sankarNarayanan / modwsgi

Automatically exported from code.google.com/p/modwsgi
0 stars 0 forks source link

Provide means of setting 'user' attribute of Apache request so it is logged. #180

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
When the 'user' attribute of Apache request object is set, Apache will log that 
in access log as the 
authenticated user. This will be set automatically if using Apache support 
mechanisms for 
Basic/Digest authentication but not if using form/session based authentication 
mechanisms 
implemented by the web application.

In order to use the later but still log details of the authenticated user into 
the Apache access log, 
should provide a way of web application setting what REMOTE_USER as determined 
by the web 
application should be and use that to set the 'user' attribute of the Apache 
request object.

Note, this should only be allowed where 'ap_auth_type' and 'user' haven't 
already been set in the 
Apache request object, indicating that a authentication provider had already 
authenticated the user. 
In other words, don't allow the web application to override it where Apache 
module had done it.

Supplying of the remote user could be achieved in a number of ways. One could 
use a response 
header such as X-Remote-User, or as an option to a Script-Control response 
header. A further 
option is to have a function callback passed in WSGI environment dictionary 
labelled something like 
'mod_wsgi.set_remote_user'.

Original issue reported on code.google.com by Graham.Dumpleton@gmail.com on 4 Mar 2010 at 10:55

GoogleCodeExporter commented 8 years ago
My current thinking on this is that I shouldn't add this to mod_wsgi as a 
builtin feature.

The normal approach one would take with this is to write a special Apache 
module in C code which adds an 
output filter which can look at returned headers and strip out a special 
returned header such as X-Remote-User 
and update req.user based on its value. I am actually surprised I cant find an 
existing Apache module which does 
this.

One other possibility is to enhance mod_wsgi to support input/output filters, 
something that has been 
contemplated, doing it in such a way as to make it reasonably trivial to 
implement an output filter using Python 
to do the above, rather than need to write a full Apache C module.

Original comment by Graham.Dumpleton@gmail.com on 10 Mar 2010 at 10:15

GoogleCodeExporter commented 8 years ago
Some way to support this easily would help me know where to target optimization 
work. Basically I need to know for frequently accessed pages how many of those 
accesses are by logged in users.

Original comment by dbenamy on 30 Nov 2010 at 9:12

GoogleCodeExporter commented 8 years ago
Closing this as non trivial and not something that has been asked about for a 
very long time.

Original comment by Graham.Dumpleton@gmail.com on 17 Sep 2014 at 3:52