Ignore:
Timestamp:
22/05/09 10:11:16 (11 years ago)
Author:
pjkersha
Message:

Completed AuthorizationMiddleware? unit tests ndg.security.test.unit.wsgi.authz:

  • Test 8, 'test08AccessDeniedForAdminQueryArg' tries out the use case for a URI which can display additional content for users with admin privileges. The caller needs to be able to display the correct content according to whether the user has admin rights or not:
    1. the caller invokes /securedURI?admin=1
    2. if the user has admin, rights the PDP will grant access and the PEP will deliver this URI.
    3. if the user doesn't have admin rights, a special overloaded PEP result handler class detects that access was denied for the admin URI and redirects the user to a modified URI subtracting the admin flag. The application code can then deliver the appropriate content minus admin privileges.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/unit/wsgi/authz/policy.xml

    r5329 r5330  
    44     
    55    <Target> 
    6         <URIPattern>^/test_accessGrantedToSecuredURI*$</URIPattern> 
     6        <URIPattern>^/test_accessGrantedToSecuredURI$</URIPattern> 
    77        <Attributes> 
    88            <Attribute>urn:siteA:security:authz:1.0:attr:staff</Attribute> 
     
    2222        </AttributeAuthority> 
    2323    </Target> 
     24    <Target> 
     25        <!--  
     26            Special extra target puts additional restriction in place if 
     27            admin query argument is set 
     28        --> 
     29        <URIPattern>^/test_accessGrantedToSecuredURI\?admin=1$</URIPattern> 
     30        <Attributes> 
     31            <Attribute>urn:siteA:security:authz:1.0:attr:admin</Attribute> 
     32        </Attributes> 
     33        <AttributeAuthority> 
     34            <uri>http://localhost:5000/AttributeAuthority</uri> 
     35        </AttributeAuthority> 
     36    </Target> 
    2437</Policy> 
Note: See TracChangeset for help on using the changeset viewer.