• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1:mod:`xmlrpc.server` --- Basic XML-RPC servers
2==============================================
3
4.. module:: xmlrpc.server
5   :synopsis: Basic XML-RPC server implementations.
6
7.. moduleauthor:: Brian Quinlan <brianq@activestate.com>
8.. sectionauthor:: Fred L. Drake, Jr. <fdrake@acm.org>
9
10**Source code:** :source:`Lib/xmlrpc/server.py`
11
12--------------
13
14The :mod:`xmlrpc.server` module provides a basic server framework for XML-RPC
15servers written in Python.  Servers can either be free standing, using
16:class:`SimpleXMLRPCServer`, or embedded in a CGI environment, using
17:class:`CGIXMLRPCRequestHandler`.
18
19
20.. warning::
21
22   The :mod:`xmlrpc.server` module is not secure against maliciously
23   constructed data.  If you need to parse untrusted or unauthenticated data see
24   :ref:`xml-vulnerabilities`.
25
26
27.. class:: SimpleXMLRPCServer(addr, requestHandler=SimpleXMLRPCRequestHandler,\
28               logRequests=True, allow_none=False, encoding=None,\
29               bind_and_activate=True, use_builtin_types=False)
30
31   Create a new server instance.  This class provides methods for registration of
32   functions that can be called by the XML-RPC protocol.  The *requestHandler*
33   parameter should be a factory for request handler instances; it defaults to
34   :class:`SimpleXMLRPCRequestHandler`.  The *addr* and *requestHandler* parameters
35   are passed to the :class:`socketserver.TCPServer` constructor.  If *logRequests*
36   is true (the default), requests will be logged; setting this parameter to false
37   will turn off logging.   The *allow_none* and *encoding* parameters are passed
38   on to :mod:`xmlrpc.client` and control the XML-RPC responses that will be returned
39   from the server. The *bind_and_activate* parameter controls whether
40   :meth:`server_bind` and :meth:`server_activate` are called immediately by the
41   constructor; it defaults to true. Setting it to false allows code to manipulate
42   the *allow_reuse_address* class variable before the address is bound.
43   The *use_builtin_types* parameter is passed to the
44   :func:`~xmlrpc.client.loads` function and controls which types are processed
45   when date/times values or binary data are received; it defaults to false.
46
47   .. versionchanged:: 3.3
48      The *use_builtin_types* flag was added.
49
50
51.. class:: CGIXMLRPCRequestHandler(allow_none=False, encoding=None,\
52               use_builtin_types=False)
53
54   Create a new instance to handle XML-RPC requests in a CGI environment.  The
55   *allow_none* and *encoding* parameters are passed on to :mod:`xmlrpc.client`
56   and control the XML-RPC responses that will be returned from the server.
57   The *use_builtin_types* parameter is passed to the
58   :func:`~xmlrpc.client.loads` function and controls which types are processed
59   when date/times values or binary data are received; it defaults to false.
60
61   .. versionchanged:: 3.3
62      The *use_builtin_types* flag was added.
63
64
65.. class:: SimpleXMLRPCRequestHandler()
66
67   Create a new request handler instance.  This request handler supports ``POST``
68   requests and modifies logging so that the *logRequests* parameter to the
69   :class:`SimpleXMLRPCServer` constructor parameter is honored.
70
71
72.. _simple-xmlrpc-servers:
73
74SimpleXMLRPCServer Objects
75--------------------------
76
77The :class:`SimpleXMLRPCServer` class is based on
78:class:`socketserver.TCPServer` and provides a means of creating simple, stand
79alone XML-RPC servers.
80
81
82.. method:: SimpleXMLRPCServer.register_function(function=None, name=None)
83
84   Register a function that can respond to XML-RPC requests.  If *name* is given,
85   it will be the method name associated with *function*, otherwise
86   ``function.__name__`` will be used.  *name* is a string, and may contain
87   characters not legal in Python identifiers, including the period character.
88
89   This method can also be used as a decorator.  When used as a decorator,
90   *name* can only be given as a keyword argument to register *function* under
91   *name*.  If no *name* is given, ``function.__name__`` will be used.
92
93   .. versionchanged:: 3.7
94      :meth:`register_function` can be used as a decorator.
