Custom Decorators for Authentication and Authorization

Summary

An introduction to writing decorators, with an example of how they can be used to handle common authentication and authorization actions for a set of web services.

Description

To provide access to enterprise directory data and services to developers at Texas A[HTML REMOVED] University, we have implemented a set of RESTful web services, using Django as our framework. Because these services include access to protected data, all web service clients must authenticate and be authorized to access a particular service. In order to implement the logic for making authentication and authorization decisions in one place, and cleanly apply it to any view, we wrote a custom decorator. This talk will cover the basic concepts behind decorators, how to write a decorator, and walk through our implementation of a decorator for authN/authZ.