Changeset 5273


Ignore:
Timestamp:
11/05/09 14:27:55 (10 years ago)
Author:
pjkersha
Message:

1.0.1 rc3

  • Fixed return in msi PIP._getAttributeCertificate
  • improved documentation for ndg.security.server.wsgi.authz
Location:
TI12-security/trunk/python
Files:
9 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.client/setup.cfg

    r5227 r5273  
    1717 
    1818[egg_info] 
    19 tag_build = rc2 
     19tag_build = rc3 
    2020tag_svn_revision = true 
    2121 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/msi.py

    r5230 r5273  
    333333 
    334334        if sessionId and sessionManagerURI: 
    335             return self._getAttributeCertificateFromSessionManager( 
     335            attrCert = self._getAttributeCertificateFromSessionManager( 
    336336                                                     attributeAuthorityURI, 
    337337                                                     sessionId, 
    338338                                                     sessionManagerURI) 
    339339        else: 
    340             return self._getAttributeCertificateFromAttributeAuthority( 
     340            attrCert = self._getAttributeCertificateFromAttributeAuthority( 
    341341                                                     attributeAuthorityURI, 
    342342                                                     username) 
     
    361361            log.exception(e) 
    362362            raise InvalidAttributeCertificate() 
     363         
     364        return attrCert 
    363365     
    364366             
     
    458460        try: 
    459461            # Make request for attribute certificate 
    460             attrCert = aaClnt.getAttCert(userId=username) 
     462            return aaClnt.getAttCert(userId=username) 
    461463         
    462464         
     
    474476            raise AttributeCertificateRequestError() 
    475477 
    476         return attrCert 
    477  
    478478            
    479479            
     
    509509                 
    510510                try: 
    511                     attributeResponse = self.pip.attributeQuery(attributeQuery) 
     511                    attributeResponse=self.pip.attributeQuery(attributeQuery) 
    512512                     
    513513                except SubjectRetrievalError, e: 
  • TI12-security/trunk/python/ndg.security.common/setup.cfg

    r5227 r5273  
    1717 
    1818[egg_info] 
    19 tag_build = rc2 
     19tag_build = rc3 
    2020tag_svn_revision = true 
    2121 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/authn.py

    r5227 r5273  
    222222                   'sessionId' not in session: 
    223223                    axData = eval(environ['REMOTE_USER_DATA']) 
    224                     sessionManagerURI=axData['ax']['value.sessionManagerURI.1'] 
     224                    sessionManagerURI = \ 
     225                                    axData['ax']['value.sessionManagerURI.1'] 
    225226                    session['sessionManagerURI'] = sessionManagerURI 
    226227 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/authz/__init__.py

    r5254 r5273  
    2121    NDGSecurityMiddlewareConfigError 
    2222 
    23 from ndg.security.common.authz.msi import Policy, PIP, PDP, Request, Response,\ 
    24     Resource, Subject 
     23from ndg.security.common.authz.msi import Policy, PIP, PDP, Request, \ 
     24    Response, Resource, Subject 
    2525 
    2626class AuthZResultHandlerMiddleware(NDGSecurityMiddlewareBase): 
    27     """Simple interface to send a 401 response if no username is set in the 
    28     beaker.session 
     27    """This middleware is invoked if access is denied to a given resource.  It 
     28    is incorporated into the call stack by passing it in to a MultiHandler  
     29    instance.  The MultiHandler is configured in the AuthorizationMiddleware  
     30    class below.  The MultiHandler is passed a checker method which determines 
     31    whether to allow access, or call this interface.   The checker is 
     32    implemented in the AuthorizationHandler.  See below ... 
    2933     
    30     TODO: possible refactor to incorporate 403 response and user role  
    31     registration interface""" 
     34    TODO: possible refactor to incorporate user role registration interface. 
     35    For ESG collaboration, the scenario following access denied is to g""" 
    3236    propertyDefaults = { 
    3337        'sessionKey': 'beaker.session.ndg.security' 
     
    3539 
    3640    _isAuthenticated = lambda self: \ 
    37                             'username' in self.environ.get(self.sessionKey, ()) 
     41                            'username' in self.environ.get(self.sessionKey,()) 
    3842    isAuthenticated = property(fget=_isAuthenticated, 
    3943                               doc='boolean to indicate is user logged in') 
     
    4549                                                           prefix=prefix, 
    4650                                                           **app_conf) 
    47  
    4851                
    4952    @NDGSecurityMiddlewareBase.initCall 
     
    7073 
    7174class AuthorizationHandler(object): 
    72     """Interface to authkit.authenticate.MultiHandler checker callable 
     75    """Interface to authkit.authenticate.MultiHandler checker callable. 
     76    The checker returns True/False to indicate to the MultiHandler whether to 
     77    call the access denied middleware AuthZResultHandlerMiddleware.  To 
     78    return this bool, it evaluates the users credentials against the  
     79    constraints on the resource to be accessed by calling the NDG Policy 
     80    Decision Point 
    7381    """ 
    7482    triggerStatus = '403' 
     
    185193    '''Handler to call Policy Decision Point middleware and intercept 
    186194    authorisation requests.  Add THIS class to any middleware chain and NOT 
    187     PEPMiddleware which it wraps. 
     195    AuthZResultHandlerMiddleware and AuthorizationHandler which it wraps. 
    188196    ''' 
    189197    def __init__(self, app, global_conf, prefix='', **app_conf): 
    190                          
     198        """Set-up AuthKit MultiHandler with a WSGI interface to handle HTTP 
     199        403 access denied responses - AuthZResultHandlerMiddleware and a  
     200        checker which intercepts requests and makes access control decisions 
     201        using the Policy Decision Point (PDP)""" 
     202         
    191203        app = MultiHandler(app) 
    192204                            
  • TI12-security/trunk/python/ndg.security.server/setup.cfg

    r5227 r5273  
    1616 
    1717[egg_info] 
    18 tag_build = rc2 
     18tag_build = rc3 
    1919tag_svn_revision = true 
    2020 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/policy.xml

    r5254 r5273  
    99        </Attributes> 
    1010        <AttributeAuthority> 
     11<!--           
    1112            <uri>http://localhost:7443/AttributeAuthority</uri> 
     13-->    
     14            <uri>https://ndg3beta.badc.rl.ac.uk/AttributeAuthority</uri> 
    1215        </AttributeAuthority> 
    1316    </Target> 
  • TI12-security/trunk/python/ndg.security.test/setup.cfg

    r5227 r5273  
    1010# version 1.0 or later. 
    1111[egg_info] 
    12 tag_build = rc2 
     12tag_build = rc3 
    1313tag_svn_revision = true 
    1414 
  • TI12-security/trunk/python/ndg.security/setup.cfg

    r5227 r5273  
    1919 
    2020[egg_info] 
    21 tag_build = rc2 
     21tag_build = rc3 
    2222tag_svn_revision = true 
    2323 
Note: See TracChangeset for help on using the changeset viewer.