XML-RPC How To
How to use XML-RPC with Zope
It is well known that Zope speaks XML-RPC, however it has not until now been well known how to use XML-RPC with Zope.
Why use XML-RPC?
Because it's cool and allows sending structured data over HTTP, and most importantly because it is supported by other things besides Zope.
If you just want to exchange data between Zope processes, you might want to look into Zope's
own RPC mechanism
Using Zope as an XML-RPC server
Every Zope object can respond to HTTP requests. This is Zope's object publishing philosophy. For example, a Folder will tell you the names of the items it contains when you call its
you can request its contents by calling:
XML-RPC support works the same way. You can send an XML-RPC request to call the
POST /Foo/Bar/MyFolder HTTP/1.0 Content-Type: text/xml Content-length: 95 <?xml version="1.0"?> <methodCall> <methodName>objectIds</methodName> <params/> </methodCall>
The results will be a list of contained object names.
All Zope objects are publishable and thus all are XML-RPC aware. There is no need to do anything special. In fact, Zope will encode your response so it is sufficient to return standard Python objects and Zope will marshal them into XML-RPC format.
XML-RPC and access control
Since XML-RPC runs over HTTP Zope still obeys authentication rules. This is one of Zope's great strengths--a simple and powerful security model. Zope carries this security model to XML-RPC. Your XML-RPC user agent should use basic authentication when accessing protected resources.
Fredrik Lundh's XML-RPC Python module doesn't come with support for sending requests with basic authentication, but it can easily be extended to do so.
Here's an example of how to do this that works for me:
import string, xmlrpclib, httplib from base64 import encodestring class BasicAuthTransport(xmlrpclib.Transport): def __init__(self, username=None, password=None): self.username=username self.password=password def request(self, host, handler, request_body): # issue XML-RPC request h = httplib.HTTP(host) h.putrequest("POST", handler) # required by HTTP/1.1 h.putheader("Host", host) # required by XML-RPC h.putheader("User-Agent", self.user_agent) h.putheader("Content-Type", "text/xml") h.putheader("Content-Length", str(len(request_body))) # basic auth if self.username is not None and self.password is not None: h.putheader("AUTHORIZATION", "Basic %s" % string.replace( encodestring("%s:%s" % (self.username, self.password)), "\012", "")) h.endheaders() if request_body: h.send(request_body) errcode, errmsg, headers = h.getreply() if errcode != 200: raise xmlrpclib.ProtocolError( host + handler, errcode, errmsg, headers ) return self.parse_response(h.getfile())
Using XML-RPC as a client
Zope doesn't provide support in DTML to use XML-RPC as a client, but that doesn't mean that it can't be done.
Fredrik Lundh's XML-RPC Python module comes with Zope and you can use this in your External Methods or Zope Products to use XML-RPC as a client.
Here's an example:
import xmlrpclib def getStateName(self, number): "Returns a state name given an integer state number" server_url="http://betty.userland.com" server=xmlrpclib.Server(server_url) return server.examples.getStateName(number)
To call this External Method you might want to create a form like this:
<form action="getStateName"> state number <input name="number:int"> <input type="submit" value="get name"> </form>
This example does not show it, but as always when writing code to access remote resources you need to take into account the possibility that the connection fail in one way or another, and it could take a very long time to get a response.
It would be an interesting project (hint, hint) to write an XML-RPC Method Zope Product that was smart about caching, etcetera. This would make XML-RPC available from DTML in a safe form.