eoxserver.services.auth package


eoxserver.services.auth.base module

This module contains basic classes and functions for the security layer (which is integrated in the service layer for now).

class eoxserver.services.auth.base.AuthConfigReader(config)

Bases: Reader

property allowLocal
property attribute_mapping
property authz_service
property pdp_type
section = 'services.auth.base'
property serviceID
class eoxserver.services.auth.base.BasePDP

Bases: object

This is the base class for PDP implementations. It provides a skeleton for authorization request handling.


This method handles authorization requests according to the requirements given in the PolicyDecisionPointInterface declaration.

Internally, it invokes the _decide() method that implements the actual authorization decision logic.

class eoxserver.services.auth.base.PDPComponent(*args)

Bases: Component

property pdps

List of components that implement eoxserver.services.auth.interfaces.PolicyDecisionPointInterface


eoxserver.services.auth.charonpdp module

eoxserver.services.auth.dummypdp module

eoxserver.services.auth.exceptions module

exception eoxserver.services.auth.exceptions.AuthorisationException

Bases: Exception

code = 'AccessForbidden'

eoxserver.services.auth.interfaces module

class eoxserver.services.auth.interfaces.PolicyDecisionPointInterface

Bases: object

This is the interface for Policy Decision Point (PDP) implementations.


This method takes an OWSRequest object as input and returns an AuthorizationResponse instance. It is expected to check if the authenticated user (if any) is authorized to access the requested resource and set the authorized flag of the response accordingly.

In case the user is not authorized, the content and status of the response shall be filled with an error message and the appropriate HTTP Status Code (403).

The method shall not raise any exceptions.

property pdp_type

The type name of this PDP.

eoxserver.services.auth.middleware module

class eoxserver.services.auth.middleware.PDPMiddleware

Bases: object

Middleware to allow authorization agains a Policy Decision Point. This middleware will be used for all requests and all configured views. If you only want to provide PDP authorization for a single view, use the pdp_protect.

process_view(request, view_func, view_args, view_kwargs)

Wrapper function for views that shall be protected by PDP authorization. This function can be used as a decorator of a view function, or as a modifier to be used in the url configuration file. e.g:

urlpatterns = patterns('',
    url(r'^ows', pdp_protect(ows)),

Module contents