[Twisted-Python] Light-est-weight http authentication
exarkun at twistedmatrix.com
exarkun at twistedmatrix.com
Mon Feb 8 14:02:26 MST 2010
On 08:19 pm, brad.milne at devx.runthered.com wrote:
>Just in terms of configuration. It seems that Guard, for example, is
>designed to cache the credentials and maintain a session. My
>requirement is
>just for a single request, so session maintenance seems like overhead.
Ah, I see. Past versions of Guard were much more into that whole thing
than what you'll currently find at twisted.web.guard. There is no
caching and no implication of a session.
>Also in upskill time. The Twisted NPE book, for example, says "It might
>take
>you a little while to understand all the classes and interfaces in
>twisted.cred, and at first you might wonder why it's necessary to have
>a
>system with so many moving parts. The answer is that this system is
>designed
>to be extremely flexible." (pg 92)
>That sounds like a great toolset, but the cost is to those that require
>the
>minimalist solution, but still need to develop an understanding of the
>greater picture to achieve that.
Argh. I don't know what the point is of saying something is complicated
in the explanation of the thing. Either the explanation will seem
complicated to the reader or it won't. All you can hope to accomplish
by announcing it in advance is to scare off people who would have other
been able to understand what was going on.
>Finding Twisted documentation seems to be generally difficult, so if I
>can
>find the 'lightest' (extra code) and 'lightest' (ramp-up time)
>solution,
>that what I was hoping for a pointer towards.
It's definitely true that there isn't a lot of documentation for Guard.
I've written up something, though (which hopefully will soon be included
in Twisted itself, to make it easier to find), which I think will get
you up to speed on using Guard pretty quickly:
http://jcalderone.livejournal.com/53074.html
The final example, which sets up an actual Twisted Web server protected
by digest auth (basic is even easier), only takes 16 lines.
If that's still not to your liking, then you can always fall back to the
much more tedious, much less elegant, request.getUsername() and
request.getPassword() approach. :) You'll have to rely on the API docs
for that approach, though, as far as I know there are no prose-style
introductions for it.
>Thanks
>Brad
>
>PS - did you mean µs?? Or have you really measured the power
>consumption in
>Watts?
A fairly accurate conversion between µs and µW is pretty
straightforward, given a few things about your hardware... :)
Jean-Paul
More information about the Twisted-Python
mailing list