[Twisted-web] Get identity of previously-authenticated user
Phil Mayers
p.mayers at imperial.ac.uk
Fri Apr 22 06:51:59 EDT 2011
On 04/22/2011 01:13 AM, Glyph Lefkowitz wrote:
>
> On Apr 21, 2011, at 11:12 AM, Mike Pelletier wrote:
>
>> The only opportunity I have to bind a user identity/object to a
>> request is by constructing and throwing away a new Resource tree for
>> each request in requestAvatar. I decided that was probably not what I
>> was meant to do. Instead, I have done something that turns out to
>> smell very bad to solve this problem. What was the correct solution?
>
> Resources can be extremely lightweight objects. If your actual resource
> tree is heavyweight (containing lots of data, shared caches, etc) you
> can trivially build an overlay resource tree that just remembers the
> user object and binds it to the underlying tree.
>
> So the main question is: why did you decide that this is not what you
> were meant to do?
For what it's worth: I decided exactly the same thing way back when, and
also discovered that, no, you are supposed to do that.
I thought about why I'd decided that, and came to the conclusion it's
just not intuitive - it "felt" wrong - but couldn't be more specific.
Possibly it's because almost every other web framework I've ever seen,
python or not, gives you a "user" object of some description on the request?
Perhaps a note in the web/guard docs suggesting this approach might tip
people off.
(That said, I don't use Twisted for web stuff anymore, so it's not of
much interest to me)
More information about the Twisted-web
mailing list