def index(req):
items = []
create_form = CreateForm()
edit_form = EditForm(prefix='edit')
change_password_form = ChangePasswordForm()
meta = None
if req.zato.cluster_id and req.method == 'GET':
request = {
'cluster_id': req.zato.cluster_id,
'paginate': True,
'cur_page': req.GET.get('cur_page', 1)
}
data, meta = parse_response_data(
req.zato.client.invoke('zato.security.wss.get-list', request))
for item in data:
wss = WSSDefinition(item.id,
item.name,
item.is_active,
item.username,
None,
ZATO_WSS_PASSWORD_TYPES[item.password_type],
item.reject_empty_nonce_creat,
item.reject_stale_tokens,
item.reject_expiry_limit,
item.nonce_freshness_time,
password_type_raw=item.password_type)
items.append(wss)
return_data = {
'zato_clusters': req.zato.clusters,
'cluster_id': req.zato.cluster_id,
'search_form': req.zato.search_form,
'items': items,
'create_form': create_form,
'edit_form': edit_form,
'change_password_form': change_password_form,
'paginate': True,
'meta': meta,
'req': req,
}
return TemplateResponse(req, 'zato/security/wss.html', return_data)
def handle(self):
input = self.request.input
with closing(self.odb.session()) as session:
cluster = session.query(Cluster).filter_by(
id=input.cluster_id).first()
# Let's see if we already have a definition of that name before committing
# any stuff into the database.
existing_one = session.query(WSSDefinition).\
filter(Cluster.id==input.cluster_id).\
filter(WSSDefinition.name==input.name).first()
if existing_one:
raise Exception(
'WS-Security definition [{0}] already exists on this cluster'
.format(input.name))
password = uuid4().hex
try:
wss = WSSDefinition(None, input.name, input.is_active,
input.username, password,
input.password_type,
input.reject_empty_nonce_creat,
input.reject_stale_tokens,
input.reject_expiry_limit,
input.nonce_freshness_time, cluster)
session.add(wss)
session.commit()
except Exception:
self.logger.error('WSS definition could created, e:`{}`',
format_exc())
session.rollback()
raise
else:
input.id = wss.id
input.action = SECURITY.WSS_CREATE.value
input.password = password
input.sec_type = SEC_DEF_TYPE.WSS
self.broker_client.publish(self.request.input)
self.response.payload.id = wss.id
self.response.payload.name = input.name
def handle(self):
input = self.request.input
with closing(self.odb.session()) as session:
cluster = session.query(Cluster).filter_by(
id=input.cluster_id).first()
# Let's see if we already have a definition of that name before committing
# any stuff into the database.
existing_one = session.query(WSSDefinition).\
filter(Cluster.id==input.cluster_id).\
filter(WSSDefinition.name==input.name).first()
if existing_one:
raise Exception(
'WS-Security definition [{0}] already exists on this cluster'
.format(input.name))
password = uuid4().hex
try:
wss = WSSDefinition(None, input.name, input.is_active,
input.username, password,
input.password_type,
input.reject_empty_nonce_creat,
input.reject_stale_tokens,
input.reject_expiry_limit,
input.nonce_freshness_time, cluster)
session.add(wss)
session.commit()
except Exception, e:
msg = "Could not create a WS-Security definition, e:[{e}]".format(
e=format_exc(e))
self.logger.error(msg)
session.rollback()
raise
else:
def index(req):
items = []
create_form = CreateForm()
edit_form = EditForm(prefix='edit')
change_password_form = ChangePasswordForm()
if req.zato.cluster_id and req.method == 'GET':
for item in req.zato.client.invoke(
'zato.security.wss.get-list',
{'cluster_id': req.zato.cluster_id}):
wss = WSSDefinition(item.id,
item.name,
item.is_active,
item.username,
None,
ZATO_WSS_PASSWORD_TYPES[item.password_type],
item.reject_empty_nonce_creat,
item.reject_stale_tokens,
item.reject_expiry_limit,
item.nonce_freshness_time,
password_type_raw=item.password_type)
items.append(wss)
return_data = {
'zato_clusters': req.zato.clusters,
'cluster_id': req.zato.cluster_id,
'choose_cluster_form': req.zato.choose_cluster_form,
'items': items,
'create_form': create_form,
'edit_form': edit_form,
'change_password_form': change_password_form
}
return TemplateResponse(req, 'zato/security/wss.html', return_data)
def add_ping_services(self, session, cluster):
""" Adds a ping service and channels, with and without security checks.
"""
passwords = {
'ping.plain_http.basic_auth': None,
'ping.soap.basic_auth': None,
'ping.soap.wss.clear_text': None,
}
for password in passwords:
passwords[password] = uuid4().hex
ping_impl_name = 'zato.server.service.internal.Ping'
ping_service_name = 'zato.ping'
ping_service = Service(None, ping_service_name, True, ping_impl_name, True, cluster)
session.add(ping_service)
#
# .. no security ..
#
# TODO
# Change it to /zato/json/ping
# and add an actual /zato/ping with no data format specified.
ping_no_sec_channel = HTTPSOAP(
None, 'zato.ping', True, True, 'channel',
'plain_http', None, '/zato/ping', None, '', None, SIMPLE_IO.FORMAT.JSON, service=ping_service, cluster=cluster)
session.add(ping_no_sec_channel)
#
# All the possible options
#
# Plain HTTP / Basic auth
# SOAP / Basic auth
# SOAP / WSS / Clear text
#
transports = ['plain_http', 'soap']
wss_types = ['clear_text']
for transport in transports:
if transport == 'plain_http':
data_format = SIMPLE_IO.FORMAT.JSON
else:
data_format = SIMPLE_IO.FORMAT.XML
base_name = 'ping.{0}.basic_auth'.format(transport)
zato_name = 'zato.{0}'.format(base_name)
url = '/zato/{0}'.format(base_name)
soap_action, soap_version = (zato_name, '1.1') if transport == 'soap' else ('', None)
password = passwords[base_name]
sec = HTTPBasicAuth(None, zato_name, True, zato_name, 'Zato ping', password, cluster)
session.add(sec)
channel = HTTPSOAP(
None, zato_name, True, True, 'channel', transport, None, url, None, soap_action,
soap_version, data_format, service=ping_service, security=sec, cluster=cluster)
session.add(channel)
if transport == 'soap':
for wss_type in wss_types:
base_name = 'ping.{0}.wss.{1}'.format(transport, wss_type)
zato_name = 'zato.{0}'.format(base_name)
url = '/zato/{0}'.format(base_name)
password = passwords[base_name]
sec = WSSDefinition(None, zato_name, True, zato_name, password, wss_type, False, True, 3600, 3600, cluster)
session.add(sec)
channel = HTTPSOAP(
None, zato_name, True, True, 'channel', transport, None, url, None, soap_action,
soap_version, data_format, service=ping_service, security=sec, cluster=cluster)
session.add(channel)
