def __call__(self, environ, start_response): ''' ''' self.debug('WSGI jsonserver_session.__call__:') # Redirect to login if no Kerberos credentials ccache_name = self.get_environ_creds(environ) if ccache_name is None: return self.need_login(start_response) # Store the ccache name in the per-thread context setattr(context, 'ccache_name', ccache_name) # This may fail if a ticket from wrong realm was handled via browser try: self.create_context(ccache=ccache_name) except ACIError as e: return self.unauthorized(environ, start_response, str(e), 'denied') try: response = super(jsonserver_session, self).__call__(environ, start_response) finally: destroy_context() return response
def __call__(self, environ, start_response): self.debug('KerberosWSGIExecutioner.__call__:') user_ccache = environ.get('KRB5CCNAME') self.headers = [('Content-Type', '%s; charset=utf-8' % self.content_type)] if user_ccache is None: status = HTTP_STATUS_SERVER_ERROR self.log.error( '%s: %s', status, 'KerberosWSGIExecutioner.__call__: ' 'KRB5CCNAME not defined in HTTP request environment') return self.marshal(None, CCacheError()) logout_cookie = getattr(context, 'logout_cookie', None) if logout_cookie: self.headers.append(('IPASESSION', logout_cookie)) try: self.create_context(ccache=user_ccache) response = super(KerberosWSGIExecutioner, self).__call__(environ, start_response) except PublicError as e: status = HTTP_STATUS_SUCCESS response = status.encode('utf-8') start_response(status, self.headers) return self.marshal(None, e) finally: destroy_context() return response
def __call__(self, environ, start_response): ''' ''' logger.debug('WSGI jsonserver_session.__call__:') # Redirect to login if no Kerberos credentials ccache_name = self.get_environ_creds(environ) if ccache_name is None: return self.need_login(start_response) # Store the ccache name in the per-thread context setattr(context, 'ccache_name', ccache_name) # This may fail if a ticket from wrong realm was handled via browser try: self.create_context(ccache=ccache_name) except ACIError as e: return self.unauthorized(environ, start_response, str(e), 'denied') except errors.DatabaseError as e: # account is disable but user has a valid ticket msg = str(e) if "account inactivated" in msg.lower(): return self.unauthorized(environ, start_response, str(e), "account disabled") else: return self.service_unavailable(environ, start_response, msg) try: response = super(jsonserver_session, self).__call__(environ, start_response) finally: destroy_context() return response
def __call__(self, environ, start_response): ''' ''' self.debug('WSGI xmlserver_session.__call__:') ccache_name = environ.get('KRB5CCNAME') # Redirect to /ipa/xml if no Kerberos credentials if ccache_name is None: self.debug('xmlserver_session.__call_: no ccache, need TGT') return self.need_login(start_response) # Redirect to /ipa/xml if Kerberos credentials are expired creds = get_credentials_if_valid(ccache_name=ccache_name) if not creds: self.debug('xmlserver_session.__call_: ccache expired, deleting session, need login') # The request is finished with the ccache, destroy it. return self.need_login(start_response) # Store the session data in the per-thread context setattr(context, 'ccache_name', ccache_name) try: response = super(xmlserver_session, self).__call__(environ, start_response) finally: destroy_context() return response
def __call__(self, environ, start_response): self.debug('KerberosWSGIExecutioner.__call__:') user_ccache=environ.get('KRB5CCNAME') object.__setattr__( self, 'headers', [('Content-Type', '%s; charset=utf-8' % self.content_type)] ) if user_ccache is None: status = HTTP_STATUS_SERVER_ERROR self.log.error( '%s: %s', status, 'KerberosWSGIExecutioner.__call__: ' 'KRB5CCNAME not defined in HTTP request environment') return self.marshal(None, CCacheError()) try: self.create_context(ccache=user_ccache) response = super(KerberosWSGIExecutioner, self).__call__( environ, start_response) except PublicError as e: status = HTTP_STATUS_SUCCESS response = status.encode('utf-8') start_response(status, self.headers) return self.marshal(None, e) finally: destroy_context() return response
def __call__(self, environ, start_response): ''' ''' logger.debug('WSGI xmlserver_session.__call__:') ccache_name = environ.get('KRB5CCNAME') # Redirect to /ipa/xml if no Kerberos credentials if ccache_name is None: logger.debug('xmlserver_session.__call_: no ccache, need TGT') return self.need_login(start_response) # Redirect to /ipa/xml if Kerberos credentials are expired creds = get_credentials_if_valid(ccache_name=ccache_name) if not creds: logger.debug('xmlserver_session.__call_: ccache expired, deleting ' 'session, need login') # The request is finished with the ccache, destroy it. return self.need_login(start_response) # Store the session data in the per-thread context setattr(context, 'ccache_name', ccache_name) try: response = super(xmlserver_session, self).__call__(environ, start_response) finally: destroy_context() return response
