On 13 March 2010 07:06, Deron Meranda <[email protected]> wrote: > I've been a long time user of modpython and am looking to start > migrating to modwsgi. However I currently use many of the > advanced features of modpython, such as the various Apache > handler phase hooks. > > In particular I use the PythonAccessHandler hook to do all kinds > of authentication/authorization stuff.
Hmmm, one shouldn't be using the access handler for authentication and authorization. That is what the authentication and authorization hooks are meant to be for. :-) > I use this to guard all my > URL resources; not just those served up by python. Also I currently > depend on being able to pass information between phases by > pushing python objects onto the "req" object in modpython. In mod_wsgi, so long as using mod_wsgi 3.X, you can use thread local storage to preserve data between phases, albeit that the WSGI application must be running in embedded mode and in the same interpreter. The first phase in a request would always need to make sure it cleared out any data hanging over from a prior request. You can access the request object directly and put data in req.subprocess_env and req.notes if you use apswigpy (SWIG bindings for Apache). Stuffing values in req.subprocess_env means they will show up in WSGI environ dictionary of subsequent phase and will also make it across to WSGI application itself if run in daemon mode. Rather than use apswigpy, you could always write a custom Python extension module to allow you to stuff values in same. > I don't think modwsgi has any similar access to hooking into > the other Apache handler phases, or does it? From what I see, > I don't think the Apache Authentication Provider interfaces > as documented on the wiki will be sufficient. It depends on what you are trying to do. What mod_wsgi provides for is client host based access controls and user authentication for Basic and Digest HTTP authentication mechanisms and group authorization mechanisms. These can all be applied to non WSGI resources such as static files, or PHP scripts. These cover the bulk of what most people need and work with all authentication mechanisms that Apache supports and which use the authentication provider mechanisms. Thus, not necessarily restricted to just Basic and Digest authentication. The only difference is that in mod_python you got to, had to, specify return status values and error page content. In mod_wsgi, this is done by Apache based on whether the access/authentication/authorization checks. If you really wanted to change response content then you use ErrorDocument directive to specific a handler URL which provides desired error page content. FWIW, I pretty well never saw authentication/authorization handlers in mod_python being used properly. So, depending on how far you deviated from how things really should have been done in Apache will dictate how hard it may be to use what mod_wsgi provides. > If this is not something that modwsgi can do, would it still > recommended to use both modules: modpython for the other > Apache handler phases, and modwsgi for the main content handler > phase? By mixing mod_python and mod_wsgi you do loose some configuration control over mod_wsgi because mod_python will hijack the Python interpreter initialisation and so mod_wsgi can do any setup which has to be done before that initialisation. > And is there any way to transfer information between > phases; especially if say the access phase is handled by > modpython and the content handler phase by wsgi? Although thread local storage can be used with mod_wsgi, you can't use it across mod_python and mod_wsgi. This is because mod_python thread usage is arguably broken and thread local storage doesn't work outside of the context of the current request phase. So, can be used across phases or even across requests for same thread. Best you could do is set req.subprocess_env from mod_python and that will get passed through in WSGI environ dictionary to WSGI application. To give better guidance on what you can do, really need to see exactly what each of your access, authentication and authorization handlers are doing. Graham > Thanks > -- > Deron Meranda > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/modwsgi?hl=en. > > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
