Massimo, moving the function out of the controller enabled me to
successfully invoke the function via xmlrpc on my development machine, but
not on the production version. In the forum I see that this (303)
supposedly indicates invalid authorization, but the testing credentials are
valid on both sites. I did so by issuing the following at the python
console:
Python 2.6.6 (r266:84297, Aug 24 2010, 18:46:32) [MSC v.1500 32 bit (Intel)]
on
win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import xmlrpclib
>>> server =
xmlrpclib.Server("http://[email protected]:[email protected]
key.net/init/default/call/xmlrpc")
>>> server2 =
xmlrpclib.Server("http://[email protected]:[email protected]:800
0/mm_beta_1/default/call/xmlrpc")
>>> server.getmeetings()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Python26\lib\xmlrpclib.py", line 1199, in __call__
return self.__send(self.__name, args)
File "C:\Python26\lib\xmlrpclib.py", line 1489, in __request
verbose=self.__verbose
File "C:\Python26\lib\xmlrpclib.py", line 1243, in request
headers
xmlrpclib.ProtocolError: <ProtocolError for
[email protected]:[email protected]
ingmonkey.net/init/default/call/xmlrpc: 303 SEE OTHER>
>>> server2.getmeetings()
'you are logged in!'
Do I need to enables something special in the environment other than
auth.settings.allow_basic_login = True, which is already set. Alos, is this
a recommended way of passing credentials to a web2py services, it seems as
if they may be exposed in the clear during transport???
/david
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
mdipierro
Sent: Sunday, October 24, 2010 1:38 PM
To: web2py-users
Subject: [web2py] Re: confused about services and authorization
I am not sure you should register services in controller, unless you also
want to expose them as actions. I normally put them in a model.
Anyway...
@service.xmlrpc
@service.jsonrpc
@service.whetever
register a function as a service
def call(): return service()
simply exposes all services.
You can do
@auth.requires(auth.user)
def call(): return service()
and you will get an unauthorized error
On Oct 24, 11:19 am, "david.waldrop" <[email protected]> wrote:
> I have spent the bulk of last evening and this morning trying to test
> web2py services and authorization. In addition to setting
> auth.settings.allow_basic_login = True I have deleted the "call
> function" in the default controller, created a seperate controller
> "mmservices",and and populated with the following code:
>
> @auth.requires_login()
> def call():
> """
> exposes services. for example:
> http://..../[app]/default/call/jsonrpc
> decorate with @services.jsonrpc the functions to expose
> supports xml, json, xmlrpc, jsonrpc, amfrpc, rss, csv
> """
> session.forget()
> return service()
>
> @service.xmlrpc
> def getmeetings():
> if auth.is_logged_in():
> return 'you are logged in!'
> else:
> return 'NO DICE'
>
> @service.xmlrpc
> def test(insink):
> if auth.is_logged_in():
> return 'test: you are logged in!'
> else:
> return 'test: NO DICE'
>
> My questions are:
>
> 1) what is the purpose of the "call" function? I see that it is part
> of the proxy when invoking, but am not sure where it gets invoked or
> what it does. Does there need to be a separate call for each web-
> service function (as I saw in a forum post)?
>
> 2) when i
> enterhttp://www.meetingmonkey.net/init/mmservices/getmeetings
> without logging in I get "no dice". I suspect this is due to the fact
> that I am accessing the function because it is in a controller. This
> is not the desired behavior as I want to ensure the user has logged in
> before getting access to the function. Is there a complete example of
> the best practice for implementing web-services including where to put
> various parts of code?
>
> 3) when I
> enterhttp://www.meetingmonkey.net/init/mmservices/call/xmlrpc/getmeeti
> ngs without logging 8in I am redirected to the login page. I would
> rather just return an unauthorized error, but do not know how to do?
