python 如何通过票证验证 WAMP 连接

How to authenticate a WAMP connection via a ticket in python

我正在尝试从配置了特定角色的不同应用程序连接到 WAMP 总线。这些角色使用 static 票证进行身份验证,因此我认为我需要声明我想要连接的角色以及关联的票证是什么。我在 Python 中写这篇文章并设置了大部分组件,但我找不到任何关于如何进行此类身份验证的文档。

from autobahn.twisted.component import Component, run

COMP = Component(
    realm=u"the-realm-to-connect",
    transports=u"wss://this.is.my.url/topic",
    authentication={
        # This is where I need help
        # u"ticket"?
        # u"authid"?
    }
)

在没有身份验证的情况下,当 WAMP 总线位于我计算机的 运行 本地时,我可以连接并发布到 WAMP 总线,但该总线配置为允许匿名用户发布。我的生产 WAMP 总线不允许匿名用户发布,因此我需要验证此连接的角色。 Autobahn|Python documentation implies that it can be done in Python, but I've only been able to find examples of how to do it in JavaScript/JSON in Crossbar.io's documentation.

下面是一些可能对您有所帮助的示例:

https://github.com/crossbario/crossbar-examples/tree/master/authentication

我认为您需要使用 WAMP-Ticket 动态身份验证方法。

WAMP-Ticket dynamic authentication is a simple cleartext challenge scheme. A client connects to a realm under some authid and requests authmethod = ticket. Crossbar.io will "challenge" the client, asking for a ticket. The client sends the ticket, and Crossbar.io will in turn call a user implemented WAMP procedure for the actual verification of the ticket.

因此您需要创建一个额外的组件来验证用户:

from autobahn.twisted.wamp import ApplicationSession
from autobahn.wamp.exception import ApplicationError

class AuthenticatorSession(ApplicationSession):

   @inlineCallbacks
   def onJoin(self, details):

      def authenticate(realm, authid, details):
         ticket = details['ticket']
         print("WAMP-Ticket dynamic authenticator invoked: realm='{}', authid='{}', ticket='{}'".format(realm, authid, ticket))
         pprint(details)

         if authid in PRINCIPALS_DB:
            if ticket == PRINCIPALS_DB[authid]['ticket']:
               return PRINCIPALS_DB[authid]['role']
            else:
               raise ApplicationError("com.example.invalid_ticket", "could not authenticate session - invalid ticket '{}' for principal {}".format(ticket, authid))
         else:
            raise ApplicationError("com.example.no_such_user", "could not authenticate session - no such principal {}".format(authid))

      try:
         yield self.register(authenticate, 'com.example.authenticate')
         print("WAMP-Ticket dynamic authenticator registered!")
      except Exception as e:
         print("Failed to register dynamic authenticator: {0}".format(e))

并在配置中添加身份验证方法:

"transports": [
                {
                    "type": "web",
                    "endpoint": {
                        "type": "tcp",
                        "port": 8080
                    },
                    "paths": {
                        "ws": {
                            "type": "websocket",
                            "serializers": [
                                "json"
                            ],
                            "auth": {
                                "ticket": {
                                    "type": "dynamic",
                                    "authenticator": "com.example.authenticate"
                                }
                            }
                        }
                    }
                }
            ]

文档不是最新的。 对于组件,有必要像票证那样做:

from autobahn.twisted.component import Component, run

component = Component(
    realm=u"the-realm-to-connect",
    transports=u"wss://this.is.my.url/topic",
    authentication={
        "ticket": {
            "authid": "username", 
            "ticket": "secrettoken"
        }
    },
)