Changeset 7861 for TI12-security


Ignore:
Timestamp:
31/01/11 13:48:11 (8 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

Location:
TI12-security/trunk/NDGSecurity/python
Files:
3 added
1 deleted
20 edited
2 moved

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/Makefile

    r7847 r7861  
    3838SERVICE_SRC_INI_FILENAME = securityservices.ini 
    3939SERVICE_SRC_INI_FILEPATH = ${SERVICE_SRC_DIR}${SERVICE_SRC_INI_FILENAME} 
    40 SERVICE_INI_FILEPATH_TMP = ${SERVICE_DEST_DIR}${SERVICE_SRC_INI_FILENAME} 
    4140SERVICE_INI_TMPL_FILEPATH = ${SERVICE_DEST_DIR}service.ini_tmpl 
    4241SERVICE_PKI_DEST_DIR = ${SERVICE_DEST_DIR}pki/ 
     
    4948        openidprovider/README openidprovider/nonces/ openidprovider/temp/ \ 
    5049        openidrelyparty/store/ openidrelyparty/__init__.* \ 
    51         pip-session-cache/* log 
     50        pip-session-cache/* log ${SERVICE_SRC_INI_FILENAME} 
    5251SERVICE_OP_DIRNAME = openidprovider/ 
    5352SERVICE_OP_DIR = ${SERVICE_DEST_DIR}${SERVICE_OP_DIRNAME} 
     
    6766service_tmpl: ${SERVICE_SRC_DIR} 
    6867        @-echo Preparing Generic Services template ... 
     68        @-echo ________________________________________________________________________________ 
    6969        @-echo 
    7070        @-echo Copying configuration files ... 
     
    8686        -e s/'saml\.mountPath.*'/'saml.mountPath = %%\{authorisationServiceMountPath\}'/ \ 
    8787        -e s/'saml\.soapbinding\.issuerName =.*'/'saml.soapbinding.issuerName = %%\{attributeServiceIssuerName}'/ \ 
    88         -e s/'saml\.issuerName =.*'/'samlIssuerName = %%\{authorisationServiceIssuerName}'/ \ 
     88        -e s/'saml\.issuerName =.*'/'saml\.issuerName = %%\{authorisationServiceIssuerName}'/ \ 
    8989        -e s/'saml\.soapbinding\.issuerFormat =.*'/'saml.soapbinding.issuerFormat = %%\{attributeServiceIssuerFormat}'/ \ 
    9090        -e s/'saml\.issuerFormat =.*'/'saml.issuerFormat = %%\{authorisationServiceIssuerFormat}'/ \ 
     
    9696        -e s/\(os\.path\.join\(\'%\(here\)s\'/\(os.path.join\(\'%%\{outputDir}\'/ \ 
    9797        -e s/'# Revision:.*'//g \ 
    98                 ${SERVICE_INI_FILEPATH_TMP} > ${SERVICE_INI_TMPL_FILEPATH} 
    99         rm -f ${SERVICE_INI_FILEPATH_TMP} 
     98                ${SERVICE_SRC_INI_FILEPATH} > ${SERVICE_INI_TMPL_FILEPATH} 
    10099        @-echo Making substitutions for OpenID Provider Yadis templates ... 
    101100        sed -r -e /'<Service priority=\"(1|19|30|20)\">'/,/'<\/Service>'/d \ 
     
    149148securedapp_tmpl: ${SECUREDAPP_SRC_DIR} 
    150149        @-echo Preparing Secured Application template ... 
     150        @-echo ________________________________________________________________________________ 
    151151        @-echo 
    152152        @-echo Copying configuration files ... 
     
    171171    -e s/'pep\.authzDecisionQuery\.issuerName = .*'/'pep\.authzDecisionQuery\.issuerName = %%\{authzDecisionQueryIssuerName}'/ \ 
    172172    -e s/'pep\.authzDecisionQuery\.issuerFormat = .*'/'pep\.authzDecisionQuery\.issuerFormat = %%\{authzDecisionQueryIssuerFormat}'/ \ 
    173         -e s/'authkit\.cookie\.secret =.*'/'authkit\.cookie\.secret = %%\{authkitCookieSecret}'/ \ 
     173        -e s/'authkitCookieSecret =.*'/'authkitCookieSecret = %%\{authkitCookieSecret}'/ \ 
    174174        -e s/'beaker\.session\.secret =.*'/'beaker\.session\.secret = %%\{beakerSessionCookieSecret}'/ \ 
    175175        -e s/'authkit.openid.session.secret = .*'/'authkit.openid.session.secret = %%\{openidRelyingPartyCookieSecret}'/ \ 
     
    213213authorisation_service_tmpl: 
    214214        @-echo Preparing Authorisation Service template ... 
     215        @-echo ________________________________________________________________________________ 
    215216        @-echo 
    216217        @-echo Copying test ini file and other configuration files ... 
     
    266267attribute_service_tmpl: 
    267268        @-echo Preparing Attribute Service template ... 
     269        @-echo ________________________________________________________________________________ 
    268270        @-echo 
    269271        -mkdir ${ATTR_SERVICE_DEST_DIR} 
     
    314316OP_PKI_DEST_DIR = ${OP_DEST_DIR}pki/ 
    315317OP_CA_DEST_DIR = ${OP_PKI_DEST_DIR}ca/ 
    316 OP_CONFIG_FILES = templates openidprovider.ini public 
     318OP_CONFIG_FILES = templates openidprovider.ini openidproviderapp.py public 
    317319OP_TMPL_DIR = ${OP_DEST_DIR}templates/ 
    318320OP_SERVER_YADIS_TMPL_FILEPATH_TMP = ${OP_TMPL_DIR}serveryadis.xml 
     
    326328openidprovider_tmpl: 
    327329        @-echo Preparing OpenID Provider template ... 
     330        @-echo ________________________________________________________________________________ 
    328331        @-echo 
    329332        @-echo Copying templates, CSS and graphics and ini file ... 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/attributeservice/attributeauthorityapp.py

    r7846 r7861  
    6060        ssl_context = None 
    6161         
    62     server = PasteDeployAppServer(cfgFilePath=opt.configFilePath,  
     62    server = PasteDeployAppServer(cfgFilePath=path.abspath(opt.configFilePath),  
    6363                                  port=opt.port, 
    6464                                  ssl_context=ssl_context)  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/authorisationservice/authorisationserviceapp.py

    r7844 r7861  
    99__copyright__ = "(C) 2009 Science and Technology Facilities Council" 
    1010__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    11 __revision__ = "$Id: securityservicesapp.py 7829 2011-01-24 15:09:22Z pjkersha $" 
    12 import os 
    13 from os.path import dirname, abspath, join 
     11__revision__ = "$Id$" 
     12from os import path 
    1413import optparse  
    1514 
    16 from ndg.security.test.unit import BaseTestCase, TEST_CONFIG_DIR 
    1715from ndg.security.server.utils.paste_utils import PasteDeployAppServer 
    1816 
     
    2321# $ ./authorisationserviceapp.py -h 
    2422if __name__ == '__main__':     
    25     cfgFilePath = os.path.join(dirname(abspath(__file__)), INI_FILENAME)   
     23    cfgFilePath = path.join(path.dirname(path.abspath(__file__)), INI_FILENAME)   
    2624         
    2725    parser = optparse.OptionParser() 
     
    6260        ssl_context = None 
    6361 
    64     server = PasteDeployAppServer(cfgFilePath=opt.configFilePath,  
     62    server = PasteDeployAppServer(cfgFilePath=path.abspath(opt.configFilePath),  
    6563                                  port=opt.port, 
    6664                                  ssl_context=ssl_context)  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/securedapp/securedapp.py

