xacml.py (deleted)
• ndg.security.common/ndg/security/common/authz/xacml/__init__.py (modified) (9 diffs)
• ndg.security.common/ndg/security/common/authz/xacml/cond.py (modified) (16 diffs)
• ndg.security.common/ndg/security/common/utils/__init__.py (modified) (1 diff)
• ndg.security.test/ndg/security/test/integration/authz/securedapp.ini (modified) (1 diff)

TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/__init__.py

@@ -1 @@
-"""NDG Security authorisatino package - contains code for Gatekeeper (PEP)
+"""NDG Security authorisation package - contains code for Gatekeeper (PEP)
 and authorisation interfaces (PDP)
 
-NERC Data Grid Project
+NERC DataGrid Project
 """
 __author__ = "P J Kershaw"
@@ -11 +11 @@
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = "$Id: __init__.py 3755 2008-04-04 09:11:44Z pjkersha $"
-
-__all__ = [
-    'pdp',
-    'pep',]

TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml/__init__.py

@@ -14 +14 @@
 log = logging.getLogger(__name__)
 
-from ndg.security.common.authz.pdp import PDPInterface
+from ndg.security.common.authz.xacml.cond import FunctionFactory
 
 # For parsing: ElementTree helpers 
@@ -63 +63 @@
     
     @classmethod
-    def getInstance(cls, elem):
-        
-        for elem in elem.getchildren():
+    def getInstance(cls, root):
+        
+        for elem in root:
             localName = getLocalName(elem)
             if localName == 'Description':
@@ -107 +107 @@
         actions = None
         
-        for elem in root.getchildren():
+        for elem in root:
             localName = getLocalName(elem)
 
@@ -113 +113 @@
                 subjects = Target._getAttributes(elem, "Subject")
                 
-            elif name == "Resources":
+            elif localName == "Resources":
                 resources = Target._getAttributes(elem, "Resource")
                 
-            elif name == "Actions":
+            elif localName == "Actions":
                 actions = Target._getAttributes(elem, "Action")
         
-        return cls()
+        return cls(subjects=subjects, resources=resources, actions=actions)
     
     @staticmethod
@@ -126 +126 @@
         matches = []
 
-        for elem in root.getchildren():
+        for elem in root:
             localName = getLocalName(elem)
 
             if localName == prefix:
-                matches += getMatches(elem, prefix)
-            elif name == "Any" + prefix:
+                matches += Target._getMatches(elem, prefix)
+            elif localName == "Any" + prefix:
                 return None
 
@@ -141 +141 @@
         list = []
 
-        for elem in root.getchildren():
+        for elem in root:
             localName = getLocalName(elem)
 
             if localName == prefix + "Match":
-                list += TargetMatch.getInstance(child, prefix)
+                list += TargetMatch.getInstance(elem, prefix)
 
         return tuple(list)
@@ -206 +206 @@
     
     @classmethod
-    def getInstance(cls, root, prefix, xpathVersion):
+    def getInstance(cls, root, prefix):
         '''Creates a TargetMatch by parsing a node, using the
         input prefix to determine whether this is a SubjectMatch, 
@@ -222 +222 @@
 
         action = ["Subject", "Resource", "Action"].index(prefix)
-        if action not in self.__class__.types:
+        if action not in cls.types:
             raise TypeError("Unknown TargetMatch type: %s" % prefix)
 
@@ -242 +242 @@
         # Get the designator or selector being used, and the attribute
         # value paired with it
-        for elem in root.getchildren():
+        for elem in root:
             localName = getLocalName(elem)
 

TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml/cond.py

@@ -10 +10 @@
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = "$Id$"
-class FunctionBase(XacmlBase):
+import logging
+log = logging.getLogger(__name__)
+
+from ndg.security.common.utils import UniqList
+
+class FunctionBase(object):
     FUNCTION_NS = "urn:oasis:names:tc:xacml:1.0:function:"
+    supportedIdentifiers = ()
     
     def __init__(self, 
@@ -97 +103 @@
 # TODO: Condition classes - minimal implementation until opportunity to fully 
 # implement   
-class Function(XacmlBase):
+class Function(object):
     def __init__(self, *arg, **kw):
         raise NotImplementedError()
@@ -221 +227 @@
     }
     
