Changeset 6866 for TI12-security


Ignore:
Timestamp:
17/05/10 11:39:55 (9 years ago)
Author:
pjkersha
Message:

Updated PyDAP integration test example to work with the latest security middleware.

Location:
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap
Files:
14 added
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap

    • Property svn:ignore set to
      authn*
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap/authz/policy.xml

    r5293 r6866  
    11<?xml version="1.0" encoding="UTF-8"?> 
    2 <Policy PolicyId="pyDAP" xmlns="urn:ndg:security:authz:1.0:policy"> 
     2<Policy PolicyId="pyDAP" xmlns="urn:ndg:security:authz:1.1:policy"> 
    33    <Description>Restrict access for Authorization integration tests</Description> 
    44     
     
    66        <URIPattern>^/sample.*$</URIPattern> 
    77        <Attributes> 
    8             <Attribute>urn:siteA:security:authz:1.0:attr:staff</Attribute> 
     8            <Attribute> 
     9                <Name>urn:siteA:security:authz:1.0:attr:staff</Name> 
     10                <AttributeAuthorityURI>https://localhost:7443/AttributeAuthority</AttributeAuthorityURI> 
     11            </Attribute> 
    912        </Attributes> 
    10         <AttributeAuthority> 
    11 <!--            <uri>https://localhost/AttributeAuthority</uri> 
    12 --> 
    13             <uri>http://localhost:7443/AttributeAuthority</uri> 
    14         </AttributeAuthority> 
    1513    </Target> 
    1614    <Target> 
    1715        <URIPattern>^/sresa1b_ncar_ccsm3_0_run1_200001.*$</URIPattern> 
    1816        <Attributes> 
    19             <Attribute>urn:siteA:security:authz:1.0:attr:staff</Attribute> 
    20             <Attribute>urn:siteA:security:authz:1.0:attr:keepout</Attribute> 
     17            <Attribute> 
     18                <Name>urn:siteA:security:authz:1.0:attr:staff</Name> 
     19                <AttributeAuthorityURI>https://localhost:7443/AttributeAuthority</AttributeAuthorityURI> 
     20            </Attribute> 
     21            <Attribute> 
     22                <Name>urn:siteA:security:authz:1.0:attr:keepout</Name> 
     23                <AttributeAuthorityURI>https://localhost:7443/AttributeAuthority</AttributeAuthorityURI> 
     24            </Attribute> 
    2125        </Attributes> 
    22         <AttributeAuthority> 
    23 <!--            <uri>https://localhost/AttributeAuthority</uri> 
    24 -->             
    25             <uri>http://localhost:7443/AttributeAuthority</uri> 
    26         </AttributeAuthority> 
     26         
    2727    </Target> 
    2828</Policy> 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap/log

    • Property svn:ignore set to
      server.log*
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap/server.ini

    r5315 r6866  
    1515# file 
    1616# 
     17[DEFAULT] 
     18testConfigDir = %(here)s/../../config 
     19beakerSessionKeyName = beaker.session.ndg.security 
     20 
    1721[server:main] 
    1822use = egg:Paste#http 
     
    4246# Pipeline to with security filters to protect the pyDAP application 
    4347[pipeline:main] 
    44 pipeline = AuthenticationFilter AuthorizationFilter cascade 
     48pipeline = BeakerSessionFilter AuthenticationFilter AuthorizationFilter cascade 
     49 
     50 
     51[filter:BeakerSessionFilter] 
     52paste.filter_app_factory = beaker.middleware:SessionMiddleware 
     53 
     54# Cookie name 
     55beaker.session.key = ndg.security.session 
     56 
     57# WSGI environ key name 
     58environ_key = %(beakerSessionKeyName)s 
     59beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW 
     60beaker.cache.data_dir = %(here)s/authn/beaker/cache 
     61beaker.session.data_dir = %(here)s/authn/beaker/sessions 
     62 
     63#beaker.session.cookie_domain = .localhost 
    4564 
    4665[filter:AuthenticationFilter] 
     
