[Twisted-Python] Any examples of an authenticating XMLRPC server?

Mike C. Fletcher mcfletch at rogers.com
Mon Feb 28 14:15:56 EST 2005

Stephen Waterbury wrote:

> Critiques or razberries welcomed, as long as they're
> constructive razberries!  :)

This is extremely illuminating.  The key approach/idea that I was 
missing is this:

    You can create a root web.resource.Resource() and add a child ""
    that handles all URLs not otherwise matched by a known child.

        This "" child handles the common web-browser case, basically
        anything not going to your "special" directories. This child is
        the protected Nevow portal that we all know and love; on
        attempting to walk into it all the Nevow machinery should trigger.

        Now you register your Basic-Auth-protected XMLRPC/SOAP portals
        as parallel children of the Nevow portal, "RPC" and "SOAP". 
        These are again, portals, so they do their own credential
        checking, thus don't *necessarily* have to use the same cred
        mechanism, but can if they want to.

This doesn't actually do what I was *trying* to do, which was to make it 
possible to log into the main site using Basic auth *or* the Nevow web 
forms, but it handles what we actually need to do perfectly, so I can 
just stop trying to do what I was trying to do :) .  I'm about to sit 
down to implement this approach for our system.

Much obliged,

  Mike C. Fletcher
  Designer, VR Plumber, Coder
                              PyCon is coming...

More information about the Twisted-Python mailing list