|
Gregory (Grisha) Trubetskoy
grisha at modpython.org
Thu Oct 3 17:30:48 EST 2002
Apache does this. It has to give a module a chance to evaluate permissions
at every directory in the path. I do not believe there is much you can do
about this.
Grisha
On Thu, 3 Oct 2002, Grant Beasley wrote:
> Hi
>
> I'm trying to set up my website in such a way that the entire website is
> protected by an AuthenHandler, and the "cgi" directory (where my mod_python
> scripts run) is directed to a publisher (my own modification of the standard
> publisher).
>
> To do this, I setup Apache with the following directives:
>
> <Directory "C:/Projects/http/cgi">
> SetHandler python-program
> PythonHandler mypub
> PythonDebug On
> </Directory>
>
> <Directory "C:/Projects/http">
> SetHandler python-program
> PythonAuthenHandler authen
> AuthType Basic
> AuthName "Restricted Area"
> require valid-user
> PythonLogHandler log
> PythonDebug On
> </Directory>
>
> I've programmed my authenhandler (for debugging purposes) as follows:
> pw = req.get_basic_auth_pw()
> user = req.connection.user
> f = open("C:\\authendump.txt", "a")
> f.write("""Authen - %s
> URI: %s
> UNPARSED_URI: %s
> THE_REQUEST: %s
> PATH_INFO: %s
> FILENAME: %s
> USER: %s
> PW: %s
> -----------------
> """ % (strftime('%d/%m/%Y %H:%M:%S', localtime()),req.uri, req.unparsed_uri,
> req.the_request, req.path_info, req.filename, user, pw))
> if user is not None:
> return apache.OK
> else:
> return apache.HTTP_UNAUTHORIZED
> f.close()
>
> i.e. Just to dump a few variables for inspection.
>
> For a single request, the above configuration gives me the following:
>
> Authen - 03/10/2002 13:31:16
> URI: /showuser
> UNPARSED_URI: /showuser
> THE_REQUEST: GET /cgi/cool/showuser HTTP/1.1
> PATH_INFO:
> FILENAME: c:/projects/http/showuser
> USER: None
> PW: None
> -----------------
> Authen - 03/10/2002 13:31:16
> URI: /cgi/cool/showuser
> UNPARSED_URI: /cgi/cool/showuser
> THE_REQUEST: GET /cgi/cool/showuser HTTP/1.1
> PATH_INFO: /showuser
> FILENAME: c:/projects/http/cgi/cool
> USER: None
> PW: None
> -----------------
> Authen - 03/10/2002 13:31:18
> URI: /showuser
> UNPARSED_URI: /showuser
> THE_REQUEST: GET /cgi/cool/showuser HTTP/1.1
> PATH_INFO:
> FILENAME: c:/projects/http/showuser
> USER: gb
> PW: a
> -----------------
> Authen - 03/10/2002 13:31:18
> URI: /cgi/cool/showuser
> UNPARSED_URI: /cgi/cool/showuser
> THE_REQUEST: GET /cgi/cool/showuser HTTP/1.1
> PATH_INFO: /showuser
> FILENAME: c:/projects/http/cgi/cool
> USER: gb
> PW: a
> -----------------
>
> In other words the authenhandler code is executing twice, with a different
> URI. On inspection of the get_config() and get_dirs(), I can see that it's
> executing once for each of the above directives.
>
> What I'd like to know is why this occurs, and how do I prevent it?
>
> Any help appreciated.
>
> Grant Beasley
>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://www.modpython.org/mailman/listinfo/mod_python
>
|