[Zope3-Users] xmlrpc access with PAU

Shailesh Kumar shaileshk at gmail.com
Sat Aug 18 09:29:47 EDT 2007 

Hi,

apart from Session Credentials, I would also have Zope Realm
Basic-Auth in my credentials plugin (as the last one).

For the normal browser based access, the session credentials plugin
does the work.

For XMLRPC access, I fall back on 'Zope Realm Basic-Auth'.

The URL for XMLRPC server proxy would include login and password
information like:

objProxy = xmlrpclib.Server('http://login:password@localhost:8080/path/to/object")
objProxy.method(arguments)

Hope this helps.

With regards,
-Shailesh


On 8/18/07, C. H. <c at kikazi.com> wrote:
>
>
> I'm having difficulty accessing zope 3 objects using xmlrpc in my
> application, so
> I've gone back into the 22auth example of Phillip von Weitershausen's
> excellent book and
> made some simple modifications to elucidate my question in a simple
> environment
> which I describe here:
>
> created a zope 3 instance
>    created a site named wcsite
>       created a folder named rfolder
>          created a recipe named r1
>          created a recipe named r2
>
> configured a PAU (at the wcsite level)
> with
> "No Challenge if Authenticated"
> "Session Credentials"
>
> created a Principal Folder named users
>
> Access using a browser works fine. If I attempt to access an object
> that an unauthenticated
> user has no access to, I'm presented with a login page and after
> logging in, I acquire and retain access
> until I logout. That's good.
>
> I modified Phillip's example python code worldcookery/xmlrpc/
> recipe.py to authenticate using
> a user=u1 and password=p1 (or so I think, hence my problem). That
> program is shown below.
>
> To test:
> First, in a browser I log in a manager and I edit the wcsite roles
> and permissions to grant the Site Manager role to All Users.
>
> then run
> displayandedit.py http://sasa.local:8080/wcsite/rfolder/r1
>
> This works fine, so I'm able to locate and access and edit the recipe
> data
>
> Next, (using a browser and logged in as the site manager)
> I edit the wcsite roles and permissions to UNSET the Site Manager
> role to All Users and
> grant  the "Visitor of the WorldCookery website" role to All Users.
> Further, I edit wcsite/rfolder/r1 to grant the Site Manager role to
> user u1
> So, the user r1 can read everything on the site but can only edit
> wcsite/rfolder/r1
>
> Now, I rerun displayandedit.py http://sasa.local:8080/wcsite/rfolder/r1
> and get an Unauthorized error:
> xmlrpclib.ProtocolError: <ProtocolError for sasa.local:8080/wcsite/
> rfolder/r1: 401 Unauthorized>
>
> It is my belief that I should be able to provide xmlrpc access to the
> r1 user in the recipe.py code
> but I can't figure out how. Can someone peruse the code below and
> suggest to me the
> appropriate technique? The edit method is the one that I modified to
> attempt to provide access.
> Thanks in advance.
>
> =================Sample worldcookery/xmlrpc/recipe.py==================
> import time
> import xmlrpclib
> from zope.schema import getFields
> from zope.dublincore.interfaces import IZopeDublinCore
> from zope.app.publisher.xmlrpc import XMLRPCView
> from zope.component import getUtility
> from zope.app.security.interfaces import IAuthentication
> from zope.app.authentication.interfaces import IPluggableAuthentication
>
> from worldcookery.interfaces import IRecipe
>
> def to_unicode(string):
>     if isinstance(string, unicode):
>         return string
>     return string.decode('utf-8')
>
> class RecipeView(XMLRPCView):
>
>     def info(self):
>         return dict((field, getattr(self.context, field))
>                     for field in getFields(IRecipe)
>                     if field not in ('__parent__', '__name__'))
>
>     def dublincore_info(self):
>         dc = IZopeDublinCore(self.context)
>         info = dict((field, getattr(dc, field))
>                     for field in getFields(IZopeDublinCore))
>         for name in ('effective', 'created', 'expires', 'modified'):
>             if info[name]:
>                 epochtime = time.mktime(info[name].timetuple())
>                 info[name] = xmlrpclib.DateTime(epochtime)
>             else:
>                 info[name] = ''
>         return info
>
>     def edit(self, info, user, password):
>
>         edit_return = ""
>         pau = getUtility(IAuthentication)
>         #
>         # make sure there is an authentication utility
>         #
>         if not IPluggableAuthentication.providedBy(pau):
>             edit_return = "# ERROR: No Pluggable Authentication
> Utility instance."
>             return edit_return
>         else:
>             edit_return = "\n" +  "# found a Pluggable
> Authentication Utility instace named " + pau.__name__
>         #
>         # get the authenticator plugin and authenticate credentials
>         #
>         for name, plugin in pau.getAuthenticatorPlugins():
>             auth_creds =  plugin.authenticateCredentials({'login':
> user, 'password': password})
>             edit_return = edit_return + "\n#    authenticated user:"
> + auth_creds.login + " title:" + auth_creds.title
>
>         context = self.context
>         context.name = to_unicode(info['name'])
>         context.ingredients = \
>             [to_unicode(ingr) for ingr in info['ingredients']]
>         context.tools = [to_unicode(tool) for tool in info['tools']]
>         context.time_to_cook = info['time_to_cook']
>         context.description = to_unicode(info['description'])
>
>         edit_return = edit_return + "\n" +  "# Object updated
> successfully"
>         return edit_return
>
>
> _______________________________________________
> Zope3-users mailing list
> Zope3-users at zope.org
> http://mail.zope.org/mailman/listinfo/zope3-users
>

More information about the Zope3-users mailing list