Changeset 5774 for TI12-security

Timestamp:

28/09/09 17:15:41 (12 years ago)

Author:

pjkersha

Message:

Added a wrapper class to Paste Deploy httpserver to enable automated setup and teardown of services for unit tests.

Location:

TI12-security/trunk/python

Files:

• ndg_security_server/ndg/security/server/wsgi/__init__.py (modified) (1 diff)
• ndg_security_server/ndg/security/server/wsgi/authn.py (modified) (5 diffs)
• ndg_security_server/ndg/security/server/wsgi/authz.py (modified) (20 diffs)
• ndg_security_server/ndg/security/server/wsgi/ssl.py (modified) (4 diffs)
• ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini (modified) (1 diff)
• ndg_security_test/ndg/security/test/integration/authz_lite/securityservicesapp.py (modified) (3 diffs)
• ndg_security_test/ndg/security/test/unit/__init__.py (modified) (3 diffs)
• ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_attributeauthorityclient.py (modified) (3 diffs)
• ndg_security_test/ndg/security/test/unit/credentialwallet/test_credentialwallet.py (modified) (1 diff)
• ndg_security_test/ndg/security/test/unit/nosetests.ini (modified) (1 diff)
• ndg_security_test/ndg/security/test/unit/nosetests.py (modified) (1 diff)
• ndg_security_test/ndg/security/test/unit/wsgi/__init__.py (modified) (1 diff)
• ndg_security_test/ndg/security/test/unit/wsgi/authn/ssl-test.ini (modified) (1 diff)
• ndg_security_test/ndg/security/test/unit/wsgi/ssl/test.ini (modified) (1 diff)

TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/__init__.py

@@ -27 +27 @@
     USERNAME_ENVIRON_KEYNAME = 'REMOTE_USER'
     USERDATA_ENVIRON_KEYNAME = 'REMOTE_USER_DATA'
+    USERNAME_SESSION_KEYNAME = 'username'
     
     propertyDefaults = {

TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/authn.py

@@ -27 +27 @@
 
 
-class AuthenticationMiddlewareBase(NDGSecurityMiddlewareBase):
+class SessionMiddlewareBase(NDGSecurityMiddlewareBase):
     """Base class for Authentication redirect middleware and Session Handler
     middleware
@@ -37 +37 @@
         'sessionKey': 'beaker.session.ndg.security'
     }
-    USERNAME_SESSION_KEYNAME = 'username'
-    
+   
     _isAuthenticated = lambda self: \
-        AuthenticationMiddlewareBase.USERNAME_SESSION_KEYNAME in \
+        SessionMiddlewareBase.USERNAME_SESSION_KEYNAME in \
         self.environ.get(self.sessionKey, ())
         
@@ -47 +46 @@
 
         
-class AuthnRedirectMiddleware(AuthenticationMiddlewareBase):
+class AuthnRedirectMiddleware(SessionMiddlewareBase):
     """Base class for Authentication HTTP redirect initiator and redirect
     response WSGI middleware
@@ -229 +228 @@
     
     
-class SessionHandlerMiddleware(AuthenticationMiddlewareBase):
-    '''Middleware to handle:
+class SessionHandlerMiddleware(SessionMiddlewareBase):
+    '''Middleware to:
     - establish user session details following redirect from OpenID Relying 
     Party sign-in or SSL Client authentication
@@ -243 +242 @@
     
     SESSION_KEYNAMES = (
-        AuthenticationMiddlewareBase.USERNAME_SESSION_KEYNAME, 
+        SessionMiddlewareBase.USERNAME_SESSION_KEYNAME, 
         SM_URI_SESSION_KEYNAME, 
         ID_SESSION_KEYNAME, 

TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/authz.py

@@ -13 +13 @@
 from time import time
 from urlparse import urlunsplit
+from httplib import UNAUTHORIZED, FORBIDDEN
 
 from ndg.security.common.utils.classfactory import importClass
@@ -21 +22 @@
 from ndg.security.server.wsgi import NDGSecurityMiddlewareBase, \
     NDGSecurityMiddlewareConfigError
+from ndg.security.server.wsgi.authn import SessionMiddlewareBase
 
 from ndg.security.common.authz.msi import Policy, PIP, PDP, Request, \
     Response, Resource, Subject
 
