Changeset 5254
- Timestamp:
- 06/05/09 09:05:09 (10 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 9 edited
-
ndg.security.server/ndg/security/server/wsgi/authz/__init__.py (modified) (2 diffs)
-
ndg.security.server/ndg/security/server/wsgi/openid/provider/__init__.py (modified) (8 diffs)
-
ndg.security.server/ndg/security/server/wsgi/openid/provider/authninterface/basic.py (modified) (4 diffs)
-
ndg.security.server/ndg/security/server/wsgi/openid/provider/authninterface/sessionmanager.py (modified) (1 diff)
-
ndg.security.server/ndg/security/server/wsgi/openid/provider/axinterface/sessionmanager.py (modified) (2 diffs)
-
ndg.security.test/ndg/security/test/integration/authz/policy.xml (modified) (2 diffs)
-
ndg.security.test/ndg/security/test/integration/authz/securedapp.ini (modified) (1 diff)
-
ndg.security.test/ndg/security/test/integration/authz/securedapp.py (modified) (4 diffs)
-
ndg.security.test/ndg/security/test/integration/authz/securityservices.ini (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/authz/__init__.py
r5227 r5254 80 80 81 81 _isAuthenticated = lambda self: \ 82 'username' in self.environ.get(self.sessionKey, 82 'username' in self.environ.get(self.sessionKey,()) 83 83 isAuthenticated = property(fget=_isAuthenticated, 84 84 doc='boolean to indicate is user logged in') … … 164 164 return False 165 165 else: 166 log.debug("AuthorizationHandler access denied for policy") 166 log.debug("AuthorizationHandler policy [%s] denied access for " 167 "uri [%s]", self.policyFilePath, resourceURI) 167 168 # True invokes the access forbidden middleware 168 169 return True -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/__init__.py
r5222 r5254 746 746 747 747 except Exception, e: 748 log.error("Setting response following ID Approval: %s" % e) 748 log.error("%s type exception raised setting response " 749 "following ID Approval: %s", e.__class__.__name__,e) 749 750 return self._render.errorPage(environ, start_response, 750 751 'An error occurred setting additional parameters ' … … 859 860 self.session['approved'] = {} 860 861 self.session.save() 862 863 log.info("user [%s] logged in", self.session['username']) 861 864 else: 862 865 # logout 863 866 if 'username' not in self.session: 864 867 log.error("No user is logged in") 865 return self._redirect(start_response,self.query['fail_to']) 868 return self._redirect(start_response, 869 self.query['fail_to']) 866 870 871 log.info("user [%s] logging out ...",self.session['username']) 872 867 873 del self.session['username'] 868 874 self.session.pop('approved', None) … … 954 960 955 961 except Exception, e: 956 log.error("Setting response following ID Approval: %s" % e) 962 log.error("%s type exception raised setting response " 963 "following ID Approval: %s", e.__class__.__name__,e) 957 964 response = self._render.errorPage(environ, start_response, 958 965 'An error occurred setting additional parameters ' … … 963 970 return self.oidResponse(response) 964 971 else: 965 return self._render.decidePage(environ, start_response, oidRequest) 972 try: 973 return self._render.decidePage(environ, 974 start_response, 975 oidRequest) 976 except AuthNInterfaceError, e: 977 log.error("%s type exception raised calling decide page " 978 "rendering - an OpenID identifier look-up error? " 979 "message is: %s", e.__class__.__name__,e) 980 response = self._render.errorPage(environ, start_response, 981 'An error has occurred displaying an options page ' 982 'which checks whether you want to return to the site ' 983 'requesting your ID. Please report this fault to ' 984 'your site administrator.') 985 return response 986 966 987 967 988 … … 1070 1091 return 1071 1092 1093 log.debug("Calling AX plugin: %s ...", 1094 self.axResponse.__class__.__name__) 1095 1072 1096 # Set requested values - need user intervention here to confirm 1073 1097 # release of attributes + assignment based on required attributes - … … 1083 1107 except Exception, e: 1084 1108 log.error("%s exception raised setting requested Attribute " 1085 "Exchange values: %s" % (e.