On Jan 18, 10:58 pm, stephendwolff <stephen.wo...@gmail.com> wrote:
> I'm having problems authenticating an http POST from a java applet
> (which is loaded from a fully authenticated django view).
I had to do a similar thing from flash. I ended up manually putting
the session cookie into the post data (using document.cookie in the
javascript which controlled it), and then in the view I had to
manually check that it was a valid session for a logged in user:
if request.method == 'POST':
from django.contrib.sessions.models import Session
sessionid = request.POST.get('cookie', '')
if sessionid:
session = sessionid.split('=')[1]
else:
raise PermissionDenied
sess = Session.objects.get(pk=session)
userid = sess.get_decoded().get('_auth_user_id', None)
if userid == None:
raise PermissionDenied
else:
from django.contrib.auth.models import User
try:
user = User.objects.get(pk=userid)
except User.DoesNotExist:
raise PermissionDenied
if not user.is_staff:
raise PermissionDenied
A bit long winded (I'm sure there must be a better way?) but you could
always wrap it as a separate function that takes the cookie and
returns the User object.
Hope that helps.
Peter
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
