根据我的研究和最好的猜测,我已经设法在spyne应用程序中配置wsse auth到了一定程度,但我不确定我所做的是在spyne中实现wsse user和pass auth的最佳实践还是规定的方法。你知道吗
用户密码_授权地址:
secret_username = 'test_username'
secret_password = 'test_password' # TODO: define these and decide where to store
# (there is only one correct username and password for my application)
from spyne import ComplexModel, Unicode, fault
wsse = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
class UsernameToken(ComplexModel):
__namespace__ = wsse
Username = Unicode()
Password = Unicode()
class Security(ComplexModel):
__namespace__ = wsse
UsernameToken = UsernameToken.customize()
def validate_user_pass(in_header):
if not in_header:
raise fault.Fault(faultstring='No WSSE Security tag in header.')
elif isinstance(in_header, Security):
username_token = in_header.UsernameToken
if not isinstance(username_token, UsernameToken):
raise fault.Fault(faultstring='No WSSE UsernameToken tag in header.')
user = username_token.Username
password = username_token.Password
if not isinstance(user, str):
raise fault.Fault(faultstring='No WSSE Username tag in header.')
elif not isinstance(password, str):
raise fault.Fault(faultstring='No WSSE Password tag in header.')
elif user != secret_username or password != secret_password:
raise fault.Fault(faultstring='Invalid Username and/or Password')
我的服务定义如下:
class ConsumeAvailabilityConf(ServiceBase):
"""Spyne service definition"""
__in_header__ = Security
@rpc(Availability_Conf_Message,
_returns=None,
_out_message_name='ConsumeAvailabilityConfOPResponse',
_in_message_name='Availability_Conf_Message',
_body_style='bare',
)
def ConsumeAvailabilityConfOP(ctx, message):
validate_user_pass(ctx.in_header)
# do more stuff here
这样做的意义是,只有包含正确的用户名和密码,SOAP请求才会成功,请求者将收到一条信息性的faultstring
,告诉他们做错了什么。然而,这感觉有点粗糙和肮脏,我想知道是否有一些现有的约定a)验证头中的安全性和UsernameToken标记,B)在必要时返回适当的错误或错误?我找不到详细的文件,所以任何帮助都非常感谢。你知道吗
目前没有回答
相关问题 更多 >
编程相关推荐