Mike Orr wrote: >>OK, so we have two different web sites hosted virtually on a single >>WSGI Server. The TG blog code needs to call either the LDAP ID >>mechanism or the mysql ID mechinism depending on which path was taken. >> So, the "import Identity" used inside TG Blog needs to mean different >>things depending which one is called. How would that work? > > > If the WSGI manager can activate a different middleware stack > depending on the URL, there would be no interference. I don't > remember if Paste can do this. If > there's one global middleware stack, and if the config file can handle > host-specific configurations the way it does path-specific > configurations now, you'd have two options: > > 1) Use a robust middleware that can handle multiple backends and > switch per request. Put the connection info in the config file for > each host. The middleware may want to use a connection pool bla bla > bla.
At least in Paste there is no global middleware stack, instead you set up a fairly specific stack that can potentially be more complex than just a linear top-to-bottom. Well, *usually* is more complex. So... > 2) Use two stupid middlewares that can be disabled in the > configuration. Activate one for one host, and the other for the other > host. This is similar to Apache's "LoadModule" and "ModAuth Off". > The middleware is running but will pass the request/response unchanged > if disabled. ... here you could do a couple different things. "Auth" is a bad term, because I don't know exactly what you are thinking of, authorization or authentication. But lets say you want to authorize people using some middleware egg:turbogears#identity (using Paste entry point terminology), but in a particular part of your application you want to additionally authenticate using IP based authentication -- not as trusty, and not a replacement for a "real" authentication system, but useful. So, in this setup we put TG's identity in front of everything, but put an additional middleware in front of /backend that logs anyone from the local network in as "local_admin": [filter:identity] use = egg:TurboGears#identity provider = some-info-provider [composite:main] use = egg:Paste#urlmap / = myapp /backend = backend-app filter-with = identity [app:myapp] use = egg:MyApp config values... [app:backend-app] use = egg:BackendAdmin config values... filter-with = ip-auth [filter:ip-auth] use = egg:Paste#grantip 192.168.0.0/24 = local_admin -- Ian Bicking / [EMAIL PROTECTED] / http://blog.ianbicking.org --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