-class PEPResultHandlerMiddleware(NDGSecurityMiddlewareBase):
+class PEPResultHandlerMiddleware(SessionMiddlewareBase):
     """This middleware is invoked if access is denied to a given resource.  It
     is incorporated into the call stack by passing it in to a MultiHandler 
@@ -36 +38 @@
     denied response e.g. include an interface to enable users to register for
     the dataset from which they have been denied access.  See 
-    AuthorizationMiddleware pepResultHandler keyword
+    AuthorizationMiddleware pepResultHandler keyword.
+    
+    SessionMiddlewareBase base class defines user session key and 
+    isAuthenticated property
     """
-    propertyDefaults = {
-        'sessionKey': 'beaker.session.ndg.security'
-    }
-
-    _isAuthenticated = lambda self: \
-                            'username' in self.environ.get(self.sessionKey,())
-    isAuthenticated = property(fget=_isAuthenticated,
-                               doc='boolean to indicate is user logged in')
-
+    
     def __init__(self, app, global_conf, prefix='', **app_conf):
         '''
@@ -75 +72 @@
             log.warning("PEPResultHandlerMiddleware: user is not "
                         "authenticated - setting HTTP 401 response")
-            return self._setErrorResponse(code=401)
+            return self._setErrorResponse(code=UNAUTHORIZED)
         else:
             # Get response message from PDP recorded by PEP
@@ -82 +79 @@
             msg = getattr(pdpResponse, 'message', '')
                 
-            response = \
-"""Access is forbidden for this resource:
-%s
-Please check with your site administrator that you have the required access privileges.
-""" % msg.join('\n'*2)
-
-            return self._setErrorResponse(code=403, msg=response)
+            response = ("Access is forbidden for this resource:%s"
+                        "Please check with your site administrator that you "
+                        "have the required access privileges." % 
+                        msg.join('\n\n'*2))
+
+            return self._setErrorResponse(code=FORBIDDEN, msg=response)
 
 
@@ -97 +93 @@
     """Configuration related error for PEPFilter"""
 
-class PEPFilter(NDGSecurityMiddlewareBase):
+class PEPFilter(SessionMiddlewareBase):
     """PEP (Policy Enforcement Point) WSGI Middleware.  The PEP enforces
     access control decisions made by the PDP (Policy Decision Point).  In 
@@ -104 +100 @@
     access denied decision is made, the PEP enforces this by returning a 
     403 Forbidden HTTP response without the application middleware executing
+    
+    SessionMiddlewareBase base class defines user session key and 
+    isAuthenticated property
     """
-    TRIGGER_HTTP_STATUS_CODE = '403'
+    TRIGGER_HTTP_STATUS_CODE = str(FORBIDDEN)
     MIDDLEWARE_ID = 'PEPFilter'
-    
-    propertyDefaults = {
-        'sessionKey': 'beaker.session.ndg.security'
-    }
-
-    _isAuthenticated = lambda self: \
-                            'username' in self.environ.get(self.sessionKey,())
-    isAuthenticated = property(fget=_isAuthenticated,
-                               doc='boolean to indicate is user logged in')
-
+    POLICY_PARAM_PREFIX = 'policy.'
+    SESSION_KEYNAME = 'sessionKey'
+    POLICY_FILEPATH_PARAMNAME = 'filePath'
+    
     def __init__(self, app, global_conf, prefix='', **local_conf):
         """Initialise the PIP (Policy Information Point) and PDP (Policy 
@@ -135 +128 @@
         """       
         # Initialise the PDP reading in the policy
-        policyCfg = PEPFilter._filterKeywords(local_conf, 'policy.')
-        self.policyFilePath = policyCfg['filePath']
-        policy = Policy.Parse(policyCfg['filePath'])
+        policyCfg = PEPFilter._filterKeywords(local_conf, 
+                                              PEPFilter.POLICY_PARAM_PREFIX)
+        self.policyFilePath = policyCfg[PEPFilter.POLICY_FILEPATH_PARAMNAME]
+        policy = Policy.Parse(policyCfg[PEPFilter.POLICY_FILEPATH_PARAMNAME])
         
         # Initialise the Policy Information Point to None.  This object is
@@ -143 +137 @@
         self.pdp = PDP(policy, None)
         
-        self.sessionKey = local_conf.get('sessionKey', 
-                                     PEPFilter.propertyDefaults['sessionKey'])
+        self.sessionKey = local_conf.get(PEPFilter.SESSION_KEYNAME, 
+                                         PEPFilter.propertyDefaults[
+                                                    PEPFilter.SESSION_KEYNAME])
         
         super(PEPFilter, self).__init__(app,
@@ -151 +146 @@
                                         **local_conf)
 