def __call__(self, environ, start_response): logger.debug('KerberosWSGIExecutioner.__call__:') user_ccache = environ.get('KRB5CCNAME') object.__setattr__( self, 'headers', [('Content-Type', '%s; charset=utf-8' % self.content_type)]) if user_ccache is None: status = HTTP_STATUS_SERVER_ERROR logger.error( '%s: %s', status, 'KerberosWSGIExecutioner.__call__: ' 'KRB5CCNAME not defined in HTTP request environment') return self.marshal(None, CCacheError()) try: self.create_context(ccache=user_ccache) response = super(KerberosWSGIExecutioner, self).__call__(environ, start_response) except PublicError as e: status = HTTP_STATUS_SUCCESS response = status.encode('utf-8') start_response(status, self.headers) return [self.marshal(None, e)] finally: destroy_context() return response
def __call__(self, environ, start_response): self.debug('KerberosWSGIExecutioner.__call__:') user_ccache=environ.get('KRB5CCNAME') headers = [('Content-Type', '%s; charset=utf-8' % self.content_type)] if user_ccache is None: status = HTTP_STATUS_SERVER_ERROR response_headers = [('Content-Type', 'text/html; charset=utf-8')] self.log.error( '%s: %s', status, 'KerberosWSGIExecutioner.__call__: ' 'KRB5CCNAME not defined in HTTP request environment') return self.marshal(None, CCacheError()) try: self.create_context(ccache=user_ccache) response = super(KerberosWSGIExecutioner, self).__call__( environ, start_response) session_data = getattr(context, 'session_data', None) if (session_data is None and self.env.context != 'lite'): self.finalize_kerberos_acquisition( 'xmlserver', user_ccache, environ, start_response, headers) except PublicError as e: status = HTTP_STATUS_SUCCESS response = status start_response(status, headers) return self.marshal(None, e) finally: destroy_context() return response
def __call__(self, environ, start_response): self.debug('KerberosWSGIExecutioner.__call__:') user_ccache = environ.get('KRB5CCNAME') headers = [('Content-Type', '%s; charset=utf-8' % self.content_type)] if user_ccache is None: status = HTTP_STATUS_SERVER_ERROR self.log.error( '%s: %s', status, 'KerberosWSGIExecutioner.__call__: ' 'KRB5CCNAME not defined in HTTP request environment') return self.marshal(None, CCacheError()) try: self.create_context(ccache=user_ccache) response = super(KerberosWSGIExecutioner, self).__call__(environ, start_response) session_data = getattr(context, 'session_data', None) if (session_data is None and self.env.context != 'lite'): self.finalize_kerberos_acquisition('xmlserver', user_ccache, environ, start_response, headers) except PublicError as e: status = HTTP_STATUS_SUCCESS response = status start_response(status, headers) return self.marshal(None, e) finally: destroy_context() return response
def __call__(self, environ, start_response): ''' ''' logger.debug('WSGI jsonserver_session.__call__:') # Redirect to login if no Kerberos credentials ccache_name = self.get_environ_creds(environ) if ccache_name is None: return self.need_login(start_response) # Store the ccache name in the per-thread context setattr(context, 'ccache_name', ccache_name) # This may fail if a ticket from wrong realm was handled via browser try: self.create_context(ccache=ccache_name) except ACIError as e: return self.unauthorized(environ, start_response, str(e), 'denied') try: response = super(jsonserver_session, self).__call__(environ, start_response) finally: destroy_context() return response
def execute(self, _name, *args, **options): try: if _name not in self.Command: raise CommandError(name=_name) return self.Command[_name](*args, **options) except PublicError: raise except Exception as e: logger.exception('non-public: %s: %s', e.__class__.__name__, str(e)) raise InternalError() finally: destroy_context()
def execute(self, _name, *args, **options): try: if _name not in self.Command: raise CommandError(name=_name) return self.Command[_name](*args, **options) except PublicError: raise except Exception as e: logger.exception( 'non-public: %s: %s', e.__class__.__name__, str(e) ) raise InternalError() finally: destroy_context()
