惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
T
The Blog of Author Tim Ferriss
MongoDB | Blog
MongoDB | Blog
B
Blog RSS Feed
N
News and Events Feed by Topic
GbyAI
GbyAI
I
InfoQ
P
Privacy & Cybersecurity Law Blog
AWS News Blog
AWS News Blog
Cisco Talos Blog
Cisco Talos Blog
C
Check Point Blog
Recent Announcements
Recent Announcements
D
Darknet – Hacking Tools, Hacker News & Cyber Security
D
Docker
P
Proofpoint News Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Scott Helme
Scott Helme
C
CERT Recently Published Vulnerability Notes
Apple Machine Learning Research
Apple Machine Learning Research
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
N
News and Events Feed by Topic
C
CXSECURITY Database RSS Feed - CXSecurity.com
Microsoft Security Blog
Microsoft Security Blog
L
LangChain Blog
W
WeLiveSecurity
S
Securelist
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
www.infosecurity-magazine.com
www.infosecurity-magazine.com
K
Kaspersky official blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Schneier on Security
Schneier on Security
Stack Overflow Blog
Stack Overflow Blog
S
Security Affairs
NISL@THU
NISL@THU
O
OpenAI News
Vercel News
Vercel News
C
Cyber Attacks, Cyber Crime and Cyber Security
Y
Y Combinator Blog
T
Tor Project blog
G
GRAHAM CLULEY
T
Tailwind CSS Blog
博客园 - Franky
Webroot Blog
Webroot Blog
Simon Willison's Weblog
Simon Willison's Weblog
Martin Fowler
Martin Fowler
WordPress大学
WordPress大学
V2EX - 技术
V2EX - 技术
H
Help Net Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
F
Full Disclosure

博客园 - M'

AndroidStudio修改项目名称 cocos2dx2.x&3.x部分函数对照表 Ubuntu 安装mono 关于BigDecimal.ROUND_HALF_UP与ROUND_HALF_DOWN android 常用框架 理解assign,copy,retain变strong SQLSERVER2008R2正确使用索引 除非 Windows Activation Service (WAS)和万维网发布服务(W3SVC)均处于运行状态,否则无法启动网站。目前,这两项服务均处于停止状态。 Android资源命名规范 eclipse导入Android项目后,项目的名称变为了主Activity的名称 C语言位运算详解[转] Android Message里传送的数据[转] Android---组件篇---Handler的使用(1)[转] Nginx配置文件详细说明[转] python 进制转换[转] MySQL一些优化[转] C# Stream 和 byte[] 之间的转换[转] DotLucene(Lucene.Net)研究[转] MySQL 去除重复的方法
自定义登录后台(authentication backend)[转]
M' · 2013-04-25 · via 博客园 - M'
学习http://docs.djangoproject.com/en/dev/topics/auth/?from=olddocs#writing-an-authentication-backend记录

authetication backend是一个类,实现了两个方法:get_user(user_id)与authenticate(**credentials).get_user函数有一个参数user_id,它可以是username,database ID或其他,返回一个User对象实例。authenticate方法有一个名为credentials的关键字参数。一般情况,它如下:
class MyBackend:
  def authenticate(self,username=None,password=None):
    #检测username与password,然后返回一个User实例
但也可以是身份验证令牌,如下:
class MyBackend:
  def authenticate(self,token=None):
    #检测token返回一个User实例

下面的例子实现功能为:username与password是在自己的settings.py文件中定义的,利用这个信息实现登录,返回一个Django User.
from django.conf import settings
from django.contrib.auth.models import User,check_password

class SettingsBackend:
    """
    Authenticate against the settings ADMIN_LOGIN and ADMIN_PASSWORD.

    Use the login name, and a hash of the password. For example:

    ADMIN_LOGIN = 'admin'
    ADMIN_PASSWORD = 'sha1$4e987$afbcf42e21bd417fb71db8c66b321e9fc33051de'
    """
    def authenticate(self, username=None, password=None):
        login_valid = (settings.ADMIN_LOGIN == username)
        pwd_valid = check_password(password, settings.ADMIN_PASSWORD)
        if login_valid and pwd_valid:
            try:
                user = User.objects.get(username=username)
            except User.DoesNotExist:
                # Create a new user. Note that we can set password
                # to anything, because it won't be checked; the password
                # from settings.py will.
                user = User(username=username, password='get from settings.py')
                user.is_staff = True
                user.is_superuser = True
                user.save()
            return user
        return None

    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

在自定义backend中处理授权
自定义认证后台提供了自己的权限。
user model将通过委托实现了(get_group_permissions(),get_all_permission(),has_perm()与has_module_perms())这些函数authentication backend处理权限查询。
代码如下:
class SettingsBackend:
  ...
  def has_perm(self.user_obj,perm):
    if user_obj.username == settings.ADMIN_LOGIN:
      return True
    else:
      return False

原文:http://plq168.blog.163.com/blog/static/53101462201092711170704/