Comment 5 for bug 1315133

Reviewed: https://review.openstack.org/92165
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=ab510952efdd5333e197d23042816ba6ecfa3339
Submitter: Jenkins
Branch: master

commit ab510952efdd5333e197d23042816ba6ecfa3339
Author: David Goetz <email address hidden>
Date: Tue May 27 09:52:39 2014 -0700

    xLO bug with auth tokens expiring during download.

    Just put SLO and DLO after any auth middleware. This works because when
    the request goes through that middleware in the pipeline the
    authentication takes place: validation of the token, setting up who the
    user is, and setting the authorization call back. Each subrequest made
    for the segments will be subjected to that authorization call back which
    verifies the user has access to the individual segments.

    To get this to work with keystone, the keystone identity is set up
    during __call__ and applied to the authorize function using a
    functools.partial. When the authorize function is later called from the
    environ by the proxy server the idenity that was set up when the request
    passed through the auth middleware is used, not what can be pulled out
    of the possibly altered state of the request's environment.

    DocImpact
    fixes bug: 1315133

    Change-Id: I7827dd2d9dfbb3c6424773fb2891355d47e372ba