Changeset 7828


Ignore:
Timestamp:
24/01/11 10:05:14 (8 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • improved ndg.security.server.attributeauthority.SQLAlchemyAttributeInterface so that it can retrieve attributes and set them into custom SAML Attribute Value types. Previously it only supported xs:string type values. Custom types can be set by specifying a special callback set in the samlAttributeSqlQuery property or via the equivalent ini file option. - See site-a.ini
  • Unit test site-a attribute authority now uses the SQLite test user db instead of fixed constants from the unit test base class. This makes it easier to customise into a paster ini template.
Location:
TI12-security/trunk/NDGSecurity/python
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/attributeauthority.py

    r7827 r7828  
    453453 
    454454    def samlAttributeQuery(self, attributeQuery, samlResponse): 
    455         """Respond to SAML 2.0 Attribute Query 
     455        """Respond to SAML 2.0 Attribute Query.  This method follows the  
     456        signature for the SAML query interface: 
     457         
     458        ndg.saml.saml2.binding.soap.server.wsgi.queryinterface.SOAPQueryInterfaceMiddleware 
     459         
     460        @param attributeQuery: SAML attribute query to process 
     461        @type attributeQuery: ndg.saml.saml2.core.AttributeQuery 
     462        @param samlResponse: partially filled out SAML response.  This method 
     463        completes it 
     464        @type samlResponse: ndg.saml.saml2.core.Response 
    456465        """ 
    457466        if not isinstance(attributeQuery, AttributeQuery): 
     
    460469         
    461470        # Attribute Query validation ... 
    462         utcNow = datetime.utcnow() 
    463471        if (attributeQuery.subject.nameID.format !=  
    464472            ESGFSamlNamespaces.NAMEID_FORMAT): 
     
    466474                      '%r' % (attributeQuery.subject.nameID.format, 
    467475                                ESGFSamlNamespaces.NAMEID_FORMAT)) 
     476             
    468477            samlResponse.status.statusCode.value = StatusCode.REQUESTER_URI 
    469478            samlResponse.status.statusMessage.value = \ 
     
    978987            # retrieved SQL query result to required the attribute value type.   
    979988            # This defaults to do a conversion to XS:String if not explicitly  
    980             # set        
    981             attr2sqlQueryOpts = \ 
    982                 self.__class__.SAML_ATTRIBUTE2SQLQUERY_ATTRVAL_PAT.split(value) 
     989            # set 
     990            _value = value.strip() 
     991            attr2sqlQueryOpts = [v.strip('"') for v in  
     992                self.__class__.SAML_ATTRIBUTE2SQLQUERY_ATTRVAL_PAT.split(_value) 
     993                ] 
    983994            if len(attr2sqlQueryOpts) > 2: 
    984995                (samlAttributeName,  
     
    988999                # Get parser from module path provided 
    9891000                samlAttributeParser = importModuleObject( 
    990                                         samlAttributeValueParserName.strip('"')) 
     1001                                                samlAttributeValueParserName) 
    9911002            else: 
    9921003                # No attribute value conversion callback given - default to  
     
    9951006                samlAttributeParser = self.xsstringAttributeValueParser 
    9961007             
    997             # Items may be quoted with " quotes 
    998             samlAttributeName = samlAttributeName.strip('"') 
    999              
    10001008            # Set mapping of attribute name to SQL query + conversion routine 
    10011009            # tuple 
    1002             self.__samlAttribute2SqlQuery[samlAttributeName 
    1003                 ] = (samlAttributeSqlQuery.strip('"'), samlAttributeParser) 
     1010            self.__samlAttribute2SqlQuery[samlAttributeName] = ( 
     1011                                    samlAttributeSqlQuery, samlAttributeParser) 
    10041012        else: 
    10051013            raise AttributeError("'SQLAlchemyAttributeInterface' has no " 
     
    10101018        the respective SAML Attribute Value type 
    10111019        """ 
    1012         return XSStringAttributeValue(attrVal) 
     1020        xsstringAttrVal = XSStringAttributeValue() 
     1021        xsstringAttrVal.value = attrVal 
     1022        return xsstringAttrVal 
    10131023     
    10141024    def setProperties(self, prefix='', **properties): 
     
    12681278            # Make a new SAML attribute object to hold the values obtained 
    12691279            attribute = Attribute() 
    1270             attribute.name = requestedAttribute.name 
    1271              
    1272             # Check name format requested - only XSString is currently 
    1273             # supported 
    1274             if (requestedAttribute.nameFormat !=  
    1275                 XSStringAttributeValue.DEFAULT_FORMAT): 
    1276                 raise InvalidAttributeFormat('Requested attribute type %r but ' 
    1277                                      'only %r type is supported' % 
    1278                                      (requestedAttribute.nameFormat, 
    1279                                       XSStringAttributeValue.DEFAULT_FORMAT)) 
    1280              
     1280            attribute.name = requestedAttribute.name             
    12811281            attribute.nameFormat = requestedAttribute.nameFormat 
    12821282 
     
