Merge pull request #840 from meejah/issue430-dynamic-auth
Issue430 dynamic auth
This commit is contained in:
commit
89ac1f411d
@ -1744,13 +1744,7 @@ class Publish(Message):
|
|||||||
|
|
||||||
return obj
|
return obj
|
||||||
|
|
||||||
def marshal(self):
|
def marshal_options(self):
|
||||||
"""
|
|
||||||
Marshal this object into a raw message for subsequent serialization to bytes.
|
|
||||||
|
|
||||||
:returns: The serialized raw message.
|
|
||||||
:rtype: list
|
|
||||||
"""
|
|
||||||
options = {}
|
options = {}
|
||||||
|
|
||||||
if self.acknowledge is not None:
|
if self.acknowledge is not None:
|
||||||
@ -1780,6 +1774,19 @@ class Publish(Message):
|
|||||||
options[u'enc_key'] = self.enc_key
|
options[u'enc_key'] = self.enc_key
|
||||||
if self.enc_serializer is not None:
|
if self.enc_serializer is not None:
|
||||||
options[u'enc_serializer'] = self.enc_serializer
|
options[u'enc_serializer'] = self.enc_serializer
|
||||||
|
|
||||||
|
return options
|
||||||
|
|
||||||
|
def marshal(self):
|
||||||
|
"""
|
||||||
|
Marshal this object into a raw message for subsequent serialization to bytes.
|
||||||
|
|
||||||
|
:returns: The serialized raw message.
|
||||||
|
:rtype: list
|
||||||
|
"""
|
||||||
|
options = self.marshal_options()
|
||||||
|
|
||||||
|
if self.payload:
|
||||||
return [Publish.MESSAGE_TYPE, self.request, options, self.topic, self.payload]
|
return [Publish.MESSAGE_TYPE, self.request, options, self.topic, self.payload]
|
||||||
else:
|
else:
|
||||||
if self.kwargs:
|
if self.kwargs:
|
||||||
@ -1962,13 +1969,7 @@ class Subscribe(Message):
|
|||||||
|
|
||||||
return obj
|
return obj
|
||||||
|
|
||||||
def marshal(self):
|
def marshal_options(self):
|
||||||
"""
|
|
||||||
Marshal this object into a raw message for subsequent serialization to bytes.
|
|
||||||
|
|
||||||
:returns: The serialized raw message.
|
|
||||||
:rtype: list
|
|
||||||
"""
|
|
||||||
options = {}
|
options = {}
|
||||||
|
|
||||||
if self.match and self.match != Subscribe.MATCH_EXACT:
|
if self.match and self.match != Subscribe.MATCH_EXACT:
|
||||||
@ -1977,7 +1978,16 @@ class Subscribe(Message):
|
|||||||
if self.get_retained is not None:
|
if self.get_retained is not None:
|
||||||
options[u'get_retained'] = self.get_retained
|
options[u'get_retained'] = self.get_retained
|
||||||
|
|
||||||
return [Subscribe.MESSAGE_TYPE, self.request, options, self.topic]
|
return options
|
||||||
|
|
||||||
|
def marshal(self):
|
||||||
|
"""
|
||||||
|
Marshal this object into a raw message for subsequent serialization to bytes.
|
||||||
|
|
||||||
|
:returns: The serialized raw message.
|
||||||
|
:rtype: list
|
||||||
|
"""
|
||||||
|
return [Subscribe.MESSAGE_TYPE, self.request, self.marshal_options(), self.topic]
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
"""
|
"""
|
||||||
@ -2784,13 +2794,7 @@ class Call(Message):
|
|||||||
|
|
||||||
return obj
|
return obj
|
||||||
|
|
||||||
def marshal(self):
|
def marshal_options(self):
|
||||||
"""
|
|
||||||
Marshal this object into a raw message for subsequent serialization to bytes.
|
|
||||||
|
|
||||||
:returns: The serialized raw message.
|
|
||||||
:rtype: list
|
|
||||||
"""
|
|
||||||
options = {}
|
options = {}
|
||||||
|
|
||||||
if self.timeout is not None:
|
if self.timeout is not None:
|
||||||
@ -2806,6 +2810,19 @@ class Call(Message):
|
|||||||
options[u'enc_key'] = self.enc_key
|
options[u'enc_key'] = self.enc_key
|
||||||
if self.enc_serializer is not None:
|
if self.enc_serializer is not None:
|
||||||
options[u'enc_serializer'] = self.enc_serializer
|
options[u'enc_serializer'] = self.enc_serializer
|
||||||
|
|
||||||
|
return options
|
||||||
|
|
||||||
|
def marshal(self):
|
||||||
|
"""
|
||||||
|
Marshal this object into a raw message for subsequent serialization to bytes.