    r7846 r7861  
    1111__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    1212__revision__ = "$Id: securedapp.py 7845 2011-01-25 17:12:39Z pjkersha $" 
    13  
    14     
    15 def app_factory(globalConfig, **localConfig): 
    16     '''AuthZTestMiddleware factory for Paste app pattern''' 
    17     return AuthZTestMiddleware(None, globalConfig, **localConfig) 
    18  
    19 def filter_app_factory(app, globalConfig, **localConfig): 
    20     '''AuthZTestMiddleware factory for Paste filter app pattern''' 
    21     return AuthZTestMiddleware(app, globalConfig, **localConfig) 
    22  
    23 class AuthZTestMiddleware(object): 
    24     """This class simulates the application to be secured by the NDG Security 
    25     authorization middleware 
    26     """ 
    27     method = { 
    28 "/": 'default', 
    29 "/test_401": "test_401", 
    30 "/test_403": "test_403", 
    31 "/test_securedURI": "test_securedURI", 
    32 "/test_accessDeniedToSecuredURI": "test_accessDeniedToSecuredURI" 
    33     } 
    34     header = """        <h1>Authorisation Integration Tests:</h1> 
    35         <p>Test Authorisation middleware with no Session Manager running. 
    36         See the authz/ integration test directory for a configuration including 
    37         a Session Manager</p> 
    38         <p>These tests use require the security services application to be 
    39         running.  See securityserviceapp.py and securityservices.ini in the  
    40         authz_lite/ integration test directory.</p> 
    41         <h2>To Run:</h2> 
    42         <p>Try any of the links below.  When prompt for username and password, 
    43         enter one of the sets of credentials from securityservices.ini 
    44         openid.provider.authN.userCreds section.  The defaults are: 
    45         </p> 
    46         <p>pjk/testpassword</p> 
    47         <p>another/testpassword</p> 
    48         <p>The attributeinterface.py AttributeAuthority plugin is configured to 
    49         grant access to 'pjk' for all URLs below apart from  
    50         'test_accessDeniedToSecuredURI'.  The 'another' account will be denied 
    51         access from all URLs apart from 'test_401'</p> 
    52 """ 
    53  
    54     def __init__(self, app, globalConfig, **localConfig): 
    55         self.app = app 
    56              
    57     def __call__(self, environ, start_response): 
    58          
    59         methodName = self.method.get(environ['PATH_INFO'], '').rstrip() 
    60         if methodName: 
    61             action = getattr(self, methodName) 
    62             return action(environ, start_response) 
    63         elif environ['PATH_INFO'] == '/logout': 
    64             return self.default(environ, start_response) 
    65          
    66         elif self.app is not None: 
    67             return self.app(environ, start_response) 
    68         else: 
    69             start_response('404 Not Found', [('Content-type', 'text/plain')]) 
    70             return "Authorisation integration tests: invalid URI" 
    71              
    72     def default(self, environ, start_response): 
    73         if 'REMOTE_USER' in environ: 
    74             response = """<html> 
    75     <head/> 
    76     <body> 
    77         %s 
    78         <ul>%s</ul> 
    79         <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
    80     </body> 
    81 </html> 
    82 """ % (AuthZTestMiddleware.header, 
    83        '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    84                  for link,name in self.method.items() if name != 'default']), 
    85        environ['REMOTE_USER']) 
    86          
    87             start_response('200 OK',  
    88                            [('Content-type', 'text/html'), 
    89                             ('Content-length', str(len(response)))]) 
    90         else: 
    91             response = """<html> 
    92     <head/> 
    93     <body> 
    94         %s 
    95         <ul>%s</ul> 
    96     </body> 
    97 </html> 
    98 """ % (AuthZTestMiddleware.header, 
    99        '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    100                  for link,name in self.method.items() if name != 'default']) 
    101        ) 
    102  
    103             start_response('200 OK',  
    104                            [('Content-type', 'text/html'), 
    105                             ('Content-length', str(len(response)))]) 
    106         return response 
    107  
    108     def test_401(self, environ, start_response): 
    109         if 'REMOTE_USER' in environ: 
    110             response = """<html> 
    111     <head/> 
    112     <body> 
    113         <h1>Authenticated!</h1> 
    114         <ul>%s</ul> 
    115         <p>You are logged in.  <a href="/logout">Logout</a></p> 
    116     </body> 
    117 </html> 
    118 """ % '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    119                  for link,name in self.method.items() if name != 'default']) 
    120  
    121             start_response('200 OK',  
    122                            [('Content-type', 'text/html'), 
    123                             ('Content-length', str(len(response)))]) 
    124         else: 
    125             response = "Trigger OpenID Relying Party..." 
    126             start_response('401 Unauthorized',  
    127                            [('Content-type', 'text/plain'), 
    128                             ('Content-length', str(len(response)))]) 
    129         return response 
    130  
    131     def test_403(self, environ, start_response): 
    132         """Trigger the Authorization middleware by returning a 403 Forbidden 
    133         HTTP status code from this URI""" 
    134          
    135         if 'REMOTE_USER' in environ: 
    136             response = """<html> 
    137     <head/> 
    138     <body> 
    139         <h1>Authorised!</h1> 
    140         <ul>%s</ul> 
    141         <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
    142     </body> 
    143 </html> 
    144 """ % ('\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    145                  for link,name in self.method.items() if name != 'default']), 
    146        environ['REMOTE_USER']) 
    147  
    148             start_response('200 OK',  
    149                            [('Content-type', 'text/html'), 
    150                             ('Content-length', str(len(response)))]) 
    151         else: 
    152             response = ("Authorization middleware is triggered becuase this " 
    153                         "page returns a 403 Forbidden status.") 
    154             start_response('403 Forbidden',  
    155                            [('Content-type', 'text/plain'), 
    156                             ('Content-length', str(len(response)))]) 
    157         return response 
    158  
    159     def test_securedURI(self, environ, start_response): 
    160         """To be secured, the Authorization middleware must have this URI in 
    161         its policy""" 
    162         if 'REMOTE_USER' in environ: 
    163             response = """<html> 
    164     <head/> 
    165     <body> 
    166         <h1>Authorised for path [%s]!</h1> 
    167         <ul>%s</ul> 
    168         <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
    169     </body> 
    170 </html> 
    171 """ % (environ['PATH_INFO'], 
    172        '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    173                  for link,name in self.method.items() if name != 'default']), 
    174        environ['REMOTE_USER']) 
    175  
    176  
    177             start_response('200 OK',  
    178                            [('Content-type', 'text/html'), 
    179                             ('Content-length', str(len(response)))]) 
    180         else: 
    181             response = ("Authorization middleware must have this URI in its " 
    182                         "policy in order to secure it!") 
    183             start_response('200 OK',  
    184                            [('Content-type', 'text/plain'), 
    185                             ('Content-length', str(len(response)))]) 
    186         return response 
    187  
    188  
    189     def test_accessDeniedToSecuredURI(self, environ, start_response): 
    190         """To be secured, the Authorization middleware must have this URI in 
    191         its policy and the user must not have the required role as specified 
    192         in the policy.  See ndg.security.test.config.attributeauthority.sitea 
    193         for user role settings retrieved from the attribute authority""" 
    194         if 'REMOTE_USER' in environ: 
    195             response = """<html> 
    196     <head/> 
    197     <body> 
    198         <h1>Authorised for path [%s]!</h1> 
    199         <ul>%s</ul> 
    200         <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
    201     </body> 
    202 </html> 
    203 """ % (environ['PATH_INFO'], 
    204        '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    205                  for link,name in self.method.items() if name != 'default']), 
    206        environ['REMOTE_USER']) 
    207  
    208  
    209             start_response('200 OK',  
    210                            [('Content-type', 'text/html'), 
    211                             ('Content-length', str(len(response)))]) 
    212         else: 
    213             response = ("Authorization middleware must have this URI in its " 
    214                         "policy in order to secure it!") 
    215             start_response('200 OK',  
    216                            [('Content-type', 'text/plain'), 
    217                             ('Content-length', str(len(response)))]) 
    218         return response 
    219     
    220     @classmethod 
    221     def app_factory(cls, globalConfig, **localConfig): 
    222         return cls(None, globalConfig, **localConfig) 
    223      
    224     @classmethod 
    225     def filter_app_factory(cls, app, globalConfig, **localConfig): 
    226         return cls(app, globalConfig, **localConfig) 
    227  
     13import optparse    
     14from os import path 
     15from ndg.security.server.utils.paste_utils import PasteDeployAppServer 
    22816 
    22917INI_FILENAME = 'securedapp.ini' 
    23018    
    23119# To start run  
    232 # $ paster serve services.ini or run this file as a script 
    233 # $ ./securedapp.py [port #] 
     20# $ paster serve services.ini  
     21# 
     22# or run this file as a script.  For options: 
     23# $ ./securedapp.py -h 
    23424if __name__ == '__main__':  
    235     import optparse    
    236     from os import path 
    237     from ndg.security.server.utils.paste_utils import PasteDeployAppServer 
    238      
    23925    cfgFilePath = path.join(path.dirname(path.abspath(__file__)), INI_FILENAME) 
    24026         
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/securedapp/service.ini_tmpl

    r7847 r7861  
    2424portNum = %%{portNumber} 
    2525baseURI = %%{baseURI} 
     26 
     27# AuthKit Cookie secret used to secure it.  This secret must be the same as the 
     28# one used in the equivalent services application(s) ini file(s) that serve 
     29# the OpenID Relying Party and SSL authentication service.  This is 
     30# because the cookie is shared between this app and the services app(s)  so that 
     31# a user's OpenID can be communicated between them. 
     32authkitCookieSecret = %%{authkitCookieSecret} 
    2633 
    2734[server:main] 
     
    7784 
    7885# This cookie name and secret MUST agree with the name used by the security web 
    79 # services app 
     86# services app - see DEFAULT section above 
    8087authkit.cookie.name = ndg.security.auth 
    81 authkit.cookie.secret = %%{authkitCookieSecret} 
     88authkit.cookie.secret = %(authkitCookieSecret)s 
    8289authkit.cookie.signoutpath = /logout 
    8390 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/services/policy.xml

    r7777 r7861  
    1919        <Resources> 
    2020            <Resource> 
    21                 <!-- Pattern match all request URIs beginning with / --> 
     21                <!--  
     22                    Pattern match all request URIs beginning with / running on 
     23                    ports 7080 (test harness app) and 8001 (test PyDAP) 
     24                --> 
    2225                <ResourceMatch MatchId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match"> 
    23                     <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:7080/.*$</AttributeValue> 
     26                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:(7080|8001)/.*$</AttributeValue> 
    2427                    <ResourceAttributeDesignator 
    2528                        AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
     
