Tidbits @ Kassemi

A collection of opinions, thoughts, tricks and misc. information.

Sunday, January 15, 2006


CherryPy Authentication Filter

I'm in the process of debugging a CP authentication filter that makes user authentication a whole lot easier. Once it's done, I'll try to find a way to put it up... HOSTING! GIVE ME! Anyway, use is very simple:

import userauth
from userauth import authorize, UserAuth
import cherrypy
import os

class Root():
def index(self):
return "This is always accessible by anyone."

class Members(UserAuth):
""" Unless otherwise stated (secret()), no pages under this
module will be viewable by any member outside of the
members and admins groups.

_db = 'sqlite:' + os.path.abspath('filename.db')
_authorized = ['members', 'admins']
_unauthorized = '/login'

def index(self):
return "You're only here if you are a member!"

@authorize(['secret'], '/nowhere')
def secret(self):
# It would work to just make this another section all-together, but
# it could be useful...
return "Only members of secret can access this..."

cherrypy.root = Root()
cherrypy.root.members = Members()

Now, you may be wondering, isn't that very similar to multiauth? Yes. There are differences though... For one, and the biggest, is the fact that you use a database connection through sqlobject. That's a big thing for turbogears, but I'm not sure what they've got out there already. My experience with turbogears is my experience with cherrypy and sqlobject, nothing more...

Okay. I'm tired. I'll add to this later...


At the risk of sounding absolutely clueless I'm going to make one comment and ask one question:

1) Doesn't multiauth allow use of a provider that's hooked up to a database?

2) I still can't quite grasp how to use the httpauth filter to create a basic/digest authentication scheme. Would you mind walking me through authentication pipeline from client to filter to server ( if you have time ) or pointing me to a relevant example.

Does the filter require authentication ( i.e. enter uid and passwd ) every time the client accesses a resource in the realm?

How does this tie into cherryPy session management?

I'm trying to implement the usual uid, passwd login for a web app. Is there some example code that shows how this would work?

Finally, thanks for this post.
Post a Comment

<< Home


August 2005   September 2005   October 2005   November 2005   December 2005   January 2006   February 2006   March 2006   April 2006   June 2006   July 2006   August 2006   September 2006   October 2006   November 2006  

This page is powered by Blogger. Isn't yours?