`
xiaolin0199
  • 浏览: 565701 次
  • 性别: Icon_minigender_1
  • 来自: 深圳
社区版块
存档分类
最新评论

django实现双系统用户验证原理

 
阅读更多

django实现登录原理

写道
django自带auth模块,可实现用户验证登录
当用户登录了网站,django通过两个中间键验证用户登录:
django.contrib.sessions.middleware.SessionMiddleware 和
django.contrib.auth.middleware.AuthenticationMiddleware
写道
1.当用户登录成功,服务器生成一个sessionid,保存于数据库,并写到用户浏览器cookie中
2.用户再次访问,首先中间键SessionMiddleware会读取这个名为sessionid的cookie,根据该值查询数据库,获取用户id,生成一个session对象
3.然后中间建AuthenticationMiddleware根据session对象获取用户user对象,保存成request.user
4.当处理对应的视图函数时,request中就保存的相应的user对象,可判断是否登录

 

写道
中间建AuthenticationMiddleware
文件:django/contrib/auth/middleware.py
from django.contrib import auth
from django.core.exceptions import ImproperlyConfigured


class LazyUser(object):
    def __get__(self, request, obj_type=None):
        if not hasattr(request, '_cached_user'):
            from django.contrib.auth import get_user
            request._cached_user = get_user(request)
        return request._cached_user


class AuthenticationMiddleware(object):
    def process_request(self, request):
        assert hasattr(request, 'session'), "The Django authentication middleware requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'."
        request.__class__.user = LazyUser()
        return None

 

实现双系统用户验证原理

写道
要实现双系统用户验证,就不按正常的django验证流程,自己重写一个登录验证的中间件
具体实现原理:
用户请求访问系统A,系统A中间件同样首先读取相应的cookie值。得到cookie值后,不是像正常的流程一样查询数据库获取user对象
而且将该值发送给系统B,由系统B验证,如果系统B验证通过,则把该用户的username发送过来,如果没通过,则发送空值
系统A获取username后,去自己的auth_user表中查找,如果没有,则创建一个user对象(get_or_create)
最后将user对象保存于request.user中

 

具体操作

写道
1.setting文件中中间件'django.contrib.auth.middleware.AuthenticationMiddleware',
改成自己的中间件'myauth.middleware.AuthenticationMiddleware',
MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    #'django.contrib.auth.middleware.AuthenticationMiddleware',
    'myauth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
)

 

写道
2.创建app myauth, 并有文件middleware.py

 

myauth/middleware.py

from django.conf import settings
from django.contrib.auth.models import AnonymousUser, User



class LazyUser(object):
    def __get__(self, request, obj_type=None):
        if not hasattr(request, '_cached_user'):
            #from django.contrib.auth import get_user
            request._cached_user = get_user(request)
        return request._cached_user


class AuthenticationMiddleware(object):
    def process_request(self, request):
        assert hasattr(request, 'session'), "The Django authentication middleware requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'."
        request.__class__.user = LazyUser()


def get_user(request):
    session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None)
    user_dict = get_user_from_icnet(session_key)
    if user_dict:
        user, iscreate = User.objects.get_or_create(username=user_dict['username'])
    else:
        user = AnonymousUser()
    return user

def get_user_from_icnet(session_key):
    user_dict = {'username': 'test'}
    return user_dict

 

 

分享到:
| django访问sql server--django-pyodbc
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics