HTTP - basic authentication example.

Michael Foord fuzzyman at gmail.com
Fri Sep 17 04:26:01 EDT 2004 

Jaime Wyant <programmer.py at gmail.com> wrote in message news:<mailman.3402.1095338985.5135.python-list at python.org>...
> On Thu, 16 Sep 2004 10:27:22 +0100, Michael Foord <fuzzyman at gmail.com> wrote:
> > Cool, that is helpful.
> > The difficulties I would have with that approach are two fold - first
> > I use ClientCookie and have to install that as the handler. I may be
> > able to use an auth handler *as well* (I *think* you can chain them
> > ?).
> > 
> 
> Yes, you can chain them together, I believe, as long as they "handle"
> different things.  My version is a quick hack that specifically gets
> me around the firewall here at work.  I think the *correct* way to do
> this Basic Authentication is (from urllib2.py):
> 
> # set up authentication info
> authinfo = urllib2.HTTPBasicAuthHandler()
> authinfo.add_password('realm', 'host', 'username', 'password')
> 
> proxy_support = urllib2.ProxyHandler({"http" : "http://ahad-haam:3128"})
> 
> # build a new opener that adds authentication and caching FTP handlers
> opener = urllib2.build_opener(proxy_support, authinfo, urllib2.CacheFTPHandler)
> 
> # install it
> urllib2.install_opener(opener)
> 
> f = urllib2.urlopen('http://www.python.org/')
> 
> I'm not sure what a ClientCookie is (didn't see it in my docs.) 
> Assuming that it is just a wrapper around the cookie, then you
> probably only need the HTTP headers.  You can grab the HTTP headers
> from the object returned by urllib2.urlopen().
> 
> filelike_obj = urllib2.urlopen('http://www.python.org/')
> headers = filelike_obj.info()
> server_type = headers.getheader( "SERVER") 
> 
> Maybe you can feed the Cookie header to the ClientCookie ctor?
> 

ClientCookie is an external library - it has only become part of the
standard library as cookielib in python 2.4 (which is why you won't
have found it in your docs). This means I have a ClientCookie handler
handling all my http requests.... I wonder if I can use an AuthHandler
as well ? There will be situations where I am likely to want to add an
Authroize header *and* handle cookies - ClientCookie manages all the
cookies in a way that I couldn't do manually.

Hmm... anyway - for situations where I may have saved passwords from
multiple realms, my code is only doing what an AuthHandler would do
anyway - without first having to feed it all the username/password
combinations.... I just store a dictionary of them.

In actual fact I think the *proper* way of doing it is *slightly* more
complicated - I think you ought to create an instance of an
HTTPPasswordMgr...

The example you gave works I think - HTTPBasicAuthHandler does have an
add_password method, but not the find_user_password that the
HTTPPasswordMgr has... so I can't easily check if it works properly.
In the urllib2 docs it says that passing a password manager in is
optional - but *nowhere* does it document that it has an add_password
method. It may be deducable from the fact that passing in a password
manager is optional - but surely explicit is better than implicit
(especially where documentation is concerned).

Thanks

Fuzzy 

> HTH,
> jw
> 
> > The second is that I think I need to take realm into account... I may
> > be handling multiple password/username combinations.
> > 
> > Anyway - I still find what you've sent useful - thanks.
> > 
> > Fuzzy
> > 
> > 
> > 
> > 
> > On Wed, 15 Sep 2004 11:21:21 -0500, Jaime Wyant <programmer.py at gmail.com> wrote:
> > > FWIW, this is how I handle Basic Authentication:
> > >
> > > import urllib2
> > > import sys
> > >
> > > class AuthenticateAllURIs:
> > >     """This class authenticates all Basic Authentication using uname
> > > / pword."""
> > >    def __init__(self,uname,pword):
> > >        self.uname = uname
> > >        self.pword = pword
> > >
> > >    def find_user_password(self, realm, host):
> > >        # Note, that this class doesn't take `realm' into consideration.
> > >        return self.uname, self.pword
> > >
> > >    def add_password( self, realm, uri, user, password ):
> > >        pass
> > >
> > > auth = urllib2.ProxyBasicAuthHandler(AuthenticateAllURIs('umjaw', 'fuse3'))
> > > opener = urllib2.build_opener( auth )
> > > urllib2.install_opener( opener )
> > > wp = urllib2.urlopen("http://www.slashdot.org")
> > > print wp.read()
> > >
> > > HTH,
> > > jw
> > >
> > > On 15 Sep 2004 08:37:12 -0700, Michael Foord <fuzzyman at gmail.com> wrote:
> > > [ snip! ]
> > >
> > 
> > 
> > --
> > http://www.Voidspace.org.uk
> > The Place where headspace meets cyberspace. Online resource site -
> > covering science, technology, computing, cyberpunk, psychology,
> > spirituality, fiction and more.
> > 
> > ---
> > http://www.Voidspace.org.uk/atlantibots/pythonutils.html
> > Python utilities, modules and apps.
> > Including Nanagram, Dirwatcher and more.
> > ---
> > http://www.fuchsiashockz.co.uk
> > http://groups.yahoo.com/group/void-shockz
> > ---
> > 
> > Everyone has talent. What is rare is the courage to follow talent
> >  to the dark place where it leads. -Erica Jong
> > Ambition is a poor excuse for not having sense enough to be lazy.
> >          -Milan Kundera
> >

More information about the Python-list mailing list