def execute(self, _name, *args, **options): error = None try: if _name not in self.Command: raise CommandError(name=_name) result = self.Command[_name](*args, **options) except PublicError as e: error = e except Exception as e: self.exception('non-public: %s: %s', e.__class__.__name__, str(e)) error = InternalError() destroy_context() if error is None: return result assert isinstance(error, PublicError) raise error #pylint: disable=E0702
def execute(self, _name, *args, **options): error = None try: if _name not in self.Command: raise CommandError(name=_name) result = self.Command[_name](*args, **options) except PublicError as e: error = e except Exception as e: logger.exception( 'non-public: %s: %s', e.__class__.__name__, str(e) ) error = InternalError() destroy_context() if error is None: return result assert isinstance(error, PublicError) raise error #pylint: disable=E0702
def __call__(self, environ, start_response): ''' ''' self.debug('WSGI jsonserver_kerb.__call__:') user_ccache=environ.get('KRB5CCNAME') if user_ccache is None: self.internal_error(environ, start_response, 'jsonserver_kerb.__call__: KRB5CCNAME not defined in HTTP request environment') return self.marshal(None, CCacheError()) self.create_context(ccache=user_ccache) try: response = super(jsonserver_kerb, self).__call__(environ, start_response) finally: destroy_context() return response
def __call__(self, environ, start_response): ''' ''' self.debug('WSGI jsonserver_kerb.__call__:') user_ccache = environ.get('KRB5CCNAME') if user_ccache is None: self.internal_error( environ, start_response, 'jsonserver_kerb.__call__: KRB5CCNAME not defined in HTTP request environment' ) return self.marshal(None, CCacheError()) self.create_context(ccache=user_ccache) try: response = super(jsonserver_kerb, self).__call__(environ, start_response) finally: destroy_context() return response
def __call__(self, environ, start_response): ''' ''' self.debug('WSGI jsonserver_kerb.__call__:') user_ccache=environ.get('KRB5CCNAME') if user_ccache is None: self.internal_error(environ, start_response, 'jsonserver_kerb.__call__: KRB5CCNAME not defined in HTTP request environment') return self.marshal(None, CCacheError()) self.create_context(ccache=user_ccache) try: response = super(jsonserver_kerb, self).__call__(environ, start_response) if (getattr(context, 'session_data', None) is None and self.env.context != 'lite'): self.finalize_kerberos_acquisition('jsonserver', user_ccache, environ, start_response) finally: destroy_context() return response
def __call__(self, environ, start_response): ''' ''' self.debug('WSGI jsonserver_session.__call__:') ccache_name = environ.get('KRB5CCNAME') # Redirect to login if no Kerberos credentials if ccache_name is None: self.debug('no ccache, need login') return self.need_login(start_response) # Redirect to login if Kerberos credentials are expired creds = get_credentials_if_valid(ccache_name=ccache_name) if not creds: self.debug('ccache expired, deleting session, need login') # The request is finished with the ccache, destroy it. return self.need_login(start_response) # Store the ccache name in the per-thread context setattr(context, 'ccache_name', ccache_name) # This may fail if a ticket from wrong realm was handled via browser try: self.create_context(ccache=ccache_name) except ACIError as e: return self.unauthorized(environ, start_response, str(e), 'denied') try: response = super(jsonserver_session, self).__call__(environ, start_response) finally: destroy_context() return response
def __call__(self, environ, start_response): ''' ''' self.debug('WSGI xmlserver_session.__call__:') # Load the session data session_data = session_mgr.load_session_data(environ.get('HTTP_COOKIE')) session_id = session_data['session_id'] self.debug('xmlserver_session.__call__: session_id=%s start_timestamp=%s access_timestamp=%s expiration_timestamp=%s', session_id, fmt_time(session_data['session_start_timestamp']), fmt_time(session_data['session_access_timestamp']), fmt_time(session_data['session_expiration_timestamp'])) ccache_data = session_data.get('ccache_data') # Redirect to /ipa/xml if no Kerberos credentials if ccache_data is None: self.debug('xmlserver_session.__call_: no ccache, need TGT') return self.need_login(start_response) ipa_ccache_name = bind_ipa_ccache(ccache_data) # Redirect to /ipa/xml if Kerberos credentials are expired cc = KRB5_CCache(ipa_ccache_name) if not cc.valid(self.api.env.host, self.api.env.realm): self.debug('xmlserver_session.