Dear phil > true, depending on your needs, this may be all that you need. from > your description, though, it sounds like you'd be doing this > authentication step in every resource you want to protect, which could > become tedious (aka error-prone) in a big project.
I do have lots of resources to protect. Things I have to do is getSession() and hasattr(session,'authenticated') in very request. Just like the Django, it puts @login_required in very protected resources. Username and password were verified once. > > twisted.cred can seem daunting when you're just trying to protect a > trivial web resource or two, but for more advanced uses like more > complicated authentication levels, it's worth the time to learn. also, > a big part of its real value comes when you need to support a variety > of protocols and/or authentication types. > Agree, that is the reason I am asking here. I feel unconfortable to drop the twisted.cred and adapt to getSession() only. Originally, I expect to get the avatar from request if user has been authenticated by the twisted.cred framework, for example, request.getAvatar() without any extra works to do, no need to assign the avatar to session in the login phase, just need to implement required components of twisted.cred framework. Or even simply to claim a class variable in the resource (like addSlash, isLeaf) and the twisted.cred framework handles the rest of things. If the avatar has to be stored in the session and retrieve from the session in very protected resource, then to adapt the twisted.cred framework seems to be too luxury for my project which authenticate the request with only one source of backend. Do I miss some good things that the twisted.cred brings? By the way, can some one kindly drop a conceptual design which utilize twisted.cred in a multiple protocol environment? Especially the way to retrieve the avatar back in the descending phases (protected resources). That could be very interesting. Thanks in advance. _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python