5.1.7 PythonAuthenHandler
Syntax:
Python*Handler Syntax
Context:
server config, virtual host, directory, htaccess
Override:
not None
Module:
mod_python.c
This routine is called to check the authentication information sent
with the request (such as looking up the user in a database and
verifying that the [encrypted] password sent matches the one in the
database).
To obtain the username, use req.connection.user . To obtain the
password entered by the user, use the req.get_basic_auth_pw()
function.
A return of apache.OK means the authentication succeeded. A
return of apache.HTTP_UNAUTHORIZED with most browser will bring
up the password dialog box again. A return of
apache.HTTP_FORBIDDEN will usually show the error on the
browser and not bring up the password dialog
again. HTTP_FORBIDDEN should be used when authentication
succeeded, but the user is not permitted to access a particular URL.
An example authentication handler might look like this:
def authenhandler(req):
pw = req.get_basic_auth_pw()
user = req.connection.user
if user == "spam" and pw == "eggs":
return apache.OK
else:
return apache.HTTP_UNAUTHORIZED
Note:
req.get_basic_auth_pw() must be called prior to using the
req.connection.user value. Apache makes no attempt to decode the
authentication information unless req.get_basic_auth_pw() is called.
|