First of all, the scenario is this: there are two django web applications, and there is a certain connection between the two applications. In some cases, each other needs to obtain the other's data.
But our applications will definitely have corresponding authentication mechanisms. You won't let people visit casually, right? For example, you have to swipe your card to get on the bus (duh, senior citizen card~~~). We know that after the browser user logs in, each request will have a corresponding session, and the server can determine the user's permission information based on the session used. But it is not easy for us to use it on the server side, and there may be issues such as session expiration time.
So I checked the official django documentation and found that django provides a remote user mechanism that can support remote calls between servers. You only need to add the following settings in the setting:
MIDDLEWARE_CLASSES = ( '...', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.RemoteUserMiddleware', '...', ) AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.RemoteUserBackend', )
I tested it with joy, but found that it still didn’t work~~~ (I knew it wasn’t that simple)
One step left, add a line in setting, add the user name of REMOTE_USER in the environment variable, note that jerry is a user that already exists in the system
os.environ['REMOTE_USER'] = "jerry"
Complete, so in When there is no session information in the request, or it is judged through the session that the user is not logged in, the above REMOTE_USER user will be automatically used to log in. In this way we have a public boarding card, but for security we may need to set some permission restrictions for this user. (In this way, even if you get in the car, you can only stand without doing anything, haha)
But this may also cause some problems. For example, we can judge whether the current user is logged in in other interfaces, and if not, start from Directed to the login screen. However, after using REMOTE_USER, it will automatically log in and cannot be directed to the login page. This requires us to redesign the user login logic.
The above is the detailed content of Django servers call each other's methods through remote user. For more information, please follow other related articles on the PHP Chinese website!