使用外部Json Web令牌验证Django网站

内容来源于 Stack Overflow,并遵循CC BY-SA 3.0许可协议进行翻译与使用

  • 回答 (1)
  • 关注 (0)
  • 查看 (57)

我有以下设置:

  • 运行Django Frontend网页的Apache Webserver
  • 运行Django REST框架的应用程序服务器

我现在必须将Django Frontend集成到用java和angular编写的第三方项目中。认证完全由第三方处理。

用户通过LDAP登录并创建JWT令牌。

是否有可能简单地在Django中接收令牌并在成功解码令牌后对用户进行身份验证?当我有保护函数时,这将如何与@login_required装饰器一起使用?

提问于
用户回答回答于
from django.contrib import messages
from django.contrib.auth import login
from django.contrib.auth.models import User
from django.http import HttpResponseRedirect
from django.shortcuts import render
from django.urls import reverse
from django.views.decorators.cache import never_cache

@never_cache
def user_login(request):
    ''' User login '''

    if request.user.is_authenticated:
        return HttpResponseRedirect(reverse('main:index'))

    if request.method == 'POST':
        username = request.POST.get('username')
        password = request.POST.get('password')
        # Your code for authentication here
        # authenticate =  .... 

        if authenticate:
            # Get user // create one if it doesn't exist yet
            user, created = User.objects.get_or_create(username=username)
            # Login user - @login_required decorator can be used after user has been logged in
            login(request, user)
            next = request.POST.get('next', '/') if request.POST.get('next') else '/'
            return HttpResponseRedirect(next)
        else:
            messages.warning(request, 'Authentication failed', extra_tags=forgot_password)
            return HttpResponseRedirect(reverse('main:login'))
    else:
        return render(request, 'main/login.html', {})

扫码关注云+社区

领取腾讯云代金券