Mercurial Mercurial > py_tasks_melange / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
thirdparty/google_appengine/lib/django/docs/apache_auth.txt
author Lennard de Rijk <ljvderijk@gmail.com>
Sat, 07 Mar 2009 17:55:14 +0000
changeset 1720 33e34c4716d2
parent 109 620f9b141567
permissions -rw-r--r--
Removed the street address from influencing the maps plug in. Legally we are not allowed to publish people's street address, people can drag the marker to their street if they wish to, we are now using the postal code which would be a region within a city (if this is too much we might also take this out). Patch by: Mario Ferraro Reviewed by: Lennard de Rijk

=========================================================
Authenticating against Django's user database from Apache
=========================================================

Since keeping multiple authentication databases in sync is a common problem when
dealing with Apache, you can configuring Apache to authenticate against Django's
`authentication system`_ directly.  For example, you could:

    * Serve static/media files directly from Apache only to authenticated users.

    * Authenticate access to a Subversion_ repository against Django users with
      a certain permission.

    * Allow certain users to connect to a WebDAV share created with mod_dav_.

Configuring Apache
==================

To check against Django's authorization database from a Apache configuration
file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along
with the standard ``Auth*`` and ``Require`` directives::

    <Location /example/>
        AuthType basic
        AuthName "example.com"
        Require valid-user

        SetEnv DJANGO_SETTINGS_MODULE mysite.settings
        PythonAuthenHandler django.contrib.auth.handlers.modpython
    </Location>

By default, the authentication handler will limit access to the ``/example/``
location to users marked as staff members.  You can use a set of
``PythonOption`` directives to modify this behavior:

    ================================  =========================================
    ``PythonOption``                  Explanation
    ================================  =========================================
    ``DjangoRequireStaffStatus``      If set to ``on`` only "staff" users (i.e.
                                      those with the ``is_staff`` flag set)
                                      will be allowed.

                                      Defaults to ``on``.

    ``DjangoRequireSuperuserStatus``  If set to ``on`` only superusers (i.e.
                                      those with the ``is_superuser`` flag set)
                                      will be allowed.

                                      Defaults to ``off``.

    ``DjangoPermissionName``          The name of a permission to require for
                                      access. See `custom permissions`_ for
                                      more information.

                                      By default no specific permission will be
                                      required.
    ================================  =========================================

Note that sometimes ``SetEnv`` doesn't play well in this mod_python
configuration, for reasons unknown. If you're having problems getting
mod_python to recognize your ``DJANGO_SETTINGS_MODULE``, you can set it using
``PythonOption`` instead of ``SetEnv``. Therefore, these two Apache directives
are equivalent::

    SetEnv DJANGO_SETTINGS_MODULE mysite.settings
    PythonOption DJANGO_SETTINGS_MODULE mysite.settings

.. _authentication system: ../authentication/
.. _Subversion: http://subversion.tigris.org/
.. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html
.. _custom permissions: ../authentication/#custom-permissions
py_tasks_melange