Service Security

AuthenticatedUser Class

class RobotRaconteur.AuthenticatedUser

Class representing an authenticated user

Use ServerEndpoint.GetCurrentAuthenticatedUser() to retrieve the authenticated user making a request

See ref security for more information.

property LastAccessTime

The user last access time

property LoginTime

The user login time

property Privileges

The user privileges

property Properties

The user properties

property Username

The authenticated username

ServiceSecurityPolicy Class

class RobotRaconteur.ServiceSecurityPolicy(Authenticator, Policies)

Security policy for Robot Raconteur service

The security policy sets an authenticator, and a set of policies. PasswordFileUserAuthenticator is an example of an authenticator. The valid options for Policies are as follows:

Policy name

Possible Values

Default

Description

requirevaliduser

true,false

false

Set to “true” to require a user be authenticated before accessing service

allowobjectlock

true,false

false

If “true” allow users to request object locks. r equirevaliduser most also be “true”

The security policy is passed as a parameter to RobotRaconteurNode.RegisterService().

See ref security for more information.

Parameters:

  • Authenticator (RobotRaconteur.Authenticator) – The user authenticator

  • Policies (Dict[str,str]) – The security policies

NativeUserAuthenticator Class

class RobotRaconteur.NativeUserAuthenticator

Base class for user authenticators

Used with ServiceSecurityPolicy to secure services

Override AuthenticateUser to implement different types of user authenticators.

AuthenticateUser(username, credentials, context)

Authenticate a user using username and credentials

The service will call AuthenticateUser when clients attempt to authenticate. The username and credentials are passed to RobotRaconteurNode.ConnectService() or RobotRaconteurNode.AsyncConnectService(). The authenticator must analyze these values to decide how to authenticate the user.

On successful authentication, return a populated AuthenticatedUser object. On failure, throw an exception.

See ref security for more information.

Parameters:

  • username (str) – The username provided by the client

  • credentials (Dict[str,Any]) – The credentials provided by the client

  • context (RobotRaconteur.ServerContext) – The context of the service requesting authentication

Returns:

An authenticated user object

Return type:

RobotRaconteur.AuthenticatedUser

PasswordFileUserAuthenticator Class

class RobotRaconteur.PasswordFileUserAuthenticator(data, require_verified_client=False)

Simple authenticator using a list of username, password hash, and privileges stored in a file or string

The password user authenticator expects a string containing a list of users, one per line. Each line contains the username, password as md5 hash, and privileges, separated by white spaces. An example of authentication string contents:

user1 79e262a81dd19d40ae008f74eb59edce objectlock
user2 309825a0951b3cf1f25e27b61cee8243 objectlock
superuser1 11e5dfc68422e697563a4253ba360615 objectlock,objectlockoverride

The password is md5 hashed. This hash can be generated using the --md5passwordhash command in the “RobotRaconteurGen” utility. The privileges are comma separated. Valid privileges are as follows:

Privilege Name

Description

objectlock

Allow user to lock objects

objectlockoverride

Allow user to unlock object locks made by other users
Parameters:

data (str) – The file text