95
96
97.. method:: SimpleXMLRPCServer.register_instance(instance, allow_dotted_names=False)
98
99   Register an object which is used to expose method names which have not been
100   registered using :meth:`register_function`.  If *instance* contains a
101   :meth:`_dispatch` method, it is called with the requested method name and the
102   parameters from the request.  Its API is ``def _dispatch(self, method, params)``
103   (note that *params* does not represent a variable argument list).  If it calls
104   an underlying function to perform its task, that function is called as
105   ``func(*params)``, expanding the parameter list. The return value from
106   :meth:`_dispatch` is returned to the client as the result.  If *instance* does
107   not have a :meth:`_dispatch` method, it is searched for an attribute matching
108   the name of the requested method.
109
110   If the optional *allow_dotted_names* argument is true and the instance does not
111   have a :meth:`_dispatch` method, then if the requested method name contains
112   periods, each component of the method name is searched for individually, with
113   the effect that a simple hierarchical search is performed.  The value found from
114   this search is then called with the parameters from the request, and the return
115   value is passed back to the client.
116
117   .. warning::
118
119      Enabling the *allow_dotted_names* option allows intruders to access your
120      module's global variables and may allow intruders to execute arbitrary code on
121      your machine.  Only use this option on a secure, closed network.
122
123
124.. method:: SimpleXMLRPCServer.register_introspection_functions()
125
126   Registers the XML-RPC introspection functions ``system.listMethods``,
127   ``system.methodHelp`` and ``system.methodSignature``.
128
129
130.. method:: SimpleXMLRPCServer.register_multicall_functions()
131
132   Registers the XML-RPC multicall function system.multicall.
133
134
135.. attribute:: SimpleXMLRPCRequestHandler.rpc_paths
136
137   An attribute value that must be a tuple listing valid path portions of the URL
138   for receiving XML-RPC requests.  Requests posted to other paths will result in a
139   404 "no such page" HTTP error.  If this tuple is empty, all paths will be
140   considered valid. The default value is ``('/', '/RPC2')``.
141
142
143.. _simplexmlrpcserver-example:
144
145SimpleXMLRPCServer Example
146^^^^^^^^^^^^^^^^^^^^^^^^^^
147Server code::
148
149   from xmlrpc.server import SimpleXMLRPCServer
150   from xmlrpc.server import SimpleXMLRPCRequestHandler
151
152   # Restrict to a particular path.
153   class RequestHandler(SimpleXMLRPCRequestHandler):
154       rpc_paths = ('/RPC2',)
155
156   # Create server
157   with SimpleXMLRPCServer(('localhost', 8000),
158                           requestHandler=RequestHandler) as server:
159       server.register_introspection_functions()
160
161       # Register pow() function; this will use the value of
162       # pow.__name__ as the name, which is just 'pow'.
163       server.register_function(pow)
164
165       # Register a function under a different name
166       def adder_function(x, y):
167           return x + y
168       server.register_function(adder_function, 'add')
169
170       # Register an instance; all the methods of the instance are
171       # published as XML-RPC methods (in this case, just 'mul').
172       class MyFuncs:
173           def mul(self, x, y):
174               return x * y
175
176       server.register_instance(MyFuncs())
177
178       # Run the server's main loop
179       server.serve_forever()
180
181The following client code will call the methods made available by the preceding
182server::
183
184   import xmlrpc.client
185
186   s = xmlrpc.client.ServerProxy('http://localhost:8000')
187   print(s.pow(2,3))  # Returns 2**3 = 8
188   print(s.add(2,3))  # Returns 5
189   print(s.mul(5,2))  # Returns 5*2 = 10
190
191   # Print list of available methods
192   print(s.system.listMethods())
193
194:meth:`register_function` can also be used as a decorator. The previous server
195example can register functions in a decorator way::
196
197   from xmlrpc.server import SimpleXMLRPCServer
198   from xmlrpc.server import SimpleXMLRPCRequestHandler
199
200   class RequestHandler(SimpleXMLRPCRequestHandler):
201       rpc_paths = ('/RPC2',)
202
203   with SimpleXMLRPCServer(('localhost', 8000),
204                           requestHandler=RequestHandler) as server:
205       server.register_introspection_functions()
206
207       # Register pow() function; this will use the value of
208       # pow.__name__ as the name, which is just 'pow'.
