| Andrew Cooke | Contents | Latest | RSS | Twitter | Previous | Next

C[omp]ute

Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Lepl parser for Python.

Colorless Green.

Photography around Santiago.

SVG experiment.

Professional Portfolio

Calibration of seismometers.

Data access via web services.

Cache rewrite.

Extending OpenSSH.

C-ORM: docs, API.

Last 100 entries

Culturally Liberal and Nothing More; Weird Finite / Infinite Result; Your diamond is a beaten up mess; Maths Books; Good Bike Route from Providencia / Las Condes to Panul\; Iain Pears (Author of Complex Plots); Plum Jam; Excellent; More Recently; For a moment I forgot StackOverflow sucked; A Few Weeks On...; Chilean Book Recommendations; How To Write Shared Libraries; Jenny Erpenbeck (Author); Dijkstra, Coins, Tables; Python libraries error on OpenSuse; Deserving Trump; And Smugness; McCloskey Economics Trilogy; cmocka - Mocks for C; Concept Creep (Americans); Futhark - OpenCL Language; Moved / Gone; Fan and USB issues; Burgers in Santiago; The Origin of Icosahedral Symmetry in Viruses; autoenum on PyPI; Jars Explains; Tomato Chutney v3; REST; US Elections and Gender: 24 Point Swing; PPPoE on OpenSuse Leap 42.1; SuperMicro X10SDV-TLN4F/F with Opensuse Leap 42.1; Big Data AI Could Be Very Bad Indeed....; Cornering; Postcapitalism (Paul Mason); Black Science Fiction; Git is not a CDN; Mining of Massive Data Sets; Rachel Kaadzi Ghansah; How great republics meet their end; Raspberry, Strawberry and Banana Jam; Interesting Dead Areas of Math; Later Taste; For Sale; Death By Bean; It's Good!; Tomato Chutney v2; Time ATAC MX 2 Pedals - First Impressions; Online Chilean Crafts; Intellectual Variety; Taste + Texture; Time Invariance and Gauge Symmetry; Jodorowsky; Tomato Chutney; Analysis of Support for Trump; Indian SF; TP-Link TL-WR841N DNS TCP Bug; TP-Link TL-WR841N as Wireless Bridge; Sending Email On Time; Maybe run a command; Sterile Neutrinos; Strawberry and Banana Jam; The Best Of All Possible Worlds; Kenzaburo Oe: The Changeling; Peach Jam; Taste Test; Strawberry and Raspberry Jam; flac to mp3 on OpenSuse 42.1; Also, Sebald; Kenzaburo Oe Interview; Otake (Kitani Minoru) move Black 121; Is free speech in British universities under threat?; I am actually good at computers; Was This Mansplaining?; WebFaction / LetsEncrypt / General Disappointment; Sensible Philosophy of Science; George Ellis; Misplaced Intuition and Online Communities; More Reading About Japan; Visibilty / Public Comments / Domestic Violence; Ferias de Santiago; More (Clearly Deliberate); Deleted Obit Post; And then a 50 yo male posts this...; We Have Both Kinds Of Contributors; Free Springer Books; Books on Religion; Books on Linguistics; Palestinan Electronica; Books In Anthropology; Taylor Expansions of Spacetime; Info on Juniper; Efficient Stream Processing; The Moral Character of Crypto; Hearing Aid Info; Small Success With Go!; Re: Quick message - This link is broken; Adding Reverb To The Echo Chamber; Sox Audio Tools; Would This Have Been OK?

© 2006-2015 Andrew Cooke (site) / post authors (content).

Basic HTTP Authentication with XMLRPC in Python

From: "andrew cooke" <andrew@...>

Date: Wed, 31 Dec 2008 17:42:05 -0300 (CLST)

I couldn't find anywhere on the 'net that clearly documented this - there
are various old discussions, but they tend to be out of date.  So here's a
brief sketch of what works.

[Note that HTTP basic authentication - RFC 2617
http://www.faqs.org/rfcs/rfc2617.html - effectively sends username and
password as cleartext.  This is not secure.  As far as I can tell, digest
authentication is not supported, so a more secure (but more complex)
solution would involve SSL (a possible compromise would be basic auth over
SSL, which would only require a server certificate, but which has its own
limitations).]

On the client side, nothing is needed except that username and password
should be placed in the URL used.  The libraries used by xmlrpclib will
construct the correct HTTP header (see below).  So the client code is
simply:

  import xmlrpclib
  server = xmlrpclib.ServerProxy('http://user:pass@...')
  ...

But, obviously, a more typical use case would supply dynamic values.

This generates the Authorization HTTP header, with the format (RFC 2617):

  Authorization: Basic Zm9vOmJhcg==

where Zm9vOmJhcg== is the base64 encoding of, in this case, "foo:bar"
(username and password).  So validation is trivial once this header is
retrieved:

  from base64 import b64decode
  ...
  (basic, _, encoded) = \
    headers.get('Authorization').partition(' ')
  assert basic == 'Basic', 'Only basic authentication supported'
  (username, _, password) = b64decode(encoded).partition(':')
  assert username == 'foo'
  assert password == 'bar'

The only remaining part of the puzzle, then, is how to get the headers. 
Poking around in the source it seems that it is necessary to override
BaseHTTPServer.BaseHTTPRequestHandler.parse_request (which is subclassed
bySimpleXMLRPCServer.SimpleXMLRPCRequestHandler).

So a suitable server class would look like:


  from SimpleXMLRPCServer import SimpleXMLRPCServer, \
    SimpleXMLRPCRequestHandler

  class VerifyingServer(SimpleXMLRPCServer):

    def __init__(self, ..., *args, **kargs):
      # we use an inner class so that we can call out to the
      # authenticate method
      class VerifyingRequestHandler(SimpleXMLRPCRequestHandler):
        # this is the method we must override
        def parse_request(myself):
          # first, call the original implementation which returns
          # True if all OK so far
          if SimpleXMLRPCRequestHandler.parse_request(myself):
            # next we authenticate
            if self.authenticate(myself.headers):
              return True
            else:
              # if authentication fails, tell the client
              myself.send_error(401, 'Authentication failed')
          return False
      # and intialise the superclass with the above
      SimpleXMLRPCServer.__init__(self,
        requestHandler=VerifyingRequestHandler,
        *args, **kargs)

    def authenticate(self, headers):
      # see earlier

Note the distinction between "self" and "myself" above.

Andrew

Comment on this post