Syntax:
Python*Handler Syntax
Context:
server config, virtual host, directory, htaccess
Override:
not None
Module:
mod_python.c
This routine is called to check the authentication information sent with the request (such as looking up the user in a database and verifying that the [encrypted] password sent matches the one in the database).
To obtain the username, use req.connection.user
. To obtain the
password entered by the user, use the req.get_basic_auth_pw()
function.
A return of apache.OK
means the authentication succeeded. A
return of apache.HTTP_UNAUTHORIZED
with most browser will bring
up the password dialog box again. A return of
apache.HTTP_FORBIDDEN
will usually show the error on the
browser and not bring up the password dialog
again. HTTP_FORBIDDEN
should be used when authentication
succeeded, but the user is not permitted to access a particular URL.
An example authentication handler might look like this:
def authenhandler(req): pw = req.get_basic_auth_pw() user = req.connection.user if user == "spam" and pw == "eggs": return apache.OK else: return apache.HTTP_UNAUTHORIZED
req.get_basic_auth_pw()
must be called prior to using the
req.connection.user
value. Apache makes no attempt to decode the
authentication information unless req.get_basic_auth_pw()
is called.