Tidbits @ Kassemi
A collection of opinions, thoughts, tricks and misc. information.Sunday, January 15, 2006
CherryPy Authentication Filter
I'm in the process of debugging a CP authentication filter that makes user authentication a whole lot easier. Once it's done, I'll try to find a way to put it up... HOSTING! GIVE ME! Anyway, use is very simple:
Now, you may be wondering, isn't that very similar to multiauth? Yes. There are differences though... For one, and the biggest, is the fact that you use a database connection through sqlobject. That's a big thing for turbogears, but I'm not sure what they've got out there already. My experience with turbogears is my experience with cherrypy and sqlobject, nothing more...
Okay. I'm tired. I'll add to this later...
James
import userauth
from userauth import authorize, UserAuth
import cherrypy
import os
class Root():
@cherrypy.expose
def index(self):
return "This is always accessible by anyone."
class Members(UserAuth):
""" Unless otherwise stated (secret()), no pages under this
module will be viewable by any member outside of the
members and admins groups.
"""
_db = 'sqlite:' + os.path.abspath('filename.db')
_authorized = ['members', 'admins']
_unauthorized = '/login'
@cherrypy.expose
def index(self):
return "You're only here if you are a member!"
@authorize(['secret'], '/nowhere')
@cherrypy.expose
def secret(self):
# It would work to just make this another section all-together, but
# it could be useful...
return "Only members of secret can access this..."
cherrypy.root = Root()
cherrypy.root.members = Members()
Now, you may be wondering, isn't that very similar to multiauth? Yes. There are differences though... For one, and the biggest, is the fact that you use a database connection through sqlobject. That's a big thing for turbogears, but I'm not sure what they've got out there already. My experience with turbogears is my experience with cherrypy and sqlobject, nothing more...
Okay. I'm tired. I'll add to this later...
James
Comments:
<< Home
At the risk of sounding absolutely clueless I'm going to make one comment and ask one question:
1) Doesn't multiauth allow use of a provider that's hooked up to a database?
2) I still can't quite grasp how to use the httpauth filter to create a basic/digest authentication scheme. Would you mind walking me through authentication pipeline from client to filter to server ( if you have time ) or pointing me to a relevant example.
Does the filter require authentication ( i.e. enter uid and passwd ) every time the client accesses a resource in the realm?
How does this tie into cherryPy session management?
I'm trying to implement the usual uid, passwd login for a web app. Is there some example code that shows how this would work?
Finally, thanks for this post.
Post a Comment
1) Doesn't multiauth allow use of a provider that's hooked up to a database?
2) I still can't quite grasp how to use the httpauth filter to create a basic/digest authentication scheme. Would you mind walking me through authentication pipeline from client to filter to server ( if you have time ) or pointing me to a relevant example.
Does the filter require authentication ( i.e. enter uid and passwd ) every time the client accesses a resource in the realm?
How does this tie into cherryPy session management?
I'm trying to implement the usual uid, passwd login for a web app. Is there some example code that shows how this would work?
Finally, thanks for this post.
<< Home
Archives
August 2005 September 2005 October 2005 November 2005 December 2005 January 2006 February 2006 March 2006 April 2006 June 2006 July 2006 August 2006 September 2006 October 2006 November 2006
