|
Graham Dumpleton
grahamd at dscpl.com.au
Tue Nov 22 20:29:40 EST 2005
Bjorn Sundberg wrote .. > Thanks Graham for your quick response. Its 2 am and my head is abit slow. > But is the idea to let apache do the digest authentication, that is apache > takes care of matching username against the password supplied in the > authenhandler()? If you use AuthDigestFile to specify a user/password file that Apache can itself use, the authenhandler() isn't even required. As you probably know, you can find more details of how to set up Apache at: http://httpd.apache.org/docs/2.0/mod/mod_auth_digest.html Given that Apache will handle all aspects of authorisation, all that needs to be done now is to work around the problem in mod_python.publisher that prevents it being used in a directory authenticated using digest authentication. I was putting that workaround in authenhandler(), but probably shouldn't have suggested it as it has probably confused the issue. What has to be done though is to hook in a bit of code somehow before the handler for mod_python.publisher. This could be done in an earlier processing phase or as a content handler just prior to mod_python.publisher is triggered. I would suggest the latter. To do that, where you currently have: PythonHandler mod_python.publisher change it to: PythonHandler my_digest_workaround::_delete_authorization_header PythonHandler mod_python.publisher When you specify two handlers like this, mod_python will execute each in turn. Thus, by adding a _delete_authorization_header() method to a module my_digest_workaround we can hook in some code to run before mod_python.publisher. The content of my_digest_workaround would thus be: from mod_python import apache def _delete_authorization_header(req): if req.headers_in.has_key("Authorization"): del req.headers_in["Authorization"] return apache.OK The my_digest_workaround module could be put in the same directory as .htaccess file, or if using global Apache configuration in root directory of where your published files are kept. I explicitly called the handler _delete_authorization_header(), with a leading underscore so that it will not be found if some addressed a URL for publisher at it directly. End result is that the workaround gets called first and it removes the problem header and then publisher gets executed and your function called. Graham > Björn S > > On 11/23/05, Graham Dumpleton <grahamd at dscpl.com.au> wrote: > > > > Graham Dumpleton wrote .. > > > Bjorn Sundberg wrote .. > > > > Is there a way do use http digest authentication? > > > > > > No. HTTP digest authentication and mod_python.publisher are currently > > > incompatible. See: > > > > > > http://issues.apache.org/jira/browse/MODPYTHON-47 > > > > > > It is actually a simple fix, but wasn't done for mod_python 3.2. > > > > > > Even if fixed, the HTTP digest authentication has to be done by Apache, > > > it cannot be done by mod_python.publisher when using __auth__ etc. > > > The fix is merely to stop mod_python.publisher barfing when it is being > > > done by Apache. > > > > Actually, as usual there is nearly always a way to fudge things. You > could > > still use Apache HTTP digest authentication (managed by Apache) and > > still use mod_python.publisher by having an authenhandler() which > > deleted the "Authorization" header so that mod_python.publisher didn't > > find it and therefore didn't barf. > > > > def authenhandler(req): > > > > if req.headers_in.has_key("Authorization"): > > del req.headers_in["Authorization"] > > > > ... etc. > > > > I haven't tried this, but it should work. > > > > Graham > >
|