help external method and security issue
Hello, We are using a Python External Method to send a "post" request to a dtml-method in python using the httplib library. But it's not working because of the security of the method only allowes certain roles to access it. this is the code we are using: Args = urllib.urlencode(Args) Scheme, Host, Path, Parameters, Query, Frag = urlparse.urlparse(ActionUrl) Contact = httplib.HTTP(Host) Contact.putrequest( "POST", Path ) Contact.putheader( "Content-type", "application/x-www-form-urlencoded" ) Contact.putheader( "Content-length", "%d" %len(Args) ) Contact.putheader( "Accept", "text/plain" ) Contact.putheader( "Host", Host ) Contact.endheaders() Contact.send( Args ) Reply, Message, Headers = Contact.getreply() strOutput = Contact.getfile().read() This is response we got from the server: Reply = 302 Message = Moved Temporarily Headers = Server: Zope/(Zope 2.6.1 (binary release, python 2.1, win32-x86), python 2.1.3, win32) ZServer/1.1b1 Date: Thu, 11 Dec 2003 23:45:02 GMT Bobo-Exception-File: C:\Program Files\Plone\Data\Products\CMFCore\CookieCrumbler.py Bobo-Exception-Type: Redirect Connection: close Location: http://2ksvr:85/require_login?came_from=http%3A//2ksvr%3A85/cvs/custom_repor... Bobo-Exception-Value: http://2ksvr:85/require_login?came_from=http%3A//2ksvr%3A85/cvs/custom_repor... Etag: Content-Length: 0 Bobo-Exception-Line: 200 Any suggestions so we can make it work??? Ruben Montejano. email: rubemontejano@yahoo.com --------------------------------- Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
I don't know if this will solve your problem, but we use command line cURL to invoke dtml routines (via http). You can use the python 'commands' module to invoke cURL. HTH Jonathan ----- Original Message ----- From: Ruben Montejano To: zope@zope.org Sent: December 12, 2003 4:38 PM Subject: [Zope] help external method and security issue Hello, We are using a Python External Method to send a "post" request to a dtml-method in python using the httplib library. But it's not working because of the security of the method only allowes certain roles to access it. this is the code we are using: Args = urllib.urlencode(Args) Scheme, Host, Path, Parameters, Query, Frag = urlparse.urlparse(ActionUrl) Contact = httplib.HTTP(Host) Contact.putrequest( "POST", Path ) Contact.putheader( "Content-type", "application/x-www-form-urlencoded" ) Contact.putheader( "Content-length", "%d" %len(Args) ) Contact.putheader( "Accept", "text/plain" ) Contact.putheader( "Host", Host ) Contact.endheaders() Contact.send( Args ) Reply, Message, Headers = Contact.getreply() strOutput = Contact.getfile().read() This is response we got from the server: Reply = 302 Message = Moved Temporarily Headers = Server: Zope/(Zope 2.6.1 (binary release, python 2.1, win32-x86), python 2.1.3, win32) ZServer/1.1b1 Date: Thu, 11 Dec 2003 23:45:02 GMT Bobo-Exception-File: C:\Program Files\Plone\Data\Products\CMFCore\CookieCrumbler.py Bobo-Exception-Type: Redirect Connection: close Location: http://2ksvr:85/require_login?came_from=http%3A//2ksvr%3A85/cvs/custom_repor... Bobo-Exception-Value: http://2ksvr:85/require_login?came_from=http%3A//2ksvr%3A85/cvs/custom_repor... Etag: Content-Length: 0 Bobo-Exception-Line: 200 Any suggestions so we can make it work??? Ruben Montejano. email: rubemontejano@yahoo.com ------------------------------------------------------------------------------ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing ------------------------------------------------------------------------------ _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
At 12/12/2003 13:38, you wrote:
We are using a Python External Method to send a "post" request to a dtml-method in python using the httplib library. But it's not working because of the security of the method only allowes certain roles to access it.
If both the external method and the dtml-method are on the same Zope instance this is rather crazy... But if this is what you really want to do, you must provide enough credentials in the request (Authorization header). Gabriel Genellina Softlab SRL
participants (3)
-
Gabriel Genellina -
Ruben Montejano -
Small Business Services