shyt, I was looking for these docs this morning! thanks for the poinger Graham, it seems to be very detailed, and once I forget the hassles I've survived today with mod_python, I'll probably give it a try
btw, is there any reason why this documentation can't be found under http://www.djangoproject.com/documentation/install/ or http://www.djangoproject.com/documentation/apache_auth/ ? thanks for your help! V On Jul 15, 3:23 pm, Graham Dumpleton <[EMAIL PROTECTED]> wrote: > FWIW, authen/authz for Apache is much easier done in mod_wsgi. See: > > http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms > > I have given up trying to help people with mod_python authen/authz > because it is such a PITA. :-) > > Graham > > On Jul 15, 9:29 pm, "Viktor Nagy" <[EMAIL PROTECTED]> wrote: > > > Hello, > > > I've set up apache to validate my users using PythonAuthenHandler as > > described in the documentation > > (http://www.djangoproject.com/documentation/apache_auth/). This part > > works like charm :), but I would like to get a more fine grained > > control over the accessed url (not served by django). > > > According tomod_python'sdocs this should be possible using > > PythonAuthzHandler, but in my case it just doesn't work. > > > I have the following in my virtualhost directive > > > <Location /> > > AuthType Basic > > AuthName 'CooSci' > > AuthUserFile /dev/null > > AuthBasicAuthoritative Off > > Require valid-user > > > SetEnv DJANGO_SETTINGS_MODULE coosci.settings > > PythonAuthenHandler django.contrib.auth.handlers.modpython > > PythonAuthzHandler myproject.auth.modpython > > PythonOption DjangoRequireStaffStatus 0 > > </Location> > > > then I use the following modpython.py to test if the setting works > > > frommod_pythonimport apache > > import os > > > def authzhandler(req, **kwargs): > > ''' > > Authentication handler that checks if the given repository can be > > accessed by the authenticated user > > @param req: the Apache request object, > > seehttp://modpython.org/live/mod_python-3.3.1/doc-html/pyapi-mprequest.html > > @type req: object > > ''' > > #mod_pythonfakes the environ, and thus doesn't process SetEnv. This > > fixes > > # that so that the following import works > > os.environ.update(req.subprocess_env) > > > settings_module = req.get_options().get('DJANGO_SETTINGS_MODULE', None) > > if settings_module: > > os.environ['DJANGO_SETTINGS_MODULE'] = settings_module > > > # test if it works > > apache.log_error('authzhandler') > > req.log_error('authzhandler from request with user %s at %s' % > > (req.user, req.uri)) > > > from django.contrib.auth.models import User > > from webapp.models import Editor > > from django import db > > db.reset_queries() > > > # run this at the end > > db.connection.close() > > return apache.OK > > > Any ideas why this doesn't show up in my Apache log files? > > I have Apache 2.2.0 > > > In the meantime I was thinking about other solutions as well. > > Especially as the docs of PythonAuthzHandler says that > > PythonAuthenHander is "more often than not it is done right in the > > AuthenHandler". So it might be a good idea to allow a callback in > > AuthenHandler to get a more fine-grained control over the accessed > > uri. (Of course, this at least partially mixes up things, as the > > authenhandler is supposed to authenticate the user, and it's the > > authzhandler who should allow/deny access of the (already > > authenticated) user to a given uri.) > > > what would be your recommendation? do you see any reason to patch > > django.contrib.auth.handlers.modpython to allow for a callback? > > > Thanks for your help! > > V --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
