Secure TileCache With Pylons and Repoze

This post shows how one can secure TileCache with Pylons and Repoze.

In a Pylons application one can run a WSGI application from within a controller action. Here is a simple example:

    class MainController(BaseController)
        def action(self, environ, start_response):
            return wsgiApp(environ, start_response)

TileCache is commonly run from within mod_python. TileCache can also be run as a WSGI application, therefore it can be run from within the controller action of a Pylons application. Here’s how:

    from TileCache.Service import wsgiApp

    class MainController(BaseController)
        def tilecache(self, environ, start_response):
            return wsgiApp(environ, start_response)

Pretty cool… But it gets really interesting when repoze.what is added to the picture. For those who don’t know repoze.what, repoze.what is an authorization framework for WSGI applications. repoze.what now provides a Pylons plugin, making it easy to protect controllers and controller actions in a Pylons application. Here’s how our tilecache action can be protected:

    from TileCache.Service import wsgiApp
    from repoze.what.predicates import has_permission
    from repoze.what.plugins.pylonshq import ActionProtector

    class MainController(BaseController)
        @ActionProtector(has_permission('tilecache'))
        def tilecache(self, environ, start_response):
            return wsgiApp(environ, start_response)

With the above, anyone who tries to access /tilecache will have to be granted the tilecache permission. Otherwise, authorization will be denied.

TileCache is secured!

People often want finer-grained authorization, like give certain users access to certain layers. With Pylons’ routing system this can be easily and elegantly achieved using repoze.what, I will show that in a later post.

Advertisements

2 Responses to “Secure TileCache With Pylons and Repoze”

  1. Yves Moisan Says:

    Hi Eric,

    Thanx for this post. Following the link to repoze.what you mention in your post, I see in the “How to Install” (http://code.gustavonarea.net/repoze.what-pylons/Manual/GettingStarted.html#how-to-install) that one needs either Pylons or TurboGears. This reminded me of this link which I cam across a few weeks/months ago : http://turbogears.org/2.0/docs/main/Extensions/Geo/TileCacheTutorial.html

    I wonder what the advantage would be to plug repoze.what in TG instead of a stock Pylons. More things OOTB ? TG in a virtualenv and MapFish Server on another virtualenv …

    Cheers,

  2. loopmob Says:

    I have been searching for sites related to this. Glad I found you. Thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: