[albatross-users] login integration challenges again
Eric S. Johansson
esj at harvee.org
Thu Sep 25 04:56:49 EST 2003
Michael C. Neel explained:
> This is of cource my preference, but I don't think doing authencation
> inside of albatross is the way to go. Rather wrap the auth code around
> the albatross app. Since I'm using mod_python, this is farily easy - I
> just define a auth handler for apache. If the auth handler fails, the
> content handler (albatross) is never called.
thank you for the perspective. I had been so boxed in by my own preconceptions
around albatross that I couldn't see the alternative.
>
> I don't think this would be too much trouble in a cgi app; just before
> you start up the albatross code, preform the needed login/premisson
> checks.
obviously this means that the login code (or its CGI wrapper) would need access
and process the raw authentication information. Interesting.
> Once we passed the auth code, I pass into the albatross request object
> any auth data it might need, like such:
>
> myReq = Request(req)
> myReq.username = username
> return app.run(myReq)
>
> and then access these members though ctx.request (i.e.
> ctx.request.username).
>
> I've found this to work well no matter the auth scheme (http-auth,
> cookie, even referer).
very good perspective. It gives me a significant degree of freedom. My
original reason for wanting to embed it with an albatross is so that I could
make use of the same templates for page presentation so that the login screen
would look the same as the rest of the application.
I think I will go experiment for a bit.
---eric
More information about the Albatross-users
mailing list