source: mauRepo/dj_security_middleware/tags/0_14/README @ 8812

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/mauRepo/dj_security_middleware/tags/0_14/README@8812
Revision 8812, 3.3 KB checked in by mnagni, 6 years ago (diff)
Line 
1Adds a layer to interact with a paste enabled, Django based, security service
2typically a dj_security app.
3
4The dj_security_middleware.middleware.DJ_Security_Middleware checks two cases:
51) if the HTTP request contains a cookie named after the AUTH_TKT parameter
62) the underlying application defines a function returning a not None value
7(see DJ_SECURITY_AUTH_CHECK).
8If none of the previous is verified the middleware redirect the request to
9the DJ_SECURITY_LOGIN_SERVICE
10 
11If the authentication succeeds the DJ_SECURITY_LOGIN_SERVICE sets the AUTH_TKT cookie,
12which is caught by the middleware which:
13a) reads the informations in the cookie and copies them into the request
14'authenticated_user' parameter
15b) deletes the AUTH_TKT cookie for security reasons.
16The request 'authenticated_user' parameter contains all the user information
17returned by the authentication service and from this moment the underlying
18application is responsible for them.
19
20If the request, GET or POST, contains a parameter 'logout' with value different from ''
21then the AUTH_TKT will be removed from the next response
22
23The middleware is configurable through the local_setting.py
24
251) SECURITY_LOGIN_SERVICE specifies where the URL where authentication service
26is listening (say http://my.domain.ac.uk/login)
27
282) DJ_SECURITY_FILTER (optional, default = []) is a list of regular expressions used to filter
29which URLs the middleware SHOULD NOT protect
30
31
32
33
34Please note that the dj_security and this middleware layer are supposed
35to be independent each other; however in order to delete the AUTH_TKT the dj_security
36and this middelware have to share the following parameters:
37
381) AUTH_TKT (default='auth_tkt'): the name of the cookie generated after the authentication succeed
39
402) COOKIE_DOMAIN (default= the SECURITY_LOGIN_SERVICE host): the domain where the AUTH_TKT will belong
41
423) SECURITY_SHAREDSECRET (default='sharedsecret') to specify
43the secret key used by the authentication service to encrypt the AUTH_TKT cookie
44
454) REDIRECT_FIELD_NAME (default = 'r') specifies the name of the GET parameter
46containing return address to be used by the authentication layer if login is successful
47
485) TOKEN_FIELD_NAME (default = 't') specifies the name of the GET parameter
49containing token after a reset password action has been executed
50
51
52
53
54Other parameters minor configurable parameters are:
55
561) DJ_SECURITY_AUTH_CHECK (optional) is a function which returns a boolean
57shall accept one parameter where the middleware will pass the HTTPRequest.
58If the function raises an exception, returns False or None the middleware forces
59the user to authenticate through the DJ_SECURITY_LOGIN_SERVICE.
60This functions may be usefull even in two further situations:
61a) enable/disable the middleware (an almost empty function which simply returns True/False)
62b) append to the HTTPRequest further, application related, parameters
63Example:
64--------------------------------
65DJ_SECURITY_AUTH_CHECK = my_auth
66
67def my_auth(request):
68        return True
69--------------------------------
70
712) DJ_MIDDLEWARE_IP (optional) to specify the client machine where the middleware is installed
72(say '123.456.7.8'). The reason for this is that the client machine could be behind
73a proxy and in this case the authentication service uses the remote machine IP,
74the proxy in this case, to encrypt the cookie.
75
76
77
Note: See TracBrowser for help on using the repository browser.