|
Jim Gallacher
jpg at jgassociates.ca
Tue Nov 14 10:31:34 EST 2006
Richard Lewis wrote:
> On Tuesday 14 November 2006 14:17, Jorey Bump wrote:
>> Richard Lewis wrote:
>>> I plan to implement a URI-controlled API where all "commands" will begin
>>> with "/edit/". And I want to provide authentication for these commands (I
>>> have a MySQL user database). Because I have this "whole site" handler,
>>> will it be possible to use standard authentication directives? And will
>>> it be possible to use the Directory directive for "/edit/" requests, as I
>>> don't have actual directories?
>> Use Location, not Directory.
>>
> OK. But what I mean is, will it ever be able to use the Location directive? If
> I have a Python handler processing /all/ requests under a VirtualHost I don't
> think there are any circumstances under which Apache will even consider the
> Location directive. Is that right?
I don't think so. Directives in the Location context should override the
directives higher up in the VirtualHost context. Try something like this:
<Location /edit>
PythonDebug On
AuthType Basic
AuthName "Restricted"
Require valid-user
PythonAuthenHandler foo.bar
</Location>
foo/bar.py looks something like this:
from mod_python import apache
def authenhandler(req):
pw = req.get_basic_auth_pw()
user = req.user
if user == "spam" and pw == "eggs":
return apache.OK
else:
return apache.HTTP_UNAUTHORIZED
As you are working in an earlier Apache processing phase, this will work
to protect all resources under /edit, even if they are not handled by
mod_python. It's a powerful thing.
Jim
|