-    typeMap = {NAME_STRING_EQUAL: basestring}
+    typeMap = {NAME_STRING_EQUAL: "http://www.w3.org/2001/XMLSchema#string"}
     
     def __init__(self, functionName, **kw):
@@ -349 +355 @@
     pass
 
-class FunctionFactory(XacmlBase):
+
+class FunctionFactoryProxy(object):
+    '''A simple proxy interface used to install new <FunctionFactory>s.
+    The three kinds of factory (Target, Condition, and General) are tied
+    together in this interface because implementors writing new factories
+    should always implement all three types and provide them together'''
+    
+    @classmethod
+    def getTargetFactory(cls):
+        raise NotImplementedError()
+
+    @classmethod
+    def getConditionFactory(cls):
+        raise NotImplementedError()
+
+    @classmethod
+    def getGeneralFactory(cls):
+        raise NotImplementedError()
+
+
+class FunctionFactory(object):
     '''Factory used to create all functions. There are three kinds of factories:
     general, condition, and target. These provide functions that can be used
@@ -360 +386 @@
     creating multiple instances that all do the same thing.'''
 
-    defaultFactoryProxy = StandardFunctionFactory()                 
+    class defaultFactoryProxy(FunctionFactoryProxy):
+        @classmethod
+        def getTargetFactory(cls):
+            return StandardFunctionFactory.getTargetFactory()
+    
+        @classmethod
+        def getConditionFactory(cls):
+            return StandardFunctionFactory.getConditionFactory()
+    
+        @classmethod
+        def getGeneralFactory(cls):
+            return StandardFunctionFactory.getGeneralFactory()                 
             
     @classmethod
@@ -426 +463 @@
         @param root the DOM root containing info used to create the function
         '''
-        raise NotImplementedError()
-
-
-class FunctionFactoryProxy(XacmlBase):
-    '''A simple proxy interface used to install new FunctionFactorys.
-    The three kinds of factory (Target, Condition, and General) are tied
-    together in this interface because implementors writing new factories
-    should always implement all three types and provide them together'''
-    def getTargetFactory():
-        raise NotImplementedError()
-
-    def getConditionFactory():
-        raise NotImplementedError()
-
-    def getGeneralFactory():
         raise NotImplementedError()
 
@@ -530 +552 @@
      
         for function in supportedFunctions:
-            self.functionMap[function.functionId] = function
+            if function.functionId not in self.functionMap:
+                self.functionMap[function.functionId] = function
         
         for id in supportedAbstractFunctions.keys():
@@ -655 +678 @@
                                              "factory" % identity)
 
+getSupportedFunctions = lambda cls: [cls(i) for i in cls.supportedIdentifiers]
 
 class StandardFunctionFactory(BaseFunctionFactory):
@@ -697 +721 @@
         so there is no notion of supersetting since that's only used for
         correctly propagating new functions.'''
-        super(StandardFunctionFactory, self).__init__(supportedFunctions, 
-                                                    supportedAbstractFunctions)
+        super(StandardFunctionFactory, self).__init__(
+                        supportedFunctions=supportedFunctions, 
+                        supportedAbstractFunctions=supportedAbstractFunctions)
 
         self.supportedFunctions = supportedFunctions
         self.supportedAbstractFunctions = supportedAbstractFunctions
     
-
-    
-    
-    def _initTargetFunctions(self): 
+    @classmethod
+    def _initTargetFunctions(cls): 
         '''Private initializer for the target functions. This is only ever
         called once.'''
         log.info("Initializing standard Target functions")
 
-        # Emulate a list with unique items using a dict with only the keys set
-        StandardFunctionFactory.targetFunctions = {}
+        cls.targetFunctions = UniqList()
 
         # add EqualFunction
-        StandardFunctionFactory.targetFunctions.fromkeys(
-                                    EqualFunction.supportedIdentifiers)
+        cls.targetFunctions.extend(getSupportedFunctions(EqualFunction))
 