-        
     @NDGSecurityMiddlewareBase.initCall
     def __call__(self, environ, start_response):
@@ -162 +156 @@
         @return: response
         """
-        
-        log.debug("PEPFilter.__call__ ...")
-        
         session = environ.get(self.sessionKey)
         if session is None:
@@ -177 +168 @@
         targetMatch = len(matchingTargets) > 0
         if not targetMatch:
-            log.info("PEPFilter.__call__: granting access - no matching URI "
-                     "path target was found in the policy for URI path [%s]", 
-                     resourceURI)
+            log.debug("PEPFilter.__call__: granting access - no matching URI "
+                      "path target was found in the policy for URI path [%s]", 
+                      resourceURI)
             return self._app(environ, start_response)
 
-        log.info("PEPFilter.__call__: found matching target(s):\n\n %s\n"
-                 "\nfrom policy file [%s] for URI Path=[%s]\n",
-                 '\n'.join(["RegEx=%s" % t for t in matchingTargets]), 
-                 self.policyFilePath,
-                 resourceURI)
+        log.debug("PEPFilter.__call__: found matching target(s):\n\n %s\n"
+                  "\nfrom policy file [%s] for URI Path=[%s]\n",
+                  '\n'.join(["RegEx=%s" % t for t in matchingTargets]), 
+                  self.policyFilePath,
+                  resourceURI)
         
         if not self.isAuthenticated:
@@ -193 +184 @@
             
             # Set a 401 response for an authentication handler to capture
-            return self._setErrorResponse(code=401)
+            return self._setErrorResponse(code=UNAUTHORIZED)
         
         log.debug("PEPFilter.__call__: creating request to call PDP to check "
@@ -224 +215 @@
         
         if response.status == Response.DECISION_PERMIT:
-            log.debug("PEPFilter: PDP granted access for URI path [%s] "
-                      "using policy [%s]", resourceURI, self.policyFilePath)
+            log.info("PEPFilter.__call__: PDP granted access for URI path "
+                     "[%s] using policy [%s]", 
+                     resourceURI, 
+                     self.policyFilePath)
             
             return self._app(environ, start_response)
         else:
-            log.info("PEPFilter: PDP returned a status of [%s] "
+            log.info("PEPFilter.__call__: PDP returned a status of [%s] "
                      "denying access for URI path [%s] using policy [%s]", 
                      response.decisionValue2String[response.status],
@@ -236 +229 @@
             
             # Trigger AuthZResultHandlerMiddleware by setting a response 
-            # with HTTP status code equal to the TRIGGER_HTTP_STATUS_CODE class attribute
-            # value
-            return self._setErrorResponse(code=int(PEPFilter.TRIGGER_HTTP_STATUS_CODE))
+            # with HTTP status code equal to the TRIGGER_HTTP_STATUS_CODE class
+            # attribute value
+            triggerStatusCode = int(PEPFilter.TRIGGER_HTTP_STATUS_CODE)
+            return self._setErrorResponse(code=triggerStatusCode)
 
     def _getMatchingTargets(self, resourceURI):
@@ -277 +271 @@
             
             if status.startswith(PEPFilter.TRIGGER_HTTP_STATUS_CODE):
-                log.info("PEPFilter: found [%s] status for URI path [%s]: "
-                         "invoking access denied response",
-                         PEPFilter.TRIGGER_HTTP_STATUS_CODE,
-                         environ['PATH_INFO'])
+                log.debug("PEPFilter: found [%s] status for URI path [%s]: "
+                          "invoking access denied response",
+                          PEPFilter.TRIGGER_HTTP_STATUS_CODE,
+                          environ['PATH_INFO'])
                 return True
             else:
@@ -479 +473 @@
     ndg.security.server.wsgi.authn.AuthenticationMiddleware
     '''
+    PEP_PARAM_PREFIX = 'pep.filter.'
+    PIP_PARAM_PREFIX = 'pip.'
+    PEP_RESULT_HANDLER_PARAMNAME = "pepResultHandler"
     
     def __init__(self, app, global_conf, prefix='', **app_conf):
@@ -496 +493 @@
         dictionary
         """
-        
+        authzPrefix = prefix + AuthorizationMiddleware.PEP_PARAM_PREFIX
         pepFilter = PEPFilter(app,
                               global_conf,
-                              prefix=prefix+'pep.filter.',
+                              prefix=authzPrefix,
                               **app_conf)
         pepInterceptFunc = pepFilter.multiHandlerInterceptFactory()
@@ -506 +503 @@
         # so that it can take a copy of the beaker session object from environ
         # ahead of the PDP's request to it for an Attribute Certificate
+        pipPrefix = AuthorizationMiddleware.PIP_PARAM_PREFIX
         pipFilter = PIPMiddleware(pepFilter,
                                   global_conf,
-                                  prefix='pip.',
+                                  prefix=pipPrefix,
                                   **app_conf)
         pepFilter.pdp.pip = pipFilter
@@ -514 +512 @@
         app = MultiHandler(pipFilter)
 