    4548                <Resource> 
    4649                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match"> 
    47                         <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:7080/layout/</AttributeValue> 
     50                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:(7080|8001)/layout/</AttributeValue> 
    4851                        <ResourceAttributeDesignator 
    4952                            AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
     
    145148        </Condition> 
    146149    </Rule> 
     150     
     151    <!--  
     152        Rule for PyDAP service 
     153    --> 
     154    <Rule RuleId="PyDAP Public URI" Effect="Permit"> 
     155        <Target> 
     156            <Resources> 
     157                <Resource> 
     158                    <!-- Match the request URI --> 
     159                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match"> 
     160                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:8001/</AttributeValue> 
     161                        <ResourceAttributeDesignator 
     162                            AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
     163                            DataType="http://www.w3.org/2001/XMLSchema#anyURI"/> 
     164                    </ResourceMatch> 
     165                </Resource> 
     166            </Resources> 
     167        </Target> 
     168    </Rule> 
    147169</Policy> 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/services/securityservicesapp.py

    r7847 r7861  
    99__copyright__ = "(C) 2009 Science and Technology Facilities Council" 
    1010__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    11 __revision__ = "$Id: securityservicesapp.py 7843 2011-01-25 10:22:43Z pjkersha $" 
    12 from os import path, environ 
     11__revision__ = "$Id: securityservicesapp.py 7847 2011-01-26 16:40:54Z pjkersha $" 
     12from os import path 
    1313import optparse  
    1414      
    1515from OpenSSL import SSL 
    1616 
    17 from ndg.security.test.unit import BaseTestCase, TEST_CONFIG_DIR 
    1817from ndg.security.server.utils.paste_utils import PasteDeployAppServer 
     18from ndg.security.test.unit import BaseTestCase 
    1919 
    2020INI_FILENAME = 'securityservices.ini' 
    21 # 
    22 #environ['NDGSEC_INTEGRATION_TEST_DIR'] = os.path.dirname(os.path.dirname( 
    23 #                                                                    __file__)) 
    24 #environ[BaseTestCase.configDirEnvVarName] = TEST_CONFIG_DIR 
    25  
    2621 
    2722# To start run  
     
    8277        ssl_context = None 
    8378 
    84     server = PasteDeployAppServer(cfgFilePath=opt.configFilePath,  
     79    server = PasteDeployAppServer(cfgFilePath=path.abspath(opt.configFilePath),  
    8580                                  port=opt.port, 
    8681                                  ssl_context=ssl_context)  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/services/service.ini_tmpl

    r7847 r7861  
    421421attributeAuthority.attributeInterface.samlAttribute2SqlQuery.lastName = "urn:esg:last:name" "select lastname from users where openid = '${userId}'" 
    422422attributeAuthority.attributeInterface.samlAttribute2SqlQuery.emailAddress = "urn:esg:email:address" "select emailaddress from users where openid = '${userId}'" 
    423 attributeAuthority.attributeInterface.samlAttribute2SqlQuery.4 = "urn:siteA:security:authz:1.0:attr" "select attributename from attributes where openid = '${userId}'" 
     423attributeAuthority.attributeInterface.samlAttribute2SqlQuery.4 = "urn:siteA:security:authz:1.0:attr" "select attributename from attributes where attributetype = 'urn:siteA:security:authz:1.0:attr' and openid = '${userId}'" 
    424424 
    425425# Set the permissable requestor Distinguished Names as set in the SAML client  
     
    493493 
    494494# Sets the identity of THIS authorisation service when filling in SAML responses 
    495 samlIssuerName = %%{authorisationServiceIssuerName} 
     495saml.issuerName = %%{authorisationServiceIssuerName} 
    496496saml.issuerFormat = %%{authorisationServiceIssuerFormat} 
    497497 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py

    r7847 r7861  
    8686"""<Service priority="20"> 
    8787            <Type>urn:esg:security:attribute-service</Type> 
    88             <Type>urn:esg:security:attribute-service</Type> 
    8988            <URI>%%{attributeServiceURI}</URI> 
    9089            <LocalID>$user_url</LocalID> 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/attributeauthorityapp.py

    r7844 r7861  
    6060        ssl_context = None 
    6161         
    62     server = PasteDeployAppServer(cfgFilePath=opt.configFilePath,  
     62    server = PasteDeployAppServer(cfgFilePath=path.abspath(opt.configFilePath),  
    6363                                  port=opt.port, 
    6464                                  ssl_context=ssl_context)  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/authorisationservice/authorisationserviceapp.py

    r7843 r7861  
    99__copyright__ = "(C) 2009 Science and Technology Facilities Council" 
    1010__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    11 __revision__ = "$Id: securityservicesapp.py 7829 2011-01-24 15:09:22Z pjkersha $" 
    12 import os 
    13 from os.path import dirname, abspath, join 
     11__revision__ = "$Id$" 
     12from os import path 
    1413import optparse  
    1514 
    16 from ndg.security.test.unit import BaseTestCase, TEST_CONFIG_DIR 
    1715from ndg.security.server.utils.paste_utils import PasteDeployAppServer 
    1816 
     
    2321# $ ./authorisationserviceapp.py -h 
    2422if __name__ == '__main__':     
    25     cfgFilePath = os.path.join(dirname(abspath(__file__)), INI_FILENAME)   
     23    cfgFilePath = path.join(path.dirname(path.abspath(__file__)), INI_FILENAME)   
    2624         
    2725    parser = optparse.OptionParser() 
     
    6260        ssl_context = None 
    6361 
    64     server = PasteDeployAppServer(cfgFilePath=opt.configFilePath,  
     62    server = PasteDeployAppServer(cfgFilePath=path.abspath(opt.configFilePath),  
    6563                                  port=opt.port, 
    6664                                  ssl_context=ssl_context)  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/__init__.py

    r7847 r7861  
    111111        <body> 
    112112            <h1>Authenticated!</h1> 
    113             <ul>%s</ul> 
     113            <p><a href="/">Return</a> to tests<p> 
    114114            <p>You are logged in.  <a href="/logout">Logout</a></p> 
    115115        </body> 
    116116    </html> 
    117     """ % '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    118                      for link,name in self.method.items() if name != 'default']) 
    119      
     117    """ 
    120118            start_response('200 OK',  
    121119                           [('Content-type', 'text/html'), 
     
