close
Warning:
Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.
- Timestamp:
-
Aug 7, 2008, 10:11:19 PM (16 years ago)
- Author:
-
cmlenz
- Comment:
-
--
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v8
|
v9
|
|
| 62 | 62 | === HTTP Authentication === |
| 63 | 63 | |
| | 64 | With HTTP (or “external”) authentication, the actual checking of a users credentials is performed outside of the application code, probably by employing some authentication module at the web server level. In this kind of setup, Diva only reads the result of the authentication process from the `REMOTE_USER` variable. |
| | 65 | |
| 64 | 66 | === Form-based Authentication === |
| 65 | 67 | |
| 66 | | === Hybrid HTTP/Cookies-based Authentication === |
| | 68 | With form-based login, the application provides an HTML form that allows the user to enter some kind of identifier and a password. When the form is submitted with valid credentials, a cookie is created that allows the framework to identify the user on subsequent requests. |
| | 69 | |
| | 70 | The framework provides a default form (see FormProcessing), a template, and request handlers for logging in and out. Any of these defaults can be customized or replaced by the application. |
| | 71 | |
| | 72 | === Hybrid HTTP/Cookie-based Authentication === |
| 67 | 73 | |
| 68 | 74 | This mode allows the use of HTTP authentication without having to protect the entire URL namespace. Only one or more sub-resources (such as `/login`) are protected by HTTP authentication. When the user visits a protected URL, Diva sets a cookie (in the same manner as with form-based authentication), thereby enabling resources outside of the protected area to identify the user and apply her permissions. |
| … |
… |
|
| 108 | 114 | === Password Management Utilities === |
| 109 | 115 | |
| | 116 | == API Documentation == |
| | 117 | |
| | 118 | [[PythonDoc(branches/experimental/auth-framework, diva.auth)]] |
