Access Control
Robert Olson
olson at mcs.anl.gov
Tue Jan 28 19:06:41 CST 2003
Attached is a fairly complete design doc for the access control stuff. This
is now in place (in my copy of the code), and appears to work properly. The
actual RBAC implementation is not complete, but it will work for
user-list-based authorization:
from AccessGrid.hosting import access_control
from AccessGrid.hosting.pyGlobus import ServiceBase
class C(ServiceBase.ServiceBase):
def meth(self, x):
print "Got meth: ", x
sm = access_control.GetSecurityManager()
print "Executing as subject name: ", sm.GetSubject()
ident = "/O=Grid/OU=Access Grid/OU=mcs.anl.gov/CN=Bob Olson"
if not sm.ValidateUser(ident):
raise Exception("Invalid user!")
return ('you sent', x)
meth.pass_connection_info = 0
meth.soap_export_as = "method"
Note that pass_connection_info no longer needed - the user information is
obtainable by calling sm.GetSubject().
Merging the new hosting code into CVS will require ensuring that we have a
coherent view of what pyGlobus to be using; I had to install some patches
into pyGlobus.io in order to make some of this work (the code relating to
supporting different certificates). I need to work on that when I'm not
tired :-). I worry about the latest LBL CVS verison of pyGlobus, as it
still has some code in the GASS part of the library that will end up with
corrupted data structures (pyGlobus bugzilla bug #4).
--bob
--bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: access-control.doc
Type: application/msword
Size: 69120 bytes
Desc: not available
URL: <http://lists.mcs.anl.gov/pipermail/ag-dev/attachments/20030128/b5694599/attachment.doc>
More information about the ag-dev
mailing list