1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>10. HTTP and cookie-based authentication</title>
<META NAME="description" CONTENT="10. HTTP and cookie-based authentication">
<META NAME="keywords" CONTENT="tut">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="STYLESHEET" href="tut.css" type='text/css'>
<link rel="first" href="tut.html">
<link rel="contents" href="contents.html" title="Contents">
<LINK REL="next" HREF="node13.html">
<LINK REL="previous" HREF="node11.html">
<LINK REL="up" HREF="tut.html">
<LINK REL="next" HREF="node13.html">
<meta name='aesop' content='information'>
</head>
<body>
<DIV CLASS="navigation">
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A HREF="node11.html"><img src="../icons/previous.gif"
border="0" height="32"
alt="Previous Page" width="32"></A></td>
<td><A HREF="tut.html"><img src="../icons/up.gif"
border="0" height="32"
alt="Up One Level" width="32"></A></td>
<td><A HREF="node13.html"><img src="../icons/next.gif"
border="0" height="32"
alt="Next Page" width="32"></A></td>
<td align="center" width="100%">CherryPy Tutorial</td>
<td><A HREF="node2.html"><img src="../icons/contents.gif"
border="0" height="32"
alt="Contents" width="32"></A></td>
<td><img src="../icons/blank.gif"
border="0" height="32"
alt="" width="32"></td>
<td><img src="../icons/blank.gif"
border="0" height="32"
alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" HREF="node11.html">9. Using several modules</A>
<b class="navlabel">Up:</b> <a class="sectref" HREF="tut.html">CherryPy Tutorial</A>
<b class="navlabel">Next:</b> <a class="sectref" HREF="node13.html">11. Handling HTML forms</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
<H1><A NAME="SECTION0012000000000000000000">
10. HTTP and cookie-based authentication</A>
</H1>
The two most common ways to restrict access to some parts of a website are:
<UL>
<LI>HTTP authentication: the browser opens a popup-window and prompts you for a login and password. The session information
is stored inside your browser and is lost when you close all browser windows.
</LI>
<LI>Cookie-based authentication: You use a form to enter your login and password. Your session information is stored
in a cookie
</LI>
</UL>
<P>
These techniques can be a pain to implement with some application servers. With CherryPy, they require
only <b>THREE LINES OF CODE</b> !
<P>
All you have to do is use the standard modules <var>HttpAuthenticate</var> and <var>CookieAuthenticate</var>. The following
is an example that uses both modules.
<P>
<div class="verbatim"><pre>
use HttpAuthenticate, CookieAuthenticate
CherryClass Root:
mask:
def index(self):
<html><body>
<a py-attr="request.base+'/httpProtected/index'" href="">Click here to enter a restricted area using HTTP authentication</a><br>
<a py-attr="request.base+'/cookieProtected/index'" href="">Click here to enter a restricted area using cookie authentication</a><br>
In both cases, the login and password are "login" and "password"
</body></html>
CherryClass HttpProtected(HttpAuthenticate):
function:
def getPasswordListForLogin(self, login):
# Here we define what the login and password are
if login=='login': return ['password']
return []
mask:
def index(self):
<html><body>You're in</body></html>
CherryClass CookieProtected(CookieAuthenticate):
function:
def getPasswordListForLogin(self, login):
# Here we define what the login and password are
if login=='login': return ['password']
return []
mask:
def index(self):
<html><body>
You're in<br>
Click <a href="doLogout">here</a> to log out.
</body></html>
</pre></div>
<P>
As you can see, all you have to do is to create a CherryClass that inherits from <var>HttpAuthenticate</var> or <var>CookieAuthenticate</var>
and implement a function called <var>getPasswordListForLogin</var> that returns a list of matching passwords for a given login.
(this allows you to keep a master key that works for all users, for instance ...)
<P>
As you can see, using these two modules is really easy.
<P>
In the next chapter, we'll see how to use another CherryPy standard module: Form
<P>
<DIV CLASS="navigation">
<p><hr>
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A HREF="node11.html"><img src="../icons/previous.gif"
border="0" height="32"
alt="Previous Page" width="32"></A></td>
<td><A HREF="tut.html"><img src="../icons/up.gif"
border="0" height="32"
alt="Up One Level" width="32"></A></td>
<td><A HREF="node13.html"><img src="../icons/next.gif"
border="0" height="32"
alt="Next Page" width="32"></A></td>
<td align="center" width="100%">CherryPy Tutorial</td>
<td><A HREF="node2.html"><img src="../icons/contents.gif"
border="0" height="32"
alt="Contents" width="32"></A></td>
<td><img src="../icons/blank.gif"
border="0" height="32"
alt="" width="32"></td>
<td><img src="../icons/blank.gif"
border="0" height="32"
alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" HREF="node11.html">9. Using several modules</A>
<b class="navlabel">Up:</b> <a class="sectref" HREF="tut.html">CherryPy Tutorial</A>
<b class="navlabel">Next:</b> <a class="sectref" HREF="node13.html">11. Handling HTML forms</A>
<hr>
<span class="release-info">Release 0.10, documentation updated on 19 March 2004.</span>
</DIV>
<!--End of Navigation Panel-->
<ADDRESS>
See <i><a href="about.html">About this document...</a></i> for information on suggesting changes.
</ADDRESS>
</BODY>
</HTML>
|
