问题描述

我正在尝试确定为什么在使用本地开发服务器时使用Authorization:标头对受保护资源进行身份验证的行为正常，但在我部署的apache 2.2 w/mod_wsgi实现中却不行.

I am trying to determine why authentication for protected resources using the Authorization: header behaves properly when using a local development server but not on my deployed apache 2.2 w/mod_wsgi implementation.

我正在将django 1.8与django-rest-framework和django-rest-framework-jwt lib一起用于基于JWT的身份验证. apache服务器是带有mod_wsgi的2.2版.这些都在ubuntu 12.04实例(python 2.7)上运行.

I am using django 1.8 with django-rest-framework and the django-rest-framework-jwt lib for JWT based authentication. The apache server is ver 2.2 with mod_wsgi. This is all running on an ubuntu 12.04 instance (python 2.7).

在localhost上与manage.py runserver一起使用的情况:

# manage.py runserver is running
curl -s -X POST \
  -d '{"username":"[email protected]", "password":}' \
  http://localhost:8000/portfolio/login

# Response as expected:
##> {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp..."}

# Using above token as $TOKEN_STR with JWT prefix for Auth header:
curl -X GET -H "Content-Type: application/json" \
  -H "Authorization: $TOKEN_STR" \
  http://localhost:8000/portfolio

# Response as expected
##> {"data":"[...]"}

使用apache2.2 mod_wsgi的破损案例:

curl -s -X POST \
  -d '{"username":"[email protected]", "password":}' \
  http://myremote.com/django/portfolio/login

# Response as expected:
##> {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp..."}

# Using above token as $TOKEN_STR with JWT prefix for Auth header:
curl -X GET -H "Content-Type: application/json" \
  -H "Authorization: $TOKEN_STR" \
  http://myremote.com/django/portfolio

# Response behaves as authentication not even there w/403 or 401:
##> {"detail": "Authentication credentials were not provided."}

Apache网站配置

 #### DJANGO APP ####
    LogLevel info
    WSGIDaemonProcess dev processes=2 threads=15
    WSGIProcessGroup dev

    WSGIScriptAlias /django /webapps/django/config/wsgi.py
    <Directory /webapps/django>
        Order allow,deny
        Allow from all
    </Directory>


    ###  DJANGO APP ####

可能相关的配置

config.py

## Django rest frameowkr config
REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',

    )
}

JWT_AUTH = {
    'JWT_ENCODE_HANDLER':
        'rest_framework_jwt.utils.jwt_encode_handler',
    'JWT_DECODE_HANDLER':
        'rest_framework_jwt.utils.jwt_decode_handler',
    'JWT_PAYLOAD_HANDLER':
        'rest_framework_jwt.utils.jwt_payload_handler',
    'JWT_PAYLOAD_GET_USER_ID_HANDLER':
        'rest_framework_jwt.utils.jwt_get_user_id_from_payload_handler',

    'JWT_RESPONSE_PAYLOAD_HANDLER':
        'rest_framework_jwt.utils.jwt_response_payload_handler',
    'JWT_SECRET_KEY': SECRET_KEY,
    'JWT_ALGORITHM': 'HS256',
    'JWT_AUTH_HEADER_PREFIX': 'JWT',
}

推荐答案

我遇到了类似的问题.我发现我在Apache配置文件中缺少以下指令

I have encountered similar problem. I figure out that I was missing below directive in the Apache configuration file

WSGIPassAuthorization On

这篇关于本地和本地之间的Django JWT身份验证行为不同带有Django REST框架的mod_wsgi服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！