    139137    <body> 
    140138        <h1>Authorised!</h1> 
    141         <ul>%s</ul> 
    142         <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
    143     </body> 
    144 </html> 
    145 """ % ('\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    146                  for link,name in self.method.items() if name != 'default']), 
    147        username) 
     139        <p><a href="/">Return</a> to tests<p> 
     140        <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
     141    </body> 
     142</html> 
     143""" % username 
    148144 
    149145            start_response('200 OK',  
     
    176172    <body> 
    177173        <h1>Authorised for path [%s]!</h1> 
    178         <ul>%s</ul> 
    179         <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
    180     </body> 
    181 </html> 
    182 """ % (environ['PATH_INFO'], 
    183        '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    184                  for link,name in self.method.items() if name != 'default']), 
    185        username) 
     174        <p><a href="/">Return</a> to tests<p> 
     175        <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
     176    </body> 
     177</html> 
     178""" % (environ['PATH_INFO'], username) 
    186179 
    187180 
     
    201194    <body> 
    202195        <h1>Authorised for path [%s]!</h1> 
    203         <ul>%s</ul> 
    204         <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
    205     </body> 
    206 </html> 
    207 """ % (environ['PATH_INFO'], 
    208        '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    209                  for link,name in self.method.items() if name != 'default']), 
    210        environ[self.beakerSessionKeyName]['username']) 
    211  
     196        <p><a href="/">Return</a> to tests<p> 
     197        <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
     198    </body> 
     199</html> 
     200""" % (environ['PATH_INFO'], environ[self.beakerSessionKeyName]['username']) 
    212201 
    213202        start_response('200 OK',  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap/server.ini

    r7824 r7861  
    11# 
    2 # NDG Security pyDAP version 3.0 Test configuration 
     2# NDG Security pyDAP version 3.0 Test configuration.  PyDAP must be present on 
     3# your system 
    34# 
    45# NERC DataGrid 
     
    9697 
    9798[filter:AuthorizationFilter] 
    98 paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory 
    99 prefix = authz. 
    100 authz.pepResultHandler = ndg.security.server.wsgi.authz.result_handler.genshi.GenshiPEPResultHandlerMiddleware 
    101 authz.pepResultHandler.staticContentDir = %(here)s/pep_result_handler 
    102 authz.pepResultHandler.baseURL = http://localhost:8001 
    103 authz.pepResultHandler.heading = Access Denied 
    104 authz.pepResultHandler.messageTemplate = Access is forbidden for this resource:<div id="accessDeniedMessage">$pdpResponseMsg</div>Please check with your site administrator that you have the required access privileges. 
    105 authz.pepResultHandler.footerText = This site is for test purposes only. 
    106 authz.pepResultHandler.rightLink = http://ceda.ac.uk/ 
    107 authz.pepResultHandler.rightImage = %(authz.pepResultHandler.baseURL)s/layout/CEDA_RightButton60.png 
    108 authz.pepResultHandler.rightAlt = Centre for Environmental Data Archival 
    109 authz.pepResultHandler.helpIcon = %(authz.pepResultHandler.baseURL)s/layout/icons/help.png 
     99paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorisationFilter.filter_app_factory 
    110100 
    111 policy.filePath = %(here)s/authz/policy.xml 
     101# Result handler handles the response for HTTP 403 responses set by the  
     102# application or the PEP. 
     103resultHandler = ndg.security.server.wsgi.authz.result_handler.genshi.GenshiPEPResultHandlerMiddleware 
     104resultHandler.staticContentDir = %(here)s/pep_result_handler 
     105resultHandler.heading = PyDAP Access Denied 
     106 
     107# Settings for the PEP (Policy Enforcement Point) 
     108pep.sessionKey = beaker.session.ndg.security 
     109pep.authzServiceURI = https://localhost:7443/AuthorisationService 
     110pep.cacheDecisions = True 
     111 
     112# Including this setting activates a simple PDP local to this PEP which filters  
     113# requests to cut down on calls to the authorisation service.  This is useful 
     114# for example to avoid calling the authorisation service for non-secure content 
     115# such as HTML CSS or graphics.  Note that filters based on resource URI  
     116# requested alone.  Subject, action and environment settings are not passed in  
     117# the request context to the local PDP. 
     118# 
     119# The policy content should be set carefully to avoid unintended override of the 
     120# authorisation service's policy 
     121pep.localPolicyFilePath = %(here)s/request-filter.xml 
    112122 
    113123# Settings for Policy Information Point used by the Policy Decision Point to 
     
    116126 
    117127# If omitted, DN of SSL Cert is used 
    118 pip.attributeQuery.issuerName =  
    119 pip.attributeQuery.subjectIdFormat = urn:esg:openid 
    120 pip.attributeQuery.clockSkewTolerance = 0. 
    121 pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string 
    122 pip.attributeQuery.sslCACertDir=%(testConfigDir)s/pki/ca 
    123 pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt 
    124 pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key 
    125  
     128pep.authzDecisionQuery.issuerName = /O=NDG/OU=BADC/CN=test 
     129pep.authzDecisionQuery.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName 
     130pep.authzDecisionQuery.subjectIdFormat = urn:esg:openid 
     131pep.authzDecisionQuery.clockSkewTolerance = 0. 
     132pep.authzDecisionQuery.sslCACertDir=%(testConfigDir)s/pki/ca 
     133pep.authzDecisionQuery.sslCertFilePath=%(testConfigDir)s/pki/localhost.crt 
     134pep.authzDecisionQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/localhost.key 
    126135 
    127136# Logging configuration 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/policy.xml

    r7822 r7861  
    1919        <Resources> 
    2020            <Resource> 
    21                 <!-- Pattern match all request URIs beginning with / --> 
     21                <!--  
     22                    Pattern match all request URIs beginning with / running on 
     23                    ports 7080 (test harness app) and 8001 (test PyDAP) 
     24                --> 
    2225                <ResourceMatch MatchId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match"> 
    23                     <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:7080/.*$</AttributeValue> 
     26                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:(7080|8001)/.*$</AttributeValue> 
    2427                    <ResourceAttributeDesignator 
    2528                        AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
     
