Changeset 7842 for TI12-security


Ignore:
Timestamp:
25/01/11 09:34:42 (8 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • working authorisation service template - needs final test against unit test suite.
Location:
TI12-security/trunk/NDGSecurity/python
Files:
3 added
3 edited
1 moved

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/Makefile

    r7829 r7842  
    119119AUTHZ_SERVICE_DEST_DIR = ${DEST_DIR}${AUTHZ_SERVICE_DIRNAME} 
    120120AUTHZ_SERVICE_INI_FILENAME = authorisation-service.ini 
    121 AUTHZ_SERVICE_INI_FILEPATH_TMP = ${AUTHZ_SERVICE_DEST_DIR}/${AUTHZ_SERVICE_INI_FILENAME} 
     121AUTHZ_SERVICE_INI_FILEPATH_TMP = ${AUTHZ_SERVICE_DEST_DIR}${AUTHZ_SERVICE_INI_FILENAME} 
    122122AUTHZ_SERVICE_INI_TMPL_FILEPATH = ${AUTHZ_SERVICE_INI_FILEPATH_TMP}_tmpl 
     123AUTHZ_SERVICE_FILES = ${AUTHZ_SERVICE_INI_FILENAME} pip-mapping.txt policy.xml public 
    123124AUTHZ_SERVICE_PKI_DEST_DIR = ${AUTHZ_SERVICE_DEST_DIR}pki/ 
    124125AUTHZ_SERVICE_CA_DEST_DIR = ${AUTHZ_SERVICE_PKI_DEST_DIR}ca/ 
     
    130131        @-echo Copying test ini file and other configuration files ... 
    131132        mkdir ${AUTHZ_SERVICE_DEST_DIR} 
    132         cp -r ${AUTHZ_SERVICE_SRC_DIR}* ${AUTHZ_SERVICE_DEST_DIR} 
     133        for i in ${AUTHZ_SERVICE_FILES}; do \ 
     134                cp -r ${AUTHZ_SERVICE_SRC_DIR}$$i ${AUTHZ_SERVICE_DEST_DIR} ; \ 
     135        done ; 
    133136        @-echo Making substitutions for template variables ... 
    134         sed -e s/'# Description:.*'/'# Description: Paster ini file for SAML/XACML based Authorisation Service'/ \ 
     137        sed -e s/'# Description:.*'/'# Description: Paster ini file for SAML\/XACML based Authorisation Service'/ \ 
    135138        -e s/'saml\.mountPath.*'/'saml.mountPath = %%\{mountPath\}'/ \ 
    136139        -e s/'samlIssuerName =.*'/'samlIssuerName = %%\{issuerName}'/ \ 
    137140        -e s/'samlIssuerFormat =.*'/'samlIssuerFormat = %%\{issuerFormat}'/ \ 
    138         -e s/'testConfigDir = \.\.\/\.\.\/\.\.\/config'// \ 
     141        -e s/'testConfigDir = .*'// \ 
    139142        -e s/testConfigDir/here/g \ 
     143        -e s/\(os\.path\.join\(\'%\(here\)s\'/\(os.path.join\(\'%%\{outputDir}\',\ \'log\'/ \ 
    140144        ${AUTHZ_SERVICE_INI_FILEPATH_TMP} > ${AUTHZ_SERVICE_INI_TMPL_FILEPATH} 
    141145        rm -f ${AUTHZ_SERVICE_INI_FILEPATH_TMP} 
    142146        @-echo 
    143         @-echo Create PKI directory and copying files ... 
     147        @-echo Make log directory ... 
     148        -mkdir ${AUTHZ_SERVICE_DEST_DIR}log 
     149        @-echo Create PKI directory and copying files ... 
     150        mkdir -p ${AUTHZ_SERVICE_CA_DEST_DIR} 
    144151        cp ${SERVER_CERT_SRC_FILEPATH} ${AUTHZ_SERVICE_PKI_DEST_DIR} 
    145152        cp ${SERVER_KEY_SRC_FILEPATH} ${AUTHZ_SERVICE_PKI_DEST_DIR} 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py

    r7829 r7842  
    117117    DEFAULT_URI = urlunsplit(('https', _hostname, '', None, None)) 
    118118     
    119     ATTRIBUTE_SERVICE_DEFAULT_MOUNT_POINT = '/AttributeService' 
     119    ATTRIBUTE_SERVICE_DEFAULT_MOUNT_PATH = '/AttributeService' 
    120120    ATTRIBUTE_SERVICE_DEFAULT_ISSUER_NAME = '/O=Site A/CN=Attribute Authority' 
    121121    ATTRIBUTE_SERVICE_DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
     
    124124        '/O=Site A/CN=Authorisation Service' 
    125125    AUTHORISATION_SERVICE_DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
    126     AUTHORISATION_SERVICE_DEFAULT_MOUNT_POINT = '/AuthorisationService'     
     126    AUTHORISATION_SERVICE_DEFAULT_MOUNT_PATH = '/AuthorisationService'     
    127127     
    128128    _template_dir = 'services' 
     
    138138        var('attributeServiceMountPoint', 
    139139            'Mount point for Attribute Service', 
    140             ATTRIBUTE_SERVICE_DEFAULT_MOUNT_POINT), 
     140            ATTRIBUTE_SERVICE_DEFAULT_MOUNT_PATH), 
    141141             
    142142        var('authorisationServiceMountPoint', 
    143143            'Mount point for Authorisation Service', 
    144             AUTHORISATION_SERVICE_DEFAULT_MOUNT_POINT), 
     144            AUTHORISATION_SERVICE_DEFAULT_MOUNT_PATH), 
    145145             
    146146        var('attributeServiceIssuerName', 
     
