Django请求CAC (公共访问卡)

Question

我目前正在Apache2.4.5.2服务器上运行Django应用程序。当用户点击初始页面(即www.djangoApp.com)时，会提示他们插入自己的CAC和PIN。一旦完成，PIN条目弹出就会消失，用户将被定向到登陆页面。我面临的问题是如何根据从外部源(GCDS)接收的HTTP响应来识别用户。在服务器日志中，我可以看到请求信息，但我不确定如何在Django视图中查看该请求。我试着注释掉所有的中间件，这样请求才能通过，但这是行不通的。Apache是否阻止某些HTTP请求？有什么地方我需要允许外部请求吗？我收到的唯一要求是：

{'GATEWAY_INTERFACE': 'CGI/1.1', 'SERVER_PROTOCOL': 'HTTP/1.1', 'REQUEST_METHOD': 'GET', 'QUERY_STRING': '', 'REQUEST_URI': '/', 'SCRIPT_NAME': '', 'PATH_INFO': '/', 'PATH_TRANSLATED': '\DjangoWebProject1\\wsgi.py\\', 'HTTP_HOST': 'glen', 'HTTP_CACHE_CONTROL': 'max-age=0', 'HTTP_SEC_CH_UA': '" Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"', 'HTTP_SEC_CH_UA_MOBILE': '?0', 'HTTP_SEC_CH_UA_PLATFORM': '"Windows"', 'HTTP_UPGRADE_INSECURE_REQUESTS': '1', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'HTTP_SEC_FETCH_SITE': 'none', 'HTTP_SEC_FETCH_MODE': 'navigate', 'HTTP_SEC_FETCH_USER': '?1', 'HTTP_SEC_FETCH_DEST': 'document', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br', 'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.9', 'HTTP_COOKIE': 'csrftoken=Nd3ggEPk0vqYJwZKOVZZoZtUqZWXs155Y6V1q', 'HTTP_X_FORWARDED_FOR': '128.202.106.24', 'HTTP_X_FORWARDED_HOST': 'glen', 'HTTP_X_FORWARDED_SERVER': 'glen', 'HTTP_CONNECTION': 'Keep-Alive', 'SystemRoot': 'C:\\Windows', 'COMSPEC': 'C:\\Windows\\system32\\cmd.exe', 'PATHEXT': '.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC', 'WINDIR': 'C:\\Windows', 'SERVER_SIGNATURE': '', 'SERVER_SOFTWARE': 'Apache/2.4.52 (Win64) OpenSSL/1.1.1m mod_wsgi/4.9.0 Python/3.9', 'SERVER_NAME': 'glen', 'SERVER_ADDR': 'fe80::ed01:effd:2360:544a', 'SERVER_PORT': '81', 'REMOTE_ADDR': 'fe80::ed01:effd::544a', 'DOCUMENT_ROOT': 'webdart/DjangoWebProject1/webdart/templates/webdart', 'REQUEST_SCHEME': 'http', 'CONTEXT_PREFIX': '', 'CONTEXT_DOCUMENT_ROOT': 'webdart/DjangoWebProject1/webdart/templates/webdart', 'SERVER_ADMIN': 'admin@example.com', 'SCRIPT_FILENAME': 'webdart/DjangoWebProject1/DjangoWebProject1/wsgi.py', 'REMOTE_PORT': '6307', 'mod_wsgi.script_name': '', 'mod_wsgi.path_info': '/', 'mod_wsgi.process_group': '', 'mod_wsgi.application_group': 'GLEN:81|', 'mod_wsgi.callable_object': 'application', 'mod_wsgi.request_handler': 'wsgi-script', 'mod_wsgi.handler_script': '', 'mod_wsgi.script_reloading': '1', 'mod_wsgi.enable_sendfile': '0', 'mod_wsgi.ignore_activity': '0', 'mod_wsgi.request_start': '17490697', 'mod_wsgi.request_id': 'iT3r3Lez7vM', 'mod_wsgi.connection_id': 'iT3r3Lez7vM', 'mod_wsgi.script_start': '1069256341', 'wsgi.version': (1, 0), 'wsgi.multithread': True, 'wsgi.multiprocess': False, 'wsgi.run_once': False, 'wsgi.url_scheme': 'http', 'wsgi.errors': <_io.TextIOWrapper name='<wsgi.errors>' encoding='utf-8'>, 'wsgi.input': <mod_wsgi.Input object at 0x00000286F4E619D0>, 'wsgi.input_terminated': True, 'wsgi.file_wrapper': <class 'mod_wsgi.FileWrapper'>, 'apache.version': (2, 4, 52), 'mod_wsgi.version': (4, 9, 0), 'mod_wsgi.total_requests': 0, 'mod_wsgi.thread_id': 1, 'mod_wsgi.thread_requests': 0, 'CSRF_COOKIE': 'N2kUXzZUXThFW1w52r4ZKOVZZoZtUqZWXs155Y6V1q'}