    4548                <Resource> 
    4649                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match"> 
    47                         <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:7080/layout/</AttributeValue> 
     50                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:(7080|8001)/layout/</AttributeValue> 
    4851                        <ResourceAttributeDesignator 
    4952                            AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
     
    145148        </Condition> 
    146149    </Rule> 
     150     
     151    <!--  
     152        Rule for PyDAP service 
     153    --> 
     154    <Rule RuleId="PyDAP Public URI" Effect="Permit"> 
     155        <Target> 
     156            <Resources> 
     157                <Resource> 
     158                    <!-- Match the request URI --> 
     159                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match"> 
     160                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">^http://localhost:8001/</AttributeValue> 
     161                        <ResourceAttributeDesignator 
     162                            AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
     163                            DataType="http://www.w3.org/2001/XMLSchema#anyURI"/> 
     164                    </ResourceMatch> 
     165                </Resource> 
     166            </Resources> 
     167        </Target> 
     168    </Rule> 
    147169</Policy> 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/securedapp.ini

    r7847 r7861  
    2424portNum = 7080 
    2525baseURI = http://localhost:%(portNum)s/ 
     26 
     27# AuthKit Cookie secret used to secure it.  This secret must be the same as the 
     28# one used in the equivalent services application(s) ini file(s) that serve 
     29# the OpenID Relying Party and SSL authentication service.  This is 
     30# because the cookie is shared between this app and the services app(s)  so that 
     31# a user's OpenID can be communicated between them. 
     32authkitCookieSecret = 9wvZObs9anUEhSIAnJNoY2iJq59FfYZr 
    2633 
    2734[server:main] 
     
    7784 
    7885# This cookie name and secret MUST agree with the name used by the security web 
    79 # services app 
     86# services app - see DEFAULT section above 
    8087authkit.cookie.name = ndg.security.auth 
    81 authkit.cookie.secret = 9wvZObs9anUEhSIAnJNoY2iJq59FfYZr 
     88authkit.cookie.secret = %(authkitCookieSecret)s 
    8289authkit.cookie.signoutpath = /logout 
    8390 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/securedapp.py

