FWIW, authen/authz for Apache is much easier done in mod_wsgi. See: http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms
I have given up trying to help people with mod_python authen/authz because it is such a PITA. :-) Graham On Jul 15, 9:29 pm, "Viktor Nagy" <[EMAIL PROTECTED]> wrote: > Hello, > > I've set up apache to validate my users using PythonAuthenHandler as > described in the documentation > (http://www.djangoproject.com/documentation/apache_auth/). This part > works like charm :), but I would like to get a more fine grained > control over the accessed url (not served by django). > > According tomod_python'sdocs this should be possible using > PythonAuthzHandler, but in my case it just doesn't work. > > I have the following in my virtualhost directive > > <Location /> > AuthType Basic > AuthName 'CooSci' > AuthUserFile /dev/null > AuthBasicAuthoritative Off > Require valid-user > > SetEnv DJANGO_SETTINGS_MODULE coosci.settings > PythonAuthenHandler django.contrib.auth.handlers.modpython > PythonAuthzHandler myproject.auth.modpython > PythonOption DjangoRequireStaffStatus 0 > </Location> > > then I use the following modpython.py to test if the setting works > > frommod_pythonimport apache > import os > > def authzhandler(req, **kwargs): > ''' > Authentication handler that checks if the given repository can be > accessed by the authenticated user > @param req: the Apache request object, > seehttp://modpython.org/live/mod_python-3.3.1/doc-html/pyapi-mprequest.html > @type req: object > ''' > #mod_pythonfakes the environ, and thus doesn't process SetEnv. This fixes > # that so that the following import works > os.environ.update(req.subprocess_env) > > settings_module = req.get_options().get('DJANGO_SETTINGS_MODULE', None) > if settings_module: > os.environ['DJANGO_SETTINGS_MODULE'] = settings_module > > # test if it works > apache.log_error('authzhandler') > req.log_error('authzhandler from request with user %s at %s' % > (req.user, req.uri)) > > from django.contrib.auth.models import User > from webapp.models import Editor > from django import db > db.reset_queries() > > # run this at the end > db.connection.close() > return apache.OK > > Any ideas why this doesn't show up in my Apache log files? > I have Apache 2.2.0 > > In the meantime I was thinking about other solutions as well. > Especially as the docs of PythonAuthzHandler says that > PythonAuthenHander is "more often than not it is done right in the > AuthenHandler". So it might be a good idea to allow a callback in > AuthenHandler to get a more fine-grained control over the accessed > uri. (Of course, this at least partially mixes up things, as the > authenhandler is supposed to authenticate the user, and it's the > authzhandler who should allow/deny access of the (already > authenticated) user to a given uri.) > > what would be your recommendation? do you see any reason to patch > django.contrib.auth.handlers.modpython to allow for a callback? > > Thanks for your help! > V --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---