__class__, e))1109 "Exchange values: %s", e.__class__.__name__, e) 1086 1110 raise 1087 1111 1112 log.debug("Adding AX parameters to response: %s ...", ax_resp) 1088 1113 oidResponse.addExtension(ax_resp) 1114 log.debug("Added AX parameters to response") 1089 1115 1090 1116 … … 1138 1164 try: 1139 1165 oidResponse = self._identityApprovedPostProcessing( 1140 1166 oidRequest) 1141 1167 except (OpenIDProviderMissingRequiredAXAttrs, 1142 1168 OpenIDProviderMissingAXResponseHandler): … … 1149 1175 1150 1176 except Exception, e: 1151 log.error("Setting response following ID Approval: %s" % e) 1177 log.error("%s type exception raised setting response " 1178 "following ID Approval: %s", e.__class__.__name__,e) 1179 log.exception(e) 1152 1180 response = self._render.errorPage(environ, start_response, 1153 1181 'An error occurred setting additional parameters ' -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/authninterface/basic.py
r5223 r5254 17 17 log = logging.getLogger(__name__) 18 18 19 from ndg.security.server.wsgi.openid.provider import AbstractAuthNInterface 19 from ndg.security.server.wsgi.openid.provider import AbstractAuthNInterface, \ 20 AuthNInterfaceInvalidCredentials, AuthNInterfaceRetrieveError, \ 21 AuthNInterfaceConfigError, AuthNInterfaceUsername2IdentifierMismatch 20 22 21 23 … … 82 84 83 85 @raise AuthNInterfaceInvalidCredentials: invalid username/password 86 @raise AuthNInterfaceUsername2IdentifierMismatch: no OpenID matching 87 the given username 84 88 """ 85 89 if self._userCreds.get(username) != password: … … 152 156 self._client = WSGISessionManagerClient(**prop) 153 157 158 # This is set at login 159 self.sessionId = None 154 160 155 161 def logon(self, environ, userIdentifier, username, password): … … 175 181 try: 176 182 self._client.environ = environ 177 self.sessionId = self._client.connect(username, 178 passphrase=password)[-1] 183 connectResp = self._client.connect(username, passphrase=password) 184 log.debug("Connected to Session Manager with: %s", connectResp) 185 186 self.sessionId = connectResp[-1] 179 187 180 188 except AuthNServiceInvalidCredentials, e: -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/authninterface/sessionmanager.py
r5227 r5254 62 62 self._client = WSGISessionManagerClient(**prop) 63 63 64 # Set at login 65 self.sessionId = None 64 66 65 67 def logon(self, environ, userIdentifier, username, password): -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/axinterface/sessionmanager.py
r5189 r5254 72 72 reqAttrURIs = ax_req.getRequiredAttrs() 73 73 if self.sessionManagerURITypeURI in reqAttrURIs: 74 log.debug("Adding AX parameter %s=%s ...", 75 self.sessionManagerURITypeURI, 76 self.sessionManagerURI) 77 74 78 ax_resp.addValue(self.sessionManagerURITypeURI, 75 79 self.sessionManagerURI) … … 81 85 "type for authNInterface arg; " 82 86 "got: %s" % 83 87 authNInterface.__class__.__name__) 84 88 89 log.debug("Adding AX parameter %s=%s ...", self.sessionIdTypeURI, 90 authNInterface.sessionId) 91 85 92 ax_resp.addValue(self.sessionIdTypeURI, authNInterface.sessionId) -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/policy.xml
r5187 r5254 1 1 <?xml version="1.0" encoding="UTF-8"?> 2 <Policy PolicyId=" AuthZTest" xmlns="urn:ndg:security:authz:1.0:policy">2 <Policy PolicyId="pyDAP" xmlns="urn:ndg:security:authz:1.0:policy"> 3 3 <Description>Restrict access for Authorization integration tests</Description> 4 4 5 5 <Target> 6 <URIPattern> /test_securedURI</URIPattern>6 <URIPattern>^/test_securedURI*$</URIPattern> 7 7 <Attributes> 8 8 <Attribute>urn:siteA:security:authz:1.0:attr:staff</Attribute> … … 13 13 </Target> 14 14 <Target> 15 <URIPattern>^/test_accessDenied .*$</URIPattern>15 <URIPattern>^/test_accessDeniedToSecuredURI$</URIPattern> 16 16 <Attributes> 17 17 <Attribute>urn:siteA:security:authz:1.0:attr:forbidden</Attribute> -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securedapp.ini
