[server] ip-based auth

Ryan Kelly ryan at rfk.id.au
Wed Oct 12 17:25:20 PDT 2011


On 13/10/11 10:31, Ben Bangert wrote:
> On Oct 12, 2011, at 4:11 PM, Ryan Kelly wrote:
> 
>> Right, so there's a real difference between user-facing services and
>> internal services.
>>
>> Implementing the IP-based stuff in repoze.who worked well enough, but it
>> just felt like it was the wrong place for it.  Implementing it as a
>> stand-alone Pyramid authn policy would be simpler, cleaner and probably
>> more efficient.
> 
> Agreed, this is what I was hoping for.

So I've gone ahead and refactored it into a pyramid authn policy:

  https://github.com/rfk/cornice/blob/master/cornice/auth/ipauth.py

(Obviously cornice/auth will go away when we create a separate project
for the auth stuff)

Is this approximately the interface you would expect for simple IP auth?

Do you have any initial thoughts on how an app might configure its auth
setup?  E.g. is it going to be easier to just configure it in code in
the make_wsgi_app section, or should cornice grow something to
automatically load and configure auth based on the settings file?

  Cheers,

     Ryan

-- 
Ryan Kelly
http://www.rfk.id.au  |  This message is digitally signed. Please visit
ryan at rfk.id.au        |  http://www.rfk.id.au/ramblings/gpg/ for details

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://mail.mozilla.org/private/services-dev/attachments/20111013/fadcdf90/attachment-0001.bin>


More information about the Services-dev mailing list