Along with a middleware to allow catching the exception it raises when
the user is missing roles, redirecting them appropriately.
A distinction is made between roles which are obtained at the SSO,
stored in session, and roles which the user could have, statically
stored in database.
todo: ce commit dépend totalement du provisionning tel qu'implémenté par
hobo, il faudrait améliorer ça
It works if:
- HTTP Host is a domain name and not an IP address (IPv6 address will not pass
this test, they lack dots),
- domain contains at least three components.
This is required as SERVER_NAME may not be used in some uwsgi
configuration, and HTTP_HOST should be used instead.
| Nginx maps the $server_name variable to the first server_name you define.
| In your case you have two solutions: read HTTP_HOST instead of SERVER_NAME
| in your app or set SERVER_NAME to $http_host in uwsgi_params
-- http://lists.unbit.it/pipermail/uwsgi/2010-August/000571.html
The HttpRequest.get_host method handles those cases and more.
Name of the cookie must be put in MELLON_OPENED_SESSION_COOKIE_NAME and
common domain can be defined in MELLON_OPENED_SESSION_COOKIE_DOMAIN, if
unset the common domain is guessed by removing the first part of the
domain name (www.xxx.com -> xxx.com).