[mod_python] Access checking against another path

Graham Dumpleton graham.dumpleton at gmail.com
Mon Apr 30 20:30:37 EDT 2007


On 01/05/07, Roger Binns <rogerb at rogerbinns.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Graham Dumpleton wrote:
> > Perhaps look at the req.internal_redirect() method. See:
> >
> >  http://www.modpython.org/live/current/doc-html/pyapi-mprequest-meth.html
> >
> > If you need access to req.user of the parent request from the sub
> > request, you have to access req.prev.user from the sub request to get
> > it from memory.
>
> As far as I can tell, that method does an actual redirect which is not
> what I want.  In the output of /admin, I want to include the output of
> /api/object/whatever (amongst other things).
>
> If they were running on different web servers then I would have to use a
> HTTP client and do things that way.  In this case they are running on
> the same server, and the minimum I need to answer is "are the
> credentials supplied to /admin sufficient for /api/object/whatever"

The method req.internal_redirect() does it all within the web server,
it is not sending back a redirect to the web browser client. It is not
even possible using req.internal_redirect() to make a request against
another web server unless the target of the internal request so
happened be a resource configure using mod_proxy to be redirected to
some downstream server.

Note that when using req.internal_redirect(), that called resource
then effectively generates the complete response. If you want the
output of the sub request to be included as a subcomponent of HTML of
parent, then you would really need to do a Python import to get access
to Python code for your sub handler and invoke direct as Python code.

Graham


More information about the Mod_python mailing list