    273273     
    274274    DEFAULT_PORT = 5000 
    275     DEFAULT_MOUNT_POINT = '/AttributeService' 
     275    DEFAULT_MOUNT_PATH = '/AttributeService' 
    276276    DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost' 
    277277    DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
     
    289289             'Nb. for mod_wsgi path may be e.g. "https://myhost/<script alias ' 
    290290             'path><mountPath>" !]'), 
    291             default=DEFAULT_MOUNT_POINT), 
     291            default=DEFAULT_MOUNT_PATH), 
    292292 
    293293        var('issuerName',  
     
    322322    """Paster template for the SAML authorisation service""" 
    323323     
    324     DEFAULT_MOUNT_POINT = '/AuthorisationService' 
     324    DEFAULT_PORT = 5100 
     325    DEFAULT_MOUNT_PATH = '/AuthorisationService' 
    325326    DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost' 
    326327    DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
     
    328329    _template_dir = 'authorisationservice' 
    329330    summary = 'NDG Security Authorisation Service template' 
     331     
    330332    vars = [ 
     333        var('portNumber', 
     334            'Port number for service to listen on [applies to running with ' 
     335            'paster ONLY]', 
     336            default=DEFAULT_PORT), 
     337 
    331338        var('mountPath',  
    332339            ('URI path to mount service i.e. "https://myhost/<mountPath>" [' 
    333340             'Nb. for mod_wsgi path may be e.g. "https://myhost/<script alias ' 
    334341             'path><mountPath>" !]'), 
    335             default=DEFAULT_MOUNT_POINT), 
     342            default=DEFAULT_MOUNT_PATH), 
    336343 
    337344        var('issuerName',  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/authorisationservice/authorisation-service.ini

    r7824 r7842  
    11# 
    2 # Title: INI file for NDG Security SAML Authorisation Service with XACML PDP   
    3 # 
    4 # Description: Service for unit tests  
     2# Description: NDG Security Authorisation Service for unit tests  
    53# 
    64# Author: P J Kershaw 
     
    1513# 
    1614[DEFAULT] 
    17 testConfigDir = %(here)s/../ 
    18  
    19 # This apply if the service is run with paster otherwise it's ignored e.g. if  
    20 # the service is run in mod_wsgi 
    21 port = 5000 
    22 baseURI = localhost:%(port)s 
    2315authorisationDecisionFuncEnvironKeyName = saml.authz.queryInterfaceEnvironKey 
    2416 
     
    3123samlIssuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName 
    3224 
     25testConfigDir = %(here)s/../ 
     26 
    3327[server:main] 
    3428use = egg:Paste#http 
    3529host = 0.0.0.0 
    36 port = %(port)s 
     30port = 5100 
     31 
     32# Add static content here if required but note that none is needed for the  
     33# service to function 
     34[app:AuthorisationServiceStaticContent] 
     35use = egg:Paste#static 
     36document_root = %(here)s/public 
    3737 
    3838[pipeline:main] 
    39 pipeline = AuthorisationServiceFilter SAMLSoapAuthzDecisionInterfaceFilter TestApp 
    40  
    41 [app:TestApp] 
    42 paste.app_factory = ndg.saml.test.binding.soap:TestApp 
     39pipeline = AuthorisationServiceFilter SAMLSoapAuthzDecisionInterfaceFilter AuthorisationServiceStaticContent 
    4340 
    4441#______________________________________________________________________________ 
     
    104101# optimise performance.  Set this flag to True/False to enable/disable caching 
    105102# respectively.  If this setting is omitted it defaults to True 
    106 #authz.ctx_handler.pip.cacheSessions = True 
     103#authz.ctx_handler.pip.cacheSessions = False 
    107104 
    108105# Set the directory for cached information to be stored.  This options is  
    109106# ignored if 'cacheSessions' is set to False.  If this setting is omitted, then 
    110 # sessions will be cached in memory only.  If the service is stopped all cached 
    111 # information would be lost 
     107# sessions will be cached in memory only.  In this case, if the service is  
     108# stopped all cached information would be lost 
    112109#authz.ctx_handler.pip.sessionCacheDataDir = %(here)s/pip-session-cache 
    113110 
    114111# Set timeout (seconds) for a cached session - following the timeout any existing 
    115112# session will be deleted.  This option is ignored if  
    116 # authz.ctx_handler.pip.cacheSessions = False or is omitted.  If this option is 
    117 # omitted, no timeout is set.  If none is set and  
    118 # authz.ctx_handler.pip.sessionCacheDataDir is set, sessions will be effectively 
    119 # cached permanently(!) only an assertion expiry could invalidate a given assertion 
    120 # previously cached. 
     113# authz.ctx_handler.pip.cacheSessions = False.  If this option is omitted, no  
     114# timeout is set.  If none is set and authz.ctx_handler.pip.sessionCacheDataDir  
     115# is set, sessions will be effectively cached permanently(!) only an assertion  
     116# expiry could invalidate a given assertion previously cached. 
    121117#authz.ctx_handler.pip.sessionCacheTimeout = 3600 
    122118 
Note: See TracChangeset for help on using the changeset viewer.