eoxserver.services.auth package¶
Submodules¶
eoxserver.services.auth.base module¶
This module contains basic classes and functions for the security layer (which is integrated in the service layer for now).
- class eoxserver.services.auth.base.AuthConfigReader(config)¶
Bases:
Reader
- property allowLocal¶
- property attribute_mapping¶
- property authz_service¶
- property pdp_type¶
- section = 'services.auth.base'¶
- property serviceID¶
- class eoxserver.services.auth.base.BasePDP¶
Bases:
object
This is the base class for PDP implementations. It provides a skeleton for authorization request handling.
- authorize(request)¶
This method handles authorization requests according to the requirements given in the
PolicyDecisionPointInterface
declaration.Internally, it invokes the
_decide()
method that implements the actual authorization decision logic.
- class eoxserver.services.auth.base.PDPComponent(*args)¶
Bases:
Component
- get_pdp(pdp_type)¶
- property pdps¶
List of components that implement
eoxserver.services.auth.interfaces.PolicyDecisionPointInterface
- eoxserver.services.auth.base.getPDP()¶
eoxserver.services.auth.charonpdp module¶
eoxserver.services.auth.dummypdp module¶
eoxserver.services.auth.exceptions module¶
eoxserver.services.auth.interfaces module¶
- class eoxserver.services.auth.interfaces.PolicyDecisionPointInterface¶
Bases:
object
This is the interface for Policy Decision Point (PDP) implementations.
- authorize(request)¶
This method takes an
OWSRequest
object as input and returns anAuthorizationResponse
instance. It is expected to check if the authenticated user (if any) is authorized to access the requested resource and set theauthorized
flag of the response accordingly.In case the user is not authorized, the content and status of the response shall be filled with an error message and the appropriate HTTP Status Code (403).
The method shall not raise any exceptions.
- property pdp_type¶
The type name of this PDP.
eoxserver.services.auth.middleware module¶
- class eoxserver.services.auth.middleware.PDPMiddleware¶
Bases:
object
Middleware to allow authorization agains a Policy Decision Point. This middleware will be used for all requests and all configured views. If you only want to provide PDP authorization for a single view, use the pdp_protect.
- process_view(request, view_func, view_args, view_kwargs)¶
- eoxserver.services.auth.middleware.pdp_protect(view)¶
Wrapper function for views that shall be protected by PDP authorization. This function can be used as a decorator of a view function, or as a modifier to be used in the url configuration file. e.g:
urlpatterns = patterns('', ... url(r'^ows', pdp_protect(ows)), ... )