HTTPS Python XMLRPC Server w/ Authentication
Implementing an XML-RPC Server in Python is simple but implementing a modular class with HTTP authentication and SSL encryption is a bit more difficult. For our internal use we produced such a Python-based RPC server. We have tested it and have to say that it works pretty well. In keeping with our commitment to open source we have decided to release it for anyone who is interested in deploying their own HTTPS XMLRPC server using Python. It uses the twistd framework and can be run as a daemon under Linux.
README
In order to run: twistd -y xmlrpc_app.py
You may need to edit xmlrpc_app.py in order to point it to the directory in which
the server files reside.
See protocol.py for an example of how to write your own class to extend the server.
See xmlrpc.conf for configuring the server with our own class, port, etc.
See httpspass.conf to define the username password of your server. The password is a hash.
Also you should generate your own certificates andd not use mine, they are for testing only.
If you need any development done, be sure to hire me (http://www.etopian.com/quote)!
Goal: Allow a flexible Python-based XML-RPC server with authentication and HTTPS to securely communicate with XMLM-RPC clients.
Language: Python
Challenges: No documentation
License: GPL Version 3
lionelyoung has created a repo on github:
http://github.com/lionelyoung/twisted-secure-xmlrpc/
| Attachment | Size |
|---|---|
| xmlrpc.tar_.gz | 4.19 KB |
Comments
no web2 module
Thank you for your excellent example. I can't wait to try it out. Unfortunately I am having an error:
"exceptions.ImportError: No module named web2"
I have installed Twisted version 9.0.0
Thanks,
Tawn
apt-get
apt-get install python-twisted-web2 on ubuntu, does that fix it or are you using another distribution? http://twistedmatrix.com/trac/wiki/TwistedWeb2 is what is used. I am not sure if TwistedWeb has the functionality that this uses.
running now. I think.
I am running now, thank you for you help. I did need to pull the twisted trunk from subversion. Unfortunately I installed twisted originally from the download src. This seems to have put apt-get in a really confused state. I wasn't able to apt-get install/remove twisted-web2 or twisted. My solution was to just pull the trunk from subversion. Here's the command to save someone some time. Though it seems as though you should really go the apt-get route if you haven't all ready messed things up like I have.
svn co svn://svn.twistedmatrix.com/svn/Twisted/trunk Twisted
so the twistd launcher seemed to bring up the server without error. It prints only "protocol" as it starts up. I'm trying to discover the right way to test it. I'm trying flavors of
import xmlrpclib
s = xmlrpclib.Server("https://localhost:8090")
s.echo("test")
(this is after using the 'site = server.Site(rsrc)' edit from above to test without authentication first.)
the response I get is something like:
xmlrpclib.ProtocolError: ProtocolError for localhost:8090/RPC2: 404 Not Found
or if
s = xmlrpclib.Server("http://localhost:8090")
then the error is:
xmlrpclib.ProtocolError: ProtocolError for localhost:8090/RPC2: -1
I do see that a ps -e | grep twisd shows that something is running there:
22723 ? 00:00:00 twistd
sorry for all the detail :-) . (I'd love to see an example of making the xmlrpc call with authentication too)
thanks!
Uses SSL
Use https:// instead of http:// as this uses SSL to encrypt the connection. There is a way to change it, but you will have to study the code for that.
Removing Auth
Hello,
I'm trying to make a XMLRPC server over https. Found your example on the web
but I'm not able to remove the http auth.
Can you please tell me how to do it?
Thanks,
Luis
comment out the wrapper
replace:
with
That should work, as the auth stuff is a wrapper.
Let me know if that works for you.
Works!
Luis confirmed the above works.
Post new comment