[Twisted-Python] Light-est-weight http authentication

Brad Milne brad.milne at devx.runthered.com
Wed Feb 10 14:20:49 EST 2010

Thanks. I had actually already found your page and you're right, it does
seem to be the best resource out there. Since your email I've had a second
look at it, as initially I wasn't sure how to use the example to return a
web resource (handler with render_GET etc) in place of the file you
returned. Turns out it wasn't actually too bad, and looks something like:


from zope.interface import implements

from twisted.cred.portal import IRealm, Portal
from twisted.cred.checkers import FilePasswordDB
from twisted.web.static import File
from twisted.web.resource import IResource
from twisted.web.guard import HTTPAuthSessionWrapper, DigestCredentialFactory

def secureServer():
    class PublicHTMLRealm(object):

        def requestAvatar(self, avatarId, mind, *interfaces):
            if IResource in interfaces:
                return (IResource, WebResource(), lambda: None)
            raise NotImplementedError()

    portal = Portal(PublicHTMLRealm(), [FilePasswordDB('httpd.password')])

    credentialFactory = BasicCredentialFactory("MyRealm")
    rsrc = HTTPAuthSessionWrapper(portal, [credentialFactory])

    return rsrc

class WebResource(resource.Resource):
    def __init__():

    def getChild(self, path, request):
        if path == self.expected:
            return ValidHandler()
            return InvalidUrlHandler()

# Create server
my_server = secureServer(...)
site = server.Site(my_server)


This has worked great so far where ValidHandler contains a render_GET, but
when calling a POST or PUT on handler that has render_POST or render_PUT
using this technique returns a message which I think is Method Not Allowed
(on the train right now, so don't have in front of me, sorry). Is there a
better way to form the above to prevent this?

Thanks again

On 9 February 2010 10:02, <exarkun at twistedmatrix.com> wrote:

> It's definitely true that there isn't a lot of documentation for Guard.
> I've written up something, though (which hopefully will soon be included in
> Twisted itself, to make it easier to find), which I think will get you up to
> speed on using Guard pretty quickly:
>   http://jcalderone.livejournal.com/53074.html
> The final example, which sets up an actual Twisted Web server protected by
> digest auth (basic is even easier), only takes 16 lines.
> If that's still not to your liking, then you can always fall back to the
> much more tedious, much less elegant, request.getUsername() and
> request.getPassword() approach. :)  You'll have to rely on the API docs for
> that approach, though, as far as I know there are no prose-style
> introductions for it.

> Jean-Paul
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-python/attachments/20100211/a1309ba7/attachment.htm 

More information about the Twisted-Python mailing list