Mike Orr wrote:
>>OK, so we have two different web sites hosted virtually on a single
>>WSGI Server.  The TG blog code needs to call either the LDAP ID
>>mechanism or the mysql ID mechinism depending on which path was taken.
>> So, the "import Identity" used inside TG Blog needs to mean different
>>things depending which one is called.  How would that work?
> 
> 
> If the WSGI manager can activate a different middleware stack
> depending on the URL, there would be no interference.  I don't
> remember if Paste can do this.  If
> there's one global middleware stack, and if the config file can handle
> host-specific configurations the way it does path-specific
> configurations now, you'd have two options:
> 
> 1) Use a robust middleware that can handle multiple backends and
> switch per request.  Put the connection info in the config file for
> each host.  The middleware may want to use a connection pool bla bla
> bla.

At least in Paste there is no global middleware stack, instead you set 
up a fairly specific stack that can potentially be more complex than 
just a linear top-to-bottom.  Well, *usually* is more complex.

So...

> 2) Use two stupid middlewares that can be disabled in the
> configuration.  Activate one for one host, and the other for the other
> host.  This is similar to Apache's "LoadModule" and "ModAuth Off". 
> The middleware is running but will pass the request/response unchanged
> if disabled.

... here you could do a couple different things.  "Auth" is a bad term, 
because I don't know exactly what you are thinking of, authorization or 
authentication.  But lets say you want to authorize people using some 
middleware egg:turbogears#identity (using Paste entry point 
terminology), but in a particular part of your application you want to 
additionally authenticate using IP based authentication -- not as 
trusty, and not a replacement for a "real" authentication system, but 
useful.

So, in this setup we put TG's identity in front of everything, but put 
an additional middleware in front of /backend that logs anyone from the 
local network in as "local_admin":

[filter:identity]
use = egg:TurboGears#identity
provider = some-info-provider

[composite:main]
use = egg:Paste#urlmap
/ = myapp
/backend = backend-app
filter-with = identity

[app:myapp]
use = egg:MyApp
config values...

[app:backend-app]
use = egg:BackendAdmin
config values...
filter-with = ip-auth

[filter:ip-auth]
use = egg:Paste#grantip
192.168.0.0/24 = local_admin

-- 
Ian Bicking  /  [EMAIL PROTECTED]  /  http://blog.ianbicking.org

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/turbogears
-~----------~----~----~----~------~----~------~--~---

Reply via email to