当前位置:网站首页>DRF authentication, permissions, and flow restrictions (only for views in DRF)
DRF authentication, permissions, and flow restrictions (only for views in DRF)
2022-07-07 09:11:00 【FOR. GET】
One 、 authentication Authentication
Authentication needs to be used in combination with permissions !Authentication Official configuration file
1.1 Global authentication
- Use
DEFAULT_AUTHENTICATION_CLASSES
Set the global default authentication scheme
# settings.py
# REST_FRAMEWORK DRF All configurations in are written in this
REST_FRAMEWORK = {
# Configure global authentication scheme
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.BasicAuthentication', # Basic authentication
'rest_framework.authentication.SessionAuthentication',# session authentication
)
}
1.2 Partial Certification
- Set it separately in the view
authentication_classes
Property to set , The view class that needs authentication can be written in the required view class .
from rest_framework.authentication import SessionAuthentication, BasicAuthentication
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from rest_framework.views import APIView
class ExampleView(APIView):
# Set authentication
authentication_classes = (SessionAuthentication, BasicAuthentication)
# Set the permissions
permission_classes = (IsAuthenticated,)
def get(self, request, format=None):
content = {
'user': unicode(request.user), # `django.contrib.auth.User` example .
'auth': unicode(request.auth), # None
}
return Response(content)
The return values of authentication failure are :
403
Authority is forbidden 、401
Uncertified . General authentication can use global authentication .
Two 、 jurisdiction Permissions
jurisdiction Permissions Official documents , The permissions provided are :
- Allow all users :
AllowAny
- Only authenticated users :
isAuthenicated
- Only administrator users :
isAdminUser
- Authenticated users can fully operate , Otherwise, we can only
get
Access read :IsAuthenticatedOrReadOnly
2.1 Global permissions
- The default permission policy can use
DEFAULT_PERMISSION_CLASSES
Set global settings .
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
# Only authenticated users can access
'rest_framework.permissions.IsAuthenticated',
)
}
- If not specified , This setting defaults to allow unrestricted access :
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.AllowAny',
)
2.2 Local permissions
from rest_framework.permissions import IsAuthenticated
class ExampleView(APIView):
# Set the permissions
permission_classes = (IsAuthenticated,)
Authentication is generally used globally , Permissions are generally used locally
3、 ... and 、 Current limiting Shrottling
Limit the frequency of interface access , To reduce server pressure . Current limiting Shrottling Official address
3.1 Global current limiting
Use
DEFAULT_THROTTLE_CLASSES
andDEFAULT_THROTTLE_RATES
The default current limiting policy will be set globally , secondsecond
, branchminute
、 whenhour
、 Godday
As the current limiting period
REST_FRAMEWORK = {
'DEFAULT_THROTTLE_CLASSES': (
'rest_framework.throttling.AnonRateThrottle',
'rest_framework.throttling.UserRateThrottle'
),
'DEFAULT_THROTTLE_RATES': {
'anon': '100/day', # Anonymous users
'user': '1000/day' # The logged in user
}
}
3.2 Local current limiting
- Based on APIView View of class , You can set the current limiting policy on a per view or per view set basis
from rest_framework.response import Response
from rest_framework.throttling import UserRateThrottle
from rest_framework.views import APIView
class ExampleView(APIView):
throttle_classes = (UserRateThrottle,)
def get(self, request, format=None):
content = {
'status': 'request was permitted'
}
return Response(content)
边栏推荐
- [chaosblade: node CPU load, node network delay, node network packet loss, node domain name access exception]
- go mod module declares its path as: gtihub. com/xxx-xx but was required as:xx-xx
- Led analog and digital dimming
- Count the number of words C language
- On December 8th, 2020, the memory of marketing MRC application suddenly increased, resulting in system oom
- Locust performance test 4 (custom load Policy)
- 面板显示技术:LCD与OLED
- Simulation volume leetcode [general] 1609 Parity tree
- OpenGL三维图形绘制
- OpenGL帧缓冲
猜你喜欢
Several stages of PMP preparation study
External interrupt to realize key experiment
端口复用和重映像
【istio简介、架构、组件】
JVM 内存结构 详细学习笔记(一)
Led analog and digital dimming
Postman interface test (I. installation and use)
Skill review of test engineer before interview
Do you have any certificates with high gold content?
The longest ascending subsequence model acwing 1017 Strange thief Kidd's glider
随机推荐
With an annual salary of 50W, Alibaba P8 will come out in person to teach you how to advance from testing
OpenGL frame buffer
Locust performance test 3 (high concurrency, parameter correlation, assembly point)
Interpretation of MySQL optimization principle
Systick tick timer
2021 year end summary
徽商期货公司评级是多少?开户安全吗?我想开户,可以吗?
PPT模板、素材下载网站(纯干货,建议收藏)
LeetCode 715. Range module
Serial port experiment - simple data sending and receiving
Several stages of PMP preparation study
Cmake command line use
E-commerce campaign Guide
ESP32-ULP协处理器低功耗模式RTC GPIO中断唤醒
The essence of high availability
Screen automatically generates database documents
Analysis of Hessian serialization principle
MySQL common statements
2022-07-06 Unity核心9——3D动画
Isomorphic C language