hierarchical realms and httpauthfilter (CP 2.2.x)

Thread: hierarchical realms and httpauthfilter (CP 2.2.x)

Search this list only Search all lists
hierarchical realms and httpauthfilter (CP 2.2.x)
	2006-12-27 18:21:07
Hi all, I have a need to implement Digest/Basic Auth using httpauthfilter using CP 2.2.x, but with hierarchical realms. For example say, I have: http://mysite/fe ature/001/action/... http://mysite/fe ature/002/action/... http://mysite/fe ature/003/action/... and so on... And that, Folks in realm 003 include Folks in realm 002, and Folks in realm 002 include Folks in realm 001 So, in this case, if folks get authenticated to say, realm 003 they need not get authenticated for realm 002/001 actions and if they get authenticated to say, realm 002, they need not get authenticated for realm 001 actions. Likewise, if they get authenticated only for realm 001 actions they should get authenticated for realm 002 (or higher) actions, and if they get authenticated for say realm 002 actions, they need to get authenticated for 003 or higher actions... With the latest httpauthfilter (CP 2.2.x) version, is it possible to implement such an auth scheme of hierarchical realms. Thanks for the help, /venkat --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cherrypy-users" group. To post to this group, send email to cherrypy-usersgooglegroups.com To unsubscribe from this group, send email to cherrypy-users-unsubscribegooglegroups.com For more options, visit this group at http://groups-beta.google.com/group/cherrypy-users?hl=en -~----------~----~----~----~------~----~------~--~---

hierarchical realms and httpauthfilter (CP 2.2.x)
	2006-12-27 18:47:04
venkatbo wrote: > > Hi all, > > I have a need to implement Digest/Basic Auth using > httpauthfilter using CP 2.2.x, but with hierarchical realms. > > For example say, I have: > http://mysite/fe ature/001/action/... > http://mysite/fe ature/002/action/... > http://mysite/fe ature/003/action/... > and so on... And that, > Folks in realm 003 include > Folks in realm 002, and > Folks in realm 002 include > Folks in realm 001 > > So, in this case, if folks get authenticated to say, realm 003 > they need not get authenticated for realm 002/001 actions > and if they get authenticated to say, realm 002, they need > not get authenticated for realm 001 actions. > > Likewise, if they get authenticated only for realm 001 actions > they should get authenticated for realm 002 (or higher) actions, > and if they get authenticated for say realm 002 actions, they > need to get authenticated for 003 or higher actions... > > With the latest httpauthfilter (CP 2.2.x) version, is it possible > to implement such an auth scheme of hierarchical realms. > It will depend how your code is designed. If 001, 002, etc. is statically defined then simply set the _cp_filter attribute at each correct level. If those are dynamic then you'll have some tweaking to do I'm afraid. So if you have: class Some001: _cp_filter = [HTTPAuthFilter(realm='001') ... class Some002: _cp_filter = [HTTPAuthFilter(realm='002') ... etc. This will work fine as you expect. If the 00x part is dynamic then you will may write a simple filter that inspects the URI and sets the realm value of the auth filter dynamically. - Sylvain --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cherrypy-users" group. To post to this group, send email to cherrypy-usersgooglegroups.com To unsubscribe from this group, send email to cherrypy-users-unsubscribegooglegroups.com For more options, visit this group at http://groups-beta.google.com/group/cherrypy-users?hl=en -~----------~----~----~----~------~----~------~--~---

hierarchical realms and httpauthfilter (CP 2.2.x)
	2006-12-27 19:22:14
Thanks Sylvain. Have a doubt: In, > > http://mysite/fe ature/001/action/... > > http://mysite/fe ature/002/action/... > > http://mysite/fe ature/003/action/... the numeric path component is known, but that component will be only be numeric and it may start with preceeding 0's. There are no dynamically generated path components Since one cannot have class names or method names exactly matching the numeric path component as shown above, can I still have classes like you suggest: > class Some001: > class Some002: with the filters setup appropriately ? Taking the original example, I was thinking, at the level of: http://mysite/feature/ I'd need to use a default() handler. I can examine the realm and ensure its one of (001, 002, 003...), but then how can I apply a _cp_filer based on the realm I've just found out ? Thanks much, /venkat --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cherrypy-users" group. To post to this group, send email to cherrypy-usersgooglegroups.com To unsubscribe from this group, send email to cherrypy-users-unsubscribegooglegroups.com For more options, visit this group at http://groups-beta.google.com/group/cherrypy-users?hl=en -~----------~----~----~----~------~----~------~--~---

hierarchical realms and httpauthfilter (CP 2.2.x)
	2006-12-27 19:25:52
venkatbo wrote: > > Thanks Sylvain. > > Have a doubt: > > In, >> > http://mysite/fe ature/001/action/... >> > http://mysite/fe ature/002/action/... >> > http://mysite/fe ature/003/action/... > the numeric path component is known, but > that component will be only be numeric and > it may start with preceeding 0's. There are > no dynamically generated path components > > Since one cannot have class names or > method names exactly matching the numeric > path component as shown above, can I still > have classes like you suggest: >> class Some001: >> class Some002: > with the filters setup appropriately ? > > Taking the original example, I was thinking, > at the level of: > http://mysite/feature/ > I'd need to use a default() handler. I can examine > the realm and ensure its one of (001, 002, 003...), > but then how can I apply a _cp_filer based on the > realm I've just found out ? > Doing it frm the default handler would be too late (or too ugly), it'd be better to have a filter doing that work before the httpauthfilter is being called (so a filter attached to the before_main hook point and inserted before the httpauthfilter instance in the _cp_filter attribute). - Sylvain --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cherrypy-users" group. To post to this group, send email to cherrypy-usersgooglegroups.com To unsubscribe from this group, send email to cherrypy-users-unsubscribegooglegroups.com For more options, visit this group at http://groups-beta.google.com/group/cherrypy-users?hl=en -~----------~----~----~----~------~----~------~--~---

[1-4]

about | contact Other archives ( Real Estate discussion Medical topics )