> Are you telling me that there's no way to get this workin without an
apache in front of django? So, all the questions I'm going to ask you
at the end of this email have
only this answer? :)
That's pretty much true although it isn't Apache specific. Lots of
other web servers have a way of setting REMOTE_USER which is what the
RemoteUserMiddleware requires.
>>> s = ServerProxy('http://admin:ad...@localhost:8000')
This tells Python's xmlrpclib that "admin" should be sent as HTTP
basic authentication [1]. Django has no way (that I know of) to use
HTTP basic authentication other than the RemoteUserMiddleware or a
derived middleware.
> AFAIK, you can pass those values only within the url
> (http://user:pas...@www.mysite.com). So, I suppose the middleware to take
> those values from the http request and set them properly.
Actually, the web server takes those values and puts them into the
HTTP request that Django processes. The RemoteUserMiddleware just
checks those values and assumes that if they were set properly by the
server.
> I'm not able to login using username and password... and here comes the big
> question: isn't this stack supposed to work as fallback chain?
Django will fall back onto ModelBackend if you tell it to. However,
the ModelBackend does not pick up the username and password from HTTP
basic auth and so this doesn't work as you were hoping. The
ModelBackend is used to login users through a web form.
In general, the RemoteUserMiddleware is used when the web server does
the authentication and RPC4Django uses the RemoteUserMiddleware for
authenticated requests. If you plan to deploy your application to a
web server when you're done debugging you could write a custom
middleware that set remote user if DEBUG is True so you can test it.
However, it is possible that RemoteUserMiddleware does not exactly
meet your requirements. In that case, you can file an issue on
RPC4Django to support some alternative authentication mechanism.
You'll have to email me to do this until I finish transferring
RPC4Django to Launchpad. However, XMLRPC and JSONRPC protocols do not
support authentication. In other RPC libraries for Django [2] I've
seen that they provide a decorator which adds two parameters (username
and password) to your RPC method. However, I did not really like this
solution for a variety of reasons.
[1] http://docs.python.org/library/xmlrpclib.html#xmlrpclib.ServerProxy
[2] http://github.com/samuraisam/django-json-rpc
On Mar 26, 10:13 am, Simone Orsi <simah...@gmail.com> wrote:
> Hi David, Ale, thanks for your answers :)
>
> On 03/26/2010 05:24 PM, David wrote:> Simone,
>
> > It looks to me like there may be a problem in how you have configured
> > basic authentication on your web server.
>
> At the moment I didn't configure any server at all :)> Firstly, the fact that
> you
> > are able to connect to your unprotected methods without using the
> > username "admin" with password "admin" leads me to believe that your
> > server is unprotected by basic authentication.
>
> I supposed the django server provides this...> Also, the fact that
> > you're on port 8000 usually implies that you're using the built-in
> > Django test server.
>
> Yep, because I'm still testing it.> As far as I know, there is no way to
> configure the
> > built-in server with basic authentication. With Apache/mod_python, you
> > can configure it to use Django's database for web server
> > authentication [1]. With mod_wsgi, take a look at Django ticket #10809
> > [2].
>
> Are you telling me that there's no way to get this workin without an
> apache in front of django?
> So, all the questions I'm going to ask you at the end of this email have
> only this answer? :)
>
> > Alessandro,
>
> > I think what you have is perfect is your web server sets
> > HTTP_AUTHORIZATION instead of REMOTE_USER when it authenticates.
> > However, I think you could just subclass the RemoteUserMiddleware [3].
>
> > [1]http://docs.djangoproject.com/en/1.1/howto/apache-auth
> > [2]http://code.djangoproject.com/ticket/10809
> > [3]http://docs.djangoproject.com/en/1.1/howto/auth-remote-user
>
> > -David
>
> @Alessandro: mmm, I see that your code is pretty much the same of this
> [1], except for the xmlrpc part :)
> I'll give it a try, but in the mean time I want to understand what is
> going wrong with the other middlewares.
>
> Looking the tutorial I mentioned before and at the code of
>
> 'django.contrib.auth.middleware.RemoteUserMiddleware'
>
> and
>
> 'django.contrib.auth.backends.RemoteUserBackend'
>
> the authentication should be done trough "request.META['REMOTE_USER']"
> but this is not working since the var never appears into my request.
> Probably there is specific manner to pass it to the request but with the
> standard xmlrpclib, AFAIK, you can pass those values only within the url
> (http://user:pas...@www.mysite.com). So, I suppose the middleware to
> take those values from the http request and set them properly.
>
> Also, I found that with these settings:
>
> AUTHENTICATION_BACKENDS = (
> 'lfs.customer.auth.EmailBackend',
> #'django.contrib.auth.backends.ModelBackend',
> 'django.contrib.auth.backends.RemoteUserBackend',
> )
>
> I'm not able to login using username and password... and here comes the
> big question: isn't this stack supposed to work as fallback chain?
>
> According to the docs [2], yes: "[...] Django tries authenticating
> across all of its authentication backends. [...]"
>
> Moreover, the doc [3] says to replace '*.ModelBackend' with
> '*.RemoteUserBackend' because it is a subclass of '*.ModelBackend' and
> that's true:
>
> [...]
> class RemoteUserBackend(ModelBackend):
> [...]
>
> BUT, if I comment out "*.ModelBackend" as above, I can't login with
> username and password, even if I comment out
> 'lfs.customer.auth.EmailBackend' too.
>
> What's wrong here?
>
> Any clues will be much appreciated.
>
> [1]http://www.djangosnippets.org/snippets/448/
> [2]http://docs.djangoproject.com/en/1.1/topics/auth/#specifying-authenti...
> [3]http://docs.djangoproject.com/en/1.1/howto/auth-remote-user/
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
