Our Django application perform authentication by themselves this means that request_rec.user and request_rec.ap_auth_type aren't populated and access log doesn't print them. I have deployed an ugly solution adapted from my approach running Apache Tomcat behind mod_proxy:
class RemoteUserMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
user = getattr(request, "user", None)
response = self.get_response(request)
if user and user.is_authenticated:
response['Remote-User'] = user.get_username()
response['Auth-Type'] = 'django'
return responseif RUNNING_WSGI:
MIDDLEWARE.append("kona.middleware.RemoteUserMiddleware")Header note remote-user remote-user
Header note auth-type auth-type
Header unset remote-user
Header unset auth-type
LuaHookLog /usr/local/libexec/apache24/register_remote_user.lua register_remote_user
require 'apache2'
function register_remote_user(r)
local remote_user = r.notes["remote-user"]
local auth_type = r.notes["auth-type"]
if remote_user ~= nil then
r.user = remote_user
r.ap_auth_type = auth_type
end
return apache2.OK
end
Ugly, as said. There are two solutions here (don't know which are technically possible):
- Expose
user and ap_auth_type to response object (does it apply to non-django apps?)
- At least generically expose notes to requests
Our Django application perform authentication by themselves this means that
request_rec.userandrequest_rec.ap_auth_typearen't populated and access log doesn't print them. I have deployed an ugly solution adapted from my approach running Apache Tomcat behind mod_proxy:Ugly, as said. There are two solutions here (don't know which are technically possible):
userandap_auth_typeto response object (does it apply to non-django apps?)