         # add LogicalFunction
-        StandardFunctionFactory.targetFunctions.fromkeys(
-                                    LogicalFunction.supportedIdentifiers)
+        cls.targetFunctions.extend(getSupportedFunctions(LogicalFunction))
         
         # add NOfFunction
-        StandardFunctionFactory.targetFunctions.fromkeys(
-                                    NOfFunction.supportedIdentifiers)
+        cls.targetFunctions.extend(getSupportedFunctions(NOfFunction))
         
         # add NotFunction
-        StandardFunctionFactory.targetFunctions.fromkeys(
-                                    NotFunction.supportedIdentifiers)
+        cls.targetFunctions.extend(getSupportedFunctions(NotFunction))
         
         # add ComparisonFunction
-        StandardFunctionFactory.targetFunctions.fromkeys(
-                                    ComparisonFunction.supportedIdentifiers)
+        cls.targetFunctions.extend(getSupportedFunctions(ComparisonFunction))
 
         # add MatchFunction
-        StandardFunctionFactory.targetFunctions.fromkeys(
-                                    MatchFunction.supportedIdentifiers)
-
-        StandardFunctionFactory.targetAbstractFunctions = {}
-    
-    
-    def _initConditionFunctions(self): 
+        cls.targetFunctions.extend(getSupportedFunctions(MatchFunction))
+
+        cls.targetAbstractFunctions = {}
+    
+    @classmethod
+    def _initConditionFunctions(cls): 
         '''Private initializer for the condition functions. This is only ever
         called once.'''
         log.info("Initializing standard Condition functions")
 
-        if StandardFunctionFactory.targetFunctions is None:
+        if cls.targetFunctions is None:
             self._initTargetFunctions()
 
-        StandardFunctionFactory.conditionFunctions = \
-            StandardFunctionFactory.targetFunctions.copy()
+        cls.conditionFunctions = cls.targetFunctions.copy()
 
         # add condition functions from BagFunction
-        conditionFunctions.fromkeys(ConditionBagFunction.supportedIdentifiers)
+        conditionFunctions.extend(getSupportedFunctions(ConditionBagFunction))
         
         # add condition functions from SetFunction
-        conditionFunctions.fromkeys(ConditionSetFunction.supportedIdentifiers)
+        conditionFunctions.extend(getSupportedFunctions(ConditionSetFunction))
         
         # add condition functions from HigherOrderFunction
-        conditionFunctions.fromkeys(HigherOrderFunction.supportedIdentifiers)
-
-        StandardFunctionFactory.conditionAbstractFunctions = \
-            StandardFunctionFactory.targetAbstractFunctions.copy()
-    
-
-    def _initGeneralFunctions(self):     
+        conditionFunctions.extend(getSupportedFunctions(HigherOrderFunction))
+
+        cls.conditionAbstractFunctions = cls.targetAbstractFunctions.copy()
+    
+    @classmethod
+    def _initGeneralFunctions(cls):     
         '''Private initializer for the general functions. This is only ever
         called once.'''
@@ -771 +785 @@
         log.info("Initializing standard General functions")
 
-        if StandardFunctionFactory.conditionFunctions is None:
+        if cls.conditionFunctions is None:
             self._initConditionFunctions()
 
-        StandardFunctionFactory.generalFunctions = \
-            StandardFunctionFactory.conditionFunctions.copy()
+        cls.generalFunctions = cls.conditionFunctions.copy()
 
         # add AddFunction
-        StandardFunctionFactory.generalFunctions.fromkeys(
-            AddFunction.supportedIdentifiers)
+        cls.generalFunctions.extend(getSupportedFunctions(AddFunction))
             
         # add SubtractFunction
-        StandardFunctionFactory.generalFunctions.fromkeys(
-            SubtractFunction.supportedIdentifiers)
+        cls.generalFunctions.extend(getSupportedFunctions(SubtractFunction))
             
