[Zope3-checkins]
SVN: Zope3/branches/mgedmin-security/src/zope/security/
Updated zope.security README and code example to deal with
interactions and
Marius Gedminas
marius at pov.lt
Thu May 13 12:02:09 EDT 2004
Log message for revision 24627:
Updated zope.security README and code example to deal with interactions and
participations.
-=-
Modified: Zope3/branches/mgedmin-security/src/zope/security/examples/sandbox.py
===================================================================
--- Zope3/branches/mgedmin-security/src/zope/security/examples/sandbox.py 2004-05-13 15:32:07 UTC (rev 24626)
+++ Zope3/branches/mgedmin-security/src/zope/security/examples/sandbox.py 2004-05-13 16:02:08 UTC (rev 24627)
@@ -225,6 +225,9 @@
def setupAgent(self, agent):
pass
+ def teardownAgent(self, agent):
+ pass
+
def turn(self):
global _homes
@@ -241,12 +244,13 @@
a._action.__name__)
print e
print
+ self.teardownAgent(a)
agents = filter(WanderLust, agents)
for a in agents:
+ self.setupAgent(a)
try:
- self.setupAgent(a)
home = a.getHome()
new_home = GreenerPastures(a)
home.transportAgent(a, new_home)
@@ -255,7 +259,9 @@
print 'moving "%s" from "%s" to "%s"' %(a, h,` new_home`)
print e
print
+ self.teardownAgent(a)
+
def WanderLust(agent):
""" is agent ready to move """
if int(whrandom.random()*100) <= 30:
Modified: Zope3/branches/mgedmin-security/src/zope/security/examples/sandbox_security.py
===================================================================
--- Zope3/branches/mgedmin-security/src/zope/security/examples/sandbox_security.py 2004-05-13 15:32:07 UTC (rev 24626)
+++ Zope3/branches/mgedmin-security/src/zope/security/examples/sandbox_security.py 2004-05-13 16:02:08 UTC (rev 24627)
@@ -29,8 +29,8 @@
$Id: sandbox_security.py,v 1.10 2004/03/05 22:09:33 jim Exp $
"""
import sandbox
-from zope.security.interfaces import ISecurityPolicy
-from zope.security import checker, management
+from zope.security.interfaces import ISecurityPolicy, IParticipation
+from zope.security import checker, management, simpleinteraction
from zope.interface import implements
@@ -81,9 +81,10 @@
implements(ISecurityPolicy)
- def checkPermission(self, permission, object, context):
+ createInteraction = staticmethod(simpleinteraction.createInteraction)
+
+ def checkPermission(self, permission, object, interaction):
"""See zope.security.interfaces.ISecurityPolicy"""
- token = context.user.getAuthenticationToken()
home = object.getHome()
db = getattr(SimulationSecurityDatabase, home.getId(), None)
@@ -94,13 +95,32 @@
if permission in allowed or ALL in allowed:
return True
- allowed = db.get(token, ())
- if permission in allowed:
- return True
+ if interaction is None:
+ return False
+ if not interaction.participations:
+ return False
+ for participation in interaction.participations:
+ token = participation.principal.getAuthenticationToken()
+ allowed = db.get(token, ())
+ if permission not in allowed:
+ return False
- return False
+ return True
+class AgentParticipation:
+ """Agent Participation during the Simulation.
+
+ A very simple participation that is specific to the simulations.
+ """
+
+ implements(IParticipation)
+
+ def __init__(self, agent):
+ self.principal = agent
+ self.interaction = None
+
+
def PermissionMapChecker(permissions_map={}, setattr_permission_func=NoSetAttr):
"""Create a checker from using the 'permission_map.'"""
res = {}
@@ -159,10 +179,15 @@
sandbox.Sandbox.addAgent = addAgent
def setupAgent(self, agent):
- management.newSecurityManager(agent)
+ management.newInteraction(AgentParticipation(agent))
sandbox.TimeGenerator.setupAgent = setupAgent
+ def teardownAgent(self, agent):
+ management.endInteraction()
+
+ sandbox.TimeGenerator.teardownAgent = teardownAgent
+
def GreenerPastures(agent):
""" where do they want to go today """
import whrandom
Modified: Zope3/branches/mgedmin-security/src/zope/security/readme.txt
===================================================================
--- Zope3/branches/mgedmin-security/src/zope/security/readme.txt 2004-05-13 15:32:07 UTC (rev 24626)
+++ Zope3/branches/mgedmin-security/src/zope/security/readme.txt 2004-05-13 16:02:08 UTC (rev 24627)
@@ -28,26 +28,17 @@
objects. Attribute names are mapped onto permission names when
checking access and the implementation of the security check is
defined by the security policy, which receives the object, the
- permission name, and a context.