209       server.register_function(pow)
210
211       # Register a function under a different name, using
212       # register_function as a decorator. *name* can only be given
213       # as a keyword argument.
214       @server.register_function(name='add')
215       def adder_function(x, y):
216           return x + y
217
218       # Register a function under function.__name__.
219       @server.register_function
220       def mul(x, y):
221           return x * y
222
223       server.serve_forever()
224
225The following example included in the :file:`Lib/xmlrpc/server.py` module shows
226a server allowing dotted names and registering a multicall function.
227
228.. warning::
229
230  Enabling the *allow_dotted_names* option allows intruders to access your
231  module's global variables and may allow intruders to execute arbitrary code on
232  your machine.  Only use this example only within a secure, closed network.
233
234::
235
236    import datetime
237
238    class ExampleService:
239        def getData(self):
240            return '42'
241
242        class currentTime:
243            @staticmethod
244            def getCurrentTime():
245                return datetime.datetime.now()
246
247    with SimpleXMLRPCServer(("localhost", 8000)) as server:
248        server.register_function(pow)
249        server.register_function(lambda x,y: x+y, 'add')
250        server.register_instance(ExampleService(), allow_dotted_names=True)
251        server.register_multicall_functions()
252        print('Serving XML-RPC on localhost port 8000')
253        try:
254            server.serve_forever()
255        except KeyboardInterrupt:
256            print("\nKeyboard interrupt received, exiting.")
257            sys.exit(0)
258
259This ExampleService demo can be invoked from the command line::
260
261    python -m xmlrpc.server
262
263
264The client that interacts with the above server is included in
265`Lib/xmlrpc/client.py`::
266
267    server = ServerProxy("http://localhost:8000")
268
269    try:
270        print(server.currentTime.getCurrentTime())
271    except Error as v:
272        print("ERROR", v)
273
274    multi = MultiCall(server)
275    multi.getData()
276    multi.pow(2,9)
277    multi.add(1,2)
278    try:
279        for response in multi():
280            print(response)
281    except Error as v:
282        print("ERROR", v)
283
284This client which interacts with the demo XMLRPC server can be invoked as::
285
286    python -m xmlrpc.client
287
288
289CGIXMLRPCRequestHandler
290-----------------------
291
292The :class:`CGIXMLRPCRequestHandler` class can be used to handle XML-RPC
293requests sent to Python CGI scripts.
294
295
296.. method:: CGIXMLRPCRequestHandler.register_function(function=None, name=None)
297
298   Register a function that can respond to XML-RPC requests.  If *name* is given,
299   it will be the method name associated with *function*, otherwise
300   ``function.__name__`` will be used.  *name* is a string, and may contain
301   characters not legal in Python identifiers, including the period character.
302
303   This method can also be used as a decorator.  When used as a decorator,
304   *name* can only be given as a keyword argument to register *function* under
305   *name*.  If no *name* is given, ``function.__name__`` will be used.
306
307   .. versionchanged:: 3.7
308      :meth:`register_function` can be used as a decorator.
309
310
311.. method:: CGIXMLRPCRequestHandler.register_instance(instance)
312
313   Register an object which is used to expose method names  which have not been
314   registered using :meth:`register_function`. If  instance contains a
315   :meth:`_dispatch` method, it is called with the  requested method name and the
316   parameters from the  request; the return value is returned to the client as the
317   result. If instance does not have a :meth:`_dispatch` method, it is searched
318   for an attribute matching the name of the requested method; if  the requested
319   method name contains periods, each  component of the method name is searched for
320   individually,  with the effect that a simple hierarchical search is performed.
321   The value found from this search is then called with the  parameters from the
322   request, and the return value is passed  back to the client.
323
324
325.. method:: CGIXMLRPCRequestHandler.register_introspection_functions()
326
327   Register the XML-RPC introspection functions  ``system.listMethods``,
328   ``system.methodHelp`` and  ``system.methodSignature``.
