def add_role(self, realm, config): self.log.debug( 'CrossbarRouterFactory.add_role(realm="{realm}", config={config})', realm=realm, config=config) assert (type(realm) == str) assert (realm in self._routers) router = self._routers[realm] uri = config['name'] if 'permissions' in config: role = RouterRoleStaticAuth(router, uri, config['permissions']) elif 'authorizer' in config: role = RouterRoleDynamicAuth(router, uri, config['authorizer']) else: allow_by_default = config.get('allow-by-default', False) role = RouterRole(router, uri, allow_by_default=allow_by_default) router.add_role(role)
def setUp(self): """ Setup router and router session factories. """ # create a router factory self.router_factory = RouterFactory() # start a realm self.router_factory.start_realm(RouterRealm(None, {u'name': u'realm1'})) # allow everything permissions = RouterPermissions('', True, True, True, True, True) router = self.router_factory.get(u'realm1') router.add_role( RouterRoleStaticAuth(router, None, default_permissions=permissions)) # create a router session factory self.session_factory = RouterSessionFactory(self.router_factory)
def test_start_router_component(self): """ Starting a class-based router component works. """ r = router.RouterWorkerSession(config=self.config, reactor=reactor) # Open the transport transport = FakeWAMPTransport(r) r.onOpen(transport) realm_config = { u"name": u"realm1", u'roles': [{u'name': u'anonymous', u'permissions': [{u'subscribe': True, u'register': True, u'call': True, u'uri': u'*', u'publish': True}]}] } r.start_router_realm(u"realm1", realm_config) permissions = RouterPermissions(u'', True, True, True, True, True) routera = r._router_factory.get(u'realm1') routera.add_role(RouterRoleStaticAuth(router, 'anonymous', default_permissions=permissions)) component_config = { u"type": u"class", u"classname": u"crossbar.worker.test.examples.goodclass.AppSession", u"realm": u"realm1" } r.start_router_component("newcomponent", component_config) self.assertEqual(len(r.get_router_components()), 1) self.assertEqual(r.get_router_components()[0]["id"], "newcomponent") self.assertEqual(len(_), 1) _.pop() # clear this global state
def add_realm_to_router(router_factory, session_factory, realm_name=u'default', realm_options={}): opts = dict(realm_options) opts.update({u'name': realm_name}) # start a realm realm = RouterRealm(None, opts) router = router_factory.start_realm(realm) extra = {} session_config = ComponentConfig(realm_name, extra) realm.session = RouterServiceSession(session_config, router) # allow everything default_permissions = { u'uri': u'', u'match': u'prefix', u'allow': { u'call': True, u'register': True, u'publish': True, u'subscribe': True } } router = router_factory.get(realm_name) router.add_role( RouterRoleStaticAuth(router, 'anonymous', default_permissions=default_permissions)) session_factory.add(realm.session, authrole=u'trusted') return router
def build_mqtt_server(): reactor = Clock() router_factory, server_factory, session_factory = make_router() add_realm_to_router(router_factory, session_factory) router = add_realm_to_router(router_factory, session_factory, realm_name=u'mqtt', realm_options={}) # allow everything default_permissions = { u'uri': u'', u'match': u'prefix', u'allow': { u'call': True, u'register': True, u'publish': True, u'subscribe': True } } router.add_role(RouterRoleStaticAuth(router, u'mqttrole', default_permissions=default_permissions)) class AuthenticatorSession(ApplicationSession): @inlineCallbacks def onJoin(self, details): def authenticate(realm, authid, details): if authid == u"test123": if details["ticket"] != u'password': raise ApplicationError(u'com.example.invalid_ticket', u'nope') res = { u'realm': u'mqtt', u'role': u'mqttrole', u'extra': {} } return res else: raise ApplicationError(u'com.example.no_such_user', u'nah') yield self.register(authenticate, u'com.example.auth') def tls(realm, authid, details): ACCEPTED_CERTS = set([u'95:1C:A9:6B:CD:8D:D2:BD:F4:73:82:01:55:89:41:12:9C:F8:AF:8E']) if 'client_cert' not in details['transport'] or not details['transport']['client_cert']: raise ApplicationError(u"com.example.no_cert", u"no client certificate presented") client_cert = details['transport']['client_cert'] sha1 = client_cert['sha1'] subject_cn = client_cert['subject']['cn'] if sha1 not in ACCEPTED_CERTS: raise ApplicationError(u"com.example.invalid_cert", u"certificate with SHA1 {} denied".format(sha1)) else: return { u'authid': subject_cn, u'role': u'mqttrole', u'realm': u'mqtt' } yield self.register(tls, u'com.example.tls') config = ComponentConfig(u"default", {}) authsession = AuthenticatorSession(config) session_factory.add(authsession, router, authrole=u"trusted") options = { u"options": { u"realm": u"mqtt", u"role": u"mqttrole", u"payload_mapping": { u"": { u"type": u"native", u"serializer": u"json" } }, u"auth": { u"ticket": { u"type": u"dynamic", u"authenticator": u"com.example.auth", u"authenticator-realm": u"default", }, u"tls": { u"type": u"dynamic", u"authenticator": u"com.example.tls", u"authenticator-realm": u"default", } } } } mqtt_factory = WampMQTTServerFactory(session_factory, options, reactor) server_factory._mqtt_factory = mqtt_factory return reactor, router, server_factory, session_factory