To be able to use Basic Authentification in repoze.who running in a wsgi app in your Apache installation, you need to tell Apache to WSGIPassAuthorization. An Apache configuration like this will do:
# Setup mod_wsgi
WSGIScriptAlias /myApp /var/www/pylons/myApp/mod_wsgi/dispatch.wsgi
Allow from all
The importanat part here is
This will pass HTTP authorisation headers through to the WSGI application.
Sources: Repoze-dev Mailing List, modwsgi Wiki
This might seem easy enough, but it took me a while to get it right since the Pylons documentation is a bit misleading here, really. It says you should use xmlrpc_fault from pylons.controllers.xmlrpc but that’s actually not working if you’re doing something like:
from pylons.controllers.xmlrpc import xmlrpc_fault
return xmlrpc_fault( 101, "My Error" )
This will wrap an xmlrpclib.Fault into a pylons.controllers.util.Reponse object which will fail to marshal with something like:
TypeError: cannot marshal <class 'pylons.controllers.util.Response'> objects </class>
The correct way to do it is:
return xmlrpclib.Fault( 101, "My Error" )
If you ever need to serve Tomcat applications through Apache2, here is a quick guide on how to do this on Ubuntu.