There is no security model built into the publisher as such; applications should return instances of the exception response classes from the WebOb library (on Python 2.5+ raise may be used):
@app.connect("/")
def controller(request):
if 'REMOTE_USER' not in request.environ:
return webob.exc.HTTPForbidden("Server not accessible.")
return webob.Response(u"Welcome, %s!" % request.environ['REMOTE_USER'])
If we browse to http://localhost:8080/ we get:
403 Forbidden
Access was denied to this resource.
Server not accessible.