|
||||||
|
|
||||||
|
:returns: The serialized raw message.
|
||||||
|
:rtype: list
|
||||||
|
"""
|
||||||
|
options = self.marshal_options()
|
||||||
|
|
||||||
|
if self.payload:
|
||||||
return [Call.MESSAGE_TYPE, self.request, options, self.procedure, self.payload]
|
return [Call.MESSAGE_TYPE, self.request, options, self.procedure, self.payload]
|
||||||
else:
|
else:
|
||||||
if self.kwargs:
|
if self.kwargs:
|
||||||
@ -3253,13 +3270,7 @@ class Register(Message):
|
|||||||
|
|
||||||
return obj
|
return obj
|
||||||
|
|
||||||
def marshal(self):
|
def marshal_options(self):
|
||||||
"""
|
|
||||||
Marshal this object into a raw message for subsequent serialization to bytes.
|
|
||||||
|
|
||||||
:returns: The serialized raw message.
|
|
||||||
:rtype: list
|
|
||||||
"""
|
|
||||||
options = {}
|
options = {}
|
||||||
|
|
||||||
if self.match and self.match != Register.MATCH_EXACT:
|
if self.match and self.match != Register.MATCH_EXACT:
|
||||||
@ -3271,7 +3282,16 @@ class Register(Message):
|
|||||||
if self.concurrency:
|
if self.concurrency:
|
||||||
options[u'concurrency'] = self.concurrency
|
options[u'concurrency'] = self.concurrency
|
||||||
|
|
||||||
return [Register.MESSAGE_TYPE, self.request, options, self.procedure]
|
return options
|
||||||
|
|
||||||
|
def marshal(self):
|
||||||
|
"""
|
||||||
|
Marshal this object into a raw message for subsequent serialization to bytes.
|
||||||
|
|
||||||
|
:returns: The serialized raw message.
|
||||||
|
:rtype: list
|
||||||
|
"""
|
||||||
|
return [Register.MESSAGE_TYPE, self.request, self.marshal_options(), self.procedure]
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
"""
|
"""
|
||||||
|
@ -3,6 +3,9 @@
|
|||||||
"workers": [
|
"workers": [
|
||||||
{
|
{
|
||||||
"type": "router",
|
"type": "router",
|
||||||
|
"options": {
|
||||||
|
"pythonpath": ["../../twisted/wamp/rpc/authorize/"]
|
||||||
|
},
|
||||||
"realms": [
|
"realms": [
|
||||||
{
|
{
|
||||||
"name": "crossbardemo",
|
"name": "crossbardemo",
|
||||||
@ -55,6 +58,21 @@
|
|||||||
"cache": true
|
"cache": true
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "approver",
|
||||||
|
"permissions": [
|
||||||
|
{
|
||||||
|
"uri": "com.example.authorize",
|
||||||
|
"allow": {
|
||||||
|
"register": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "dynamic_authed",
|
||||||
|
"authorizer": "com.example.authorize"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -120,6 +138,10 @@
|
|||||||
"secret": "p4ssw0rd",
|
"secret": "p4ssw0rd",
|
||||||
"role": "authenticated"
|
"role": "authenticated"
|
||||||
},
|
},
|
||||||
|
"bob": {
|
||||||
|
"secret": "p4ssw0rd",
|
||||||
|
"role": "dynamic_authed"
|
||||||
|
},
|
||||||
"salted": {
|
"salted": {
|
||||||
"secret": "zFXAAAqW5nlonWfP6JLMq4KGLRYZAd8OSXWknEbckCQ=",
|
"secret": "zFXAAAqW5nlonWfP6JLMq4KGLRYZAd8OSXWknEbckCQ=",
|
||||||
"role": "authenticated",
|
"role": "authenticated",
|
||||||
@ -175,6 +197,14 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
],
|
||||||
|
"components": [
|
||||||
|
{
|
||||||
|
"type": "class",
|
||||||
|
"classname": "authorizer.MyAuthorizer",
|
||||||
|
"realm": "crossbardemo",
|
||||||
|
"role": "approver"
|
||||||
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
4
examples/twisted/wamp/rpc/authorize/README.md
Normal file
4
examples/twisted/wamp/rpc/authorize/README.md
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
This shows how to use dynamic authorizers
|
||||||
|
|
||||||
|
Try changing the "if True" in "authorize.py" -- then the registration
|
||||||
|
should fail.
