[Twisted-web] Get access to Avatar from Resource object?

Jacek Furmankiewicz jacek99 at gmail.com
Mon Mar 5 10:19:30 EST 2012


Hm, I would prefer to avoid that.

In my case, the cost of creating a new Resource is high (since it needs to
parse all the URLs it can dispatch to for all the REST services), therefore
I would prefer to cache a single ReadOnlyResource vs AdminResource (as an
example)
and just serve one or the other.

I guess that doesn't fit into the typical Twisted model that well :-(
Is there some sort of "post authentication" hook that I could listen to?

Jacek

On Mon, Mar 5, 2012 at 10:09 AM, <exarkun at twistedmatrix.com> wrote:

> On 02:58 pm, jacek99 at gmail.com wrote:
> >Hi, I have an extra question going back to our original discussion on
> >security.
> >
> >If I serve a Resource Avatar from a Realm, is there any built-in way to
> >attach something to the request as it is being intercepted by the
> >Realm?
> >
> >For example, for every request I would like to create a Principal
> >object
> >(username,first name,last name, list of privileges, etc.) and attach it
> >to
> >every request that has been authenticated.
> >> From the API I see, it seems you can serve a customized Resource (and
> >>that
> >is fine for simpler admin vs read-only authentication schemes), but in
> >some
> >cases you need really fine-grained APIs
>
> It's actually fine for all cases, since it lets you do anything you
> want.  For example, make the principal an argument to your custom
> Resource, save it as an attribute, and use it to make future access
> control decisions.
>
> Jean-Paul
> >(where a decorator per each REST method may be the only option), so it
> >would be good for every request to be linked with the Principal that
> >represents the user making the request.
> >
> >Thanks for any suggestions
> >Jacek
>
> _______________________________________________
> Twisted-web mailing list
> Twisted-web at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-web/attachments/20120305/df7d8f70/attachment.htm 


More information about the Twisted-web mailing list