On Sat, Sep 22, 2012 at 11:41 PM, Matthew Pounsett <m...@conundrum.com>wrote:
> It seems to me #1 is overkill; if I want to have methods that don't > require authentication (e.g. methods for registering a user in the first > place), why would I require all clients to authenticate as anonymous before > using them? It would be a lot simpler to just have my xmlrpc methods check > against the attributes of the current user object when called, and then > return appropriately: return failures when there is no user, or when the > user's attributes don't match those required by the method, and return data > that a user's attributes give him/her access to when there is a user. > > But again, I think I'm missing some key details that just aren't in the > documentation I've been able to find. > You don't need the clients to authenticate as anonymous; the XML RPC code can say "if there's no credentials from client, login as anonymous." > I've got a bit further since my initial email, and my current approach is > to extend t.w.server.Site to accept a portal. I'm currently trying to > separate the useful bits from the flash in the requestAvatarID and > _??Authenticate methods in dbcred.py. It would be nice to have something > as straight-forward as cred.py that also implemented a realm and a > credentials checker so that I could see how all those pieces fit together. > I would just add a Portal to the XML-RPC object, rather than the Site. I'll try to write some example code later today, if I have time. -- Itamar Turner-Trauring, Future Foundries LLC http://futurefoundries.com/ — Twisted consulting, training and support.
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
