|
Deron Meranda
deron.meranda at gmail.com
Thu Feb 16 19:32:48 EST 2006
On 2/16/06, Graham Dumpleton <grahamd at dscpl.com.au> wrote: > Unfortunately, to my mind, what would be the proper way of doing this > can't current be done in mod_python because it has some stuff missing > and doesn't process handlers for the authentication phase correctly. See: > > http://issues.apache.org/jira/browse/MODPYTHON-124 > http://issues.apache.org/jira/browse/MODPYTHON-129 Another thing to watch for to is the difference between Apache 2.0 and 2.2. There may be other opportunities in 2.2 for yet more mod_python functionality, such as registering an authn/z provider which is written in python. Anyway, you still may be able to do something a little less-than-the- proper way. Assuming that you don't need to rely on Apache in any way (don't need any of the mod_auth* modules). What you can do is actually implement the HTTP BASIC or DIGEST protocol directly in your handler. Of course without the mentioned mising features, there would be no tie-in to Apache (so no Require, AuthBasic, etc. directives). Implementing HTTP BASIC is actually pretty straight forward. Read http://www.faqs.org/rfcs/rfc2617.html -- you can ignore all the Proxy stuff if you're not trying to write a proxy server. The general strategy is to look for the "Authorization" input header. If it's there, decode it (check that the scheme is "BASIC" (case-insensitive) then base64-decode the username:password). Then validate the username and password by whatever means you want. If there is no Authorization header, or it is not valid, then you need to return an HTTP 401; and also insure you also output an WWW-Authenticate response header. -- Deron Meranda
|