Runnning an authenticator as a guest worker

#1

Hello,

I’m trying to run a guest authenticator with python3/autobahn/asyncio, but it seems that the register does not terminate.

I suspect an issue around trying to register a function in an authenticated environement where the authentication function is not yet available. (and I’m sure that authorizing to register an uri to anonymous is not a good idea…)

All the examples I’ve found are with embedded workers and I need to use python 3.4 for this new project.

Here is the config.json file

{
   "controller": {
   },
   "workers": [
      {
         "type": "router",
         "realms": [
            {
               "name": "realm1",
               "roles": [
                  {
                     "name": "anonymous",
                     "permissions": [
                        {
                           "uri": "com.auth.authenticate",
                           "register": true
                        }
                     ]
                  },
                  {
                     "name": "backend",
                     "permissions": [
                        {
                           "uri": "*",
                           "publish": true,
                           "subscribe": true,
                           "call": true,
                           "register": true
                        },
                        {
                           "uri": "com.back.*",
                           "subscribe": false
                        }
                     ]
                  },
                  {
                     "name": "frontend",
                     "permissions": [
                        {
                           "uri": "com.front.call.*",
                           "call": true
                        },
                        {
                           "uri": "com.front.pub.*",
                           "publish": true
                        },
                        {
                           "uri": "com.front.sub.*",
                           "subscribe": false
                        }
                     ]
                  }
               ]
            }
         ],
         "transports": [
            {
               "type": "web",
               "endpoint": {
                  "type": "tcp",
                  "port": 8080
               },
               "paths": {
                  "/": {
                     "type": "static",
                     "directory": "../web"
                  },
                  "ws": {
                     "type": "websocket",
                     "auth": {
                        "ticket": {
                           "type": "dynamic",
                           "authenticator": "com.auth.authenticate"
                        }
                     }
                  }
               }
            }
         ]
      }
   ]
}


and the python code (from an example I found)

from asyncio import coroutine
from autobahn.asyncio.wamp import ApplicationSession, ApplicationRunner
from autobahn.wamp.exception import ApplicationError

class MyAuthenticator(ApplicationSession):

PRINCIPALS_DB = {
   'joe': {
      'ticket': 'secret!!!',
      'role': 'frontend'
   }
}

@coroutine
def onJoin(self, details):

    def authenticate(realm, authid, ticket):
        print("MyAuthenticator.authenticate called: realm = '{}', authid = '{}', ticket = '{}'".format(realm, authid, ticket))

        if authid in self.PRINCIPALS_DB:
            if ticket == self.PRINCIPALS_DB[authid]['ticket']:
                return self.PRINCIPALS_DB[authid]['role']
            else:
                raise ApplicationError("com.example.invalid_ticket", "could not authenticate session - invalid ticket '{}' for principal {}".format(ticket, authid))
        else:
            raise ApplicationError("com.example.no_such_user", "could not authenticate session - no such principal {}".format(authid))

    try:
        yield from self.register(authenticate, 'com.auth.authenticate')
        print("custom Ticket-based authenticator registered")
    except Exception as e:
        print("could not register custom Ticket-based authenticator: {0}".format(e))

if name == ‘main’:
print(‘starting runner’)
runner = ApplicationRunner(url=‘ws://localhost:8080/ws’, realm=‘realm1’)
runner.run(MyAuthenticator)
print(‘end…’)

0 Likes

#2

ok, I found the solution :slight_smile:

define onConnect and onChallenge methods in MyAuthentication to answer a static authentication,

and connect to the new transport defined config.json file

add the new transport on another port in config.json with the static authentication

···

On Friday, March 13, 2015 at 1:32:02 PM UTC+1, Rejo wrote:

Hello,

I’m trying to run a guest authenticator with python3/autobahn/asyncio, but it seems that the register does not terminate.

I suspect an issue around trying to register a function in an authenticated environement where the authentication function is not yet available. (and I’m sure that authorizing to register an uri to anonymous is not a good idea…)

All the examples I’ve found are with embedded workers and I need to use python 3.4 for this new project.

Here is the config.json file

{
   "controller": {
   },
   "workers": [
      {
         "type": "router",
         "realms": [
            {
               "name": "realm1",
               "roles": [
                  {
                     "name": "anonymous",
                     "permissions": [
                        {
                           "uri": "com.auth.authenticate",
                           "register": true
                        }
                     ]
                  },
                  {
                     "name": "backend",
                     "permissions": [
                        {
                           "uri": "*",
                           "publish": true,
                           "subscribe": true,
                           "call": true,
                           "register": true
                        },
                        {
                           "uri": "com.back.*",
                           "subscribe": false
                        }
                     ]
                  },
                  {
                     "name": "frontend",
                     "permissions": [
                        {
                           "uri": "com.front.call.*",
                           "call": true
                        },
                        {
                           "uri": "com.front.pub.*",
                           "publish": true
                        },
                        {
                           "uri": "com.front.sub.*",
                           "subscribe": false
                        }
                     ]
                  }
               ]
            }
         ],
         "transports": [
            {
               "type": "web",
               "endpoint": {
                  "type": "tcp",
                  "port": 8080
               },
               "paths": {
                  "/": {
                     "type": "static",
                     "directory": "../web"
                  },
                  "ws": {
                     "type": "websocket",
                     "auth": {
                        "ticket": {
                           "type": "dynamic",
                           "authenticator": "com.auth.authenticate"
                        }
                     }
                  }
               }
            }
         ]
      }
   ]
}




and the python code (from an example I found)


from asyncio import coroutine
from autobahn.asyncio.wamp import ApplicationSession, ApplicationRunner
from autobahn.wamp.exception import ApplicationError

class MyAuthenticator(ApplicationSession):

PRINCIPALS_DB = {
   'joe': {
      'ticket': 'secret!!!',
      'role': 'frontend'
   }
}

@coroutine
def onJoin(self, details):

    def authenticate(realm, authid, ticket):
        print("MyAuthenticator.authenticate called: realm = '{}', authid = '{}', ticket = '{}'".format(realm, authid, ticket))

        if authid in self.PRINCIPALS_DB:
            if ticket == self.PRINCIPALS_DB[authid]['ticket']:
                return self.PRINCIPALS_DB[authid]['role']
            else:
                raise ApplicationError("com.example.invalid_ticket", "could not authenticate session - invalid ticket '{}' for principal {}".format(ticket, authid))
        else:
            raise ApplicationError("com.example.no_such_user", "could not authenticate session - no such principal {}".format(authid))

    try:
        yield from self.register(authenticate, 'com.auth.authenticate')
        print("custom Ticket-based authenticator registered")
    except Exception as e:
        print("could not register custom Ticket-based authenticator: {0}".format(e))

if name == ‘main’:
print(‘starting runner’)
runner = ApplicationRunner(url=‘ws://localhost:8080/ws’, realm=‘realm1’)
runner.run(MyAuthenticator)
print(‘end…’)

0 Likes