crossposted to twisted-...@twistedmatrix.com, which is probably a better venue...
On Oct 6, 2009, at 12:08 AM, biziap biziap wrote: > I have googled this topic and found and example in > (A) http://www.mail-archive.com/twisted-...@twistedmatrix.com/msg01796.html > well, another simpler example is > (B) http://www.mail-archive.com/twisted-...@twistedmatrix.com/msg01788.html > > My questions are: > 1. Does the approach in (A) be recommended? To generate resource > dynamically seems not efficient and not necessary for simple scenario. > Is there other way to bind twisted.cred and twisted.web together? > (except the deprecated twisted.web.guard) There's a few problems with this approach. The biggest is that it requires username/password data to be sent on every authenticated request. Another one is more of a design principle; that you shouldn't have account/permissions code inside resource display code. I violate this principle all the time ;-) The use of dynamic resource instantiation is a common idiom in twisted.web coding, though. it isn't inherently inefficient, as long as your resource objects are fairly sane. > 2. The approach in (B) which suggests that request.getSession() along > is quite enough to implement an simple authentication feature. Here > the "simple scenario" means to guard some resource with username and > password. > To do it: In a protected resource, just to check for a flag in the > session, if failure, then redirect to login page. If succeeded, render > the resource. Why shall we bother the portal, credentials, > checker,.... ? true, depending on your needs, this may be all that you need. from your description, though, it sounds like you'd be doing this authentication step in every resource you want to protect, which could become tedious (aka error-prone) in a big project. twisted.cred can seem daunting when you're just trying to protect a trivial web resource or two, but for more advanced uses like more complicated authentication levels, it's worth the time to learn. also, a big part of its real value comes when you need to support a variety of protocols and/or authentication types. -phil _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
