[mod_python] Accesshandler and normal handler... how they working ?

durumdara durumdara at gmail.com
Mon Nov 20 09:31:25 EST 2006 

Hi !

Interesting. Your example about Request Data Sharing sometimes working, 
and sometimes not.
I don't understand why !
In my little test site it is working good.
But when I put these sharing technics in the main site, then Apache said 
that Object member does not exists on mp_request.

Traceback (most recent call last):

  File "C:\Python24\lib\site-packages\mod_python\apache.py", line 299, in HandlerDispatch
    result = object(req)

  File "c:/web/zeusweb/htdocs\__handler.py", line 6, in handler
    RequestObject = req.Object

AttributeError: 'mp_request' object has no attribute 'Object'

It is very interesting, because I set this variable on the access handler.

def accesshandler(Request):
    hmod = apache.import_module("CustomHandler")
    siteroot = os.path.dirname(__file__)
    return hmod.CommonAccessHandler(Request, "ZeusWebHandler", siteroot)
...

def CommonAccessHandler(Request, HandlerModuleName, SiteRoot):
    zhmod = apache.import_module(HandlerModuleName)
    try:
        ROClass = zhmod.GetRequestObjectClass()
        RequestObject = ROClass(Request, SiteRoot)
        Request.Object = RequestObject # <===== here I set it !
        RequestObject.CheckLogin()
        valid = RequestObject.HaveUserRightTo(Request.filename)
        if valid:
            return apache.OK
        else:
            return apache.HTTP_FORBIDDEN
    except:
        dwtools = apache.import_module("dwtools")
        excmsg = dwtools.GetLastExcText()
        Request.log_error(excmsg, apache.APLOG_ERR)
    return apache.HTTP_INTERNAL_SERVER_ERROR

Interesting, because it's working recently ! In same site !
Possible it's caused by virtual hosting and more site handlers ??? I 
don't know.

But I need solution.

Please help me !

I thinking about that I not used direct filenames on protectable content 
(anydata.pdf).
If I use "aliases", I can check them in the handler, and I can rewrite 
them as stream, if use have enough rights to it.
In this time I can use accesshandler to deny accesses without rights. If 
rights are enough, I simply send apache.OK, and apache get back the 
content, handle the file types (PDF, XLS, etc.).

But if accesshandler cannot share data with handler safely, I need to 
drop accesshandler, and I need to handle all request with my handler.
This is not too hard with simple content, but problematic with big, 
protected, special files, example _*private*_ PDF-s, Pictures, other 
contents.
(I remember that in zope I must rename the dynamic image retreiver 
script to ".jpg" to Windows client handle the data correctly what the 
script provided.)

How to you do this ? How can I protect some areas ? How to I support the 
file downloading with protection ?

Thanks for your help:
    dd





Jim Gallacher wrote:
> durumdara wrote:
>> Hi !
>>
>> I have an access handler, and a normal python handler in my site.
>> I use directories, and some of them are need protection. I use my login
>> method to enable user access.
>>
>> The access handler is check the needed rights to any object. It get user
>> data from Session.
>> When access granted, it finished it's working.
>> When access denied, it send http403 error, and I catch this with custom
>> error documents (ssi).
>>
>> But I want to know something - the background of access handler.
>>
>> 1.)
>> The access handler is existing in same Thread as Handler ?
>
> Yes.
>
>> So I want to know. Is modpy do this:
>> get url, server info, etc.
>> build request + other objects
>> get thread
>> result = thread.startaccesshandler(req)
>> if not result:
>>  gotoerrorhandler
>> else:
>>  result = thread.handler(req)
>> ....
>> or it use another technology ?
>
> Unless I'm misunderstanding your question, you don't need to mess with 
> threads. You are always dealing with the same request object, 
> regardless of which phase, and there is one process or thread per 
> request.
>
> Take a look at the mod_python documentation for PythonAuthenHandler, 
> as well as my reply to Richard Lewis today on a similar question.
>
>> 2.)
>> Can I exchange some data across them ?
>
> Yes.
>
> def authenhandler(req):
>     req.foo = 'something for later'
>     ...
>
>
> def handler(req):
>     req.write(req.foo)
>     ...
>
>
>> In this time I use file based right table(s).
>> Every file in this table has right property.
>> I need to load this table in the accesshandler to check grants.
>> And later, in the menu building I also need to load this table to check
>> grants (the menus are not accessable by user are hided).
>> Can I share these infos ? Can I write to the request object, and this
>> object is hold these infos to get them in normal handler ?
>
> Yes.
>
>> 3.)
>> Can I force the access handler to redirect request ?
>
> Yes.
>
>> Example: the user click on menu that preserved for special users. I
>> don't want to redirect to error pages. Can I redirect to my special
>> page, 
>
> Yes.
>
> Jim
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20061120/dc82ff61/attachment.html

More information about the Mod_python mailing list