    12861286            # Call specific conversion utility to convert the retrieved field 
    12871287            # to the correct SAML attribute value type 
    1288             field2SamlAttributeVal = self.samlAttribute2SqlQuery[ 
    1289                                         requestedAttribute.nameFormat](-1) 
     1288            try: 
     1289                field2SamlAttributeVal = self.samlAttribute2SqlQuery[ 
     1290                                        requestedAttribute.name][-1] 
     1291            except (IndexError, TypeError), e: 
     1292                raise AttributeInterfaceConfigError('Bad format for SAML ' 
     1293                                                    'attribute to SQL query ' 
     1294                                                    'look-up: %s' % e) 
     1295                 
    12901296            for val in attributeVals: 
    1291                 attributeValue = field2SamlAttributeVal(self, val) 
     1297                attributeValue = field2SamlAttributeVal(val) 
    12921298                attribute.attributeValues.append(attributeValue) 
    1293 #                attribute.attributeValues.append(XSStringAttributeValue()) 
    1294 #                attribute.attributeValues[-1].value = val 
    12951299 
    12961300            attributeStatement.attributes.append(attribute) 
     
    13281332            raise AttributeInterfaceConfigError("Invalid key for SAML subject " 
    13291333                        "query string.  The valid key is %r" %  
    1330                         SQLAlchemyAttributeInterface.SQLQUERY_USERID_KEYNAME)     
     1334                        SQLAlchemyAttributeInterface.SQLQUERY_USERID_KEYNAME) 
    13311335 
    13321336        log.debug('Checking for SAML subject with SQL Query = "%s"', query) 
     
    13691373        dbEngine = create_engine(self.connectionString) 
    13701374         
    1371         queryTmpl = self.samlAttribute2SqlQuery.get(attributeName)[0] 
     1375        try: 
     1376            queryTmpl = self.samlAttribute2SqlQuery.get(attributeName)[0] 
     1377             
     1378        except (IndexError, TypeError), e: 
     1379            raise AttributeInterfaceConfigError('Bad format for SAML attribute ' 
     1380                                                'to SQL query look-up: %s' % e) 
    13721381        if queryTmpl is None: 
    13731382            raise AttributeInterfaceConfigError('No SQL query set for ' 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py

    r7827 r7828  
    1414import base64 
    1515import string 
    16 import re 
    1716from urlparse import urlunsplit, urlparse 
    1817from paste.script.templates import Template, var 
    19 from paste.script.copydir import LaxTemplate 
    2018 
    2119_hostTuple = socket.gethostbyaddr(socket.gethostname()) 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini

    r7827 r7828  
    6767# 
    6868# where <id> can be any unique string.  The userId string is the value passed 
    69 # from the client subject NameID field 
     69# from the client subject NameID field.  Each value consists of double quoted 
     70# space delimited entries.  The first entry is the attribute type, the second 
     71# is the SQL query needed to retrieve the attributes for the given type and  
     72# used id.  A third entry may be added to specify a conversion routine which 
     73# converts the retrieved attribute value(s) into a SAML Attribute Value instance. 
     74# If this omitted, then the retrieved value is converted by default into an  
     75# xs:string type.  All the options below are set to do this apart from the last 
     76# which uses a special test routine to convert to the ESGF Group/Role Attribute 
     77# Value type 
    7078attributeAuthority.attributeInterface.samlAttribute2SqlQuery.1 = "urn:esg:first:name" "select firstname from users where openid = '${userId}'" 
    7179attributeAuthority.attributeInterface.samlAttribute2SqlQuery.lastName = "urn:esg:last:name" "select lastname from users where openid = '${userId}'" 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/__init__.py

    r7827 r7828  
    142142        self.services = [] 
    143143         
     144        self.__class__.initDb() 
     145         
    144146    def addService(self, *arg, **kw): 
    145147        """Utility for setting up threads to run Paste HTTP based services with 
     
    285287                                                   cls.ATTRIBUTE_VALUES)] 
    286288        session.add_all(attributes) 
    287          
    288         attributeTypes = [Attribute(cls.OPENID_URI, attrVal) 
    289                           for attrVal in cls.ATTRIBUTE_VALUES] 
    290289            
    291290        user = User(cls.USERNAME,  
     
    301300 
    302301 
    303 def dbAttr2ESGFGroupRole(sqlAlchemyAttributeInterface, attrVal): 
    304     """Utility for SQLAlchemyAttributeInterface class to convert attribute value 
    305     as stored in the SQLite Db defined here to an ESGF Group/Role Attribute 
    306     Value type 
     302def dbAttr2ESGFGroupRole(attrVal): 
     303    """Callback for SQLAlchemyAttributeInterface class to convert attribute  
     304    value as stored in the SQLite Db defined here to an ESGF Group/Role  
     305    Attribute Value type 
    307306    """ 
    308307    groupRoleAttrValue = ESGFGroupRoleAttributeValue() 
     
    313312     
    314313    return groupRoleAttrValue 
    315      
    316      
    317 def _getParentDir(depth=0, path=dirname(__file__)): 
    318     """ 
    319     @type path: basestring 
    320     @param path: directory path from which to get parent directory, defaults 
    321     to dir of this module 
    322     @rtype: basestring 
    323     @return: parent directory at depth levels up from the current path 
    324     """ 
    325     for i in range(depth): 
    326         path = dirname(path) 
    327     return path 
     314 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/__init__.py

    r6572 r7828  
    1111from os import path, environ 
    1212 
    13 from ndg.security.test.unit import BaseTestCase, mkDataDirPath 
     13from ndg.security.test.unit import BaseTestCase 
    1414from ndg.security.common.X509 import X509Cert 
    1515from ndg.security.common.utils.configfileparsers import ( 
Note: See TracChangeset for help on using the changeset viewer.