示例#1
0
    def fetch_derived_token(self, ezSecurityToken, targetApp,
                            excludedAuths=None, skipCache=False):
        """
        Used when an application receives an EzSecurityToken as part of it's
        API but needs to call another service that itself takes an
        EzSecurityToken.

        :param ezSecurityToken:
        :param targetApp:
        :param excludedAuths:
        :return:
        """

        # get the security id for target app (depending on if its a common
        # service or an application)
        dc = ServiceDiscoveryClient(self.zk_con_str)
        targetSecurityId = dc.get_security_id(targetApp)
        token_request = TokenRequest(
            self.appConfig.getSecurityID(),
            util.current_time_millis()
        )
        token_request.tokenPrincipal = ezSecurityToken
        token_request.targetSecurityId = targetSecurityId
        token_request.excludeAuthorizations = excludedAuths

        # look in the cache (and return immediately if in cache)
        dn = ezSecurityToken.tokenPrincipal.principal
        request_chain = ezSecurityToken.tokenPrincipal.requestChain
        cache_key = self._get_cache_key(ezSecurityToken.type, dn, excludedAuths, request_chain, targetSecurityId)
        if not skipCache:
            token = self.__get_from_cache(cache_key)
            if token:
                return token

        # get token (since it wasn't found in the cache)
        headers = {
            HTTP_HEADER_USER_INFO: dn,
            HTTP_HEADER_SIGNATURE: self._sign(dn)
        }
        request, signature = self.build_request(headers, targetApp, exclude_authorizations=excludedAuths)
        return self._request_token_and_store(request, signature, "derived", dn, cache_key)
示例#2
0
    def build_request(self, headers, target_app=None, token_type=TokenType.USER, exclude_authorizations=None):
        """
        Build a TokenRequest for the given information.
        @param target_app: the optional targetSecurityId
        @return: A TokenRequest for the request
        """
        token = TokenRequest(securityId=self.appConfig.getSecurityID(),
                             targetSecurityId=target_app,
                             timestamp=util.current_time_millis(),
                             type=token_type,
                             excludeAuthorizations=exclude_authorizations)
        token.targetSecurityId = target_app

        if token_type == TokenType.USER:
            token.proxyPrincipal = self.principal_from_request(headers)

        # generate signature
        if not self.mock:
            signature = self._sign(util.serialize_token_request(token))
        else:
            signature = ""

        return token, signature