Ignore:
Timestamp:
11/05/09 14:27:55 (11 years ago)
Author:
pjkersha
Message:

1.0.1 rc3

  • Fixed return in msi PIP._getAttributeCertificate
  • improved documentation for ndg.security.server.wsgi.authz
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/authz/__init__.py

    r5254 r5273  
    2121    NDGSecurityMiddlewareConfigError 
    2222 
    23 from ndg.security.common.authz.msi import Policy, PIP, PDP, Request, Response,\ 
    24     Resource, Subject 
     23from ndg.security.common.authz.msi import Policy, PIP, PDP, Request, \ 
     24    Response, Resource, Subject 
    2525 
    2626class AuthZResultHandlerMiddleware(NDGSecurityMiddlewareBase): 
    27     """Simple interface to send a 401 response if no username is set in the 
    28     beaker.session 
     27    """This middleware is invoked if access is denied to a given resource.  It 
     28    is incorporated into the call stack by passing it in to a MultiHandler  
     29    instance.  The MultiHandler is configured in the AuthorizationMiddleware  
     30    class below.  The MultiHandler is passed a checker method which determines 
     31    whether to allow access, or call this interface.   The checker is 
     32    implemented in the AuthorizationHandler.  See below ... 
    2933     
    30     TODO: possible refactor to incorporate 403 response and user role  
    31     registration interface""" 
     34    TODO: possible refactor to incorporate user role registration interface. 
     35    For ESG collaboration, the scenario following access denied is to g""" 
    3236    propertyDefaults = { 
    3337        'sessionKey': 'beaker.session.ndg.security' 
     
    3539 
    3640    _isAuthenticated = lambda self: \ 
    37                             'username' in self.environ.get(self.sessionKey, ()) 
     41                            'username' in self.environ.get(self.sessionKey,()) 
    3842    isAuthenticated = property(fget=_isAuthenticated, 
    3943                               doc='boolean to indicate is user logged in') 
     
    4549                                                           prefix=prefix, 
    4650                                                           **app_conf) 
    47  
    4851                
    4952    @NDGSecurityMiddlewareBase.initCall 
     
    7073 
    7174class AuthorizationHandler(object): 
    72     """Interface to authkit.authenticate.MultiHandler checker callable 
     75    """Interface to authkit.authenticate.MultiHandler checker callable. 
     76    The checker returns True/False to indicate to the MultiHandler whether to 
     77    call the access denied middleware AuthZResultHandlerMiddleware.  To 
     78    return this bool, it evaluates the users credentials against the  
     79    constraints on the resource to be accessed by calling the NDG Policy 
     80    Decision Point 
    7381    """ 
    7482    triggerStatus = '403' 
     
    185193    '''Handler to call Policy Decision Point middleware and intercept 
    186194    authorisation requests.  Add THIS class to any middleware chain and NOT 
    187     PEPMiddleware which it wraps. 
     195    AuthZResultHandlerMiddleware and AuthorizationHandler which it wraps. 
    188196    ''' 
    189197    def __init__(self, app, global_conf, prefix='', **app_conf): 
    190                          
     198        """Set-up AuthKit MultiHandler with a WSGI interface to handle HTTP 
     199        403 access denied responses - AuthZResultHandlerMiddleware and a  
     200        checker which intercepts requests and makes access control decisions 
     201        using the Policy Decision Point (PDP)""" 
     202         
    191203        app = MultiHandler(app) 
    192204                            
Note: See TracChangeset for help on using the changeset viewer.