I have a twisted web server, exposing https interface. What I'm trying
to do now is to support usage of two-way tls authentication and use
data from the client certificate as a seed for authenticated avatar.
Any hints as to how to do that in the best way? I guess it should be
done before Realm's requestAvatar method is called?
thanks for your input!
PS. Roughly speaking the code for that part looks like this:
wrapper = guard.HTTPAuthSessionWrapper(Portal(SimpleRealm(),
reactor.listenSSL(8080, server.Site(resource=wrapper), contextFactory
Version 0.0.14 of the CorePost Twisted REST microframework is out.
This new release has a nice set of enhancements for automatically parsing
incoming JSON, YAML or XML document payloads
and extracting them for arguments into router methods:
Documented on github:
I am trying to do some research on what is the most performant method for a
Twisted server to speak to a client running in a separate process.
The default solution in Twisted seems to be Perspective Broker, but then
there is AMP and Foolscap as well.
Has anyone ever done any benchmarks comparing those? I'd like to have an
idea as to which one is most likely to give me the best performance.
Thanks in advance
Support for more advanced, nested URL routing with dynamic paths,
for building more complex REST apps with multiple nested services:
Due to some architectural changes, it contains some backwards incompatible
Migration steps documented in release notes.
I am trying to understand how Twisted Web security works, based on a few
They all explain how to set up a web app with let's say HTTP auth.
But there are no examples on how a Resource method (let;s say render_GET)
could get access to the current Avatar object?
And does the Avatar object need to implement some specific interface?
What I want to do in CorePost is to allow fine grained privilege-based
security *per method* (similar in style to Spring Security, for those who
know it), e.g.:
return ...some user info...
...create new user, etc...
If the Avatar does not have the required privileges (e.g. "BROWSE_USER" or
"UPDATE_USER" in the example above), I want to throw a 403 Access Denied
Thanks for any pointers
>From what I understand, once a Resource isLeaf = True, it cannot have child
Resources of its own (no requests seem to get routed to them).
This is not really a realistic scenario in a typical REST application where
nested REST services are common, e.g.
Customer REST service:
Customer Address REST service:
and so on and so forth....
The only way I can support this in CorePost is to separate the concept of a
Twisted.Web Resource from a standalone REST service for a particular entity.
So let's say I would have a root CorePost Resource hooked up to 'services'
and it would have a child collection of REST service classes and manage
routing the requests
to the appropriate one. Each of the REST services for an entity underneath
that core Resource would NOT be a twisted.web Resource but just a regular
Does this sound correct?
Or am I missing some way of using twisted.web Resource objects that would
allow me to accomplish the same thing without moving away from Resource
as the ancestor of all my REST service classes?