1
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
4
<title>3.4 Now something More Complicated - Authentication</title>
5
<META NAME="description" CONTENT="3.4 Now something More Complicated - Authentication">
6
<META NAME="keywords" CONTENT="modpython">
7
<META NAME="resource-type" CONTENT="document">
8
<META NAME="distribution" CONTENT="global">
9
<link rel="STYLESHEET" href="modpython.css">
10
<link rel="first" href="modpython.html">
11
<link rel="contents" href="contents.html" title="Contents">
12
<link rel="index" href="genindex.html" title="Index">
13
<LINK REL="previous" href="tut-what-it-do.html">
14
<LINK REL="up" href="tutorial.html">
15
<LINK REL="next" href="pythonapi.html">
18
<DIV CLASS="navigation">
19
<table align="center" width="100%" cellpadding="0" cellspacing="2">
21
<td><A href="tut-what-it-do.html"><img src="icons/previous.gif"
22
border="0" height="32"
23
alt="Previous Page" width="32"></A></td>
24
<td><A href="tutorial.html"><img src="icons/up.gif"
25
border="0" height="32"
26
alt="Up One Level" width="32"></A></td>
27
<td><A href="pythonapi.html"><img src="icons/next.gif"
28
border="0" height="32"
29
alt="Next Page" width="32"></A></td>
30
<td align="center" width="100%">Mod_python Manual</td>
31
<td><A href="contents.html"><img src="icons/contents.gif"
32
border="0" height="32"
33
alt="Contents" width="32"></A></td>
34
<td><img src="icons/blank.gif"
35
border="0" height="32"
36
alt="" width="32"></td>
37
<td><A href="genindex.html"><img src="icons/index.gif"
38
border="0" height="32"
39
alt="Index" width="32"></A></td>
41
<b class="navlabel">Previous:</b> <a class="sectref" href="tut-what-it-do.html">3.3 So what Exactly</A>
42
<b class="navlabel">Up:</b> <a class="sectref" href="tutorial.html">3. Tutorial</A>
43
<b class="navlabel">Next:</b> <a class="sectref" href="pythonapi.html">4. Python API</A>
46
<!--End of Navigation Panel-->
48
<H1><A NAME="SECTION005400000000000000000"> </A>
50
3.4 Now something More Complicated - Authentication
54
Now that you know how to write a primitive handler, let's try
55
something more complicated.
58
Let's say we want to password-protect this directory. We want the
59
login to be "<tt class="samp">spam</tt>", and the password to be "<tt class="samp">eggs</tt>".
62
First, we need to tell Apache to call our <i>authentication</i>
63
handler when authentication is needed. We do this by adding the
64
<code>PythonAuthenHandler</code>. So now our config looks like this:
67
<dl><dd><pre class="verbatim">
68
<Directory /mywebdir>
69
AddHandler mod_python .py
70
PythonHandler myscript
71
PythonAuthenHandler myscript
77
Notice that the same script is specified for two different
78
handlers. This is fine, because if you remember, mod_python will look
79
for different functions within that script for the different handlers.
82
Next, we need to tell Apache that we are using Basic HTTP
83
authentication, and only valid users are allowed (this is fairly basic
84
Apache stuff, so we're not going to go into details here). Our config
88
<dl><dd><pre class="verbatim">
89
<Directory /mywebdir>
90
AddHandler mod_python .py
91
PythonHandler myscript
92
PythonAuthenHandler myscript
95
AuthName "Restricted Area"
101
Now we need to write an authentication handler function in
102
<span class="file">myscript.py</span>. A basic authentication handler would look like
106
<dl><dd><pre class="verbatim">
107
from mod_python import apache
109
def authenhandler(req):
111
pw = req.get_basic_auth_pw()
114
if user == "spam" and pw == "eggs":
117
return apache.HTTP_UNAUTHORIZED
121
Let's look at this line by line:
126
<LI><dl><dd><pre class="verbatim">
127
def authenhandler(req):
131
This is the handler function declaration. This one is called
132
<code>authenhandler</code> because, as we already described above,
133
mod_python takes the name of the directive
134
(<code>PythonAuthenHandler</code>), drops the word "<tt class="samp">Python</tt>" and converts
139
<LI><dl><dd><pre class="verbatim">
140
pw = req.get_basic_auth_pw()
144
This is how we obtain the password. The basic HTTP authentication
145
transmits the password in base64 encoded form to make it a little
146
bit less obvious. This function decodes the password and returns it
147
as a string. Note that we have to call this function before obtaining
152
<LI><dl><dd><pre class="verbatim">
157
This is how you obtain the username that the user entered.
161
<LI><dl><dd><pre class="verbatim">
162
if user == "spam" and pw == "eggs":
167
We compare the values provided by the user, and if they are what we
168
were expecting, we tell Apache to go ahead and proceed by returning
169
<tt class="constant">apache.OK</tt>. Apache will then consider this phase of the
170
request complete, and proceed to the next phase. (Which in this case
171
would be <tt class="function">handler()</tt> if it's a <code>.py</code> file).
175
<LI><dl><dd><pre class="verbatim">
177
return apache.HTTP_UNAUTHORIZED
181
Else, we tell Apache to return <tt class="constant">HTTP_UNAUTHORIZED</tt> to the
182
client, which usually causes the browser to pop a dialog box asking
183
for username and password.
191
<DIV CLASS="navigation">
193
<table align="center" width="100%" cellpadding="0" cellspacing="2">
195
<td><A href="tut-what-it-do.html"><img src="icons/previous.gif"
196
border="0" height="32"
197
alt="Previous Page" width="32"></A></td>
198
<td><A href="tutorial.html"><img src="icons/up.gif"
199
border="0" height="32"
200
alt="Up One Level" width="32"></A></td>
201
<td><A href="pythonapi.html"><img src="icons/next.gif"
202
border="0" height="32"
203
alt="Next Page" width="32"></A></td>
204
<td align="center" width="100%">Mod_python Manual</td>
205
<td><A href="contents.html"><img src="icons/contents.gif"
206
border="0" height="32"
207
alt="Contents" width="32"></A></td>
208
<td><img src="icons/blank.gif"
209
border="0" height="32"
210
alt="" width="32"></td>
211
<td><A href="genindex.html"><img src="icons/index.gif"
212
border="0" height="32"
213
alt="Index" width="32"></A></td>
215
<b class="navlabel">Previous:</b> <a class="sectref" href="tut-what-it-do.html">3.3 So what Exactly</A>
216
<b class="navlabel">Up:</b> <a class="sectref" href="tutorial.html">3. Tutorial</A>
217
<b class="navlabel">Next:</b> <a class="sectref" href="pythonapi.html">4. Python API</A>
219
<span class="release-info">Release 3.1.3, documentation updated on February 17, 2004.</span>
221
<!--End of Navigation Panel-->