xmlrpc.server.rst 14.6 KB
Newer Older
1 2
:mod:`xmlrpc.server` --- Basic XML-RPC servers
==============================================
3

4 5
.. module:: xmlrpc.server
   :synopsis: Basic XML-RPC server implementations.
6

7 8 9
.. moduleauthor:: Brian Quinlan <brianq@activestate.com>
.. sectionauthor:: Fred L. Drake, Jr. <fdrake@acm.org>

10 11 12
**Source code:** :source:`Lib/xmlrpc/server.py`

--------------
13

14 15
The :mod:`xmlrpc.server` module provides a basic server framework for XML-RPC
servers written in Python.  Servers can either be free standing, using
16 17 18 19
:class:`SimpleXMLRPCServer`, or embedded in a CGI environment, using
:class:`CGIXMLRPCRequestHandler`.


20 21
.. warning::

22
   The :mod:`xmlrpc.server` module is not secure against maliciously
23 24 25 26
   constructed data.  If you need to parse untrusted or unauthenticated data see
   :ref:`xml-vulnerabilities`.


27 28 29
.. class:: SimpleXMLRPCServer(addr, requestHandler=SimpleXMLRPCRequestHandler,\
               logRequests=True, allow_none=False, encoding=None,\
               bind_and_activate=True, use_builtin_types=False)
30 31 32 33 34

   Create a new server instance.  This class provides methods for registration of
   functions that can be called by the XML-RPC protocol.  The *requestHandler*
   parameter should be a factory for request handler instances; it defaults to
   :class:`SimpleXMLRPCRequestHandler`.  The *addr* and *requestHandler* parameters
35
   are passed to the :class:`socketserver.TCPServer` constructor.  If *logRequests*
36 37
   is true (the default), requests will be logged; setting this parameter to false
   will turn off logging.   The *allow_none* and *encoding* parameters are passed
38
   on to :mod:`xmlrpc.client` and control the XML-RPC responses that will be returned
39 40 41 42
   from the server. The *bind_and_activate* parameter controls whether
   :meth:`server_bind` and :meth:`server_activate` are called immediately by the
   constructor; it defaults to true. Setting it to false allows code to manipulate
   the *allow_reuse_address* class variable before the address is bound.
43 44 45
   The *use_builtin_types* parameter is passed to the
   :func:`~xmlrpc.client.loads` function and controls which types are processed
   when date/times values or binary data are received; it defaults to false.
46

47 48
   .. versionchanged:: 3.3
      The *use_builtin_types* flag was added.
49

50 51 52

.. class:: CGIXMLRPCRequestHandler(allow_none=False, encoding=None,\
               use_builtin_types=False)
53 54

   Create a new instance to handle XML-RPC requests in a CGI environment.  The
55 56
   *allow_none* and *encoding* parameters are passed on to :mod:`xmlrpc.client`
   and control the XML-RPC responses that will be returned from the server.
57 58 59 60 61 62
   The *use_builtin_types* parameter is passed to the
   :func:`~xmlrpc.client.loads` function and controls which types are processed
   when date/times values or binary data are received; it defaults to false.

   .. versionchanged:: 3.3
      The *use_builtin_types* flag was added.
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77


.. class:: SimpleXMLRPCRequestHandler()

   Create a new request handler instance.  This request handler supports ``POST``
   requests and modifies logging so that the *logRequests* parameter to the
   :class:`SimpleXMLRPCServer` constructor parameter is honored.


.. _simple-xmlrpc-servers:

SimpleXMLRPCServer Objects
--------------------------

The :class:`SimpleXMLRPCServer` class is based on
78
:class:`socketserver.TCPServer` and provides a means of creating simple, stand
79 80 81
alone XML-RPC servers.


82
.. method:: SimpleXMLRPCServer.register_function(function, name=None)
83 84 85 86 87 88 89 90

   Register a function that can respond to XML-RPC requests.  If *name* is given,
   it will be the method name associated with *function*, otherwise
   ``function.__name__`` will be used.  *name* can be either a normal or Unicode
   string, and may contain characters not legal in Python identifiers, including
   the period character.


91
.. method:: SimpleXMLRPCServer.register_instance(instance, allow_dotted_names=False)
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128

   Register an object which is used to expose method names which have not been
   registered using :meth:`register_function`.  If *instance* contains a
   :meth:`_dispatch` method, it is called with the requested method name and the
   parameters from the request.  Its API is ``def _dispatch(self, method, params)``
   (note that *params* does not represent a variable argument list).  If it calls
   an underlying function to perform its task, that function is called as
   ``func(*params)``, expanding the parameter list. The return value from
   :meth:`_dispatch` is returned to the client as the result.  If *instance* does
   not have a :meth:`_dispatch` method, it is searched for an attribute matching
   the name of the requested method.

   If the optional *allow_dotted_names* argument is true and the instance does not
   have a :meth:`_dispatch` method, then if the requested method name contains
   periods, each component of the method name is searched for individually, with
   the effect that a simple hierarchical search is performed.  The value found from
   this search is then called with the parameters from the request, and the return
   value is passed back to the client.