__call_: ccache expired, deleting session, need login') # The request is finished with the ccache, destroy it. release_ipa_ccache(ipa_ccache_name) return self.need_login(start_response) # Update the session expiration based on the Kerberos expiration endtime = cc.endtime(self.api.env.host, self.api.env.realm) self.update_session_expiration(session_data, endtime) # Store the session data in the per-thread context setattr(context, 'session_data', session_data) environ['KRB5CCNAME'] = ipa_ccache_name try: response = super(xmlserver_session, self).__call__(environ, start_response) finally: # Kerberos may have updated the ccache data during the # execution of the command therefore we need refresh our # copy of it in the session data so the next command sees # the same state of the ccache. # # However we must be careful not to restore the ccache # data in the session data if it was explicitly deleted # during the execution of the command. For example the # logout command removes the ccache data from the session # data to invalidate the session credentials. if session_data.has_key('ccache_data'): session_data['ccache_data'] = load_ccache_data(ipa_ccache_name) # The request is finished with the ccache, destroy it. release_ipa_ccache(ipa_ccache_name) # Store the session data. session_mgr.store_session_data(session_data) destroy_context() return response
self.internal_error(environ, start_response, 'xmlserver.__call__: KRB5CCNAME not defined in HTTP request environment') return self.marshal(None, CCacheError()) try: self.create_context(ccache=user_ccache) response = super(xmlserver, self).__call__(environ, start_response) if getattr(context, 'session_data', None) is None and \ self.env.context != 'lite': self.finalize_kerberos_acquisition('xmlserver', user_ccache, environ, start_response, headers) except PublicError, e: status = HTTP_STATUS_SUCCESS response = status start_response(status, headers) return self.marshal(None, e) finally: destroy_context() return response def listMethods(self, *params): return tuple(name.decode('UTF-8') for name in self.Command) def methodSignature(self, *params): return u'methodSignature not implemented' def methodHelp(self, *params): return u'methodHelp not implemented' def unmarshal(self, data): (params, name) = xml_loads(data) (args, options) = params_2_args_options(params) return (name, args, options, None)
def teardown_class(self): request.destroy_context()
class jsonserver_session(jsonserver, KerberosSession): """ JSON RPC server protected with session auth. """ key = '/session/json' def __init__(self): super(jsonserver_session, self).__init__() auth_mgr = AuthManagerKerb(self.__class__.__name__) session_mgr.auth_mgr.register(auth_mgr.name, auth_mgr) def _on_finalize(self): super(jsonserver_session, self)._on_finalize() self.kerb_session_on_finalize() def need_login(self, start_response): status = '401 Unauthorized' headers = [] response = '' self.debug('jsonserver_session: %s need login', status) start_response(status, headers) return [response] def __call__(self, environ, start_response): ''' ''' self.debug('WSGI jsonserver_session.__call__:') # Load the session data session_data = session_mgr.load_session_data( environ.get('HTTP_COOKIE')) session_id = session_data['session_id'] self.debug( 'jsonserver_session.__call__: session_id=%s start_timestamp=%s access_timestamp=%s expiration_timestamp=%s', session_id, fmt_time(session_data['session_start_timestamp']), fmt_time(session_data['session_access_timestamp']), fmt_time(session_data['session_expiration_timestamp'])) ccache_data = session_data.get('ccache_data') # Redirect to login if no Kerberos credentials if ccache_data is None: self.debug('no ccache, need login') return self.need_login(start_response) ipa_ccache_name = bind_ipa_ccache(ccache_data) # Redirect to login if Kerberos credentials are expired cc = KRB5_CCache(ipa_ccache_name) if not cc.valid(self.api.env.host, self.api.env.realm): self.debug('ccache expired, deleting session, need login') # The request is finished with the ccache, destroy it. release_ipa_ccache(ipa_ccache_name) return self.need_login(start_response) # Update the session expiration based on the Kerberos expiration endtime = cc.endtime(self.api.env.host, self.api.env.realm) self.update_session_expiration(session_data, endtime) # Store the session data in the per-thread context setattr(context, 'session_data', session_data) # This may fail if a ticket from wrong realm was handled via browser try: self.create_context(ccache=ipa_ccache_name) except ACIError, e: return self.unauthorized(environ, start_response, str(e), 'denied') try: response = super(jsonserver_session, self).__call__(environ, start_response) finally: # Kerberos may have updated the ccache data during the # execution of the command therefore we need refresh our # copy of it in the session data so the next command sees # the same state of the ccache. # # However we must be careful not to restore the ccache # data in the session data if it was explicitly deleted # during the execution of the command. For example the # logout command removes the ccache data from the session # data to invalidate the session credentials. if session_data.has_key('ccache_data'): session_data['ccache_data'] = load_ccache_data(ipa_ccache_name) # The request is finished with the ccache, destroy it. release_ipa_ccache(ipa_ccache_name) # Store the session data. session_mgr.store_session_data(session_data) destroy_context() return response
