Changeset 5657


Ignore:
Timestamp:
24/08/09 10:14:34 (10 years ago)
Author:
pjkersha
Message:

Preparing saml SOAP Attribute Interface middleware for unit tests.

Location:
TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/__init__.py

    r5549 r5657  
    1111log = logging.getLogger(__name__) 
    1212import httplib 
     13import re # for NDGSecurityPathFilter 
    1314 
    1415class NDGSecurityMiddlewareError(Exception): 
     
    338339        """ 
    339340        return [i.strip("\"'") for i in item.split()]   
     341 
    340342    
    341343class NDGSecurityPathFilter(NDGSecurityMiddlewareBase): 
    342344    """Specialisation of NDG Security Middleware to enable filtering based on 
    343345    PATH_INFO 
    344      
    345     B{This class must be run under Apache mod_wsgi} 
    346  
    347     - Apache SSLOptions directive StdEnvVars option must be set 
    348346    """ 
    349347    propertyDefaults = { 
     
    354352    propertyDefaults.update(NDGSecurityMiddlewareBase.propertyDefaults) 
    355353     
     354    CSV_PAT = re.compile(',\W*') 
     355     
     356    # TODO: refactor to: 
     357    # * enable reading of path list from a database or some other  
     358    # configuration source. 
     359    # * enable some kind of pattern matching for paths     
    356360    _pathMatch = lambda self: self._pathInfo in self.pathMatchList 
    357361    pathMatch = property(fget=_pathMatch, 
    358362                         doc="Check for input path match to list of paths" 
    359363                             "to which this middleware is to be applied") 
    360      
    361     sslKeyName = 'HTTPS' 
    362  
    363     _isSSLRequest = lambda self: self.environ.get( 
    364                                     NDGSecurityPathFilter.sslKeyName) == '1' 
    365     isSSLRequest = property(fget=_isSSLRequest, 
    366                             doc="Is an SSL request boolean " 
    367                                 "- depends on Apache config") 
    368      
     364 
    369365    def __init__(self, *arg, **kw): 
    370366        '''See NDGSecurityMiddlewareBase for explanation of args 
     
    378374         
    379375    def _getPathMatchList(self): 
    380         return self._pathMatchList 
     376        return self.__pathMatchList 
    381377     
    382378    def _setPathMatchList(self, pathList): 
     
    387383        as set in environ['PATH_INFO'] 
    388384        ''' 
    389         # TODO: refactor to: 
    390         # * enable reading of path list from a database or some other  
    391         # configuration source. 
    392         # * enable some kind of pattern matching for paths 
    393385         
    394386        if isinstance(pathList, basestring): 
    395387            # Try parsing a space separated list of file paths 
    396              self._pathMatchList=[path.strip() for path in pathList.split(',')] 
     388             self.__pathMatchList=NDGSecurityPathFilter.CSV_PAT.split(pathList) 
    397389             
    398390        elif not isinstance(pathList, (list, tuple)): 
    399391            raise TypeError('Expecting a list or tuple for "pathMatchList"') 
    400392        else: 
    401             self._pathMatchList = pathList 
     393            self.__pathMatchList = list(pathList) 
    402394             
    403395    pathMatchList = property(fget=_getPathMatchList, 
  • TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/saml.py

    r5656 r5657  
    2626from ndg.security.common.soap.etree import SOAPEnvelope 
    2727from ndg.security.common.utils.etree import QName, prettyPrint 
     28from ndg.security.server.wsgi import NDGSecurityPathFilter 
    2829from ndg.security.server.wsgi.soap import SOAPMiddleware 
    2930 
     
    3637 
    3738   
    38 class SOAPAttributeInterfaceMiddleware(SOAPMiddleware): 
     39class SOAPAttributeInterfaceMiddleware(SOAPMiddleware, NDGSecurityPathFilter): 
    3940    """Implementation of SAML 2.0 SOAP Binding for Assertion Query/Request 
    40     Profile""" 
     41    Profile 
     42     
     43    @type PATH_OPTNAME: basestring 
     44    @cvar PATH_OPTNAME: name of app_conf option for specifying a path or paths 
     45    that this middleware will intercept and process 
     46    @type QUERY_INTERFACE_KEYNAME_OPTNAME: basestring 
     47    @cvar QUERY_INTERFACE_KEYNAME_OPTNAME: app_conf option name for key name 
     48    used to reference the SAML query interface in environ 
     49    @type DEFAULT_QUERY_INTERFACE_KEYNAME: basestring 
     50    @param DEFAULT_QUERY_INTERFACE_KEYNAME: default key name for referencing 
     51    SAML query interface in environ 
     52    """ 
    4153    log = logging.getLogger('SOAPAttributeInterfaceMiddleware') 
     54    PATH_OPTNAME = "pathMatchList" 
    4255    QUERY_INTERFACE_KEYNAME_OPTNAME = "queryInterfaceKeyName" 
    4356    DEFAULT_QUERY_INTERFACE_KEYNAME = ("ndg.security.server.wsgi.saml." 
     
    5972        self.__queryInterfaceKeyName = None 
    6073         
     74        self.pathMatchList = app_conf.get( 
     75            prefix + SOAPAttributeInterfaceMiddleware.PATH_OPTNAME, ['/']) 
     76                    
    6177        self.queryInterfaceKeyName = app_conf.get(prefix + \ 
    6278            SOAPAttributeInterfaceMiddleware.QUERY_INTERFACE_KEYNAME_OPTNAME, 
     
    88104                          fset=_setIssuerName,  
    89105                          doc="Name of assertion issuing authority") 
    90         
     106     
     107    @NDGSecurityPathFilter.initCall 
    91108    def __call__(self, environ, start_response): 
    92109        """Check for and parse a SOAP SAML Attribute Query and return a 
     
    98115        @param start_response: standard WSGI start response function 
    99116        """ 
    100              
     117         
     118        # Ignore non-matching path 
     119        if not self.pathMatch: 
     120            return self._app(environ, start_response) 
     121           
    101122        # Ignore non-SOAP requests 
    102         if not self.isSOAPMessage(environ): 
     123        if not SOAPAttributeInterfaceMiddleware.isSOAPMessage(environ): 
    103124            return self._app(environ, start_response) 
    104125         
     
    145166        samlResponse = queryInterface(attributeQuery) 
    146167         
     168        # Add mapping for ESG Group/Role Attribute Value to enable ElementTree 
     169        # Attribute Value factory to render the XML output 
     170        toXMLTypeMap = { 
     171            XSGroupRoleAttributeValue: XSGroupRoleAttributeValueElementTree 
     172        } 
     173         
    147174        # Convert to ElementTree representation to enable attachment to SOAP 
    148175        # response body 
Note: See TracChangeset for help on using the changeset viewer.