1

django/tastpieを使用してRESTfulAPIを構築しています。私の開発(ローカル)環境で実行すると、すべてが正常に機能し、正しく認証されます。

Marks-MacBook-Pro:~ mshust$ curl http://127.0.0.1:8000/api/v1/speedscreen/ -H 'Authorization: Basic bXNodXN0MToyMjY3' -v
* About to connect() to 127.0.0.1 port 8000 (#0)
        *   Trying 127.0.0.1...
        * connected
        * Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
                > GET /api/v1/speedscreen/ HTTP/1.1
                > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
                > Host: 127.0.0.1:8000
                > Accept: */*
                > Authorization: Basic bXNodXN0MToyMjY3
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Date: Thu, 09 Aug 2012 01:36:05 GMT
< Server: WSGIServer/0.1 Python/2.7.2
< Content-Type: application/json; charset=utf-8
<
* Closing connection #0
{"meta": {"limit": 20, "next": null, "offset": 0, "previous": null, "total_count": 0}, "objects": []}

ただし、本番サーバー(apache + wsgi over https)で実行すると、401 Unauthorized応答が返され続けます(セキュリティ上の理由でドメイン/ IPが変更されました)

Marks-MacBook-Pro:~ mshust$ curl https://www.domain.com/api/speedscreen/ -H 'Authorization: Basic bXNodXN0MToyMjY3' -v
* About to connect() to www.domain.com port 443 (#0)
*   Trying 231.23.102.140...
* connected
* Connected to www.domain.com (231.23.102.140) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*    subject: O=www.domain.com; OU=Domain Control Validated; CN=www.domain.com
*    start date: 2012-07-18 13:30:31 GMT
*    expire date: 2014-07-18 13:30:31 GMT
*    subjectAltName: www.domain.com matched
*    issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certificates.godaddy.com/repository; CN=Go Daddy Secure Certification Authority; serialNumber=07969287
*    SSL certificate verify ok.
> GET /api/speedscreen/ HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: www.domain.com
> Accept: */*
> Authorization: Basic bXNodXN0MToyMjY3
> 
< HTTP/1.1 401 UNAUTHORIZED
< Date: Thu, 09 Aug 2012 01:36:00 GMT
< Server: Apache/2.2.22 (Ubuntu)
< Vary: Accept-Encoding
< Content-Length: 0
< Content-Type: text/html; charset=utf-8
< 
* Connection #0 to host www.domain.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

誰もがここで何が起こっているのかについて何か考えがありますか?私は完全に困惑しています。

ありがとう、マーク

4

1 に答える 1