def __call__(self, environ, start_response): ''' ''' self.debug('WSGI jsonserver_session.__call__:') # Load the session data session_data = session_mgr.load_session_data(environ.get('HTTP_COOKIE')) session_id = session_data['session_id'] self.debug('jsonserver_session.__call__: session_id=%s start_timestamp=%s access_timestamp=%s expiration_timestamp=%s', session_id, fmt_time(session_data['session_start_timestamp']), fmt_time(session_data['session_access_timestamp']), fmt_time(session_data['session_expiration_timestamp'])) ccache_data = session_data.get('ccache_data') # Redirect to login if no Kerberos credentials if ccache_data is None: self.debug('no ccache, need login') return self.need_login(start_response) ipa_ccache_name = bind_ipa_ccache(ccache_data) # Redirect to login if Kerberos credentials are expired creds = get_credentials_if_valid(ccache_name=ipa_ccache_name) if not creds: self.debug('ccache expired, deleting session, need login') # The request is finished with the ccache, destroy it. release_ipa_ccache(ipa_ccache_name) return self.need_login(start_response) # Update the session expiration based on the Kerberos expiration endtime = creds.lifetime + time.time() self.update_session_expiration(session_data, endtime) # Store the session data in the per-thread context setattr(context, 'session_data', session_data) # This may fail if a ticket from wrong realm was handled via browser try: self.create_context(ccache=ipa_ccache_name) except ACIError as e: return self.unauthorized(environ, start_response, str(e), 'denied') try: response = super(jsonserver_session, self).__call__(environ, start_response) finally: # Kerberos may have updated the ccache data during the # execution of the command therefore we need refresh our # copy of it in the session data so the next command sees # the same state of the ccache. # # However we must be careful not to restore the ccache # data in the session data if it was explicitly deleted # during the execution of the command. For example the # logout command removes the ccache data from the session # data to invalidate the session credentials. if 'ccache_data' in session_data: session_data['ccache_data'] = load_ccache_data(ipa_ccache_name) # The request is finished with the ccache, destroy it. release_ipa_ccache(ipa_ccache_name) # Store the session data. session_mgr.store_session_data(session_data) destroy_context() return response
def __call__(self, environ, start_response): self.debug('WSGI wsgi_dispatch.__call__:') try: return self.route(environ, start_response) finally: destroy_context()
def tearDown(self): """ nose tear-down fixture. """ request.destroy_context()
def fin(): ipa_request.destroy_context()
try: self.create_context(ccache=user_ccache) response = super(KerberosWSGIExecutioner, self).__call__(environ, start_response) session_data = getattr(context, 'session_data', None) if (session_data is None and self.env.context != 'lite'): self.finalize_kerberos_acquisition('xmlserver', user_ccache, environ, start_response, headers) except PublicError, e: status = HTTP_STATUS_SUCCESS response = status start_response(status, headers) return self.marshal(None, e) finally: destroy_context() return response class xmlserver(KerberosWSGIExecutioner): """ Execution backend plugin for XML-RPC server. Also see the `ipalib.rpc.xmlclient` plugin. """ content_type = 'text/xml' key = '/xml' def listMethods(self, *params): """list methods for XML-RPC introspection"""
def destroy_context(self): destroy_context()
def teardown_class(cls): request.destroy_context()