    r7845 r7861  
    1111__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    1212__revision__ = "$Id$" 
    13  
    14     
    15 def app_factory(globalConfig, **localConfig): 
    16     '''AuthZTestMiddleware factory for Paste app pattern''' 
    17     return AuthZTestMiddleware(None, globalConfig, **localConfig) 
    18  
    19 def filter_app_factory(app, globalConfig, **localConfig): 
    20     '''AuthZTestMiddleware factory for Paste filter app pattern''' 
    21     return AuthZTestMiddleware(app, globalConfig, **localConfig) 
    22  
    23 class AuthZTestMiddleware(object): 
    24     """This class simulates the application to be secured by the NDG Security 
    25     authorization middleware 
    26     """ 
    27     method = { 
    28 "/": 'default', 
    29 "/test_401": "test_401", 
    30 "/test_403": "test_403", 
    31 "/test_securedURI": "test_securedURI", 
    32 "/test_accessDeniedToSecuredURI": "test_accessDeniedToSecuredURI" 
    33     } 
    34     header = """        <h1>Authorisation Integration Tests:</h1> 
    35         <p>Test Authorisation middleware with no Session Manager running. 
    36         See the authz/ integration test directory for a configuration including 
    37         a Session Manager</p> 
    38         <p>These tests use require the security services application to be 
    39         running.  See securityserviceapp.py and securityservices.ini in the  
    40         authz_lite/ integration test directory.</p> 
    41         <h2>To Run:</h2> 
    42         <p>Try any of the links below.  When prompt for username and password, 
    43         enter one of the sets of credentials from securityservices.ini 
    44         openid.provider.authN.userCreds section.  The defaults are: 
    45         </p> 
    46         <p>pjk/testpassword</p> 
    47         <p>another/testpassword</p> 
    48         <p>The attributeinterface.py AttributeAuthority plugin is configured to 
    49         grant access to 'pjk' for all URLs below apart from  
    50         'test_accessDeniedToSecuredURI'.  The 'another' account will be denied 
    51         access from all URLs apart from 'test_401'</p> 
    52 """ 
    53  
    54     def __init__(self, app, globalConfig, **localConfig): 
    55         self.app = app 
    56              
    57     def __call__(self, environ, start_response): 
    58          
    59         methodName = self.method.get(environ['PATH_INFO'], '').rstrip() 
    60         if methodName: 
    61             action = getattr(self, methodName) 
    62             return action(environ, start_response) 
    63         elif environ['PATH_INFO'] == '/logout': 
    64             return self.default(environ, start_response) 
    65          
    66         elif self.app is not None: 
    67             return self.app(environ, start_response) 
    68         else: 
    69             start_response('404 Not Found', [('Content-type', 'text/plain')]) 
    70             return "Authorisation integration tests: invalid URI" 
    71              
    72     def default(self, environ, start_response): 
    73         if 'REMOTE_USER' in environ: 
    74             response = """<html> 
    75     <head/> 
    76     <body> 
    77         %s 
    78         <ul>%s</ul> 
    79         <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
    80     </body> 
    81 </html> 
    82 """ % (AuthZTestMiddleware.header, 
    83        '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    84                  for link,name in self.method.items() if name != 'default']), 
    85        environ['REMOTE_USER']) 
    86          
    87             start_response('200 OK',  
    88                            [('Content-type', 'text/html'), 
    89                             ('Content-length', str(len(response)))]) 
    90         else: 
    91             response = """<html> 
    92     <head/> 
    93     <body> 
    94         %s 
    95         <ul>%s</ul> 
    96     </body> 
    97 </html> 
    98 """ % (AuthZTestMiddleware.header, 
    99        '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    100                  for link,name in self.method.items() if name != 'default']) 
    101        ) 
    102  
    103             start_response('200 OK',  
    104                            [('Content-type', 'text/html'), 
    105                             ('Content-length', str(len(response)))]) 
    106         return response 
    107  
    108     def test_401(self, environ, start_response): 
    109         if 'REMOTE_USER' in environ: 
    110             response = """<html> 
    111     <head/> 
    112     <body> 
    113         <h1>Authenticated!</h1> 
    114         <ul>%s</ul> 
    115         <p>You are logged in.  <a href="/logout">Logout</a></p> 
    116     </body> 
    117 </html> 
    118 """ % '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    119                  for link,name in self.method.items() if name != 'default']) 
    120  
    121             start_response('200 OK',  
    122                            [('Content-type', 'text/html'), 
    123                             ('Content-length', str(len(response)))]) 
    124         else: 
    125             response = "Trigger OpenID Relying Party..." 
    126             start_response('401 Unauthorized',  
    127                            [('Content-type', 'text/plain'), 
    128                             ('Content-length', str(len(response)))]) 
    129         return response 
    130  
    131     def test_403(self, environ, start_response): 
    132         """Trigger the Authorization middleware by returning a 403 Forbidden 
    133         HTTP status code from this URI""" 
    134          
    135         if 'REMOTE_USER' in environ: 
    136             response = """<html> 
    137     <head/> 
    138     <body> 
    139         <h1>Authorised!</h1> 
    140         <ul>%s</ul> 
    141         <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
    142     </body> 
    143 </html> 
    144 """ % ('\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    145                  for link,name in self.method.items() if name != 'default']), 
    146        environ['REMOTE_USER']) 
    147  
    148             start_response('200 OK',  
    149                            [('Content-type', 'text/html'), 
    150                             ('Content-length', str(len(response)))]) 
    151         else: 
    152             response = ("Authorization middleware is triggered becuase this " 
    153                         "page returns a 403 Forbidden status.") 
    154             start_response('403 Forbidden',  
    155                            [('Content-type', 'text/plain'), 
    156                             ('Content-length', str(len(response)))]) 
    157         return response 
    158  
    159     def test_securedURI(self, environ, start_response): 
    160         """To be secured, the Authorization middleware must have this URI in 
    161         its policy""" 
    162         if 'REMOTE_USER' in environ: 
    163             response = """<html> 
    164     <head/> 
    165     <body> 
    166         <h1>Authorised for path [%s]!</h1> 
    167         <ul>%s</ul> 
    168         <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
    169     </body> 
    170 </html> 
    171 """ % (environ['PATH_INFO'], 
    172        '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    173                  for link,name in self.method.items() if name != 'default']), 
    174        environ['REMOTE_USER']) 
    175  
    176  
    177             start_response('200 OK',  
    178                            [('Content-type', 'text/html'), 
    179                             ('Content-length', str(len(response)))]) 
    180         else: 
    181             response = ("Authorization middleware must have this URI in its " 
    182                         "policy in order to secure it!") 
    183             start_response('200 OK',  
    184                            [('Content-type', 'text/plain'), 
    185                             ('Content-length', str(len(response)))]) 
    186         return response 
    187  
    188  
    189     def test_accessDeniedToSecuredURI(self, environ, start_response): 
    190         """To be secured, the Authorization middleware must have this URI in 
    191         its policy and the user must not have the required role as specified 
    192         in the policy.  See ndg.security.test.config.attributeauthority.sitea 
    193         for user role settings retrieved from the attribute authority""" 
    194         if 'REMOTE_USER' in environ: 
    195             response = """<html> 
    196     <head/> 
    197     <body> 
    198         <h1>Authorised for path [%s]!</h1> 
    199         <ul>%s</ul> 
    200         <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p> 
    201     </body> 
    202 </html> 
    203 """ % (environ['PATH_INFO'], 
    204        '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name)  
    205                  for link,name in self.method.items() if name != 'default']), 
    206        environ['REMOTE_USER']) 
    207  
    208  
    209             start_response('200 OK',  
    210                            [('Content-type', 'text/html'), 
    211                             ('Content-length', str(len(response)))]) 
    212         else: 
    213             response = ("Authorization middleware must have this URI in its " 
    214                         "policy in order to secure it!") 
    215             start_response('200 OK',  
    216                            [('Content-type', 'text/plain'), 
    217                             ('Content-length', str(len(response)))]) 
    218         return response 
    219     
    220     @classmethod 
    221     def app_factory(cls, globalConfig, **localConfig): 
    222         return cls(None, globalConfig, **localConfig) 
    223      
    224     @classmethod 
    225     def filter_app_factory(cls, app, globalConfig, **localConfig): 
    226         return cls(app, globalConfig, **localConfig) 
    227  
     13import optparse    
     14from os import path 
     15from ndg.security.server.utils.paste_utils import PasteDeployAppServer 
    22816 
    22917INI_FILENAME = 'securedapp.ini' 
    23018    
    23119# To start run  
    232 # $ paster serve services.ini or run this file as a script 
    233 # $ ./securedapp.py [port #] 
     20# $ paster serve services.ini  
     21# 
     22# or run this file as a script.  For options: 
     23# $ ./securedapp.py -h 
    23424if __name__ == '__main__':  
    235     import optparse    
    236     from os import path 
    237     from ndg.security.server.utils.paste_utils import PasteDeployAppServer 
    238      
    23925    cfgFilePath = path.join(path.dirname(path.abspath(__file__)), INI_FILENAME) 
    24026         
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/securityservices.ini

    r7845 r7861  
    421421attributeAuthority.attributeInterface.samlAttribute2SqlQuery.lastName = "urn:esg:last:name" "select lastname from users where openid = '${userId}'" 
    422422attributeAuthority.attributeInterface.samlAttribute2SqlQuery.emailAddress = "urn:esg:email:address" "select emailaddress from users where openid = '${userId}'" 
    423 attributeAuthority.attributeInterface.samlAttribute2SqlQuery.4 = "urn:siteA:security:authz:1.0:attr" "select attributename from attributes where openid = '${userId}'" 
     423attributeAuthority.attributeInterface.samlAttribute2SqlQuery.4 = "urn:siteA:security:authz:1.0:attr" "select attributename from attributes where attributetype = 'urn:siteA:security:authz:1.0:attr' and openid = '${userId}'" 
    424424 
    425425# Set the permissable requestor Distinguished Names as set in the SAML client  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/securityservicesapp.py

