Ignore:
Timestamp:
02/09/10 11:43:37 (10 years ago)
Author:
pjkersha
Message:

Incomplete - task 2: XACML-Security Integration

  • Tested local PDP with integration tests. ndg.security.test.integration.full_system. This completes the functionality for the XACML integration - now preparing a new release.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/authz/result_handler/genshi/__init__.py

    r7077 r7414  
    2222from genshi.template import TemplateLoader 
    2323 
     24from ndg.saml.saml2.core import DecisionType 
    2425from ndg.security.server.wsgi.authz.result_handler import \ 
    2526    PEPResultHandlerMiddlewareBase 
     
    3334     
    3435    MSG_TMPL = ( 
    35         "Access is forbidden for this resource:<br/><br/>" 
    3636        "$pdpResponseMsg<br/><br/>" 
    37         "Please check with your site administrator that you have the required " 
    38         "access privileges." 
     37        "Please report this to your site administrator and check that you " 
     38        "have the required access privileges." 
    3939    ) 
    4040     
     
    104104        else: 
    105105            # Get response message from PDP recorded by PEP 
    106             cls = GenshiPEPResultHandlerMiddleware 
     106            cls = self.__class__ 
    107107            pepCtx = session.get(cls.PEPCTX_SESSION_KEYNAME, {}) 
    108108            pdpResponse = pepCtx.get(cls.PEPCTX_RESPONSE_SESSION_KEYNAME) 
    109             pdpResponseMsg = getattr(pdpResponse, 'message', '') or '' 
    110                  
     109            if pdpResponse is not None: 
     110                # Expecting a SAML response - parse decision values from this 
     111                pdpResponseMsg = ("The authorisation policy has set " 
     112                                  "access denied for this resource.") 
     113                for assertion in pdpResponse.assertions: 
     114                    for authzDecisionStatement in \ 
     115                         assertion.authzDecisionStatements: 
     116                        if (authzDecisionStatement.decision.value ==  
     117                            DecisionType.INDETERMINATE_STR): 
     118                            pdpResponseMsg = ("An error occurred making an " 
     119                                              "access decision.") 
     120                            break 
     121            else: 
     122                pdpResponseMsg = "Access is denied for this resource." 
     123                  
    111124            msg = Template(self.messageTemplate).substitute( 
    112125                                                pdpResponseMsg=pdpResponseMsg) 
Note: See TracChangeset for help on using the changeset viewer.