[Twisted-web] Get access to Avatar from Resource object?

Jacek Furmankiewicz jacek99 at gmail.com
Thu Feb 23 09:33:27 EST 2012

Well, in my Java day job we use Spring Security, which I have to say works
very well and is very flexible.
So I was trying to go with a similar approach and trying to figure out the
best way to integrate it with the current twisted.web approach for CorePost:

a) a common security filter that intercepts incoming requests. Can be
configured per URL pattern (e.g. "/services/rest","/services/operations"
requires security, but "/services/public" does not)

b) a separate config for the security filter that defines required
privileges (per sub root, e.g. "/services/rest" may require "ADMIN_USER",
but "/services/rest" may require "OPERATIONS_USER")

c) additional optional feature where every REST method can be annotated
with additional privileges (so a GET on a REST resource may need different
privileges vs a POST, PUT or DELETE, etc.)

d) every incoming request creates a Principal (which is a user overriden
type if necessary) that holds info about the current user making the REST
request (e.g. name, roles, privileges, etc.)

I tried looking through twisted.web docs to see if there is a concept of a
generic filter (that can be applied across multiple resources) but didn't
really find anything.
Hence I implemented it manually myself in CorePost 0.0.11.

I will dig further to see how the Spring Security approach (which I like
and it works very well on a huge complex SaaS platform we have) could maybe
be applied on top of the current twisted.web APIs as part of CorePost.

Any suggestions, comments or pointers would be welcome.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-web/attachments/20120223/b6d06d10/attachment.htm 

More information about the Twisted-web mailing list