[mod_python] Apache 2.2 authen/authz and "require" semantics

Arnar Birgisson arnarbi at gmail.com
Mon Sep 24 06:52:39 EDT 2007

On 9/24/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote:
> On 24/09/2007, Arnar Birgisson <arnarbi at gmail.com> wrote:
> > Can I return apache.HTTP_UNAUTHORIZED from a fixup-handler to make the
> > browser request username/passwd?
> Technically you can. The issue will be that if you have defined
> AuthType etc then the earlier auth handler phase may result in it not
> getting that far.

Would I perform the authentication in the fixup handler as well?
Basically just do it all there?

1. find project name
2. lookup project in db
3. if anon access allowed - apache.OK
4. call req.get_basic_auth_pw()
5. lookup user - apache.HTTP_UNAUTHORIZED if not found
6. check passwd - apache.HTTP_UNAUTHORIZED if no match
7. check for user access - apache.OK if allowed
8. apache.HTTP_UNAUTHORIZED otherwise


More information about the Mod_python mailing list