329
330
331.. method:: CGIXMLRPCRequestHandler.register_multicall_functions()
332
333   Register the XML-RPC multicall function ``system.multicall``.
334
335
336.. method:: CGIXMLRPCRequestHandler.handle_request(request_text=None)
337
338   Handle an XML-RPC request. If *request_text* is given, it should be the POST
339   data provided by the HTTP server,  otherwise the contents of stdin will be used.
340
341Example::
342
343   class MyFuncs:
344       def mul(self, x, y):
345           return x * y
346
347
348   handler = CGIXMLRPCRequestHandler()
349   handler.register_function(pow)
350   handler.register_function(lambda x,y: x+y, 'add')
351   handler.register_introspection_functions()
352   handler.register_instance(MyFuncs())
353   handler.handle_request()
354
355
356Documenting XMLRPC server
357-------------------------
358
359These classes extend the above classes to serve HTML documentation in response
360to HTTP GET requests.  Servers can either be free standing, using
361:class:`DocXMLRPCServer`, or embedded in a CGI environment, using
362:class:`DocCGIXMLRPCRequestHandler`.
363
364
365.. class:: DocXMLRPCServer(addr, requestHandler=DocXMLRPCRequestHandler,\
366               logRequests=True, allow_none=False, encoding=None,\
367               bind_and_activate=True, use_builtin_types=True)
368
369   Create a new server instance. All parameters have the same meaning as for
370   :class:`SimpleXMLRPCServer`; *requestHandler* defaults to
371   :class:`DocXMLRPCRequestHandler`.
372
373   .. versionchanged:: 3.3
374      The *use_builtin_types* flag was added.
375
376
377.. class:: DocCGIXMLRPCRequestHandler()
378
379   Create a new instance to handle XML-RPC requests in a CGI environment.
380
381
382.. class:: DocXMLRPCRequestHandler()
383
384   Create a new request handler instance. This request handler supports XML-RPC
385   POST requests, documentation GET requests, and modifies logging so that the
386   *logRequests* parameter to the :class:`DocXMLRPCServer` constructor parameter is
387   honored.
388
389
390.. _doc-xmlrpc-servers:
391
392DocXMLRPCServer Objects
393-----------------------
394
395The :class:`DocXMLRPCServer` class is derived from :class:`SimpleXMLRPCServer`
396and provides a means of creating self-documenting, stand alone XML-RPC
397servers. HTTP POST requests are handled as XML-RPC method calls. HTTP GET
398requests are handled by generating pydoc-style HTML documentation. This allows a
399server to provide its own web-based documentation.
400
401
402.. method:: DocXMLRPCServer.set_server_title(server_title)
403
404   Set the title used in the generated HTML documentation. This title will be used
405   inside the HTML "title" element.
406
407
408.. method:: DocXMLRPCServer.set_server_name(server_name)
409
410   Set the name used in the generated HTML documentation. This name will appear at
411   the top of the generated documentation inside a "h1" element.
412
413
414.. method:: DocXMLRPCServer.set_server_documentation(server_documentation)
415
416   Set the description used in the generated HTML documentation. This description
417   will appear as a paragraph, below the server name, in the documentation.
418
419
420DocCGIXMLRPCRequestHandler
421--------------------------
422
423The :class:`DocCGIXMLRPCRequestHandler` class is derived from
424:class:`CGIXMLRPCRequestHandler` and provides a means of creating
425self-documenting, XML-RPC CGI scripts. HTTP POST requests are handled as XML-RPC
426method calls. HTTP GET requests are handled by generating pydoc-style HTML
427documentation. This allows a server to provide its own web-based documentation.
428
429
430.. method:: DocCGIXMLRPCRequestHandler.set_server_title(server_title)
431
432   Set the title used in the generated HTML documentation. This title will be used
433   inside the HTML "title" element.
434
435
436.. method:: DocCGIXMLRPCRequestHandler.set_server_name(server_name)
437
438   Set the name used in the generated HTML documentation. This name will appear at
439   the top of the generated documentation inside a "h1" element.
440
441
442.. method:: DocCGIXMLRPCRequestHandler.set_server_documentation(server_documentation)
443
444   Set the description used in the generated HTML documentation. This description
445   will appear as a paragraph, below the server name, in the documentation.
446