Context: server config, virtual host, directory, htaccess
Override: not None
This routine is called to check the authentication information sent with the request (such as looking up the user in a database and verifying that the [encrypted] password sent matches the one in the database).
Where multiple handlers are specified, if any handler in the sequence
returns a value other than
apache.DECLINED, then execution of all
subsequent handlers for this phase are aborted.
To obtain the username, use
req.user. To obtain the password
entered by the user, use the
A return of
apache.OK means the authentication succeeded. A
apache.HTTP_UNAUTHORIZED with most browser will bring
up the password dialog box again. A return of
apache.HTTP_FORBIDDEN will usually show the error on the
browser and not bring up the password dialog
again. HTTP_FORBIDDEN should be used when authentication
succeeded, but the user is not permitted to access a particular URL.
An example authentication handler might look like this:
def authenhandler(req): pw = req.get_basic_auth_pw() user = req.user if user == "spam" and pw == "eggs": return apache.OK else: return apache.HTTP_UNAUTHORIZED
req.get_basic_auth_pw()must be called prior to using the
req.uservalue. Apache makes no attempt to decode the authentication information unless