[Twisted-Python] Light-est-weight http authentication
Brad Milne
brad.milne at devx.runthered.com
Wed Feb 10 13:09:42 MST 2010
Haha, resolved now. Previously my setup wasn't sensitive to a missing
trailing slash on my PUT and POSTs, but now it is. I don't know why, but at
least it's solvable.
Thanks for the help
Brad
On 11 February 2010 08:59, Brad Milne <brad.milne at devx.runthered.com> wrote:
> End of trace is:
> File "C:\Python26\lib\site-packages\twisted\web\resource.py", line 189,
> in render
> raise UnsupportedMethod(getattr(self, 'allowedMethods', ()))
> twisted.web.server.UnsupportedMethod: ()
>
> On 11 February 2010 08:20, Brad Milne <brad.milne at devx.runthered.com>wrote:
>
>> Thanks. I had actually already found your page and you're right, it does
>> seem to be the best resource out there. Since your email I've had a second
>> look at it, as initially I wasn't sure how to use the example to return a
>> web resource (handler with render_GET etc) in place of the file you
>> returned. Turns out it wasn't actually too bad, and looks something like:
>>
>> {code}
>>
>> from zope.interface import implements
>>
>> from twisted.cred.portal import IRealm, Portal
>> from twisted.cred.checkers import FilePasswordDB
>> from twisted.web.static import File
>>
>> from twisted.web.resource import IResource
>>
>> from twisted.web.guard import HTTPAuthSessionWrapper, DigestCredentialFactory
>>
>> def secureServer():
>> class PublicHTMLRealm(object):
>> implements(IRealm)
>>
>> def requestAvatar(self, avatarId, mind, *interfaces):
>>
>>
>> if IResource in interfaces:
>> return (IResource, WebResource(), lambda: None)
>> raise NotImplementedError()
>>
>> portal = Portal(PublicHTMLRealm(), [FilePasswordDB('httpd.password')])
>>
>>
>> credentialFactory = BasicCredentialFactory("MyRealm")
>> rsrc = HTTPAuthSessionWrapper(portal, [credentialFactory])
>>
>> return rsrc
>>
>> class WebResource(resource.Resource):
>> def __init__():
>>
>>
>> ....
>>
>> def getChild(self, path, request):
>> if path == self.expected:
>> return ValidHandler()
>> else:
>> return InvalidUrlHandler()
>>
>> # Create server
>> my_server = secureServer(...)
>>
>>
>> site = server.Site(my_server)
>>
>> {code}
>>
>> This has worked great so far where ValidHandler contains a render_GET, but
>> when calling a POST or PUT on handler that has render_POST or render_PUT
>> using this technique returns a message which I think is Method Not Allowed
>> (on the train right now, so don't have in front of me, sorry). Is there a
>> better way to form the above to prevent this?
>>
>> Thanks again
>> Brad
>>
>> On 9 February 2010 10:02, <exarkun at twistedmatrix.com> wrote:
>> ...
>>
>> It's definitely true that there isn't a lot of documentation for Guard.
>>> I've written up something, though (which hopefully will soon be included in
>>> Twisted itself, to make it easier to find), which I think will get you up to
>>> speed on using Guard pretty quickly:
>>>
>>> http://jcalderone.livejournal.com/53074.html
>>>
>>> The final example, which sets up an actual Twisted Web server protected
>>> by digest auth (basic is even easier), only takes 16 lines.
>>>
>>> If that's still not to your liking, then you can always fall back to the
>>> much more tedious, much less elegant, request.getUsername() and
>>> request.getPassword() approach. :) You'll have to rely on the API docs for
>>> that approach, though, as far as I know there are no prose-style
>>> introductions for it.
>>>
>> ...
>>
>>>
>>> Jean-Paul
>>>
>>>
>>> _______________________________________________
>>> Twisted-Python mailing list
>>> Twisted-Python at twistedmatrix.com
>>> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20100211/450bf268/attachment.html>
More information about the Twisted-Python
mailing list