Django JWT在本地和;带有Django REST框架的mod_wsgi服务器
我试图确定为什么在使用本地开发服务器时,使用Django JWT在本地和;带有Django REST框架的mod_wsgi服务器,django,apache,django-rest-framework,mod-wsgi,apache2.2,Django,Apache,Django Rest Framework,Mod Wsgi,Apache2.2,我试图确定为什么在使用本地开发服务器时,使用Authorization:头对受保护的资源进行身份验证会正常工作,但在部署的Apache2.2 w/mod_wsgi实现上却没有 我正在使用django 1.8和django rest框架以及django rest框架jwtlib进行基于jwt的身份验证。apache服务器是2.2版,带有mod_wsgi。这些都是在ubuntu 12.04实例(python 2.7)上运行的 本地主机上manage.py runserver的工作案例: # mana
Authorization:
头对受保护的资源进行身份验证会正常工作,但在部署的Apache2.2 w/mod_wsgi实现上却没有
我正在使用django 1.8和django rest框架
以及django rest框架jwt
lib进行基于jwt的身份验证。apache服务器是2.2版,带有mod_wsgi。这些都是在ubuntu 12.04实例(python 2.7)上运行的
本地主机上manage.py runserver的工作案例:
# manage.py runserver is running
curl -s -X POST \
-d '{"username":"test@test.com", "password":}' \
http://localhost:8000/portfolio/login
# Response as expected:
##> {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp..."}
# Using above token as $TOKEN_STR with JWT prefix for Auth header:
curl -X GET -H "Content-Type: application/json" \
-H "Authorization: $TOKEN_STR" \
http://localhost:8000/portfolio
# Response as expected
##> {"data":"[...]"}
curl -s -X POST \
-d '{"username":"test@test.com", "password":}' \
http://myremote.com/django/portfolio/login
# Response as expected:
##> {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp..."}
# Using above token as $TOKEN_STR with JWT prefix for Auth header:
curl -X GET -H "Content-Type: application/json" \
-H "Authorization: $TOKEN_STR" \
http://myremote.com/django/portfolio
# Response behaves as authentication not even there w/403 or 401:
##> {"detail": "Authentication credentials were not provided."}
使用apache2.2 mod_wsgi的破盒:
# manage.py runserver is running
curl -s -X POST \
-d '{"username":"test@test.com", "password":}' \
http://localhost:8000/portfolio/login
# Response as expected:
##> {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp..."}
# Using above token as $TOKEN_STR with JWT prefix for Auth header:
curl -X GET -H "Content-Type: application/json" \
-H "Authorization: $TOKEN_STR" \
http://localhost:8000/portfolio
# Response as expected
##> {"data":"[...]"}
curl -s -X POST \
-d '{"username":"test@test.com", "password":}' \
http://myremote.com/django/portfolio/login
# Response as expected:
##> {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp..."}
# Using above token as $TOKEN_STR with JWT prefix for Auth header:
curl -X GET -H "Content-Type: application/json" \
-H "Authorization: $TOKEN_STR" \
http://myremote.com/django/portfolio
# Response behaves as authentication not even there w/403 or 401:
##> {"detail": "Authentication credentials were not provided."}
Apache站点配置
#### DJANGO APP ####
LogLevel info
WSGIDaemonProcess dev processes=2 threads=15
WSGIProcessGroup dev
WSGIScriptAlias /django /webapps/django/config/wsgi.py
<Directory /webapps/django>
Order allow,deny
Allow from all
</Directory>
### DJANGO APP ####
我也遇到过类似的问题。我发现Apache配置文件中缺少下面的指令
WSGIPassAuthorization On
解决方案在apache conf文件中,我们需要像这样打开WSGIPassAuthorization:
<VirtualHost *:80>
ServerAlias example.com
ServerName example.com
Alias /static /srv/www/MyProject/MyProject/static
<Directory /srv/www/MyProject/MyProject/static>
Require all granted
</Directory>
<Directory /srv/www/MyProject/MyProject/>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess example python-path=/srv/www/MyProject/MyProject python-home=/srv/envs/venv
WSGIProcessGroup example
WSGIScriptAlias / /srv/www/MyProject/MyProject/wsgi.py
WSGIPassAuthorization On
</VirtualHost>
ServerAlias example.com
ServerName example.com
别名/static/srv/www/MyProject/MyProject/static
要求所有授权
要求所有授权
WSGIDaemonProcess示例python path=/srv/www/MyProject/MyProject python home=/srv/envs/venv
WSGIProcessGroup示例
WSGIScriptAlias//srv/www/MyProject/MyProject/wsgi.py
WSGIPassAuthorization On
。
.
.
WSGIPassAuthorization On
命令允许,拒绝
通融
。
.
.
这项工作对我来说非常感谢
这就是事实。4年后,我遇到了同样的问题,但由于Apache的原因,我不知道会发生同样的问题。