将apache2摘要认证信息传递给mod_wsgi运行的wsgi脚本

时间:2008-09-23 20:05:07

标签: python apache authentication mod-wsgi wsgi

我有指令

<VirtualHost *>
    <Location />
        AuthType Digest
        AuthName "global"
        AuthDigestDomain /
        AuthUserFile /root/apache_users
        <Limit GET>
            Require valid-user
        </Limit>
    </Location>
    WSGIScriptAlias / /some/script.wsgi
    WSGIDaemonProcess mywsgi user=someuser group=somegroup processes=2 threads=25
    WSGIProcessGroup mywsgi
    ServerName some.example.org
</VirtualHost>

我想知道/some/script.wsgi 

def application(environ, start_response):
    start_response('200 OK', [
        ('Content-Type', 'text/plain'),
    ])
    return ['Hello']

登录了什么用户。

我该怎么做?

2 个答案:

答案 0 :(得分:14)

添加WSGIPassAuthorization On

<VirtualHost *>
    <Location />
        AuthType Digest
        AuthName "global"
        AuthDigestDomain /
        AuthUserFile /root/apache_users
        <Limit GET>
            Require valid-user
        </Limit>
    </Location>
    WSGIPassAuthorization On
    WSGIScriptAlias / /some/script.wsgi
    WSGIDaemonProcess mywsgi user=someuser group=somegroup processes=2 threads=25
    WSGIProcessGroup mywsgi
    ServerName some.example.org
</VirtualHost>

然后阅读environ['REMOTE_USER']

def application(environ, start_response):
    start_response('200 OK', [
        ('Content-Type', 'text/plain'),
    ])
    return ['Hello %s' % environ['REMOTE_USER']]

mod_wsgi documentation的更多信息。

答案 1 :(得分:2)

有关Apache / mod_wsgi以及访问,身份验证和授权机制的更多信息,请参阅:

http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms

默认情况下不传递信息,因为这样做可能会将密码信息泄露给可能无法获取的信息。

相关问题
最新问题