    4968 
    5069# Set redirect for OpenID Relying Party in the Security Services app instance 
    51 #authN.redirectURI = https://localhost/verify 
    52 authN.redirectURI = http://localhost:7443/verify 
     70#authN.redirectURI = https://localhost:7443/verify 
     71authN.redirectURI = https://localhost/verify 
    5372 
    54 # Beaker Session set-up 
    55 beaker.session.key = ndg.security.session 
    56 beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW 
    57 beaker.cache.data_dir = %(here)s/authn/beaker/pki/cache 
    58 beaker.session.data_dir = %(here)s/authn/beaker/sessions 
    59 beaker.session.cookie_expires = True 
     73# Default URI to return to if middleware wasn't able to set via HTTP_REFERER or 
     74# passed return to query argument 
     75authN.sessionHandler.defaultLogoutReturnToURI = https://localhost:7443/ 
    6076 
    6177# AuthKit Set-up 
    6278authkit.setup.method=cookie 
    6379 
    64 # This cookie name and secret MUST agree with the name used by the security  
    65 # web services app 
     80# This cookie name and secret MUST agree with the name used by the security web 
     81# services app 
    6682authkit.cookie.name=ndg.security.auth 
    6783authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr 
     
    7288authkit.cookie.includeip = False 
    7389 
     90#authkit.cookie.params.expires = 2 
     91#authkit.cookie.params.domain = .localhost 
     92 
     93# environ key name for beaker session 
     94authkit.session.middleware = %(beakerSessionKeyName)s 
     95 
     96 
    7497[filter:AuthorizationFilter] 
    75 paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory 
     98paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory 
    7699prefix = authz. 
     100authz.pepResultHandler = ndg.security.server.wsgi.authz.result_handler.genshi.GenshiPEPResultHandlerMiddleware 
     101authz.pepResultHandler.staticContentDir = %(here)s/pep_result_handler 
     102authz.pepResultHandler.baseURL = http://localhost:8001 
     103authz.pepResultHandler.heading = Access Denied 
     104authz.pepResultHandler.messageTemplate = Access is forbidden for this resource:<div id="accessDeniedMessage">$pdpResponseMsg</div>Please check with your site administrator that you have the required access privileges. 
     105authz.pepResultHandler.footerText = This site is for test purposes only. 
     106authz.pepResultHandler.rightLink = http://ceda.ac.uk/ 
     107authz.pepResultHandler.rightImage = %(authz.pepResultHandler.baseURL)s/layout/CEDA_RightButton60.png 
     108authz.pepResultHandler.rightAlt = Centre for Environmental Data Archival 
     109authz.pepResultHandler.helpIcon = %(authz.pepResultHandler.baseURL)s/layout/icons/help.png 
     110 
    77111policy.filePath = %(here)s/authz/policy.xml 
    78112 
     
    80114# retrieve subject attributes from the Attribute Authority associated with the 
    81115# resource to be accessed 
    82 pip.sslCACertFilePathList= 
    83116 
    84 # List of CA certificates used to verify the signatures of  
    85 # Attribute Certificates retrieved 
    86 pip.caCertFilePathList=%(here)s/pki/ca/ndg-test-ca.crt 
     117# If omitted, DN of SSL Cert is used 
     118pip.attributeQuery.issuerName =  
     119pip.attributeQuery.subjectIdFormat = urn:esg:openid 
     120pip.attributeQuery.clockSkewTolerance = 0. 
     121pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string 
     122pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca 
     123pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt 
     124pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key 
    87125 
    88 # 
    89 # WS-Security Settings for call to Session Manager 
    90  
    91 # Signature of an outbound message 
    92  
    93 # Certificate associated with private key used to sign a message.  The sign  
    94 # method will add this to the BinarySecurityToken element of the WSSE header.   
    95 # binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.   
    96 # As an alternative, use signingCertChain - see below... 
    97  
    98 # PEM encode cert 
    99 pip.wssecurity.signingCertFilePath=%(here)s/pki/wsse-server.crt 
    100  
    101 # PEM encoded private key file 
    102 pip.wssecurity.signingPriKeyFilePath=%(here)s/pki/wsse-server.key 
    103  
    104 # Password protecting private key.  Leave blank if there is no password. 
    105 pip.wssecurity.signingPriKeyPwd= 
    106  
    107 # For signature verification.  Provide a space separated list of file paths 
    108 pip.wssecurity.caCertFilePathList=%(here)s/pki/ca/ndg-test-ca.crt 
    109  
    110 # ValueType for the BinarySecurityToken added to the WSSE header 
    111 pip.wssecurity.reqBinSecTokValType=X509v3 
    112  
    113 # Add a timestamp element to an outbound message 
    114 pip.wssecurity.addTimestamp=True 
    115126 
    116127# Logging configuration 
Note: See TracChangeset for help on using the changeset viewer.