AccessControlMechanism scripts and regular WSGI script
Artiom Di
between WSGIAuthUserScript and WSGIScriptAlias scripts?
In WSGIAuthUserScript I'm doing authentication against remote API and
willing to pass resulted permissions to trac (WSGIScriptAlias launches
trac). I have custom trac module that relies on those permissions.
The whole system before worked in mod_python, but now I want to
migrate to mod_wsgi, so is it somehow possible?
Thank you.
Graham Dumpleton
Are you using embedded mode or daemon mode for running the actual WSGI
application?
There are relatively easy ways if you are using embedded mode, but but
harder if using daemon mode and will require use of an external
package to help out.
Graham
Artiom Diomin
Graham Dumpleton <graham.d...@gmail.com> wrote:
Hello Graham,
I'm using embedded mode.
While I'm waiting yesterday I wrote WSGI wrapper around trac
which doing authentication/authorization. So WSGIAuthUserScript not
need anymore. But I'm still interested in my question.
I've tried to pass parameters via os.envirion, but (as I
understand) os.environ is shared between requests, that is what I
wanted to avoid.
Thank you.
Graham Dumpleton
For embedded mode use:
WSGIScriptAlias / /some/path/site.wsgi process-group=%{GLOBAL}
application-group=%{GLOBAL}
WSGIAuthUserScript /some/path/site.wsgi application-group=%{GLOBAL}
In other words, ensure that auth script and WSGI application run in
same sub interpreter in process. In this case using main Python
interpreter.
In the WSGI script file, where check_password is also stored, have:
import threading
credentials_cache = threading.local()
In check_password() then you might do something like:
credentials_cache.groups = {...}
You can then access that from WSGI application in application() context.
In other words, using a global variable but one which is stored as
threading local so that automatically get separation between threads.
Graham