   .. warning::

      Enabling the *allow_dotted_names* option allows intruders to access your
      module's global variables and may allow intruders to execute arbitrary code on
      your machine.  Only use this option on a secure, closed network.


.. method:: SimpleXMLRPCServer.register_introspection_functions()

   Registers the XML-RPC introspection functions ``system.listMethods``,
   ``system.methodHelp`` and ``system.methodSignature``.


.. method:: SimpleXMLRPCServer.register_multicall_functions()

   Registers the XML-RPC multicall function system.multicall.


Christian Heimes's avatar
Christian Heimes committed
129
.. attribute:: SimpleXMLRPCRequestHandler.rpc_paths
130 131 132 133 134 135 136

   An attribute value that must be a tuple listing valid path portions of the URL
   for receiving XML-RPC requests.  Requests posted to other paths will result in a
   404 "no such page" HTTP error.  If this tuple is empty, all paths will be
   considered valid. The default value is ``('/', '/RPC2')``.


137 138 139 140 141
.. _simplexmlrpcserver-example:

SimpleXMLRPCServer Example
^^^^^^^^^^^^^^^^^^^^^^^^^^
Server code::
142

143 144
   from xmlrpc.server import SimpleXMLRPCServer
   from xmlrpc.server import SimpleXMLRPCRequestHandler
Christian Heimes's avatar
Christian Heimes committed
145 146 147 148

   # Restrict to a particular path.
   class RequestHandler(SimpleXMLRPCRequestHandler):
       rpc_paths = ('/RPC2',)
149 150

   # Create server
Christian Heimes's avatar
Christian Heimes committed
151 152
   server = SimpleXMLRPCServer(("localhost", 8000),
                               requestHandler=RequestHandler)
153 154
   server.register_introspection_functions()

155
   # Register pow() function; this will use the value of
156 157 158 159 160 161 162 163
   # pow.__name__ as the name, which is just 'pow'.
   server.register_function(pow)

   # Register a function under a different name
   def adder_function(x,y):
       return x + y
   server.register_function(adder_function, 'add')

164
   # Register an instance; all the methods of the instance are
165
   # published as XML-RPC methods (in this case, just 'mul').
166
   class MyFuncs:
167 168
       def mul(self, x, y):
           return x * y
169 170 171 172 173 174

   server.register_instance(MyFuncs())

   # Run the server's main loop
   server.serve_forever()

175
The following client code will call the methods made available by the preceding
176 177
server::

178
   import xmlrpc.client
179

180
   s = xmlrpc.client.ServerProxy('http://localhost:8000')
181 182
   print(s.pow(2,3))  # Returns 2**3 = 8
   print(s.add(2,3))  # Returns 5
183
   print(s.mul(5,2))  # Returns 5*2 = 10
184 185

   # Print list of available methods
186
   print(s.system.listMethods())
187

188 189
The following example included in the :file:`Lib/xmlrpc/server.py` module shows
a server allowing dotted names and registering a multicall function.
190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251

.. warning::

  Enabling the *allow_dotted_names* option allows intruders to access your
  module's global variables and may allow intruders to execute arbitrary code on
  your machine.  Only use this example only within a secure, closed network.

::

    import datetime

    class ExampleService:
        def getData(self):
            return '42'

        class currentTime:
            @staticmethod
            def getCurrentTime():
                return datetime.datetime.now()

    server = SimpleXMLRPCServer(("localhost", 8000))
    server.register_function(pow)
    server.register_function(lambda x,y: x+y, 'add')
    server.register_instance(ExampleService(), allow_dotted_names=True)
    server.register_multicall_functions()
    print('Serving XML-RPC on localhost port 8000')
    try:
        server.serve_forever()
    except KeyboardInterrupt:
        print("\nKeyboard interrupt received, exiting.")
        server.server_close()
        sys.exit(0)

This ExampleService demo can be invoked from the command line::

    python -m xmlrpc.server


The client that interacts with the above server is included in
`Lib/xmlrpc/client.py`::

    server = ServerProxy("http://localhost:8000")

    try:
        print(server.currentTime.getCurrentTime())
    except Error as v:
        print("ERROR", v)

    multi = MultiCall(server)
    multi.getData()
    multi.pow(2,9)
    multi.add(1,2)
    try:
        for response in multi():
            print(response)
    except Error as v:
        print("ERROR", v)

This client which interacts with the demo XMLRPC server can be invoked as::

    python -m xmlrpc.client

252 253 254 255 256 257 258 259

CGIXMLRPCRequestHandler
-----------------------

The :class:`CGIXMLRPCRequestHandler` class can be used to  handle XML-RPC
requests sent to Python CGI scripts.


260
.. method:: CGIXMLRPCRequestHandler.register_function(function, name=None)
261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293

   Register a function that can respond to XML-RPC requests. If  *name* is given,
   it will be the method name associated with  function, otherwise
   *function.__name__* will be used. *name* can be either a normal or Unicode
   string, and may contain  characters not legal in Python identifiers, including
   the period character.