-        pepResultHandlerClassName = app_conf.pop(prefix+"pepResultHandler", 
-                                                 None) 
+        pepResultHandlerClassName = app_conf.pop(
+                prefix+AuthorizationMiddleware.PEP_RESULT_HANDLER_PARAMNAME, 
+                None)
         if pepResultHandlerClassName is None:
             pepResultHandler = PEPResultHandlerMiddleware

TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/ssl.py

@@ -271 +271 @@
                                           msg='No client SSL Certificate set')
             
-        if self.isValidClientCert():            
+        if self.isValidClientCert():
+            self._setUser()          
             return self._setResponse()
         else:
@@ -343 +344 @@
             
         if len(self.clientCertDNMatchList) > 0:
-            if self.__clientCert.dn not in self.clientCertDNMatchList:
-                return False
+            dn = self.__clientCert.dn
+            for expectedDN in self.clientCertDNMatchList: 
+                if dn == expectedDN:
+                    return True
+                
+            return False
             
         return True
-    
+
+    def _setUser(self):
+        """Interface hook for a derived class to set user ID from certificate 
+        set or other context info.
+        """
+
 
 class AuthKitSSLAuthnMiddleware(ApacheSSLAuthnMiddleware):
@@ -353 +363 @@
     flag logged in status to other middleware
     """
+    SET_USER_ENVIRON_KEYNAME = 'paste.auth_tkt.set_user'
+    
     @NDGSecurityMiddlewareBase.initCall         
     def __call__(self, environ, start_response):
@@ -384 +396 @@
             
         elif self.isValidClientCert():
-            # Update environ so that downstream AuthenticationMiddleware can
-            # set the session cookie
-            environ['REMOTE_USER'] = self.clientCert.dn['CN']
-            environ['paste.auth_tkt.set_user'](environ['REMOTE_USER'])
-            
-            # Set-up redirect back to original request URI
-        else:
-            # IsValidCert will log warnings/errors no need to flag this
-            # condition
-            pass
+            # Update session cookie with user ID
+            self._setUser()
+            
+        # ... isValidCert will log warnings/errors no need to flag the False
+        # condition
             
         # Pass request to next middleware in the chain without setting an
         # error response - see method doc string for explanation.
         return self._setResponse()
+
+    def _setUser(self):
+        """Set user ID in AuthKit cookie from client certificate submitted
+        """
+        userId = self.clientCert.dn['CN']
+        
+        self.environ[AuthKitSSLAuthnMiddleware.USERNAME_ENVIRON_KEYNAME]=userId
+        self.environ[AuthKitSSLAuthnMiddleware.SET_USER_ENVIRON_KEYNAME](userId)

TI12-security/trunk/python/ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini

@@ -104 +104 @@
 prefix = ssl.
 ssl.caCertFilePathList = %(testConfigDir)s/ca/ndg-test-ca.crt
-
-# HTTP_ prefix is set when passed through a proxy
+#ssl.clientCertDNMatchList = /O=NDG/OU=BADC/CN=mytest /O=gabriel/OU=BADC/CN=test /O=NDG/OU=BADC/CN=test
+
+# 'HTTP_' prefix is set when passed through a proxy
 ssl.sslKeyName = HTTP_HTTPS
 ssl.sslClientCertKeyName = HTTP_SSL_CLIENT_CERT

TI12-security/trunk/python/ndg_security_test/ndg/security/test/integration/authz_lite/securityservicesapp.py

@@ -13 +13 @@
 from os.path import dirname, abspath, join
 
-    
+from ndg.security.test.unit.wsgi import PasteDeployAppServer
+
 # To start run 
 # $ paster serve services.ini or run this file as a script
@@ -19 +20 @@
 if __name__ == '__main__':
     import sys
-    import logging
-    logging.basicConfig(level=logging.DEBUG)
-
     if len(sys.argv) > 1:
         port = int(sys.argv[1])
@@ -27 +25 @@
         port = 7443
         
