Changeset 6586 for TI12-security


Ignore:
Timestamp:
19/02/10 11:29:39 (10 years ago)
Author:
pjkersha
Message:

Started ESG Authorisation Service implementation ndg.security.server.wsgi.authorizationservice - SAML SOAP based interface to a Policy Decision Point enabling centralised policy for a range of services.

Location:
TI12-security/trunk/NDGSecurity/python
Files:
1 added
2 deleted
9 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/authz/msi.py

    r6069 r6586  
    815815PIP = NdgPIP 
    816816 
    817            
     817             
    818818class PDP(object): 
    819819    """Policy Decision Point""" 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/authz/xacml/__init__.py

    r6069 r6586  
    689689    id = None 
    690690 
     691 
    691692class DenyOverrides(RuleCombiningAlg): 
    692693   '''Deny-overrides: If any rule evaluates to Deny, then the final  
    693694   authorization decision is also Deny.''' 
    694695   id = 'Deny-overrides' 
     696    
    695697    
    696698class OrderedDenyOverrides(RuleCombiningAlg): 
     
    700702    id = 'Ordered-deny-overrides' 
    701703     
     704     
    702705class PermitOverrides(RuleCombiningAlg): 
    703706    '''Permit-overrides: If any rule evaluates to Permit, then the final  
    704707    authorization decision is also Permit.''' 
     708     
    705709     
    706710class OrderedPermitOverrides(RuleCombiningAlg): 
     
    710714    id = 'Ordered-permit-overrides' 
    711715     
     716     
    712717class FirstApplicable(RuleCombiningAlg): 
    713718    '''First-applicable: The result of the first relevant rule encountered is  
     
    795800        raise NotImplementedError() 
    796801 
    797     def getSubjectAttribute(self, type, id, category): 
    798         '''Returns available subject attribute value(s) ignoring the issuer. 
    799       
    800         @param type the type of the attribute value(s) to find 
    801         @param id the id of the attribute value(s) to find 
    802         @param category the category the attribute value(s) must be in 
    803       
    804         @return a result containing a bag either empty because no values were 
    805         found or containing at least one value, or status associated with an 
    806         Indeterminate result''' 
    807         raise NotImplementedError() 
    808  
    809     def getSubjectAttribute(self, type, id, issuer, category): 
     802    def getSubjectAttribute(self, type, id, issuer=None, category=None): 
    810803        '''Returns available subject attribute value(s). 
    811804      
  • TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/authz/xacml/cond/factory.py

    r5395 r6586  
    294294        self.functionMap[functionId] = function 
    295295     
    296          
    297296    def addAbstractFunction(self, proxy, functionId): 
    298297        '''Adds the abstract function proxy to the factory. This is used for 
     
    330329        return functions 
    331330     
    332  
    333331    def createFunction(self, identity): 
    334332        '''Tries to get an instance of the specified function. 
     
    354352            raise UnknownIdentifierException("functions of type [%s] are not " 
    355353                                             "supported by this factory" %  
    356                                              identity)         
    357      
     354                                             identity) 
    358355     
    359356    def createAbstractFunction(self, identity, root): 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/attributeauthority.py

    r6069 r6586  
    1717from ndg.security.server.wsgi.zsi import SOAPBindingMiddleware 
    1818 
     19 
    1920class AttributeAuthorityMiddleware(NDGSecurityMiddlewareBase): 
    2021    '''WSGI to add an NDG Security Attribute Authority in the environ.  This 
    21     enables multiple WSGi filters to access the same underlying Attribute 
     22    enables multiple WSGI filters to access the same underlying Attribute 
    2223    Authority instance e.g. provide SAML SOAP and WSDL SOAP based interfaces 
    2324    to the same Attribute Authority 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/saml/__init__.py

    r6584 r6586  
    215215                                                    'environ') 
    216216 
    217         contentLength = int(contentLength)         
     217        contentLength = int(contentLength) 
    218218        soapRequestTxt = soapRequestStream.read(contentLength) 
    219219         
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/wssecurity.py

    r6069 r6586  
    3333    Overload pathMatch lambda so that it is more inclusive: the default is 
    3434    for all paths to be processed by the handlers""" 
    35     pathMatch = lambda self, environ: environ['PATH_INFO'].startswith(self.path) 
     35    def pathMatch(self, environ):  
     36        if environ['PATH_INFO'].endswith('/'): 
     37            path == environ['PATH_INFO'] 
     38        else: 
     39            path = environ['PATH_INFO'] + '/' 
     40             
     41        return path == self.path 
    3642 
    3743 
     
