Ticket #1072 (closed defect: fixed)

Opened 10 years ago

Last modified 9 years ago

security application wants to handle it's own error 403 forbidden page

Reported by: lawrence Owned by: pjkersha
Priority: desirable Milestone: CMIP5 Security
Component: security Version:
Keywords: Cc:

Description

We want to a secure wsgi app to be configured via the .ini file to indicate that it can display it's own 403 forbidden page.

We'd do this by a similar mechanism to the logout call.

This would allow the application developer to use their own tools to ensure application look-n-feel.

Change History

comment:1 Changed 10 years ago by pjkersha

Added two new redirect handlers for apps to apply their own custom 403 response.

Redirect handler enables redirect to custom URI for access denied message. e.g. ini file Authz filter settings:

paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory
prefix = authz.

authz.pepResultHandler = ndg.security.server.wsgi.authz.result_handler.redirect.HTTPRedirectPEPResultHandlerMiddleware
authz.pepResultHandler.redirectURI = /myapp_403_forbidden.html

# other authz filter settings - policy file etc.

and Genshi template based 403 response:

[filter:AuthorizationFilter]
paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory
prefix = authz.

authz.pepResultHandler = ndg.security.server.wsgi.authz.result_handler.genshi.GenshiPEPResultHandlerMiddleware
authz.pepResultHandler.staticContentDir = %(here)s/pep_result_handler
authz.pepResultHandler.baseURL = http://localhost:7080
authz.pepResultHandler.heading = Access Denied
authz.pepResultHandler.messageTemplate = Access is forbidden for this resource:<div id="accessDeniedMessage">$pdpResponseMsg</div>Please check with your site administrator that you have the required access privileges.
authz.pepResultHandler.footerText = This site is for test purposes only.
authz.pepResultHandler.rightLink = http://ceda.ac.uk/
authz.pepResultHandler.rightImage = %(authz.pepResultHandler.baseURL)s/layout/CEDA_RightButton60.png
authz.pepResultHandler.rightAlt = Centre for Environmental Data Archival
authz.pepResultHandler.helpIcon = %(authz.pepResultHandler.baseURL)s/layout/icons/help.png

# other authz filter settings - policy file etc.

comment:2 Changed 9 years ago by pjkersha

  • Status changed from new to closed
  • Resolution set to fixed

This feature in current release 1.5.1

Note: See TracTickets for help on using tickets.