我的settings.py看起来是这样的：

Django settings for DjangoWebProject1 project.

Based on 'django-admin startproject' using Django 2.1.2.

For more information on this file, see
https://docs.djangoproject.com/en/2.1/topics/settings/

For the full list of settings and their values, see
https://docs.djangoproject.com/en/2.1/ref/settings/
"""

import os
import posixpath

# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))

# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'd050e2cb-bfba-4ff7-adc1-9c1c8e8d952b'

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True

ALLOWED_HOSTS = []

# Application references
# https://docs.djangoproject.com/en/2.1/ref/settings/#std:setting-INSTALLED_APPS
INSTALLED_APPS = [
    'app',
    # Add your apps here to enable them
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'webdart.apps.WebdartConfig',
    'DjangoWebProject1',
    'django_filters',
    'vertical_multi_columns',
    'el_pagination',


]

# Middleware framework
# https://docs.djangoproject.com/en/2.1/topics/http/middleware/
MIDDLEWARE = [
    #'django.middleware.authenticate.printHeader',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    
]
X_FRAME_OPTIONS = 'SAMEORIGIN';

ROOT_URLCONF = 'DjangoWebProject1.urls'

# Template configuration
# https://docs.djangoproject.com/en/2.1/topics/templates/
TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [os.path.join(BASE_DIR, 'templates'), ],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
                'django.template.context_processors.csrf',
                'django.template.context_processors.request', ## For EL-pagination
                'webdart.context_processors.add_doc_types_to_context',
                'webdart.context_processors.add_dynamic_stations_to_context',
            ],
            'libraries':{
                'webdart_extras':'webdart.templateTags.webdart_extras',
            }
        },
    },
]

WSGI_APPLICATION = 'DjangoWebProject1.wsgi.application'
# Database
# https://docs.djangoproject.com/en/2.1/ref/settings/#databases
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.oracle',
        'NAME': 'ORCL',
        'USER': 'wd',
        'PASSWORD': 'password1',
        'HOST':'127.0.0.1',
        'PORT': '1521',
    }
}

# Password validation
# https://docs.djangoproject.com/en/2.1/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]




# Internationalization
# https://docs.djangoproject.com/en/2.1/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True

# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/2.1/howto/static-files/
STATIC_URL = '/static/'
STATIC_ROOT = posixpath.join(*(BASE_DIR.split(os.path.sep) + ['static']))
print("00011111111111111111111000000000")
print(STATIC_ROOT)

我试着构建自己的中间件，注释掉所有的中间件.我卡住了。如何查看包含CAC信息的GCDS请求？Apache是否阻止某些HTTP请求？有什么地方我需要允许外部请求吗？

以下是来自views.py的登陆页面：

def landing(request):
    test = request.META
    print(test)
    dodNum = "101010101"
    people = Person.objects.all()
    for person in people:
        if dodNum in person.authentication_name:
       
            return render(request, 'webdart/landing.html', {'person': person})
            break
    return render(request, 'webdart/accountRequest.html')

同样，当我打印"test“变量时，我看到的只是登陆页面/accountRequest页面的请求。请求中没有身份验证信息。

Answer 1

这个问题与Apache端的命名头有关。Django删除以下划线("_")命名的所有标头。但是，如果使用破折号("-")，django将接受标题并将破折号转换为下划线。

我们在httpd-ssl.conf文件中更改了这一点：

RequestHeader set REMOTE_USER "%{SSL_CLIENT_S_DN_CN}s"

至：

RequestHeader set REMOTE-USER "%{SSL_CLIENT_S_DN_CN}s"

现在，在我们的views.py中，我们可以调用request.META并获取所有身份验证信息。即使使用中间件，请求也使用所有数据进行请求。