App¶
The entire functionality has to be bundlet at one point. This is the App class. The App class reads in the command line arguments, reads the configuration, creates the ServiceProxy objects, connects them with the OidcHandler, starts the cherrypy instance and coordinates the application flow.
argparse¶
Our proxy should run on clients without a graphical user interface. Therefore, every startup option must be given on the command line. For command line arguments we use Python native module argparse ([argparse]). This way, users can display all recognized command line parameters with –help, and the order of the command line arguments are not relevant. We provide the following options:
-c / –config-file to specify the configuration file
–print-sample-config to print a default configuration
–print-samle-ac to print a default rule, policy and policy set
–add-provider in combination with –client-id and –client-secret to add a OpenID connect provider without dynamic registration
-d / –daemonize to start ARPOC as a daemon
–check-ac to do some checks on the defined access control entities.
CherryPy¶
A reverse proxy is not different to a normal webserver in tasks like session handling, listening on ports or parsing HTTP requests. The only difference is that the objects it serves are not files or outputs of applications on the server but the output of another webserver. For all tasks of a normal HTTP server we use cherrypy ([cherrypy]). Cherrypy is “a minimalist python web framework” ([cherrypy]). To increase the security of our application, we run the webserver with reduced privileges. We do this by using the dropprivileges plugin ([cherrypy_dropprivileges]). Also the use case for our webserver is to run as a daemon. This is done with the daemonizer plugin ([cherrypy_daemonizer]). After parsing the requests the request must handled by the application. The connector between CherryPy and the application is the dispatcher. Based on the requested URL the dispatcher selects and calls a method of an object. We used the RoutesDispatcher ([cherrypy_routes]) that selects the methods based on matches with regular expressions. For every service an instance of a ServiceProxy (todo: link) class is created, likewise for special pages.