[Twisted-Python] Light-est-weight http authentication

Brad Milne brad.milne at devx.runthered.com
Wed Feb 10 14:59:08 EST 2010


End of trace is:
  File "C:\Python26\lib\site-packages\twisted\web\resource.py", line 189, in
render
    raise UnsupportedMethod(getattr(self, 'allowedMethods', ()))
twisted.web.server.UnsupportedMethod: ()

On 11 February 2010 08:20, Brad Milne <brad.milne at devx.runthered.com> wrote:

> Thanks. I had actually already found your page and you're right, it does
> seem to be the best resource out there. Since your email I've had a second
> look at it, as initially I wasn't sure how to use the example to return a
> web resource (handler with render_GET etc) in place of the file you
> returned. Turns out it wasn't actually too bad, and looks something like:
>
> {code}
>
> from zope.interface import implements
>
> from twisted.cred.portal import IRealm, Portal
> from twisted.cred.checkers import FilePasswordDB
> from twisted.web.static import File
> from twisted.web.resource import IResource
>
> from twisted.web.guard import HTTPAuthSessionWrapper, DigestCredentialFactory
>
> def secureServer():
>     class PublicHTMLRealm(object):
>         implements(IRealm)
>
>         def requestAvatar(self, avatarId, mind, *interfaces):
>
>             if IResource in interfaces:
>                 return (IResource, WebResource(), lambda: None)
>             raise NotImplementedError()
>
>     portal = Portal(PublicHTMLRealm(), [FilePasswordDB('httpd.password')])
>
>     credentialFactory = BasicCredentialFactory("MyRealm")
>     rsrc = HTTPAuthSessionWrapper(portal, [credentialFactory])
>
>     return rsrc
>
> class WebResource(resource.Resource):
>     def __init__():
>
>         ....
>
>     def getChild(self, path, request):
>         if path == self.expected:
>             return ValidHandler()
>         else:
>             return InvalidUrlHandler()
>
> # Create server
> my_server = secureServer(...)
>
> site = server.Site(my_server)
>
> {code}
>
> This has worked great so far where ValidHandler contains a render_GET, but
> when calling a POST or PUT on handler that has render_POST or render_PUT
> using this technique returns a message which I think is Method Not Allowed
> (on the train right now, so don't have in front of me, sorry). Is there a
> better way to form the above to prevent this?
>
> Thanks again
> Brad
>
> On 9 February 2010 10:02, <exarkun at twistedmatrix.com> wrote:
> ...
>
> It's definitely true that there isn't a lot of documentation for Guard.
>> I've written up something, though (which hopefully will soon be included in
>> Twisted itself, to make it easier to find), which I think will get you up to
>> speed on using Guard pretty quickly:
>>
>>   http://jcalderone.livejournal.com/53074.html
>>
>> The final example, which sets up an actual Twisted Web server protected by
>> digest auth (basic is even easier), only takes 16 lines.
>>
>> If that's still not to your liking, then you can always fall back to the
>> much more tedious, much less elegant, request.getUsername() and
>> request.getPassword() approach. :)  You'll have to rely on the API docs for
>> that approach, though, as far as I know there are no prose-style
>> introductions for it.
>>
> ...
>
>>
>> Jean-Paul
>>
>>
>> _______________________________________________
>> Twisted-Python mailing list
>> Twisted-Python at twistedmatrix.com
>> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-python/attachments/20100211/202e13d0/attachment-0001.htm 


More information about the Twisted-Python mailing list