Hello,
I've set up apache to validate my users using PythonAuthenHandler as
described in the documentation
(http://www.djangoproject.com/documentation/apache_auth/). This part
works like charm :), but I would like to get a more fine grained
control over the accessed url (not served by django).
According to mod_python's docs this should be possible using
PythonAuthzHandler, but in my case it just doesn't work.
I have the following in my virtualhost directive
<Location />
AuthType Basic
AuthName 'CooSci'
AuthUserFile /dev/null
AuthBasicAuthoritative Off
Require valid-user
SetEnv DJANGO_SETTINGS_MODULE coosci.settings
PythonAuthenHandler django.contrib.auth.handlers.modpython
PythonAuthzHandler myproject.auth.modpython
PythonOption DjangoRequireStaffStatus 0
</Location>
then I use the following modpython.py to test if the setting works
from mod_python import apache
import os
def authzhandler(req, **kwargs):
'''
Authentication handler that checks if the given repository can be
accessed by the authenticated user
@param req: the Apache request object, see
http://modpython.org/live/mod_python-3.3.1/doc-html/pyapi-mprequest.html
@type req: object
'''
# mod_python fakes the environ, and thus doesn't process SetEnv. This fixes
# that so that the following import works
os.environ.update(req.subprocess_env)
settings_module = req.get_options().get('DJANGO_SETTINGS_MODULE', None)
if settings_module:
os.environ['DJANGO_SETTINGS_MODULE'] = settings_module
# test if it works
apache.log_error('authzhandler')
req.log_error('authzhandler from request with user %s at %s' %
(req.user, req.uri))
from django.contrib.auth.models import User
from webapp.models import Editor
from django import db
db.reset_queries()
# run this at the end
db.connection.close()
return apache.OK
Any ideas why this doesn't show up in my Apache log files?
I have Apache 2.2.0
In the meantime I was thinking about other solutions as well.
Especially as the docs of PythonAuthzHandler says that
PythonAuthenHander is "more often than not it is done right in the
AuthenHandler". So it might be a good idea to allow a callback in
AuthenHandler to get a more fine-grained control over the accessed
uri. (Of course, this at least partially mixes up things, as the
authenhandler is supposed to authenticate the user, and it's the
authzhandler who should allow/deny access of the (already
authenticated) user to a given uri.)
what would be your recommendation? do you see any reason to patch
django.contrib.auth.handlers.modpython to allow for a callback?
Thanks for your help!
V
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
