[Twisted-Python] Is it necessary to utilize twisted.cred in twisted web?

biziap biziap fetbiz at gmail.com
Tue Oct 6 03:18:55 EDT 2009

Dear phil
> true, depending on your needs, this may be all that you need. from
> your description, though, it sounds like you'd be doing this
> authentication step in every resource you want to protect, which could
> become tedious (aka error-prone) in a big project.

I do have lots of resources to protect.
Things I have to do is getSession() and hasattr(session,'authenticated')
in very request. Just like the Django, it puts @login_required in very
protected resources.
Username and password were verified once.

> twisted.cred can seem daunting when you're just trying to protect a
> trivial web resource or two, but for more advanced uses like more
> complicated authentication levels, it's worth the time to learn. also,
> a big part of its real value comes when you need to support a variety
> of protocols and/or authentication types.

Agree, that is the reason I am asking here.
I feel unconfortable to drop the twisted.cred and adapt to getSession() only.
Originally, I expect to get the avatar from request if user has been
authenticated by the twisted.cred framework, for example,
request.getAvatar() without any extra works to do, no need to assign
the avatar to session in the login phase, just need to implement
required components of twisted.cred framework. Or even simply to claim
a class variable in the resource (like addSlash, isLeaf) and the
twisted.cred framework handles the rest of things. If the avatar has
to be stored in the session and retrieve from the session in very
protected resource, then to adapt the twisted.cred framework seems to
be too luxury for my project which authenticate the request with only
one source of backend. Do I miss some good things that the
twisted.cred brings?

By the way, can some one kindly drop a conceptual design which utilize
twisted.cred in a multiple protocol environment? Especially the way to
retrieve the avatar back in the descending phases (protected
resources). That could be very interesting. Thanks in advance.

More information about the Twisted-Python mailing list