.. method:: CGIXMLRPCRequestHandler.register_instance(instance)

   Register an object which is used to expose method names  which have not been
   registered using :meth:`register_function`. If  instance contains a
   :meth:`_dispatch` method, it is called with the  requested method name and the
   parameters from the  request; the return value is returned to the client as the
   result. If instance does not have a :meth:`_dispatch` method, it is searched
   for an attribute matching the name of the requested method; if  the requested
   method name contains periods, each  component of the method name is searched for
   individually,  with the effect that a simple hierarchical search is performed.
   The value found from this search is then called with the  parameters from the
   request, and the return value is passed  back to the client.


.. method:: CGIXMLRPCRequestHandler.register_introspection_functions()

   Register the XML-RPC introspection functions  ``system.listMethods``,
   ``system.methodHelp`` and  ``system.methodSignature``.


.. method:: CGIXMLRPCRequestHandler.register_multicall_functions()

   Register the XML-RPC multicall function ``system.multicall``.


294
.. method:: CGIXMLRPCRequestHandler.handle_request(request_text=None)
295

296
   Handle an XML-RPC request. If *request_text* is given, it should be the POST
297 298 299 300 301
   data provided by the HTTP server,  otherwise the contents of stdin will be used.

Example::

   class MyFuncs:
302 303
       def mul(self, x, y):
           return x * y
304 305 306 307 308 309 310 311 312


   handler = CGIXMLRPCRequestHandler()
   handler.register_function(pow)
   handler.register_function(lambda x,y: x+y, 'add')
   handler.register_introspection_functions()
   handler.register_instance(MyFuncs())
   handler.handle_request()

313 314 315 316 317 318 319 320 321 322

Documenting XMLRPC server
-------------------------

These classes extend the above classes to serve HTML documentation in response
to HTTP GET requests.  Servers can either be free standing, using
:class:`DocXMLRPCServer`, or embedded in a CGI environment, using
:class:`DocCGIXMLRPCRequestHandler`.


323 324 325
.. class:: DocXMLRPCServer(addr, requestHandler=DocXMLRPCRequestHandler,\
               logRequests=True, allow_none=False, encoding=None,\
               bind_and_activate=True, use_builtin_types=True)
326 327 328 329 330

   Create a new server instance. All parameters have the same meaning as for
   :class:`SimpleXMLRPCServer`; *requestHandler* defaults to
   :class:`DocXMLRPCRequestHandler`.

331 332 333
   .. versionchanged:: 3.3
      The *use_builtin_types* flag was added.

334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403

.. class:: DocCGIXMLRPCRequestHandler()

   Create a new instance to handle XML-RPC requests in a CGI environment.


.. class:: DocXMLRPCRequestHandler()

   Create a new request handler instance. This request handler supports XML-RPC
   POST requests, documentation GET requests, and modifies logging so that the
   *logRequests* parameter to the :class:`DocXMLRPCServer` constructor parameter is
   honored.


.. _doc-xmlrpc-servers:

DocXMLRPCServer Objects
-----------------------

The :class:`DocXMLRPCServer` class is derived from :class:`SimpleXMLRPCServer`
and provides a means of creating self-documenting, stand alone XML-RPC
servers. HTTP POST requests are handled as XML-RPC method calls. HTTP GET
requests are handled by generating pydoc-style HTML documentation. This allows a
server to provide its own web-based documentation.


.. method:: DocXMLRPCServer.set_server_title(server_title)

   Set the title used in the generated HTML documentation. This title will be used
   inside the HTML "title" element.


.. method:: DocXMLRPCServer.set_server_name(server_name)

   Set the name used in the generated HTML documentation. This name will appear at
   the top of the generated documentation inside a "h1" element.


.. method:: DocXMLRPCServer.set_server_documentation(server_documentation)

   Set the description used in the generated HTML documentation. This description
   will appear as a paragraph, below the server name, in the documentation.


DocCGIXMLRPCRequestHandler
--------------------------

The :class:`DocCGIXMLRPCRequestHandler` class is derived from
:class:`CGIXMLRPCRequestHandler` and provides a means of creating
self-documenting, XML-RPC CGI scripts. HTTP POST requests are handled as XML-RPC
method calls. HTTP GET requests are handled by generating pydoc-style HTML
documentation. This allows a server to provide its own web-based documentation.


.. method:: DocCGIXMLRPCRequestHandler.set_server_title(server_title)

   Set the title used in the generated HTML documentation. This title will be used
   inside the HTML "title" element.


.. method:: DocCGIXMLRPCRequestHandler.set_server_name(server_name)

   Set the name used in the generated HTML documentation. This name will appear at
   the top of the generated documentation inside a "h1" element.


.. method:: DocCGIXMLRPCRequestHandler.set_server_documentation(server_documentation)

   Set the description used in the generated HTML documentation. This description
   will appear as a paragraph, below the server name, in the documentation.