使用新数据库帮助 Django RemoteUserMiddleware RemoteUserBackend
Django 1.3 版本包括 RemoteUserMiddleware
和 RemoteUserBackend
类允许 Apache 进行身份验证。 请参阅 http://docs.djangoproject.com/en/dev/howto /auth-remote-user/
我有一个initial_data.json,它在执行syncdb 时创建一个超级用户。转储数据证实了这一点。
但我发现它似乎无法正确登录新创建的数据库。我收到一个 ImproperlyConfigured 异常,内容如下: Django 远程用户身份验证中间件需要安装身份验证中间件。
Edit your MIDDLEWARE_CLASSES setting to insert django.contrib.auth.middleware.AuthenticationMiddleware' before the RemoteUserMiddleware class.
回溯指向 RemoteMilddleware.process_request()
:
def process_request(self, request):
# AuthenticationMiddleware is required so that request.user exists.
if not hasattr(request, 'user'):
raise ImproperlyConfigured(...
Apache 的 DEBUG 输出显示设置实际上按请求的顺序具有 AuthenticationMiddleware
和 RemoteUserMiddleware
:
MIDDLEWARE_CLASSES
('django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.RemoteUserMiddleware',
'django.contrib.messages.middleware.MessageMiddleware')
但未设置 request.user 属性,从而生成异常。
如果我仔细查看 django.contrib.auth.backends 和中间件的源代码, 我发现 AuthenticationMiddleware
正在注册 LazyUser
请求类。但 RemoteUserBackend
似乎没有 调用的authenticate()方法是在Users表中查找remote_user的地方。
我应该做些什么来调用 authenticate()
来创建 request.user 吗?
我可以根据需要提供更多信息。顺便说一句,这是使用 SSL。这是否有一些我没有预料到的互动?
我应该提到我正在使用 Apache2.2.14 和 mod_wsgi。
The 1.3 release of Django includes the RemoteUserMiddleware
andRemoteUserBackend
classes to allow Apache to do authentication.
See http://docs.djangoproject.com/en/dev/howto/auth-remote-user/
I have an initial_data.json that creates a superuser when syncdb is performed. A dumpdata confirms it.
But I find that it doesn't seem to login properly with the newly created database. I get an ImproperlyConfigured exception that says:
The Django remote user auth middleware requires the authentication middleware to be installed.
Edit your MIDDLEWARE_CLASSES setting to insert django.contrib.auth.middleware.AuthenticationMiddleware' before the RemoteUserMiddleware class.
The traceback points to RemoteMilddleware.process_request()
:
def process_request(self, request):
# AuthenticationMiddleware is required so that request.user exists.
if not hasattr(request, 'user'):
raise ImproperlyConfigured(...
The DEBUG output from Apache shows that settings in fact have AuthenticationMiddleware
and RemoteUserMiddleware
in the requested order:
MIDDLEWARE_CLASSES
('django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.RemoteUserMiddleware',
'django.contrib.messages.middleware.MessageMiddleware')
But the request.user attribute is not set, generating the exception.
If I look closer at the source code for django.contrib.auth.backends and middleware,
I find that AuthenticationMiddleware
is registering LazyUser
for
the request class. But RemoteUserBackend
doesn't seem to have
the authenticate() method called which is where remote_user gets looked up in the Users table.
Is there something I should be doing to get authenticate()
to be called in order to create request.user?
I can provide more info as needed. This is using SSL, by the way. Does that have some interaction that I didn't anticipate?
I should mention that I'm using Apache2.2.14 and mod_wsgi
.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我遇到了同样的问题,经过一些调试发现我忘记为 auth 和其他应用程序创建 mysql (我认为这与 sqllite 的情况相同)表。因此,如果没有,您需要运行 python manage.pysyncdb 或以其他方式创建它们
I had the same problem and after a little debugging figured out I forgot to create the mysql (I think it's the same case with sqllite) tables for the auth and other apps. So if you didn't you'll need to run python manage.py syncdb or create them some other way
这是一个丑陋的解决方法。
我创建了一个单元测试用例,它在库存开发环境中运行良好。基于此,我在 Apache 服务器上进入了上面提到的 RemoteMilddleware.process_request() 函数,并禁用了对 user 属性的测试。然后它工作得很好......
我不会选择这个作为答案,但我认为我应该为其他被阻止的人记录这个解决方法。我会考虑提交错误报告。
有人知道正确的解决方案或如何在 Apache2 中攻击这个问题吗?所有回溯和变量信息都表明 Apache 正确设置了 REMOTE_USER,但 Django1.3 没有正确使用它进行身份验证。
This is an ugly workaround.
I created a unit test case and it worked fine in the stock development environment. Based on that, I went in to the
RemoteMilddleware.process_request()
function mentioned above on the Apache server and disabled the test for theuser
attribute. It then worked fine...I'm not going to select this as the answer, but I thought I should document this workaround for anyone else who gets blocked. I'll look into filing a bug report.
Anyone know a proper solution or how to attack this in Apache2? All the traceback and variable information suggests that Apache is setting up the REMOTE_USER correctly but that Django1.3 isn't properly using it to authenticate.