Spring Security controls access URLs with matchers using method chains, Django doesn't seem to have filter control.
Therefore, it is necessary to implement the authentication and authorization process independently or use the library.
For the time being, this is the method that this person is introducing The request already contains a user object.
https://www.slideshare.net/hirokiky/django-pyconjp2017
In other words, once accepting access with View, "It is not the correct user object, role, access is denied." That's the format
Personally, it may be better to issue tokens.
The approval procedure like this seems to be good.
When I personally compare it to the Spring Security code I thought that Django authentication, in which code is written for each view, is more maintainable.
The design looks like this. I wonder if I can implement it after that.
Recommended Posts