    189195    def __call__(self, environ, start_response): 
    190196        '''Verify message signature''' 
    191         if not SignatureVerificationFilter.isSOAPMessage(environ) or \ 
    192            not self.pathMatch(environ): 
     197        if (not SignatureVerificationFilter.isSOAPMessage(environ) or  
     198           not self.pathMatch(environ)): 
    193199            log.debug("SignatureVerificationFilter.__call__: Non-SOAP " 
    194200                      "request or path doesn't match SOAP endpoint specified " 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/zsi.py

    r6440 r6586  
    9191        self._app = app 
    9292        self.__charset = ZSIMiddleware.DEFAULT_CHARSET 
    93         self.__path = None 
     93        self.__path = '/' 
    9494        self.__referencedFilterKeys = None 
    9595        self.__publishedURI = None 
     
    199199        pathOptName = prefix + ZSIMiddleware.PATH_OPTNAME 
    200200        if pathOptName in app_conf: 
    201             if app_conf[pathOptName] != '/': 
    202                 self.path = app_conf[pathOptName].rstrip('/') 
     201            if not app_conf[pathOptName].endswith('/'): 
     202                self.path = app_conf[pathOptName] + '/' 
    203203            else: 
    204204                self.path = app_conf[pathOptName] 
    205         else: 
    206             self.path = '/' 
    207205 
    208206        # This flag if set to True causes this handler to call the  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini

    r6584 r6586  
    1313attributeAuthorityEnvironKeyName = attribute-authority 
    1414attributeQueryInterfaceEnvironKeyName = attributeQueryInterface 
     15attributeAuthoritySoapWsdlServicePath = /AttributeAuthority 
    1516 
    1617[server:main] 
     
    9394 
    9495service.soap.binding.referencedFilters = wsseSignatureVerificationFilter01 
    95 service.soap.binding.path = /AttributeAuthority 
     96service.soap.binding.path = %(attributeAuthoritySoapWsdlServicePath)s 
    9697service.soap.binding.enableWSDLQuery = True 
    9798service.soap.binding.charset = utf-8 
     
    107108prefix = saml.soapbinding. 
    108109 
    109 saml.soapbinding.serialise = saml.xml.etree:ResponseElementTree.toXML 
    110110saml.soapbinding.deserialise = saml.xml.etree:AttributeQueryElementTree.fromXML 
     111 
     112# Specialisation to incorporate ESG Group/Role type 
     113saml.soapbinding.serialise = ndg.security.common.saml_utils.esg.xml.etree:EsgResponseElementTree.toXML 
     114 
    111115saml.soapbinding.pathMatchList = /AttributeAuthority/saml 
    112116saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s 
     
    116120paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter.filter_app_factory 
    117121filterID = wsseSignatureVerificationFilter01 
     122path = %(attributeAuthoritySoapWsdlServicePath)s 
    118123 
    119124# Settings for WS-Security SignatureHandler class used by this filter 
     
    125130[filter:wsseSignatureFilter] 
    126131paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter.filter_app_factory 
     132path = %(attributeAuthoritySoapWsdlServicePath)s 
    127133 
    128134# Reference the verification filter in order to be able to apply signature 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/myproxy/certificate_extapp/config.ini

    r6584 r6586  
    1212connectionString = sqlite:///$NDGSEC_TEST_CONFIG_DIR/user.db 
    1313openIdSqlQuery = select openid from users where username = '${username}'      
    14 attributeAuthorityURI = https://localhost:5443/AttributeAuthority/saml 
     14#attributeAuthorityURI = https://localhost:5443/AttributeAuthority/saml 
     15attributeAuthorityURI = http://localhost:5000/AttributeAuthority/saml 
    1516attributeQuery.subjectIdFormat = urn:esg:openid 
    1617attributeQuery.issuerName = /O=Site A/CN=Authorisation Service 
Note: See TracChangeset for help on using the changeset viewer.