I make apps for other people

Posts from July, 2011

Python decorators for handler access control

Posted by Chris Jones
On July 14th, 2011 at 17:05

Permalink | Trackback | Links In |

Comments Off on Python decorators for handler access control
Posted in General

Given that a REST application receives context from the hosting web or application server (and unlike SOAP doesn’t try to perform authentication but accepts credentials as part of the context), it makes sense to keep the REST application a lightweight as possible. In this case, decorators can be used to check access control in addition to URI handler registration.

As a proof of concept (and to learn how to write one style of Python decorator), the following test demonstrates access control through decorators. In a real application, credentials would be based on group in addition to user name, potentially source IP or host, and multiple handlers could be called to resolve the request — consider how to chain handlers, especially where ordering is important, or if an output XML document or data structure (dictionary) would be sufficient to get around handler ordering.