On Tue, 2006-10-03 at 15:35 +0200, Aljosa Mohorovic wrote:
> After some time with django i started porting current php/java
> applications i use to django.
> Please keep in mind that for duration of porting coexistence of
> php/java/django is required.
> That said, any help with current issue (sharing users, auth. system,
> with php and java) is appreciated.
>
> I like admin interface for django and have strong believe i can push
> it in company i work for so i would like to transfer current
> authorization from php/java to django but enable php/java to
> authorize. i noticed that password field starts with sha1$something
> and i guess that i could use sha1() in php and MessageDigest in java.
>
> this is my guess for password field format, please correct:
> password_field = "sha1$(output of php/java sha1 function)"
>
> any notes on this subject or anything related would be appreciated.
> thanks
There are two sides to this problem that you need to solve:
(1) Authentication -- determining who the user is.
For this piece, you need a way to send username + password to
Django and get back a pass/fail response as to whether the user
is "real" or not. If you wanted to do that authentication
directly from Java and/or PHP, you could have those applications
query the database to get out the hashed password string and
username and do the validation themself.
(2) Authorisation -- access control based on the authenticated identity.
This is where it may get a little interesting. After
authentication, Django sets up the user's session to indicate
that they are logged in. Then we can query the users permissions
on a per-user and per-group basis.
For integration with your other applications, you are going to
need to do whatever session setup they require in order to have
seamless authorisation on subsequent requests. If you are using
session cookies in those applications as well, you need to set
multiple cookies (sharing the session cookies would require
modifications to Django core and be quite fiddly, I suspect --
without having actually done the work to test this).
Django stores the password hash as a SHA1 hash with salt of the user's
password. So converting the incoming password to the necessary hash for
comparison should be relatively simple in all languages, as you suspect.
There is no "standard way" to share pieces between Java and PHP and
Django, since the possibilities for set ups, particularly in the first
two cases, are practically endless. Assumptions will be made by all of
your apps about what is contained in the User information and what is
required for authorisation purposes. I would start by mapping out that
information and working out how to pass it back from the Django database
(or retrieve it directly) to the PHP and Java apps when required.
Regards,
Malcolm
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---
