Restrict spyne SOAP service with oauth2_provider

Question

I need to restrict some of my SOAP method so they can only be accessible with an Access Token.

My SOAP service is running with Spyne and my OAuth2 provider comes from django-oauth2-toolkit.

from django.contrib.auth.decorators import login_required
from spyne.service import ServiceBase
from spyne.decorator import srpc, rpc
from oauth2_provider.views.generic import ProtectedResourceView

class SOAPService(ProtectedResourceView, ServiceBase):
  @rpc(Unicode, _returns=Unicode)
  @login_required()
  def HelloWorld(ctx, data):
    return "hello"

If I try to send a SOAP request to this function, I got an Error 500 with the following in Spyne's logs:

File "/Library/Python/2.7/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
if HelloWorld_func(request.user):

AttributeError: 'WsgiMethodContext' object has no attribute 'user'

I'm new to both SOAP and OAuth2 and I'm stuck on it. Do you have any clue or best practice on how to make OAuth2 provider check a SOAP access token on a Spyne service ?

I'm not familiar with Django or the OAuth protocol, so I can't help you there. But make sure you read this before using any decorators with @rpc: http://spyne.io/docs/2.10/manual/04_usermanager.html#decorators-and-rpc — Burak Arslan, Jun 19 '14 at 07:50
Also, you're not supposed to mix ServiceBase with other classes. — Burak Arslan, Jun 19 '14 at 08:43

Restrict spyne SOAP service with oauth2_provider

0 Answers0

Linked