def __call__(self, environ, start_response): ''' ''' self.debug('WSGI xmlserver_session.__call__:') # Load the session data session_data = session_mgr.load_session_data( environ.get('HTTP_COOKIE')) session_id = session_data['session_id'] self.debug( 'xmlserver_session.__call__: session_id=%s start_timestamp=%s access_timestamp=%s expiration_timestamp=%s', session_id, fmt_time(session_data['session_start_timestamp']), fmt_time(session_data['session_access_timestamp']), fmt_time(session_data['session_expiration_timestamp'])) ccache_data = session_data.get('ccache_data') # Redirect to /ipa/xml if no Kerberos credentials if ccache_data is None: self.debug('xmlserver_session.__call_: no ccache, need TGT') return self.need_login(start_response) ipa_ccache_name = bind_ipa_ccache(ccache_data) # Redirect to /ipa/xml if Kerberos credentials are expired cc = KRB5_CCache(ipa_ccache_name) if not cc.valid(self.api.env.host, self.api.env.realm): self.debug( 'xmlserver_session.__call_: ccache expired, deleting session, need login' ) # The request is finished with the ccache, destroy it. release_ipa_ccache(ipa_ccache_name) return self.need_login(start_response) # Update the session expiration based on the Kerberos expiration endtime = cc.endtime(self.api.env.host, self.api.env.realm) self.update_session_expiration(session_data, endtime) # Store the session data in the per-thread context setattr(context, 'session_data', session_data) environ['KRB5CCNAME'] = ipa_ccache_name try: response = super(xmlserver_session, self).__call__(environ, start_response) finally: # Kerberos may have updated the ccache data during the # execution of the command therefore we need refresh our # copy of it in the session data so the next command sees # the same state of the ccache. # # However we must be careful not to restore the ccache # data in the session data if it was explicitly deleted # during the execution of the command. For example the # logout command removes the ccache data from the session # data to invalidate the session credentials. if session_data.has_key('ccache_data'): session_data['ccache_data'] = load_ccache_data(ipa_ccache_name) # The request is finished with the ccache, destroy it. release_ipa_ccache(ipa_ccache_name) # Store the session data. session_mgr.store_session_data(session_data) destroy_context() return response
def __call__(self, environ, start_response): logger.debug('WSGI wsgi_dispatch.__call__:') try: return self.route(environ, start_response) finally: destroy_context()
def __call__(self, environ, start_response): ''' ''' self.debug('WSGI jsonserver_session.__call__:') # Load the session data session_mgr = get_session_mgr() session_data = session_mgr.load_session_data( environ.get('HTTP_COOKIE')) session_id = session_data['session_id'] self.debug( 'jsonserver_session.__call__: session_id=%s start_timestamp=%s access_timestamp=%s expiration_timestamp=%s', session_id, fmt_time(session_data['session_start_timestamp']), fmt_time(session_data['session_access_timestamp']), fmt_time(session_data['session_expiration_timestamp'])) ccache_data = session_data.get('ccache_data') # Redirect to login if no Kerberos credentials if ccache_data is None: self.debug('no ccache, need login') return self.need_login(start_response) ipa_ccache_name = bind_ipa_ccache(ccache_data) # Redirect to login if Kerberos credentials are expired creds = get_credentials_if_valid(ccache_name=ipa_ccache_name) if not creds: self.debug('ccache expired, deleting session, need login') # The request is finished with the ccache, destroy it. release_ipa_ccache(ipa_ccache_name) return self.need_login(start_response) # Update the session expiration based on the Kerberos expiration endtime = creds.lifetime + time.time() self.update_session_expiration(session_data, endtime) # Store the session data in the per-thread context setattr(context, 'session_data', session_data) # This may fail if a ticket from wrong realm was handled via browser try: self.create_context(ccache=ipa_ccache_name) except ACIError as e: return self.unauthorized(environ, start_response, str(e), 'denied') try: response = super(jsonserver_session, self).__call__(environ, start_response) finally: # Kerberos may have updated the ccache data during the # execution of the command therefore we need refresh our # copy of it in the session data so the next command sees # the same state of the ccache. # # However we must be careful not to restore the ccache # data in the session data if it was explicitly deleted # during the execution of the command. For example the # logout command removes the ccache data from the session # data to invalidate the session credentials. if 'ccache_data' in session_data: session_data['ccache_data'] = load_ccache_data(ipa_ccache_name) # The request is finished with the ccache, destroy it. release_ipa_ccache(ipa_ccache_name) # Store the session data. session_mgr.store_session_data(session_data) destroy_context() return response