I am trying to understand how Twisted Web security works, based on a few
They all explain how to set up a web app with let's say HTTP auth.
But there are no examples on how a Resource method (let;s say render_GET)
could get access to the current Avatar object?
And does the Avatar object need to implement some specific interface?
What I want to do in CorePost is to allow fine grained privilege-based
security *per method* (similar in style to Spring Security, for those who
know it), e.g.:
return ...some user info...
...create new user, etc...
If the Avatar does not have the required privileges (e.g. "BROWSE_USER" or
"UPDATE_USER" in the example above), I want to throw a 403 Access Denied
Thanks for any pointers
>From what I understand, once a Resource isLeaf = True, it cannot have child
Resources of its own (no requests seem to get routed to them).
This is not really a realistic scenario in a typical REST application where
nested REST services are common, e.g.
Customer REST service:
Customer Address REST service:
and so on and so forth....
The only way I can support this in CorePost is to separate the concept of a
Twisted.Web Resource from a standalone REST service for a particular entity.
So let's say I would have a root CorePost Resource hooked up to 'services'
and it would have a child collection of REST service classes and manage
routing the requests
to the appropriate one. Each of the REST services for an entity underneath
that core Resource would NOT be a twisted.web Resource but just a regular
Does this sound correct?
Or am I missing some way of using twisted.web Resource objects that would
allow me to accomplish the same thing without moving away from Resource
as the ancestor of all my REST service classes?
My code looks like this:
... # class Site(Resource)
return "done" #that returns the HTTP response, always the same.
d = defer.Deferred()
# do some stuff
time.sleep(2) #just for example
So far, so good, but, the HTTP response (return 'done'), only happens after
the delay (time.sleep(2)). I can tell this, because the browser keeps
'loading' for 2 seconds.
What am I doing wrong?
Found some answer saying that wsgi twisted does not suport assync, and
maybe Tornado could do this. ... is that true?
*João Ricardo Mattos e Silva*
Graduando em Ciência da Computação na Universidade Federal de Santa Catarina
*Cel: *+55 (48) 96190063 | *Skype:* jricardomsilva | * Msn: *