Basic AUTH and 303 vs 401

137 views
Skip to first unread message

Dave S

unread,
Sep 3, 2013, 10:58:02 PM9/3/13
to web...@googlegroups.com
I'm a newbie to web2py, but the book examples have gotten me a long ways, and the forum (GG) has helped, also.  

I have set up a pretty simple SOAP service, and have turned on Basic AUTH.  I get the correct results when the client provides the correct header, so all that's good.  But I'd like to return HTTP 401 (Unauthorized) instead of HTTP 303 (See Other) if the header is missing or incorrect.  What's the best way to do this?  Should I give up the "auth.requires_login" decorator on my call() controller and use the procedural technique of calling auth.basic() in the body (sec 9.25, pg 452 of the 5th ed).  Or should I use the catch303 technique of this earlier post?

Footnote:  On the remote machines, I'm using 2 different clients:  SUDS from Python, and a simple Java client based on java.xml.soap (SOAPConnectionFactory).  In the latter, the 303 error gets turned into an ugly exception about Invalid Content-Type ([...].saaj.SOAPExceptionImpl.  Is this the exception I should be catching to gracefully report the mess-up?  And can I expect a 401 to raise the same exception?

/dps

Michele Comitini

unread,
Sep 4, 2013, 5:45:15 AM9/4/13
to web...@googlegroups.com
You can use a modified call() action:
def call_w_auth():
    """
    exposes services. for example:
    http://..../[app]/default/call/jsonrpc
    decorate with @services.jsonrpc the functions to expose
    supports xml, json, xmlrpc, jsonrpc, amfrpc, rss, csv
    """
    auth.settings.allow_basic_login = True
    auth.basic(basic_auth_realm='any realm is fine')
    return service()

@service.soap('MyFunction',returns={'result':int},args={'a':int,'b':int,})
            def myfunction(a, b):
                return a + b
            def call():
                return service()

Call it with:

            from gluon.contrib.pysimplesoap.client import SoapClient
            client = SoapClient(wsdl="http://..../app/mycontroller/call_w_auth/soap?WSDL")
            response = client.MyFunction(a=1,b=2)
            return response['result']



2013/9/4 Dave S <snide...@gmail.com>

--
 
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Dave S

unread,
Sep 4, 2013, 12:11:22 PM9/4/13
to web...@googlegroups.com
On Wednesday, September 4, 2013 2:45:15 AM UTC-7, Michele Comitini wrote:
You can use a modified call() action:
def call_w_auth():
    """
    exposes services. for example:
    http://..../[app]/default/call/jsonrpc
    decorate with @services.jsonrpc the functions to expose
    supports xml, json, xmlrpc, jsonrpc, amfrpc, rss, csv
    """
    auth.settings.allow_basic_login = True
    auth.basic(basic_auth_realm='any realm is fine')
    return service()

@service.soap('MyFunction',returns={'result':int},args={'a':int,'b':int,})
            def myfunction(a, b):
                return a + b
            def call():
                return service()

Call it with:

            from gluon.contrib.pysimplesoap.client import SoapClient
            client = SoapClient(wsdl="http://..../app/mycontroller/call_w_auth/soap?WSDL")
            response = client.MyFunction(a=1,b=2)
            return response['result']


Okay, thank you.

/dps
Reply all
Reply to author
Forward
0 new messages