Ian Bicking wrote: > Jim Fulton wrote: > >> Typically, web servers provide access logs that include a label >> for the authenticated user. >> >> Often, WSGI applications (or middleware) provide their own user >> authentication facilities. Well, Zope does. :) >> >> There doesn't seem to be a standard way for WSGI applications or >> middleware to communicate the information necessary for a server >> to log the authenticated user back to the server. >> >> Am I missing something? How do other people handle this? >> >> Is Zope the only WSGI application that performs authentication >> itself? > > > I do the authentication in my apps,
Cool. > but I am sloppy and do not record it > ;) Well, that's not completely true. In the rough access logger in > Paste (http://pythonpaste.org/paste/translogger.py.html?f=8&l=80#8) I > include environ['REMOTE_USER'] if it is present. So if the WSGI environ > that the middleware sees initially is the same environ that the > authenticator writes too, then the middleware will see that change on > the way out and include it. Using a header would solve the problem > where the environment is completely changed (unlikely), or copied before > REMOTE_USER is assigned (fairly likely). > > I can imagine a convention of X-WSGI-Authenticated, where X-WSGI-* gets > stripped by the server, Works for me. > and any middleware that is interested can watch > for these headers. Another option is a callback, but potentially > multiple middleware's will be interested (multiple logs isn't hard to > imagine), and that complicates the callback. I think just scribbling a value into the env or headers is fine. JIm -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org _______________________________________________ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
