[我正在尝试确定为什么在使用本地开发服务器时使用Authorization:标头对受保护资源进行身份验证的行为正确,但在我部署的apache 2.2 w / mod_wsgi实现中却没有。
我将django 1.8与django-rest-framework和django-rest-framework-jwt lib一起用于基于JWT的身份验证。 apache服务器是带有mod_wsgi的2.2版。这些都在ubuntu 12.04实例(python 2.7)上运行。
与localhost上的manage.py runserver一起使用的情况:
# manage.py runserver is running curl -s -X POST \ -d '{"username":"[email protected]", "password":}' \ http://localhost:8000/portfolio/login # Response as expected: ##> {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp..."} # Using above token as $TOKEN_STR with JWT prefix for Auth header: curl -X GET -H "Content-Type: application/json" \ -H "Authorization: $TOKEN_STR" \ http://localhost:8000/portfolio # Response as expected ##> {"data":"[...]"}apache2.2 mod_wsgi的大写字母:
curl -s -X POST \ -d '{"username":"[email protected]", "password":}' \ http://myremote.com/django/portfolio/login # Response as expected: ##> {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp..."} # Using above token as $TOKEN_STR with JWT prefix for Auth header: curl -X GET -H "Content-Type: application/json" \ -H "Authorization: $TOKEN_STR" \ http://myremote.com/django/portfolio # Response behaves as authentication not even there w/403 or 401: ##> {"detail": "Authentication credentials were not provided."}Apache网站配置
#### DJANGO APP #### LogLevel info WSGIDaemonProcess dev processes=2 threads=15 WSGIProcessGroup dev WSGIScriptAlias /django /webapps/django/config/wsgi.py <Directory /webapps/django> Order allow,deny Allow from all </Directory> ### DJANGO APP ####可能相关的配置
config.py
## Django rest frameowkr config
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
)
}
JWT_AUTH = {
'JWT_ENCODE_HANDLER':
'rest_framework_jwt.utils.jwt_encode_handler',
'JWT_DECODE_HANDLER':
'rest_framework_jwt.utils.jwt_decode_handler',
'JWT_PAYLOAD_HANDLER':
'rest_framework_jwt.utils.jwt_payload_handler',
'JWT_PAYLOAD_GET_USER_ID_HANDLER':
'rest_framework_jwt.utils.jwt_get_user_id_from_payload_handler',
'JWT_RESPONSE_PAYLOAD_HANDLER':
'rest_framework_jwt.utils.jwt_response_payload_handler',
'JWT_SECRET_KEY': SECRET_KEY,
'JWT_ALGORITHM': 'HS256',
'JWT_AUTH_HEADER_PREFIX': 'JWT',
}
[我正在尝试确定为什么使用Authorization:标头对受保护资源进行身份验证时,在使用本地开发服务器而不是在我部署的apache 2.2 w / mod_wsgi ...上不能正确执行行为]
我遇到类似的问题。我发现我在Apache配置文件中缺少以下指令
WSGIPassAuthorization On
解决方案在apache conf文件中,我们需要像这样打开WSGIPassAuthorization: