XMLRPC Authentication
Troy Melhase
troy at gci.net
Fri Jun 6 15:48:13 EDT 2003
Justin:
Here's a class that I use to do this with older versions of xmlrpclib. It's
hack-around that I haven't really looked at for months, but it might be a
good start for you.
import base64
import xmlrpclib
class BasicHTTPAuthTransport(xmlrpclib.Transport):
""" xmlrpclib.Transport subtype that sends Basic HTTP Authorization
This subclass recognizes xmlrpclib versions '1.0.0' and '0.9.8' and
adjusts accordingly during class definition. Using any other
version of xmlrpclib will raise an exception.
"""
user_agent = '*py*'
credentials = ()
def send_basic_auth(self, connection):
""" Include HTTP Basic Authorization data in a header """
auth = base64.encodestring('%s:%s' % self.credentials).strip()
auth = 'Basic %s' % (auth, )
connection.putheader('Authorization', auth)
if xmlrpclib.__version__ == '1.0.0':
## override the send_host hook to also send basic auth
def send_host(self, connection, host):
xmlrpclib.Transport.send_host(self, connection, host)
self.send_basic_auth(connection)
elif xmlrpclib.__version__ == '0.9.8':
## override the request method to send all
## the normal and plus basic auth
def request(self, host, handler, request_body):
import httplib
h = httplib.HTTP(host)
h.putrequest("POST", handler)
h.putheader("Host", host)
h.putheader("User-Agent", self.user_agent)
h.putheader("Content-Type", "text/xml")
h.putheader("Content-Length", str(len(request_body)))
self.send_basic_auth(h)
h.endheaders()
if request_body:
h.send(request_body)
errcode, errmsg, headers = h.getreply()
if errcode != 200:
raise xmlrpclib.ProtocolError(host + handler, errcode, \
errmsg, headers)
return self.parse_response(h.getfile())
else:
## don't know what to redefine
raise TypeError("Unrecognized xmlrpclib version: %s" % \
(xmlrpclib.__version__, ))
(Please excuse the formatting if it comes thru wrong -- my mail reader is
uncooperative today)
Use the class like this:
>>> auth_tran = BasicHTTPAuthTransport()
>>> auth_tran.credentials = ("joe", "secretpassword")
>>> srv = xmlrpclib.Server("http://host/xmlrpc/path", transport=auth_tran)
-troy
Justin Johnson wrote:
> I have a simple xmlrpc server (using xmlrpclib) that accepts requests
> from clients and runs some administrative commands on a bunch of servers
> I support. I would like to lock down access to the service so that only
> authorized users can use it, by authenticating with a user name and
> password.
>
> Has anyone done this before? Is there an already existent authentication
> framework available I can use with xmlrpc?
>
> I was looking at twisted, and they do have an authentication framework,
> but it looked like it wouldn't work with xmlrpc. I'm trying to verify
> this with the twisted developers as well.
>
> Thanks.
> -Justin
More information about the Python-list
mailing list