[Twisted-Python] Light-est-weight http authentication

Brad Milne brad.milne at devx.runthered.com
Wed Feb 10 13:09:42 MST 2010


Haha, resolved now. Previously my setup wasn't sensitive to a missing
trailing slash on my PUT and POSTs, but now it is. I don't know why, but at
least it's solvable.

Thanks for the help
Brad

On 11 February 2010 08:59, Brad Milne <brad.milne at devx.runthered.com> wrote:

> End of trace is:
>   File "C:\Python26\lib\site-packages\twisted\web\resource.py", line 189,
> in render
>     raise UnsupportedMethod(getattr(self, 'allowedMethods', ()))
> twisted.web.server.UnsupportedMethod: ()
>
> On 11 February 2010 08:20, Brad Milne <brad.milne at devx.runthered.com>wrote:
>
>> Thanks. I had actually already found your page and you're right, it does
>> seem to be the best resource out there. Since your email I've had a second
>> look at it, as initially I wasn't sure how to use the example to return a
>> web resource (handler with render_GET etc) in place of the file you
>> returned. Turns out it wasn't actually too bad, and looks something like:
>>
>> {code}
>>
>> from zope.interface import implements
>>
>> from twisted.cred.portal import IRealm, Portal
>> from twisted.cred.checkers import FilePasswordDB
>> from twisted.web.static import File
>>
>> from twisted.web.resource import IResource
>>
>> from twisted.web.guard import HTTPAuthSessionWrapper, DigestCredentialFactory
>>
>> def secureServer():
>>     class PublicHTMLRealm(object):
>>         implements(IRealm)
>>
>>         def requestAvatar(self, avatarId, mind, *interfaces):
>>
>>
>>             if IResource in interfaces:
>>                 return (IResource, WebResource(), lambda: None)
>>             raise NotImplementedError()
>>
>>     portal = Portal(PublicHTMLRealm(), [FilePasswordDB('httpd.password')])
>>
>>
>>     credentialFactory = BasicCredentialFactory("MyRealm")
>>     rsrc = HTTPAuthSessionWrapper(portal, [credentialFactory])
>>
>>     return rsrc
>>
>> class WebResource(resource.Resource):
>>     def __init__():
>>
>>
>>         ....
>>
>>     def getChild(self, path, request):
>>         if path == self.expected:
>>             return ValidHandler()
>>         else:
>>             return InvalidUrlHandler()
>>
>> # Create server
>> my_server = secureServer(...)
>>
>>
>> site = server.Site(my_server)
>>
>> {code}
>>
>> This has worked great so far where ValidHandler contains a render_GET, but
>> when calling a POST or PUT on handler that has render_POST or render_PUT
>> using this technique returns a message which I think is Method Not Allowed
>> (on the train right now, so don't have in front of me, sorry). Is there a
>> better way to form the above to prevent this?
>>
>> Thanks again
>> Brad
>>
>> On 9 February 2010 10:02, <exarkun at twistedmatrix.com> wrote:
>> ...
>>
>> It's definitely true that there isn't a lot of documentation for Guard.
>>> I've written up something, though (which hopefully will soon be included in
>>> Twisted itself, to make it easier to find), which I think will get you up to
>>> speed on using Guard pretty quickly:
>>>
>>>   http://jcalderone.livejournal.com/53074.html
>>>
>>> The final example, which sets up an actual Twisted Web server protected
>>> by digest auth (basic is even easier), only takes 16 lines.
>>>
>>> If that's still not to your liking, then you can always fall back to the
>>> much more tedious, much less elegant, request.getUsername() and
>>> request.getPassword() approach. :)  You'll have to rely on the API docs for
>>> that approach, though, as far as I know there are no prose-style
>>> introductions for it.
>>>
>> ...
>>
>>>
>>> Jean-Paul
>>>
>>>
>>> _______________________________________________
>>> Twisted-Python mailing list
>>> Twisted-Python at twistedmatrix.com
>>> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20100211/450bf268/attachment.html>


More information about the Twisted-Python mailing list