mod_python, multiple calls to PythonAuthenHandler
Rune Hansen
rune.hansen at scanmine.com
Mon Nov 8 10:26:05 EST 2004
On Mon, 08 Nov 2004 08:18:45 -0500, Steve Holden wrote:
> Rune Hansen wrote:
>
>> I've posted this question on the mod_python mailing list but didn't get
>> much response, so I thought I'd post it here.
>>
>> (My first attempt connected to an unrelated thread..sorry.
>> Note-to-self:-must-get-more-coffee-before-posting-)
>>
>> It seems to me that for each path element in a URI a mod_python handler
>> will be invoked. This applies to PythonAuthenHandler,
>> PythonHeaderParserHandler and so on.
>>
>> Since I'm making a database request in my PythonAuthenHandler, this
>> quickly becomes a problem.
>>
>> Example:
>> http://lucene.moonspawn.scanmine.com/ =>
>> AuthenHandler::authenhandler called: 1
>> index got called once
>>
>> http://lucene.moonspawn.scanmine.com/SearchHandler.py/search =>
>> AuthenHandler::authenhandler called: 1
>> AuthenHandler::authenhandler called: 2
>> /search got called once
>>
>> http://lucene.moonspawn.scanmine.com/search.html => (using mod_rewrite)
>> AuthenHandler::authenhandler called: 1
>> AuthenHandler::authenhandler called: 2
>> AuthenHandler::authenhandler called: 3
>> /search got called once
>>
>> I get the same behavior on three separate installations
>>
>> So, either I've got a miss-configuration which results in multiple calls
>> to handlers or.., this is expected behavior, and there is a technique to
>> avoid this or..., this is expected and, for reasons that escapes me,
>> desired behavior.
>>
>> I'd greatly appreciate any help and suggestion
>>
>> regards
>>
>> /rune
>
> Well, the thing that's missing here is the code of your AuthenHandler
> (or some detail about which standard component you think is being used).
> Is it possible you are making internal redirects, for example?
>
> The information about using mod_rewrite does imply you are spending time
> on authentication rather more frequently than you strictly need to, but
> it's difficult to figure out from just the information given.
>
> regards
> Steve
Hi Steve,
The configuration and "files" shown below results in the "Example" of my
orignal post.
httpd.conf:
"""
<VirtualHost *:80>
ServerName lucene.moonspawn.scanmine.com
ServerAdmin rune.hansen at scanmine.com
DocumentRoot /Users/roderik/Sites/Lucene
ErrorLog logs/lucene_error.log
CustomLog logs/lucene_access.log common
</VirtualHost>
<Directory "/Users/roderik/Sites/Lucene">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
RewriteEngine On
RewriteBase /
RewriteRule search.html "SearchHandler.py/search"
AddHandler mod_python .py
DirectoryIndex SearchHandler.py
PythonHandler mod_python.publisher
PythonAuthenHandler AuthenHandler
AuthType Basic
AuthName "Restricted Area"
require valid-user
PythonPath "sys.path+['/Users/roderik/Sites/Lucene']"
PythonDebug On
</Directory>
"""
AuthenHandler.py
"""
from mod_python import apache
count=0
def authenhandler(req,**args):
global count
count +=1
req.write("AuthenHandler::authenhandler called: "+str(count)+"\n")
pw = req.get_basic_auth_pw()
user = req.user
if user == "mrX" and pw == "1234":
return apache.OK
else:
return apache.HTTP_UNAUTHORIZED
"""
SearchHandler.py
"""
from mod_python import apache
def index(req,**args):
req.content_type = "text/html"
req.write("<html><head><title>Search Index Page</title><head><body>## 'index' got called once</body></html>")
def search(req,**args):
req.content_type = "text/html"
req.write("<html><head><title>Search /search Page</title><head><body>## '/search' got called once</body></html>")
"""
Now, I've "solved it" with a single PythonHandler (dropping
PythonAuthenHandler and publisher):
def handler(req):
if not req.headers_in.get("Authorization",0):
req.err_headers_out["WWW-Authenticate"] = 'Basic realm="Restricted\
area"'
raise apache.SERVER_RETURN, apache.HTTP_UNAUTHORIZED
meth,auth = req.headers_in.get("Authorization").split(" ")
user,pw = decodestring(auth).split(":")
args = dict([(a[0],a[1]) for a in util.parse_qsl(req.args or '')])
if dbmdbValidate(user,pw,req.server):
return myMethod(req,**args)
else:
return apache.HTTP_UNAUTHORIZED
This seems to do exactly what I want. Guess I should have tried a litle
harder before posting.
How ever, I'm still curious to why the PythonAuthenHandler is called for
each path element.
regards
/rune
More information about the Python-list
mailing list