+ permission name, and an interaction.
- Security contexts are containers of transient information such as
- the current principal and the context stack.
+ Interactions are objects that represent the use of the system by
+ one or more principals. An interaction contains a list of
+ participations, which represents the way a single principal
+ participates in the interaction. An HTTP request is one example
+ of a participation.
- To explain the concept and usage of the context stack, a little
- background into the design influences of the default Zope policy
- is needed, namely the Java language security model. Within the
- base language, code is associated with identifiers. I.e. this code
- came from "Joe Schmoe", and another code archive comes signed from
- Verisign. When executing restricted code, it's important access
- is checked not only for the code currently executing but for the
- entire call/context stack (unless explicitly short-circuited).
- I.e. if Joe Schmoe's code does haven't access to the filesystem,
- but if the Verisign code does, Joe's code could circumvent the
- security policy by accessing the filesystem via the Verisign code.
-
Its important to keep in mind that the policy provided is just a
default, and it can be substituted with one which doesn't care
- about principals or context stacks at all.
+ about principals or interactions at all.
Framework Components
@@ -81,24 +72,23 @@
Security Management
- Provides accessors for setting up security manager and global
+ Provides accessors for setting up interactions and global
security policy.
- Security Context
+ Interaction
- Stores transient information on the current principal and the
- context stack.
+ Stores transient information on the list of participations.
- Security Manager
+ Participation
- Manages security context (execution stack) and delegates
- permission checks to security policy.
+ Stores information about a principal participating in the
+ interaction.
Security Policy
Provides a single method that accepts the object, the
- permission, and the context of the access being checked and is
- used to implement the application logic for the security
+ permission, and the interaction of the access being checked
+ and is used to implement the application logic for the security
framework.
Narrative (agent sandbox)
@@ -117,7 +107,7 @@
home to home randomly.
The agent simulation was constructed separately from any
- security aspects. now we want to define and integrate a
+ security aspects. Now we want to define and integrate a
security model into the simulation. The full code for the
simulation and the security model is available separately; we
present only relevant code snippets here for illustration as we
@@ -162,8 +152,7 @@
proxy wrappers to automatically check security.
- inserting hooks into the original simulation to register the
- agents as the active principal within a security manager's
- context....
+ agents as the active principal in an interaction.
Defining Permission Model
@@ -226,27 +215,42 @@
class SimulationSecurityPolicy:
- __implements__ = ISecurityPolicy
+ implements(ISecurityPolicy)
- def checkPermission(self, permission, object, context):
+ createInteraction = staticmethod(simpleinteraction.createInteraction)
- token = context.user.getAuthenticationToken()
- home = object.getHome()
- db = getattr(SimulationSecurityDatabase, home.getId(), None)
+ def checkPermission(self, permission, object, interaction):
- if db is None:
- return False
+ home = object.getHome()
+ db = getattr(SimulationSecurityDatabase, home.getId(), None)
- allowed = db.get('any', ())
- if permission in allowed or ALL in allowed:
- return True
+ if db is None:
+ return False
- allowed = db.get(token, ())
- if permission in allowed:
- return True
+ allowed = db.get('any', ())
+ if permission in allowed or ALL in allowed:
+ return True
- return False
+ if interaction is None:
+ return False
+ if not interaction.participations:
+ return False
+ for participation in interaction.participations:
+ token = participation.principal.getAuthenticationToken()
+ allowed = db.get(token, ())
+ if permission not in allowed:
+ return False
+ return True
+
+ There are no specific requirements for the interaction class, so we
+ can just use zope.security.simpleinteraction.Interaction.
+
+ Since an interaction can have more than one principal, we check that
+ *all* of them are given the necessary permission. This is not really
+ necessary since we only create interactions with a single active
+ principal.
+
There is some additional code present to allow for shortcuts in
defining the permission database when defining permissions for
all auth groups and all permissions.
@@ -271,13 +275,13 @@
create custom security policies at a finer grained than global,
but such is left as an exercise for the reader.
- Security Manager Access
+ Interaction Access
- The *default* implementation of the security management
- interfaces defines security managers on a per thread basis with
+ The *default* implementation of the interaction management
+ interfaces defines interactions on a per thread basis with
a function for an accessor. This model is not appropriate for
- all systems, as it restricts one to a single active user per
- thread at any given moment. Reimplementing the manager access
+ all systems, as it restricts one to a single active interaction per
+ thread at any given moment. Reimplementing the interaction access
methods though is easily doable and is noted here for
completeness.
@@ -315,3 +319,6 @@
Kapil Thangavelu <hazmat at objectrealms.net>
Guido Wesdorp <guido at infrae.com>
+
+ Marius Gedminas <marius at pov.lt>
+
More information about the Zope3-Checkins
mailing list