|
Graham Dumpleton
graham.dumpleton at gmail.com
Tue May 6 19:14:16 EDT 2008
The AddHandler/SetHandler only apply to the actual content handler and has nothing to do with other phases of processing. Read: http://www.dscpl.com.au/wiki/ModPython/Articles/SetHandlerVersusAddHandler In short, only use SetHandler with mod_python if defining PythonHandler. Because mod_python isn't a standalone system, you also need to understand how Apache works. Since SetHandler/AddHandler are implemented by core Apache modules and not mod_python, you also need to read Apache documentation for those directives. Graham 2008/5/7 John Calixto <John.Calixto at watchguard.com>: > > > This works for me: > > > > > > <Location /pyauthtest > > > > AuthType Py > > > Options Indexes ExecCGI > > > PythonAuthenHandler pyauthhandler > > > PythonDebug On > > > PythonOption Groups Foo,Bar,Baz > > > PythonOption ServerRoot > > /var/www/instance > > > require valid-user > > > </Location> > > > > > > > Thanks Ari. > > > > Do you also have a <Directory> stanza in your apache config? > > Or are you doing some magic with the ServerRoot value to > > effectively build up an index yourself? > > > > John > > > OK, I found something that works for me. Ari's configuration prompted > me to try removing the SetHandler directive. By using just the > PythonAuthenHandler and PythonAuthzHandler directives, I got the desired > effect. It makes sense - I just didn't understand how Set/AddHandler > interacted with the rest of mod_python. > > Here's my final, working configuration: > > > <VirtualHost *> > ServerAdmin webmaster at localhost > > DocumentRoot /var/www/ > <Directory /> > Options FollowSymLinks > AllowOverride None > </Directory> > <Directory /var/www/> > Options Indexes FollowSymLinks MultiViews > AllowOverride None > Order allow,deny > allow from all > > # Notice no SetHandler directive! > AuthType customauth > PythonAuthenHandler apacheauth > PythonAuthzHandler apacheauth > PythonPath "sys.path+['/home/user/customauth']" > PythonDebug On > Require customauth::valid-user > </Directory> > > ErrorLog /var/log/apache2/error.log > LogLevel debug > > CustomLog /var/log/apache2/access.log combined > ServerSignature On > > </VirtualHost> > > > ================================================================= > > > from mod_python import apache > import authenticators > import base64 > > AUTHTYPE = 'customauth' > AUTHNAME = 'Custom Auth' > authen = authenticators.authen_shadow > > def authenhandler(req): > req.ap_auth_type = AUTHTYPE > auth_header = req.headers_in.get('Authorization') > if auth_header: > decoded = base64.b64decode(auth_header.split()[-1]) > username, password = decoded.split(':') > if authen(username, password): > req.log_error("authenticated!", apache.APLOG_DEBUG) > req.user = username > return apache.OK > req.log_error("not authenticated!", apache.APLOG_DEBUG) > req.err_headers_out['WWW-Authenticate'] = 'Basic realm="%s"' % > AUTHNAME > return apache.HTTP_UNAUTHORIZED > > def authzhandler(req): > if req.user: > # do any extra checking against groups, requires, etc. > req.log_error("authorized user %s" % req.user, > apache.APLOG_DEBUG) > return apache.OK > return apache.HTTP_UNAUTHORIZED > > > ================================================================= > > Maybe I missed it in the documentation, but it would be really nice to > have something stating the interaction between AddHandler/SetHandler, > and mod_python. > > Thanks for reading, > > John > > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python >
|