Django servers call each other through remote users, djangoremote

Django servers call each other through remote users, djangoremote

First, the scenario is as follows: There are two django web applications, and there is a certain relationship between the two applications. In some cases, each other needs to obtain the data of the other party.

However, our applications have a corresponding authentication mechanism. It won't let people access it at will, right. It is like swiping your card (drip, old man card ~~~) when you get on the bus ~~~). We know that after a browser user logs on, each request will correspond to a session. The server can determine the user's permission information based on the session used. However, it is not easy to use on the server, and there may be problems such as session expiration time.

Therefore, you can view django official documents and find that django provides the remote user mechanism to support remote calls between servers. You only need to add the following settings in setting:

MIDDLEWARE_CLASSES = (    '...',    'django.contrib.auth.middleware.AuthenticationMiddleware',    'django.contrib.auth.middleware.RemoteUserMiddleware',    '...',)AUTHENTICATION_BACKENDS = (   'django.contrib.auth.backends.RemoteUserBackend',)

I tested it with joy and found that it still does not work ~~~ (I know it's not that simple)

Another step is to add a row in setting and add the REMOTE_USER username to the environment variable. Note that jerry is an existing user in the system.

os.environ['REMOTE_USER'] = "jerry"

When the session information is not found in the request, or the user is judged to have not logged on through the session, the above REMOTE_USER user will be automatically used to log on. In this way, we have a public boarding card, but for security, we may need to set some permission restrictions for this user. (In this way, even if you get in the car, you can only stand, haha)

However, this may also cause some problems. For example, we can use other interfaces to determine whether the current user is logged on. If not, we will redirect the user to the logon interface. However, when REMOTE_USER is used, the logon page cannot be directed to the logon page automatically. This requires us to redesign the user login logic.

 

Drive by force. If you have any mistakes or good opinions, please correct them. This is the son of the old thin family. If you need to reprint it, please declare that I would like to thank you for your support.