|
2
examples/twisted/wamp/rpc/authorize/__init__.py
Normal file
2
examples/twisted/wamp/rpc/authorize/__init__.py
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
# this is a module so we can include it via PYTHONPATH in the example
|
||||||
|
# router's config.
|
28
examples/twisted/wamp/rpc/authorize/authorizer.py
Normal file
28
examples/twisted/wamp/rpc/authorize/authorizer.py
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
from twisted.internet.defer import inlineCallbacks
|
||||||
|
from autobahn.twisted.wamp import ApplicationSession
|
||||||
|
|
||||||
|
|
||||||
|
class MyAuthorizer(ApplicationSession):
|
||||||
|
|
||||||
|
@inlineCallbacks
|
||||||
|
def onJoin(self, details):
|
||||||
|
print("MyAuthorizer.onJoin({})".format(details))
|
||||||
|
try:
|
||||||
|
yield self.register(self.authorize, u'com.example.authorize')
|
||||||
|
print("MyAuthorizer: authorizer registered")
|
||||||
|
except Exception as e:
|
||||||
|
print("MyAuthorizer: failed to register authorizer procedure ({})".format(e))
|
||||||
|
raise
|
||||||
|
|
||||||
|
def authorize(self, details, uri, action, options={}):
|
||||||
|
print("MyAuthorizer.authorize(uri='{}', action='{}')".format(uri, action))
|
||||||
|
print("options:")
|
||||||
|
for k, v in options.items():
|
||||||
|
print(" {}: {}".format(k, v))
|
||||||
|
if False:
|
||||||
|
print("I allow everything.")
|
||||||
|
else:
|
||||||
|
if options.get(u"match", "") != u"exact":
|
||||||
|
print("only exact-match subscriptions allowed")
|
||||||
|
return False
|
||||||
|
return True
|
80
examples/twisted/wamp/rpc/authorize/backend.py
Normal file
80
examples/twisted/wamp/rpc/authorize/backend.py
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
###############################################################################
|
||||||
|
#
|
||||||
|
# The MIT License (MIT)
|
||||||
|
#
|
||||||
|
# Copyright (c) Crossbar.io Technologies GmbH
|
||||||
|
#
|
||||||
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
# of this software and associated documentation files (the "Software"), to deal
|
||||||
|
# in the Software without restriction, including without limitation the rights
|
||||||
|
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
# copies of the Software, and to permit persons to whom the Software is
|
||||||
|
# furnished to do so, subject to the following conditions:
|
||||||
|
#
|
||||||
|
# The above copyright notice and this permission notice shall be included in
|
||||||
|
# all copies or substantial portions of the Software.
|
||||||
|
#
|
||||||
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||||
|
# THE SOFTWARE.
|
||||||
|
#
|
||||||
|
###############################################################################
|
||||||
|
|
||||||
|
from os import environ
|
||||||
|
from twisted.internet import reactor
|
||||||
|
from twisted.internet.defer import inlineCallbacks
|
||||||
|
|
||||||
|
from autobahn.twisted.wamp import Session, ApplicationRunner
|
||||||
|
from autobahn.wamp.types import SubscribeOptions, RegisterOptions
|
||||||
|
from autobahn.twisted.util import sleep
|
||||||
|
|
||||||
|
|
||||||
|
class Component(Session):
|
||||||
|
"""
|
||||||
|
An application component calling the different backend procedures.
|
||||||
|
"""
|
||||||
|
|
||||||
|
@inlineCallbacks
|
||||||
|
def onJoin(self, details):
|
||||||
|
print("session attached {}".format(details))
|
||||||
|
|
||||||
|
def foo(*args, **kw):
|
||||||
|
print("foo(): {} {}".format(args, kw))
|
||||||
|
return None
|
||||||
|
reg = yield self.register(
|
||||||
|
foo, u'example.foo',
|
||||||
|
options=RegisterOptions(
|
||||||
|
invoke=u'roundrobin',
|
||||||
|
)
|
||||||
|
)
|
||||||
|
print("registered example.foo: {}".format(reg))
|
||||||
|
|
||||||
|
def bar(*args, **kw):
|
||||||
|
print("bar(): {} {}".format(args, kw))
|
||||||
|
return None
|
||||||
|
sub = yield self.subscribe(
|
||||||
|
bar, u"example.",
|
||||||
|
options=SubscribeOptions(
|
||||||
|
match=u"prefix",
|
||||||
|
)
|
||||||
|
)
|
||||||
|
print("subscribed: {}".format(sub))
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
runner = ApplicationRunner(
|
||||||
|
environ.get("AUTOBAHN_DEMO_ROUTER", u"ws://127.0.0.1:8080/auth_ws"),
|
||||||
|
u"crossbardemo",
|
||||||
|
)
|
||||||
|
|
||||||
|
def make(config):
|
||||||
|
session = Component(config)
|
||||||
|
session.add_authenticator(
|
||||||
|
u"wampcra", authid=u'bob', secret=u'p4ssw0rd'
|
||||||
|
)
|
||||||
|
return session
|
||||||
|
runner.run(make)
|
Loading…
Reference in New Issue
Block a user