         # add MultiplyFunction
-        StandardFunctionFactory.generalFunctions.fromkeys(
-            MultiplyFunction.supportedIdentifiers)
+        cls.generalFunctions.extend(getSupportedFunctions(MultiplyFunction))
             
         # add DivideFunction
-        StandardFunctionFactory.generalFunctions.fromkeys(
-            DivideFunction.supportedIdentifiers)
+        cls.generalFunctions.extend(getSupportedFunctions(DivideFunction))
             
         # add ModFunction
-        StandardFunctionFactory.generalFunctions.fromkeys(
-            ModFunction.supportedIdentifiers)
+        cls.generalFunctions.extend(getSupportedFunctions(ModFunction))
         
         # add AbsFunction
-        StandardFunctionFactory.generalFunctions.fromkeys(
-            AbsFunction.supportedIdentifiers)
+        cls.generalFunctions.extend(getSupportedFunctions(AbsFunction))
             
         # add RoundFunction
-        StandardFunctionFactory.generalFunctions.fromkeys(
-            RoundFunction.supportedIdentifiers)
+        cls.generalFunctions.extend(getSupportedFunctions(RoundFunction))
             
         # add FloorFunction
-        StandardFunctionFactory.generalFunctions.fromkeys(
-            FloorFunction.supportedIdentifiers)
+        cls.generalFunctions.extend(getSupportedFunctions(FloorFunction))
         
         # add DateMathFunction
-        StandardFunctionFactory.generalFunctions.fromkeys(
-            DateMathFunction.supportedIdentifiers)
+        cls.generalFunctions.extend(getSupportedFunctions(DateMathFunction))
             
         # add general functions from BagFunction
-        StandardFunctionFactory.generalFunctions.fromkeys(
-            GeneralBagFunction.supportedIdentifiers)
+        cls.generalFunctions.extend(getSupportedFunctions(GeneralBagFunction))
             
         # add NumericConvertFunction
-        StandardFunctionFactory.generalFunctions.fromkeys(
-            NumericConvertFunction.supportedIdentifiers)
+        cls.generalFunctions.extend(getSupportedFunctions(
+                                                    NumericConvertFunction))
             
         # add StringNormalizeFunction
-        StandardFunctionFactory.generalFunctions.fromkeys(
-            StringNormalizeFunction.supportedIdentifiers)
+        cls.generalFunctions.extend(getSupportedFunctions(
+                                                    StringNormalizeFunction))
         
         # add general functions from SetFunction
-        StandardFunctionFactory.generalFunctions.fromkeys(
-            GeneralSetFunction.supportedIdentifiers)
-            
-        StandardFunctionFactory.generalAbstractFunctions = \
-            StandardFunctionFactory.conditionAbstractFunctions.copy()
+        cls.generalFunctions.extend(getSupportedFunctions(GeneralSetFunction))
+            
+        cls.generalAbstractFunctions = cls.conditionAbstractFunctions.copy()
 
         # Add the map function's proxy
-        StandardFunctionFactory.generalAbstractFunctions[
-                                    MapFunction.NAME_MAP] = MapFunctionProxy()
+        cls.generalAbstractFunctions[MapFunction.NAME_MAP] = MapFunctionProxy()
     
     @classmethod 
@@ -846 +846 @@
         
         @return a FunctionFactory for target functions'''
-        if StandardFunctionFactory.targetFactory is None: 
-            if StandardFunctionFactory.targetFunctions is None:
-                StandardFunctionFactory._initTargetFunctions()
+        if cls.targetFactory is None: 
+            if cls.targetFunctions is None:
+                cls._initTargetFunctions()
                 
-            if StandardFunctionFactory.targetFactory is None:
-                StandardFunctionFactory.targetFactory=StandardFunctionFactory(
-                            StandardFunctionFactory.targetFunctions,
-                            StandardFunctionFactory.targetAbstractFunctions)
-        
-        return StandardFunctionFactory.targetFactory
+            if cls.targetFactory is None:
+                cls.targetFactory=cls(cls.targetFunctions,
+                                      cls.targetAbstractFunctions)
+        
+        return cls.targetFactory
 
