25 | | To check against Django's authorization database from a Apache configuration |
26 | | file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along |
| 25 | Make sure that mod_wsgi is installed and activated and that you have |
| 26 | followed the steps to |
| 27 | :ref:`use Django with Apache and mod_wsgi <howto-deployment-modwsgi>`. |
| 28 | |
| 29 | Next, edit your Apache configuration to add a path that you want |
| 30 | only authenticated users to be able to view: |
| 31 | |
| 32 | .. code-block:: apache |
| 33 | |
| 34 | WSGIScriptAlias / /path/to/mysite/config/mysite.wsgi |
| 35 | |
| 36 | WSGIProcessGroup %{GLOBAL} |
| 37 | WSGIApplicationGroup django |
| 38 | |
| 39 | <Location "/secret"> |
| 40 | AuthType Basic |
| 41 | AuthName "Top Secret" |
| 42 | Require valid-user |
| 43 | AuthBasicProvider wsgi |
| 44 | WSGIAuthUserScript /path/to/mysite/config/mysite.wsgi |
| 45 | </Location> |
| 46 | |
| 47 | The ``WSGIAuthUserScript`` directive tells mod_wsgi to execute the |
| 48 | ``check_password`` function in that script passing the user name and |
| 49 | password that it receives from the prompt. In this example, |
| 50 | the ``WSGIAuthUserScript`` is the same as the ``WSGIScriptAlias`` that |
| 51 | defines your application. |
| 52 | |
| 53 | .. admonition:: Using Apache 2.2 with authentication |
| 54 | |
| 55 | Make sure that ``mod_auth_basic`` and ``mod_authz_user`` are loaded. |
| 56 | |
| 57 | These might be compiled statically into Apache, or you might need to use |
| 58 | LoadModule to load them dynamically in your ``httpd.conf``: |
| 59 | |
| 60 | .. code-block:: apache |
| 61 | |
| 62 | LoadModule auth_basic_module modules/mod_auth_basic.so |
| 63 | LoadModule authz_user_module modules/mod_authz_user.so |
| 64 | |
| 65 | Finally, edit your WSGI auth script ``mysite.wsgi`` to tie Apache's |
| 66 | authentication to yoursite's users: |
| 67 | |
| 68 | .. code-block:: python |
| 69 | |
| 70 | import os |
| 71 | import sys |
| 72 | |
| 73 | os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings' |
| 74 | |
| 75 | from django.contrib.auth.handlers.modwsgi import check_user |
| 76 | |
| 77 | from django.core.handlers.wsgi import WSGIHandler |
| 78 | application = WSGIHandler() |
| 79 | |
| 80 | |
| 81 | Requests beginning with ``/secret/`` will now require a user to authenticate. |
| 82 | |
| 83 | The mod_wsgi `access control mechanisms documentation`_ provides additional |
| 84 | details and information about alternative methods of authentication. |
| 85 | |
| 86 | .. _access control mechanisms documentation: http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms |
| 87 | |
| 88 | Authorization with mod_wsgi and Django groups |
| 89 | --------------------------------------------- |
| 90 | |
| 91 | In addition, mod_wsgi also provides functionality to restrict a particular |
| 92 | location to members of a group. |
| 93 | |
| 94 | In this case, the Apache configuration should look like this: |
| 95 | |
| 96 | .. code-block:: apache |
| 97 | |
| 98 | WSGIScriptAlias / /path/to/mysite/config/mysite.wsgi |
| 99 | |
| 100 | WSGIProcessGroup %{GLOBAL} |
| 101 | WSGIApplicationGroup django |
| 102 | |
| 103 | <Location "/secret"> |
| 104 | AuthType Basic |
| 105 | AuthName "Top Secret" |
| 106 | AuthBasicProvider wsgi |
| 107 | WSGIAuthUserScript /path/to/mysite/config/mysite.wsgi |
| 108 | WSGIAuthGroupScript /path/to/mysite/config/mysite.wsgi |
| 109 | Require group secret-agents |
| 110 | Require valid-user |
| 111 | </Location> |
| 112 | |
| 113 | Because of the ``WSGIAuthGroupScript`` directive, the same WSGI auth script |
| 114 | ``mysite.wsgi`` must also import the method ``groups_for_user`` which |
| 115 | returns a list of the user's groups. |
| 116 | |
| 117 | .. code-block:: python |
| 118 | |
| 119 | from django.contrib.auth.handlers.modwsgi import check_user, groups_for_user |
| 120 | |
| 121 | Requests for ``/secret/`` will now also require a user to a member of the |
| 122 | "secret-agents" group. |
| 123 | |
| 124 | Authentication with mod_python |
| 125 | ============================== |
| 126 | |
| 127 | To check against Django's authorization database from mod_python, |
| 128 | you'll need to use mod_python's ``PythonAuthenHandler`` directive along |