r5186 r5254 1 1 # 2 # AuthN WSGI Testing environment configuration 2 # NDG Security AuthZ WSGI Testing environment configuration 3 # 4 # NERC DataGrid 5 # 6 # Author: P J Kershaw 7 # 8 # Copyright: STFC 2009 9 # 10 # Licence: BSD 3 11 # 4 12 # The %(here)s variable will be replaced with the parent directory of this file -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securedapp.py
r5223 r5254 56 56 <h1>Authorisation integration tests:</h1> 57 57 <ul>%s</ul> 58 <p>You are logged in. <a href="/logout">Logout</a></p> 59 </body> 60 </html> 61 """ % '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name) 62 for link,name in self.method.items() if name != 'default']) 58 <p>You are logged in with OpenID [%s]. <a href="/logout">Logout</a></p> 59 </body> 60 </html> 61 """ % ('\n'.join(['<li><a href="%s">%s</a></li>' % (link, name) 62 for link,name in self.method.items() if name != 'default']), 63 environ['REMOTE_USER']) 63 64 64 65 start_response('200 OK', … … 114 115 <h1>Authorised!</h1> 115 116 <ul>%s</ul> 116 <p>You are logged in. <a href="/logout">Logout</a></p> 117 </body> 118 </html> 119 """ % '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name) 120 for link,name in self.method.items() if name != 'default']) 117 <p>You are logged in with OpenID [%s]. <a href="/logout">Logout</a></p> 118 </body> 119 </html> 120 """ % ('\n'.join(['<li><a href="%s">%s</a></li>' % (link, name) 121 for link,name in self.method.items() if name != 'default']), 122 environ['REMOTE_USER']) 121 123 122 124 start_response('200 OK', … … 140 142 <h1>Authorised for path [%s]!</h1> 141 143 <ul>%s</ul> 142 <p>You are logged in . <a href="/logout">Logout</a></p>144 <p>You are logged in with OpenID [%s]. <a href="/logout">Logout</a></p> 143 145 </body> 144 146 </html> 145 147 """ % (environ['PATH_INFO'], 146 148 '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name) 147 for link,name in self.method.items() if name != 'default'])) 149 for link,name in self.method.items() if name != 'default']), 150 environ['REMOTE_USER']) 148 151 149 152 … … 171 174 <h1>Authorised for path [%s]!</h1> 172 175 <ul>%s</ul> 173 <p>You are logged in . <a href="/logout">Logout</a></p>176 <p>You are logged in with OpenID [%s]. <a href="/logout">Logout</a></p> 174 177 </body> 175 178 </html> 176 179 """ % (environ['PATH_INFO'], 177 180 '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name) 178 for link,name in self.method.items() if name != 'default'])) 181 for link,name in self.method.items() if name != 'default']), 182 environ['REMOTE_USER']) 179 183 180 184 -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securityservices.ini
r5181 r5254 325 325 openid.provider.authN.userIdentifiersSQLQuery: select distinct ident from openid where username = '$username' 326 326 327 ## Basic Authentication but linking to a Session Manager 328 #openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicSessionManagerOpenIDAuthNInterface 329 # 330 ## Connect to a Session Manager at a given URI or see next... 331 ##openid.provider.authN.sessionManagerURI= 332 # 333 ## environ dictionary key to Session Manager WSGI instance held locally. 334 ## The setting below is the default and can be omitted if it matches the 335 ## filterID set for the Session Manager 336 #openid.provider.authN.environKeyName=filter:SessionManagerFilter 337 # 338 ## Link usernames for login to the OpenID identifiers they correspond to. 339 ## See openid.provider.path.id with $userIdentifier setting 340 #openid.provider.authN.username2UserIdentifiers=pjk:PhilipKershaw,P.J.Kershaw 341 327 342 # Basic authentication for testing/admin - comma delimited list of 328 343 # <username>:<password> pairs
Note: See TracChangeset
for help on using the changeset viewer.
