[Twisted-Python] Fitting cred into my application

Itamar Turner-Trauring itamar at futurefoundries.com
Sun Sep 23 10:30:35 EDT 2012

On Sat, Sep 22, 2012 at 11:41 PM, Matthew Pounsett <matt at conundrum.com>wrote:

> It seems to me #1 is overkill; if I want to have methods that don't
> require authentication (e.g. methods for registering a user in the first
> place), why would I require all clients to authenticate as anonymous before
> using them?  It would be a lot simpler to just have my xmlrpc methods check
> against the attributes of the current user object when called, and then
> return appropriately: return failures when there is no user, or when the
> user's attributes don't match those required by the method, and return data
> that a user's attributes give him/her access to when there is a user.
> But again, I think I'm missing some key details that just aren't in the
> documentation I've been able to find.

You don't need the clients to authenticate as anonymous; the XML RPC code
can say "if there's no credentials from client, login as anonymous."

> I've got a bit further since my initial email, and my current approach is
> to extend t.w.server.Site to accept a portal.  I'm currently trying to
> separate the useful bits from the flash in the requestAvatarID and
> _??Authenticate methods in dbcred.py.  It would be nice to have something
> as straight-forward as cred.py that also implemented a realm and a
> credentials checker so that I could see how all those pieces fit together.

I would just add a Portal to the XML-RPC object, rather than the Site.

I'll try to write some example code later today, if I have time.

Itamar Turner-Trauring, Future Foundries LLC
http://futurefoundries.com/ — Twisted consulting, training and support.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-python/attachments/20120923/63d91db8/attachment.htm 

More information about the Twisted-Python mailing list