Even more confusion. I can get it to work on dev environment by reverting to the original decorator on call
#...<http://groups.google.com/groups/unlock?_done=/group/web2py/browse_thread/thread/fea1decf09348144/63e0a69197d87f60&msg=08956f3893e1109d> @auth.requires(auth.user) @auth.requires_login() def call(): """ exposes services. for example: http://..../<http://www.google.com/url?sa=D&q=http://..../&usg=AFQjCNHTjjhgMOeO9jlDZUrYwzrfE3YtZg> [app]/default/call/jsonrpc decorate with @services.jsonrpc the functions to expose supports xml, json, xmlrpc, jsonrpc, amfrpc, rss, csv """ session.forget() return service() This works on the local/dev machine. By work I meant i get the expected result when valid credentials are passed, and a 303 when invalid is passed!!! I cannot get it to work on the production system. If I comment out the authorization decorator all together the service is invoked thereby isolating the problem to the way the credentials are passed/handled. The code is Identical so it must be something in the environmental setup. Any ideas? On Sun, Oct 24, 2010 at 2:57 PM, david.waldrop <[email protected]>wrote: > Cancel that it DOES NOT work on local either. In the previous post it > worked I believe because I still had the old controller. Now that I > have deleted the controller puttilng the call function back in the > default controller, and moving the getmeeting function to a model > file, i am not able to access in the dev server or the productiontion > server. I am 100% sure the credentials are correct, but cannot figure > out why the authentication is not happening. > > On Oct 24, 2:13 pm, "David Waldrop" <[email protected]> wrote: > > Massimo, moving the function out of the controller enabled me to > > successfully invoke the function via xmlrpc on my development machine, > but > > not on the production version. In the forum I see that this (303) > > supposedly indicates invalid authorization, but the testing credentials > are > > valid on both sites. I did so by issuing the following at the python > > console: > > > > Python 2.6.6 (r266:84297, Aug 24 2010, 18:46:32) [MSC v.1500 32 bit > (Intel)] > > on > > win32 > > Type "help", "copyright", "credits" or "license" for more information. > > > > >>> import xmlrpclib > > >>> server = > > > > xmlrpclib.Server("http://[email protected]:[email protected] > > key.net/init/default/call/xmlrpc") > > > > >>> server2 = > > > > xmlrpclib.Server("http://[email protected]:[email protected]:800 > > 0/mm_beta_1/default/call/xmlrpc") > > > > >>> server.getmeetings() > > > > Traceback (most recent call last): > > File "<stdin>", line 1, in <module> > > File "C:\Python26\lib\xmlrpclib.py", line 1199, in __call__ > > return self.__send(self.__name, args) > > File "C:\Python26\lib\xmlrpclib.py", line 1489, in __request > > verbose=self.__verbose > > File "C:\Python26\lib\xmlrpclib.py", line 1243, in request > > headers > > xmlrpclib.ProtocolError: <ProtocolError for > > [email protected]:[email protected] > > ingmonkey.net/init/default/call/xmlrpc: 303 SEE OTHER> > > > > >>> server2.getmeetings() > > > > 'you are logged in!' > > > > Do I need to enables something special in the environment other than > > auth.settings.allow_basic_login = True, which is already set. Alos, is > this > > a recommended way of passing credentials to a web2py services, it seems > as > > if they may be exposed in the clear during transport??? > > > > /david > > > > > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf > Of > > > > mdipierro > > Sent: Sunday, October 24, 2010 1:38 PM > > To: web2py-users > > Subject: [web2py] Re: confused about services and authorization > > > > I am not sure you should register services in controller, unless you also > > want to expose them as actions. I normally put them in a model. > > Anyway... > > > > @service.xmlrpc > > @service.jsonrpc > > @service.whetever > > > > register a function as a service > > > > def call(): return service() > > > > simply exposes all services. > > > > You can do > > > > @auth.requires(auth.user) > > def call(): return service() > > > > and you will get an unauthorized error > > > > On Oct 24, 11:19 am, "david.waldrop" <[email protected]> wrote: > > > I have spent the bulk of last evening and this morning trying to test > > > web2py services and authorization. In addition to setting > > > auth.settings.allow_basic_login = True I have deleted the "call > > > function" in the default controller, created a seperate controller > > > "mmservices",and and populated with the following code: > > > > > @auth.requires_login() > > > def call(): > > > """ > > > exposes services. for example: > > > http://..../[app]/default/call/jsonrpc > > > decorate with @services.jsonrpc the functions to expose > > > supports xml, json, xmlrpc, jsonrpc, amfrpc, rss, csv > > > """ > > > session.forget() > > > return service() > > > > > @service.xmlrpc > > > def getmeetings(): > > > if auth.is_logged_in(): > > > return 'you are logged in!' > > > else: > > > return 'NO DICE' > > > > > @service.xmlrpc > > > def test(insink): > > > if auth.is_logged_in(): > > > return 'test: you are logged in!' > > > else: > > > return 'test: NO DICE' > > > > > My questions are: > > > > > 1) what is the purpose of the "call" function? I see that it is part > > > of the proxy when invoking, but am not sure where it gets invoked or > > > what it does. Does there need to be a separate call for each web- > > > service function (as I saw in a forum post)? > > > > > 2) when i > > > enterhttp://www.meetingmonkey.net/init/mmservices/getmeetings > > > without logging in I get "no dice". I suspect this is due to the fact > > > that I am accessing the function because it is in a controller. This > > > is not the desired behavior as I want to ensure the user has logged in > > > before getting access to the function. Is there a complete example of > > > the best practice for implementing web-services including where to put > > > various parts of code? > > > > > 3) when I > > > enterhttp://www.meetingmonkey.net/init/mmservices/call/xmlrpc/getmeeti > > > ngs without logging 8in I am redirected to the login page. I would > > > rather just return an unauthorized error, but do not know how to do? > -- [email protected] | 301.526.9500
