RPC4Django should provide authentication facilities OOTB
When you create and expose web-services quite often you need to protect them. For the time being, no matter which tool you use (RPC4Django, django-xmlrpc, etc.) you have to code authentication handling by yourself. This can be quite annoying and time consuming and doesn't allow to follow a common path for such an important feature.
I think RPC4Django should provide OOTB a tool that takes care of authentication. Probably, a good solution will be to provide a public "login" method which returns an authorized session:
from xmlrpclib import ServerProxy
server = ServerProxy('http://
session = server.
result = session.
session.close() (or session.logout())
[2010-04-16 davidfischer]
The methods will probably be something like system.login() and system.logout(). They probably won't return anything, but rather simply authenticate the session. These will probably be disabled by default but could be enabled with an entry in settings.py
Moreover, RPC4Django could provide an admin interface for setting an ad-hoc users/roles for restricting ws access.
[2010-04-16 davidfischer]
The admin interface is handled by the existing Django admin interface. Users are Django users and roles are Django permissions. There's no reason to re-invent the wheel.
Blueprint information
- Status:
- Complete
- Approver:
- davidfischer
- Priority:
- Medium
- Drafter:
- Simone Orsi
- Direction:
- Approved
- Assignee:
- davidfischer
- Definition:
- Approved
- Series goal:
- Accepted for main
- Implementation:
- Implemented
- Milestone target:
- 0.1.8
- Started by
- davidfischer
- Completed by
- davidfischer
Related branches
Related bugs
Sprints
Whiteboard
Other than the few changes I noted in the description, I think this can proceed.
[2010-10-26 davidfischer]
I've been busy, but this is finally implemented in 0.1.8. The big issue is that it requires a cookie aware transport. See http://
Also, I created a bug report (#667296) about this since RPC4Django should really include a cookie aware transport to make this feature useful.