     
@@ -870 +869 @@
         @return a FunctionFactory for condition functions
         '''
-        if StandardFunctionFactory.conditionFactory is None:
-            if StandardFunctionFactory.conditionFunctions is None:
-                StandardFunctionFactory._initConditionFunctions()
+        if cls.conditionFactory is None:
+            if cls.conditionFunctions is None:
+                cls._initConditionFunctions()
                 
-            if StandardFunctionFactory.conditionFactory is None:
-                StandardFunctionFactory.conditionFactory = \
-                    StandardFunctionFactory(
-                           StandardFunctionFactory.conditionFunctions,
-                           StandardFunctionFactory.conditionAbstractFunctions)       
-
-        return StandardFunctionFactory.conditionFactory
+            if cls.conditionFactory is None:
+                cls.conditionFactory = cls(cls.conditionFunctions,
+                                           cls.conditionAbstractFunctions)       
+
+        return cls.conditionFactory
     
 
@@ -894 +891 @@
         @return a FunctionFactory for all functions'''
     
-        if StandardFunctionFactory.generalFactory is None:
-            if StandardFunctionFactory.generalFunctions is None:
-                StandardFunctionFactory._initGeneralFunctions()
+        if cls.generalFactory is None:
+            if cls.generalFunctions is None:
+                cls._initGeneralFunctions()
                 
-                StandardFunctionFactory.generalFactory = \
-                    StandardFunctionFactory(
-                            StandardFunctionFactory.generalFunctions,
-                            StandardFunctionFactory.generalAbstractFunctions)
+                cls.generalFactory = cls(cls.generalFunctions,
+                                         cls.generalAbstractFunctions)
                 
-        return StandardFunctionFactory.generalFactory
+        return cls.generalFactory
 
 
@@ -930 +925 @@
         functions'''
         
-        general = StandardFunctionFactory.getGeneralFactory()
+        general = cls.getGeneralFactory()
             
         newGeneral=BaseFunctionFactory(general.getStandardFunctions(),
                                        general.getStandardAbstractFunctions())
 
-        condition = StandardFunctionFactory.getConditionFactory()
+        condition = cls.getConditionFactory()
         
         newCondition = BaseFunctionFactory(newGeneral,
@@ -941 +936 @@
                                     condition.getStandardAbstractFunctions())
 
-        target = StandardFunctionFactory.getTargetFactory()
+        target = cls.getTargetFactory()
         newTarget = BaseFunctionFactory(newCondition,
                                     target.getStandardFunctions(),
@@ -948 +943 @@
         return BasicFunctionFactoryProxy(newTarget, newCondition, newGeneral)
     
-
-    
-    
     def addFunction(self, function):
         '''Always throws an exception, since support for new functions may not 

TI12-security/trunk/python/ndg.security.common/ndg/security/common/utils/__init__.py

@@ +1 @@
+"""Utilities package for NDG Security
+
+NERC DataGrid Project
+"""
+__author__ = "P J Kershaw"
+__date__ = "02/04/09"
+__copyright__ = ""
+__license__ = "BSD - see LICENSE file in top-level directory"
+__contact__ = "Philip.Kershaw@stfc.ac.uk"
+__revision__ = '$Id: $'
+
+class UniqList(list):
+    """Extended version of list type to enable a list with unique items"""
+    def extend(self, iter):
+        super(UniqList, self).extend([i for i in iter if i not in self])
+        
+    def __iadd__(self, iter):
+        raise TypeError("+= operator not possible on UniqList. Try the extend "
+                        "method intead")

TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securedapp.ini

@@ -12 +12 @@
 
 [pipeline:main]
-#pipeline = AuthenticationFilter
-##                 PDPMiddlewareFilter
-#                  AuthorizationFilter
-#                  AuthZTestApp
-pipeline = AuthenticationFilter
-                   AuthorizationFilter
-                   AuthZTestApp
+pipeline = AuthenticationFilter AuthorizationFilter AuthZTestApp
 
 [app:AuthZTestApp]