[Twisted-Python] XMLRPC Authentication

Andrew Dalke dalke at dalkescientific.com
Sat Jun 7 19:50:59 EDT 2003

Justin Johnson:
 > I currently have a really simple xmlrpc service defined.  I'd like to 
> some authorization to the service so users must enter a user id and
> password to use the service.  Can this be done with creds?  Anybody 
> have
> any code snippets that would fit the service defined below (most code 
> is
> snipped out).  I read the HOWTO, but wasn't sure how to make things 
> work
> with what I'm doing.

I want to do something similar.  I looked at the code, and I think it
can do what I want, but I haven't tested it, and even after looking at
it for a while I'm still not certain.

There are two "normal" ways to do authentication for XML-RPC.  The first
is to pass the username/password in the request and the other is to use
HTTP authentication.

I prefer the latter.  I would do it by having a wrapper object around
the resource, which does the HTTP authentication and passes 
requests to the actual resource.  Looking at the code, the code that's
the closest fit is 'twisted.web.guard.ResourceGuard', but this doesn't
seem to work right.  I can't figure out how it validates the user 
the render method doesn't do anything with variables which look like
it might validate username/password information.

And that code is marked as "unstable".

Anyone else have better information?

					dalke at dalkescientific.com

More information about the Twisted-Python mailing list