python 如何通过票证验证 WAMP 连接
How to authenticate a WAMP connection via a ticket in python
我正在尝试从配置了特定角色的不同应用程序连接到 WAMP 总线。这些角色使用 static 票证进行身份验证,因此我认为我需要声明我想要连接的角色以及关联的票证是什么。我在 Python 中写这篇文章并设置了大部分组件,但我找不到任何关于如何进行此类身份验证的文档。
from autobahn.twisted.component import Component, run
COMP = Component(
realm=u"the-realm-to-connect",
transports=u"wss://this.is.my.url/topic",
authentication={
# This is where I need help
# u"ticket"?
# u"authid"?
}
)
在没有身份验证的情况下,当 WAMP 总线位于我计算机的 运行 本地时,我可以连接并发布到 WAMP 总线,但该总线配置为允许匿名用户发布。我的生产 WAMP 总线不允许匿名用户发布,因此我需要验证此连接的角色。 Autobahn|Python documentation implies that it can be done in Python, but I've only been able to find examples of how to do it in JavaScript/JSON in Crossbar.io's documentation.
下面是一些可能对您有所帮助的示例:
https://github.com/crossbario/crossbar-examples/tree/master/authentication
我认为您需要使用 WAMP-Ticket 动态身份验证方法。
WAMP-Ticket dynamic authentication is a simple cleartext challenge
scheme. A client connects to a realm under some authid and requests
authmethod = ticket. Crossbar.io will "challenge" the client, asking
for a ticket. The client sends the ticket, and Crossbar.io will in
turn call a user implemented WAMP procedure for the actual
verification of the ticket.
因此您需要创建一个额外的组件来验证用户:
from autobahn.twisted.wamp import ApplicationSession
from autobahn.wamp.exception import ApplicationError
class AuthenticatorSession(ApplicationSession):
@inlineCallbacks
def onJoin(self, details):
def authenticate(realm, authid, details):
ticket = details['ticket']
print("WAMP-Ticket dynamic authenticator invoked: realm='{}', authid='{}', ticket='{}'".format(realm, authid, ticket))
pprint(details)
if authid in PRINCIPALS_DB:
if ticket == PRINCIPALS_DB[authid]['ticket']:
return PRINCIPALS_DB[authid]['role']
else:
raise ApplicationError("com.example.invalid_ticket", "could not authenticate session - invalid ticket '{}' for principal {}".format(ticket, authid))
else:
raise ApplicationError("com.example.no_such_user", "could not authenticate session - no such principal {}".format(authid))
try:
yield self.register(authenticate, 'com.example.authenticate')
print("WAMP-Ticket dynamic authenticator registered!")
except Exception as e:
print("Failed to register dynamic authenticator: {0}".format(e))
并在配置中添加身份验证方法:
"transports": [
{
"type": "web",
"endpoint": {
"type": "tcp",
"port": 8080
},
"paths": {
"ws": {
"type": "websocket",
"serializers": [
"json"
],
"auth": {
"ticket": {
"type": "dynamic",
"authenticator": "com.example.authenticate"
}
}
}
}
}
]
文档不是最新的。
对于组件,有必要像票证那样做:
from autobahn.twisted.component import Component, run
component = Component(
realm=u"the-realm-to-connect",
transports=u"wss://this.is.my.url/topic",
authentication={
"ticket": {
"authid": "username",
"ticket": "secrettoken"
}
},
)
我正在尝试从配置了特定角色的不同应用程序连接到 WAMP 总线。这些角色使用 static 票证进行身份验证,因此我认为我需要声明我想要连接的角色以及关联的票证是什么。我在 Python 中写这篇文章并设置了大部分组件,但我找不到任何关于如何进行此类身份验证的文档。
from autobahn.twisted.component import Component, run
COMP = Component(
realm=u"the-realm-to-connect",
transports=u"wss://this.is.my.url/topic",
authentication={
# This is where I need help
# u"ticket"?
# u"authid"?
}
)
在没有身份验证的情况下,当 WAMP 总线位于我计算机的 运行 本地时,我可以连接并发布到 WAMP 总线,但该总线配置为允许匿名用户发布。我的生产 WAMP 总线不允许匿名用户发布,因此我需要验证此连接的角色。 Autobahn|Python documentation implies that it can be done in Python, but I've only been able to find examples of how to do it in JavaScript/JSON in Crossbar.io's documentation.
下面是一些可能对您有所帮助的示例:
https://github.com/crossbario/crossbar-examples/tree/master/authentication
我认为您需要使用 WAMP-Ticket 动态身份验证方法。
WAMP-Ticket dynamic authentication is a simple cleartext challenge scheme. A client connects to a realm under some authid and requests authmethod = ticket. Crossbar.io will "challenge" the client, asking for a ticket. The client sends the ticket, and Crossbar.io will in turn call a user implemented WAMP procedure for the actual verification of the ticket.
因此您需要创建一个额外的组件来验证用户:
from autobahn.twisted.wamp import ApplicationSession
from autobahn.wamp.exception import ApplicationError
class AuthenticatorSession(ApplicationSession):
@inlineCallbacks
def onJoin(self, details):
def authenticate(realm, authid, details):
ticket = details['ticket']
print("WAMP-Ticket dynamic authenticator invoked: realm='{}', authid='{}', ticket='{}'".format(realm, authid, ticket))
pprint(details)
if authid in PRINCIPALS_DB:
if ticket == PRINCIPALS_DB[authid]['ticket']:
return PRINCIPALS_DB[authid]['role']
else:
raise ApplicationError("com.example.invalid_ticket", "could not authenticate session - invalid ticket '{}' for principal {}".format(ticket, authid))
else:
raise ApplicationError("com.example.no_such_user", "could not authenticate session - no such principal {}".format(authid))
try:
yield self.register(authenticate, 'com.example.authenticate')
print("WAMP-Ticket dynamic authenticator registered!")
except Exception as e:
print("Failed to register dynamic authenticator: {0}".format(e))
并在配置中添加身份验证方法:
"transports": [
{
"type": "web",
"endpoint": {
"type": "tcp",
"port": 8080
},
"paths": {
"ws": {
"type": "websocket",
"serializers": [
"json"
],
"auth": {
"ticket": {
"type": "dynamic",
"authenticator": "com.example.authenticate"
}
}
}
}
}
]
文档不是最新的。 对于组件,有必要像票证那样做:
from autobahn.twisted.component import Component, run
component = Component(
realm=u"the-realm-to-connect",
transports=u"wss://this.is.my.url/topic",
authentication={
"ticket": {
"authid": "username",
"ticket": "secrettoken"
}
},
)