[Twisted-Python] Fitting cred into my application
Itamar Turner-Trauring
itamar at futurefoundries.com
Sun Sep 23 08:30:35 MDT 2012
On Sat, Sep 22, 2012 at 11:41 PM, Matthew Pounsett <matt at conundrum.com>wrote:
> It seems to me #1 is overkill; if I want to have methods that don't
> require authentication (e.g. methods for registering a user in the first
> place), why would I require all clients to authenticate as anonymous before
> using them? It would be a lot simpler to just have my xmlrpc methods check
> against the attributes of the current user object when called, and then
> return appropriately: return failures when there is no user, or when the
> user's attributes don't match those required by the method, and return data
> that a user's attributes give him/her access to when there is a user.
>
> But again, I think I'm missing some key details that just aren't in the
> documentation I've been able to find.
>
You don't need the clients to authenticate as anonymous; the XML RPC code
can say "if there's no credentials from client, login as anonymous."
> I've got a bit further since my initial email, and my current approach is
> to extend t.w.server.Site to accept a portal. I'm currently trying to
> separate the useful bits from the flash in the requestAvatarID and
> _??Authenticate methods in dbcred.py. It would be nice to have something
> as straight-forward as cred.py that also implemented a realm and a
> credentials checker so that I could see how all those pieces fit together.
>
I would just add a Portal to the XML-RPC object, rather than the Site.
I'll try to write some example code later today, if I have time.
--
Itamar Turner-Trauring, Future Foundries LLC
http://futurefoundries.com/ — Twisted consulting, training and support.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20120923/63d91db8/attachment-0001.html>
More information about the Twisted-Python
mailing list