    r7847 r7861  
    1010__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    1111__revision__ = "$Id$" 
    12 from os import path, environ 
     12from os import path 
    1313import optparse  
    1414      
    1515from OpenSSL import SSL 
    1616 
    17 from ndg.security.test.unit import BaseTestCase, TEST_CONFIG_DIR 
    1817from ndg.security.server.utils.paste_utils import PasteDeployAppServer 
     18from ndg.security.test.unit import BaseTestCase 
    1919 
    2020INI_FILENAME = 'securityservices.ini' 
    21 # 
    22 #environ['NDGSEC_INTEGRATION_TEST_DIR'] = os.path.dirname(os.path.dirname( 
    23 #                                                                    __file__)) 
    24 #environ[BaseTestCase.configDirEnvVarName] = TEST_CONFIG_DIR 
    25  
    2621 
    2722# To start run  
     
    8277        ssl_context = None 
    8378 
    84     server = PasteDeployAppServer(cfgFilePath=opt.configFilePath,  
     79    server = PasteDeployAppServer(cfgFilePath=path.abspath(opt.configFilePath),  
    8580                                  port=opt.port, 
    8681                                  ssl_context=ssl_context)  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/README

    r7801 r7861  
    55test, in one terminal run: 
    66 
    7 $ ./openidprovider.py 
     7$ ./openidproviderapp.py 
    88 
    99In a second terminal, run: 
    1010 
    11 $ ./openidrelyingparty.py 
     11$ ./openidrelyingpartyapp.py 
    1212 
    1313Launch a browser and enter the address http://localhost:7080.  Follow the  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/openidproviderapp.py

    r7843 r7861  
    1010__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    1111__revision__ = "$Id$" 
    12 import os 
    13 from os.path import dirname, abspath, join 
     12from os import path  
    1413       
    1514from OpenSSL import SSL 
    1615 
    17 from ndg.security.test.unit import BaseTestCase, TEST_CONFIG_DIR 
    1816from ndg.security.server.utils.paste_utils import PasteDeployAppServer 
     17from ndg.security.test.unit import BaseTestCase 
    1918 
    2019INI_FILENAME = 'openidprovider.ini' 
    21 INI_FILEPATH = join(dirname(abspath(__file__)), INI_FILENAME) 
     20INI_FILEPATH = path.join(path.dirname(path.abspath(__file__)), INI_FILENAME) 
    2221DEFAULT_PORT = 7443 
    23  
    24 os.environ['NDGSEC_INTEGRATION_TEST_DIR'] = dirname(dirname(__file__)) 
    25 os.environ[BaseTestCase.configDirEnvVarName] = TEST_CONFIG_DIR 
    2622 
    2723import optparse 
     
    3430# 
    3531# $ ./openidprovider.py -h 
    36 if __name__ == '__main__':     
     32if __name__ == '__main__':        
     33    defCertFilePath = path.join(BaseTestCase.NDGSEC_TEST_CONFIG_DIR,  
     34                                'pki',  
     35                                'localhost.crt') 
     36    defPriKeyFilePath = path.join(BaseTestCase.NDGSEC_TEST_CONFIG_DIR,  
     37                                  'pki',  
     38                                  'localhost.key') 
     39     
    3740    parser = optparse.OptionParser() 
    3841    parser.add_option("-p", 
     
    5053 
    5154    parser.add_option("-c", 
     55                      "--cert-file", 
     56                      dest='certFilePath', 
     57                      default=defCertFilePath, 
     58                      help="SSL Certificate file") 
     59 
     60    parser.add_option("-k", 
     61                      "--private-key-file", 
     62                      dest='priKeyFilePath', 
     63                      default=defPriKeyFilePath, 
     64                      help="SSL private key file") 
     65 
     66    parser.add_option("-f", 
    5267                      "--conf", 
    5368                      dest="configFilePath", 
     
    6075    opt = parser.parse_args()[0] 
    6176     
    62     if opt.withSSL.lower() == 'true': 
    63         certFilePath = join(BaseTestCase.NDGSEC_TEST_CONFIG_DIR, 'pki',  
    64                             'localhost.crt') 
    65         priKeyFilePath = join(BaseTestCase.NDGSEC_TEST_CONFIG_DIR, 'pki',  
    66                               'localhost.key') 
    67          
     77    if opt.withSSL.lower() == 'true':         
    6878        ssl_context = SSL.Context(SSL.SSLv23_METHOD) 
    6979        ssl_context.set_options(SSL.OP_NO_SSLv2) 
    7080     
    71         ssl_context.use_privatekey_file(priKeyFilePath) 
    72         ssl_context.use_certificate_file(certFilePath) 
     81        ssl_context.use_privatekey_file(opt.priKeyFilePath) 
     82        ssl_context.use_certificate_file(opt.certFilePath) 
    7383    else: 
    7484        ssl_context = None 
    7585 
    76     server = PasteDeployAppServer(cfgFilePath=opt.configFilePath,  
     86    server = PasteDeployAppServer(cfgFilePath=path.abspath(opt.configFilePath),  
    7787                                  port=opt.port, 
    7888                                  ssl_context=ssl_context)  
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/openidrelyingparty.ini

    r7822 r7861  
    104104[app:TestHarnessApp] 
    105105paste.app_factory =  
    106         ndg.security.test.integration.openidprovider.openidrelyingparty:OpenIdRelyingPartyTestHarnessApp.app_factory 
     106        ndg.security.test.integration.openidprovider.openidrelyingpartyapp:OpenIdRelyingPartyTestHarnessApp.app_factory 
    107107 
    108108[filter:BeakerSessionFilter] 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/openidrelyingpartyapp.py

    r7843 r7861  
    190190    opt = parser.parse_args()[0] 
    191191     
    192     server = PasteDeployAppServer(cfgFilePath=opt.configFilePath, port=opt.port)  
     192    server = PasteDeployAppServer(cfgFilePath=path.abspath(opt.configFilePath),  
     193                                  port=opt.port)  
    193194    server.start() 
    194195    
Note: See TracChangeset for help on using the changeset viewer.