On 03/26/2010 08:13 PM, David wrote:
>> Are you telling me that there's no way to get this workin without an
>>
> apache in front of django? So, all the questions I'm going to ask you
> at the end of this email have
> only this answer? :)
>
> That's pretty much true although it isn't Apache specific. Lots of
> other web servers have a way of setting REMOTE_USER which is what the
> RemoteUserMiddleware requires.
>
I see.
>>>> s = ServerProxy('http://admin:ad...@localhost:8000')
>>>>
> This tells Python's xmlrpclib that "admin" should be sent as HTTP
> basic authentication [1]. Django has no way (that I know of) to use
> HTTP basic authentication other than the RemoteUserMiddleware or a
> derived middleware.
>
So since django's testing server doesn't take care of it there's no way
to get "RemoteUserMiddleware" working properly without placing django
behind apache or something similar. Good to know :)
>> AFAIK, you can pass those values only within the url
>> (http://user:pas...@www.mysite.com). So, I suppose the middleware to take
>> those values from the http request and set them properly.
>>
> Actually, the web server takes those values and puts them into the
> HTTP request that Django processes. The RemoteUserMiddleware just
> checks those values and assumes that if they were set properly by the
> server.
>
>
>> I'm not able to login using username and password... and here comes the big
>> question: isn't this stack supposed to work as fallback chain?
>>
Here I have to be more explicit: I tried to authenticate from a pdb.
Just to test, I called a public webservice where I placed a pdb and from
there I tried to log in using
"authenticate(username=username,password=password)" and HERE I supposed
"RemoteUserMiddleware" (which inherits from ModelBackend) to do the job.
> Django will fall back onto ModelBackend if you tell it to.
Well, I supposed listing middlewares into AUTHENTICATION_BACKENDS was
enough, isn't it?
> However,
> the ModelBackend does not pick up the username and password from HTTP
> basic auth and so this doesn't work as you were hoping. The
> ModelBackend is used to login users through a web form.
>
>
> In general, the RemoteUserMiddleware is used when the web server does
> the authentication and RPC4Django uses the RemoteUserMiddleware for
> authenticated requests. If you plan to deploy your application to a
> web server when you're done debugging you could write a custom
> middleware that set remote user if DEBUG is True so you can test it.
> However, it is possible that RemoteUserMiddleware does not exactly
> meet your requirements. In that case, you can file an issue on
> RPC4Django to support some alternative authentication mechanism.
> You'll have to email me to do this until I finish transferring
> RPC4Django to Launchpad.
IMO, I think "RPC4Django" and alike should bring some OOTB facility
which allows to handle authentication.
Let me know how I can help to get this.
Cheers,
SimO
> However, XMLRPC and JSONRPC protocols do not
> support authentication. In other RPC libraries for Django [2] I've
> seen that they provide a decorator which adds two parameters (username
> and password) to your RPC method. However, I did not really like this
> solution for a variety of reasons.
>
>
>
> [1] http://docs.python.org/library/xmlrpclib.html#xmlrpclib.ServerProxy
> [2] http://github.com/samuraisam/django-json-rpc
>
>
> On Mar 26, 10:13 am, Simone Orsi <simah...@gmail.com> wrote:
>
>> Hi David, Ale, thanks for your answers :)
>>
>> On 03/26/2010 05:24 PM, David wrote:> Simone,
>>
>>
>>> It looks to me like there may be a problem in how you have configured
>>> basic authentication on your web server.
>>>
>> At the moment I didn't configure any server at all :)> Firstly, the fact
>> that you
>>
>>> are able to connect to your unprotected methods without using the
>>> username "admin" with password "admin" leads me to believe that your
>>> server is unprotected by basic authentication.
>>>
>> I supposed the django server provides this...> Also, the fact that
>>
>>> you're on port 8000 usually implies that you're using the built-in
>>> Django test server.
>>>
>> Yep, because I'm still testing it.> As far as I know, there is no way to
>> configure the
>>
>>> built-in server with basic authentication. With Apache/mod_python, you
>>> can configure it to use Django's database for web server
>>> authentication [1]. With mod_wsgi, take a look at Django ticket #10809
>>> [2].
>>>
>> Are you telling me that there's no way to get this workin without an
>> apache in front of django?
>> So, all the questions I'm going to ask you at the end of this email have
>> only this answer? :)
>>
>>
>>> Alessandro,
>>>
>>
>>> I think what you have is perfect is your web server sets
>>> HTTP_AUTHORIZATION instead of REMOTE_USER when it authenticates.
>>> However, I think you could just subclass the RemoteUserMiddleware [3].
>>>
>>
>>> [1]http://docs.djangoproject.com/en/1.1/howto/apache-auth
>>> [2]http://code.djangoproject.com/ticket/10809
>>> [3]http://docs.djangoproject.com/en/1.1/howto/auth-remote-user
>>>
>>
>>> -David
>>>
>> @Alessandro: mmm, I see that your code is pretty much the same of this
>> [1], except for the xmlrpc part :)
>> I'll give it a try, but in the mean time I want to understand what is
>> going wrong with the other middlewares.
>>
>> Looking the tutorial I mentioned before and at the code of
>>
>> 'django.contrib.auth.middleware.RemoteUserMiddleware'
>>
>> and
>>
>> 'django.contrib.auth.backends.RemoteUserBackend'
>>
>> the authentication should be done trough "request.META['REMOTE_USER']"
>> but this is not working since the var never appears into my request.
>> Probably there is specific manner to pass it to the request but with the
>> standard xmlrpclib, AFAIK, you can pass those values only within the url
>> (http://user:pas...@www.mysite.com). So, I suppose the middleware to
>> take those values from the http request and set them properly.
>>
>> Also, I found that with these settings:
>>
>> AUTHENTICATION_BACKENDS = (
>> 'lfs.customer.auth.EmailBackend',
>> #'django.contrib.auth.backends.ModelBackend',
>> 'django.contrib.auth.backends.RemoteUserBackend',
>> )
>>
>> I'm not able to login using username and password... and here comes the
>> big question: isn't this stack supposed to work as fallback chain?
>>
>> According to the docs [2], yes: "[...] Django tries authenticating
>> across all of its authentication backends. [...]"
>>
>> Moreover, the doc [3] says to replace '*.ModelBackend' with
>> '*.RemoteUserBackend' because it is a subclass of '*.ModelBackend' and
>> that's true:
>>
>> [...]
>> class RemoteUserBackend(ModelBackend):
>> [...]
>>
>> BUT, if I comment out "*.ModelBackend" as above, I can't login with
>> username and password, even if I comment out
>> 'lfs.customer.auth.EmailBackend' too.
>>
>> What's wrong here?
>>
>> Any clues will be much appreciated.
>>
>> [1]http://www.djangosnippets.org/snippets/448/
>> [2]http://docs.djangoproject.com/en/1.1/topics/auth/#specifying-authenti...
>> [3]http://docs.djangoproject.com/en/1.1/howto/auth-remote-user/
>>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
