如何通过python中的票证对WAMP连接进行身份验证
[英]How to authenticate a WAMP connection via a ticket in python
问题描述
I'm trying to connect to a WAMP bus from a different application that has certain roles configured. 
我正在尝试从配置了某些角色的其他应用程序连接到WAMP总线。 The roles are authenticated with a static ticket, so I believe that I need to declare what role I want to connect as and what the associated ticket is. 这些角色已使用静态票证进行了身份验证,因此我认为我需要声明要连接的角色以及关联的票证是什么。 I'm writing this in Python and have most of the component set up, but I can't find any documentation about how to do this sort of authentication. 我正在用Python编写此代码,并且已设置了大多数组件,但是找不到任何有关如何进行这种身份验证的文档。
from autobahn.twisted.component import Component, run
COMP = Component(
realm=u"the-realm-to-connect",
transports=u"wss://this.is.my.url/topic",
authentication={
# This is where I need help
# u"ticket"?
# u"authid"?
}
)
Without the authentication, I'm able to connect to and publish to the WAMP bus when it is running locally on my computer, but that one is configured to allow anonymous users to publish. 如果没有身份验证,当它在计算机上本地运行时,我就可以连接并发布到WAMP总线,但是该WAMP总线已配置为允许匿名用户发布。 My production WAMP bus does not allow anonymous users to publish, so I need to authenticate what role this is connecting as. 我的生产WAMP总线不允许匿名用户发布,因此我需要验证此角色的身份。 The Autobahn|Python documentation implies that it can be done in Python, but I've only been able to find examples of how to do it in JavaScript/JSON in Crossbar.io's documentation . Autobahn | Python文档暗示可以在Python中完成,但是我只能在Crossbar.io文档中找到如何在JavaScript / JSON中进行操作的示例。
2 个解决方案
解决方案1
0 已采纳 2019-01-31 17:23:04
the documentation is not very up to date. 该文档不是最新的。 With the Component it is necessary to do like that for tickets: 对于组件,必须对票证执行以下操作:
from autobahn.twisted.component import Component, run
component = Component(
realm=u"the-realm-to-connect",
transports=u"wss://this.is.my.url/topic",
authentication={
"ticket": {
"authid": "username",
"ticket": "secrettoken"
}
},
)
解决方案2
-1 2018-07-10 12:23:14
Here is some example that can be helpful for you: 这是一些对您有帮助的示例:
https://github.com/crossbario/crossbar-examples/tree/master/authentication https://github.com/crossbario/crossbar-examples/tree/master/authentication
I think you need to use WAMP-Ticket Dynamic Authentication method. 我认为您需要使用WAMP-Ticket动态身份验证方法。
WAMP-Ticket dynamic authentication is a simple cleartext challenge scheme.
So you need to create an additional component to Authenticate users: 因此,您需要创建一个附加组件来验证用户身份:
from autobahn.twisted.wamp import ApplicationSession
from autobahn.wamp.exception import ApplicationError
class AuthenticatorSession(ApplicationSession):
@inlineCallbacks
def onJoin(self, details):
def authenticate(realm, authid, details):
ticket = details['ticket']
print("WAMP-Ticket dynamic authenticator invoked: realm='{}', authid='{}', ticket='{}'".format(realm, authid, ticket))
pprint(details)
if authid in PRINCIPALS_DB:
if ticket == PRINCIPALS_DB[authid]['ticket']:
return PRINCIPALS_DB[authid]['role']
else:
raise ApplicationError("com.example.invalid_ticket", "could not authenticate session - invalid ticket '{}' for principal {}".format(ticket, authid))
else:
raise ApplicationError("com.example.no_such_user", "could not authenticate session - no such principal {}".format(authid))
try:
yield self.register(authenticate, 'com.example.authenticate')
print("WAMP-Ticket dynamic authenticator registered!")
except Exception as e:
print("Failed to register dynamic authenticator: {0}".format(e))
and add Authentication method in the configuration: 并在配置中添加身份验证方法:
"transports": [
{
"type": "web",
"endpoint": {
"type": "tcp",
"port": 8080
},
"paths": {
"ws": {
"type": "websocket",
"serializers": [
"json"
],
"auth": {
"ticket": {
"type": "dynamic",
"authenticator": "com.example.authenticate"
}
}
}
}
}
]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.