-    cfgFilePath = os.path.join(dirname(abspath(__file__)), 
-                               'securityservices.ini')
-        
-    from paste.httpserver import serve
-    from paste.deploy import loadapp
-    from paste.script.util.logging_config import fileConfig
-    
-    fileConfig(cfgFilePath)
-    app = loadapp('config:%s' % cfgFilePath)
-    serve(app, host='0.0.0.0', port=port)
+    cfgFileName='securityservices.ini'
+    cfgFilePath = os.path.join(dirname(abspath(__file__)), cfgFileName)    
+    server = PasteDeployAppServer(cfgFilePath, port=port) 
+    server.start()

TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/__init__.py

@@ -12 +12 @@
 import unittest
 import logging
+import socket
 logging.basicConfig()
 
@@ -19 +20 @@
 TEST_CONFIG_DIR = join(abspath(dirname(dirname(__file__))), 'config')
 
+mkDataDirPath = lambda file:join(TEST_CONFIG_DIR, file)
+
+from ndg.security.test.unit.wsgi import PasteDeployAppServer
+
 class BaseTestCase(unittest.TestCase):
     '''Convenience base class from which other unit tests can extend.  Its
     sets the generic data directory path'''
     configDirEnvVarName = 'NDGSEC_TEST_CONFIG_DIR'
+    
+    mkDataDirPath = staticmethod(mkDataDirPath)
     
     def __init__(self, *arg, **kw):
@@ -29 +36 @@
                 
         unittest.TestCase.__init__(self, *arg, **kw)
+        self.services = []
+        
+    def addService(self, cfgFilePath, port):
+        """Utility for setting up threads to run Paste HTTP based services with
+        unit tests
+        
+        @param cfgFilePath: ini file containing configuration for the service
+        @type cfgFilePath: basestring
+        @param port: port number to run the service from
+        @type port: int
+        """
+        try:
+            self.services.append(PasteDeployAppServer(cfgFilePath, port=port))
+            self.services[-1].startThread()
+            
+        except socket.error:
+            pass
 
-mkDataDirPath = lambda file:join(TEST_CONFIG_DIR, file)
+    def startAttributeAuthorities(self):
+        """Serve test Attribute Authorities to test against"""
+        siteACfgFilePath = mkDataDirPath(join('attributeauthority', 
+                                              'sitea', 
+                                              'site-a.ini'))
+        self.addService(siteACfgFilePath, 5000)
+        
+        siteBCfgFilePath = mkDataDirPath(join('attributeauthority',
+                                              'siteb', 
+                                              'site-b.ini'))
+        self.addService(siteBCfgFilePath, 5100)        
+        
 
+    def __del__(self):
+        """Stop any services started with the addService method"""
+        if hasattr(self, 'services'):
+            for service in self.services:
+                service.terminateThread()
+            
 def _getParentDir(depth=0, path=dirname(__file__)):
     """

TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_attributeauthorityclient.py

@@ -24 +24 @@
 from xml.etree import ElementTree
 
-from ndg.security.test.unit import BaseTestCase
+from ndg.security.test.unit import BaseTestCase, mkDataDirPath
 
 from ndg.security.common.utils.etree import prettyPrint
@@ -44 +44 @@
 from ndg.security.common.saml.bindings import SOAPBinding as SamlSoapBinding
 
+
 class AttributeAuthorityClientBaseTestCase(BaseTestCase):
     def __init__(self, *arg, **kw):
@@ -66 +67 @@
         except KeyError:
             self.sslCACertList = []
-
+            
+        self.startAttributeAuthorities()        
+      
       
 class AttributeAuthorityClientTestCase(AttributeAuthorityClientBaseTestCase):

TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/credentialwallet/test_credentialwallet.py

@@ -36 +36 @@
     class.
     """
+    def __init__(self, *arg, **kw):
+        super(CredentialWalletTestCase, self).__init__(*arg, **kw)
+        self.startAttributeAuthorities()
     
     def setUp(self):

TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/nosetests.ini

@@ -14 +14 @@
 [nosetests]
 verbosity: 3
-tests: ndg.security.test.unit.x509.test_x509,
-        ndg.security.test.unit.soap.test_soap,
-        ndg.security.test.unit.configfileparsers.test_configfileparsers,
+tests:
+#tests: ndg.security.test.unit.x509.test_x509,
+#       ndg.security.test.unit.soap.test_soap,
+#       ndg.security.test.unit.configfileparsers.test_configfileparsers,
         ndg.security.test.unit.credentialwallet.test_credentialwallet,
-        ndg.security.test.unit.xacml.test_xacml,
-        ndg.security.test.unit.attributeauthorityclient.test_attributeauthorityclient,
-        ndg.security.test.unit.sessionmanager.test_sessionmanager,
-        ndg.security.test.unit.authz.pdp.test_proftp_pdp,
-#       ./sslclientauthnmiddleware/test_sslclientauthn.py,
-        ndg.security.test.unit.openid.relyingparty.validation.test_validation,
-        ndg.security.test.unit.xmlsec.etree.test_etree,
-#       ./wsgi/authn/test_authn.py,
-#       ./wsgi/ssl/test_ssl.py,
-        ndg.security.test.unit.wsgi.authz.test_authz,
-        ndg.security.test.unit.sessionmanagerclient.test_sessionmanagerclient,
-        ndg.security.test.unit.attributeauthority.test_attributeauthority,
-        ndg.security.test.unit.saml.test_samlinterface,
-        ndg.security.test.unit.wssecurity.foursuite.client.test_echoclient.py,
-        ndg.security.test.unit.wssecurity.dom.client.test_echoclient.py
+#       ndg.security.test.unit.xacml.test_xacml,
+        ./attributeauthorityclient.test_attributeauthorityclient.py
+#       ndg.security.test.unit.sessionmanager.test_sessionmanager,
+#       ndg.security.test.unit.authz.pdp.test_proftp_pdp,
+##      ./sslclientauthnmiddleware/test_sslclientauthn.py,
+#       ndg.security.test.unit.openid.relyingparty.validation.test_validation,
+#       ndg.security.test.unit.xmlsec.etree.test_etree,
+##      ./wsgi/authn/test_authn.py,
+##      ./wsgi/ssl/test_ssl.py,
+#       ndg.security.test.unit.wsgi.authz.test_authz,
+#       ndg.security.test.unit.sessionmanagerclient.test_sessionmanagerclient,
+#       ndg.security.test.unit.attributeauthority.test_attributeauthority,
+#       ndg.security.test.unit.saml.test_samlinterface,
+#       ndg.security.test.unit.wssecurity.foursuite.client.test_echoclient.py,
+#       ndg.security.test.unit.wssecurity.dom.client.test_echoclient.py
 

TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/nosetests.py

@@ -3 +3 @@
 Suite to wrap all granulator test cases
 
-NERC Data Grid Project
+NERC DataGrid Project
 
 """

TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/wsgi/__init__.py

@@ -9 +9 @@
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = '$Id$'
+
+import paste.httpserver
+from threading import Thread
+from paste.deploy import loadapp
+from paste.script.util.logging_config import fileConfig
+
+import logging
+logging.basicConfig(level=logging.DEBUG)
+
+class PasteDeployAppServer(object):
+    """Wrapper to paste.httpserver to enable background threading"""
+    
+    def __init__(self, cfgFilePath, port=7443, host='0.0.0.0'):
+        """Load an application configuration from cfgFilePath ini file and 
+        instantiate Paste server object
+        """       
+        self.__thread = None
+        fileConfig(cfgFilePath)
+        app = loadapp('config:%s' % cfgFilePath)
+        self.__pasteServer = paste.httpserver.serve(app, host=host, port=port, 
+                                                    start_loop=False)
+    
+    def _getPasteServer(self):
+        return self.__pasteServer
+    
+    pasteServer = property(fget=_getPasteServer)
+    
+    def _getThread(self):
+        return self.__thread
+    
+    thread = property(fget=_getThread)
+    
+    def start(self):
+        """Start server"""
+        self.pasteServer.serve_forever()
+        
+    def startThread(self):
+        """Start server in a separate thread"""
+        self.__thread = Thread(target=PasteDeployAppServer.start, args=(self,))
+        self.thread.start()
+        
+    def terminateThread(self):
+        self.pasteServer.server_close()
+

TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/wsgi/authn/ssl-test.ini

@@ -5 +5 @@
 #
 [DEFAULT]
-testConfigDir = ../../../config
+testConfigDir = %(here)s/../../../config
 beakerSessionKeyName = beaker.session.ndg.security
 

TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/wsgi/ssl/test.ini

@@ -5 +5 @@
 #
 [DEFAULT]
-testConfigDir = ../../../config
+testConfigDir = %(here)s/../../../config
 
 [server:main]