[mod_python] Which handler? (WebDav AA system)

Graham Dumpleton graham.dumpleton at gmail.com
Tue Oct 9 05:40:50 EDT 2007


On 09/10/2007, Damjan Georgievski <gdamjan at gmail.com> wrote:
> I'm trying to build a simple handler that will multi-user WebDav
> storage. Of course I intend to use the DAV support in Apache, and just
> want to write a simple wrapper that will allow or deny access acording
> to some criteria. It seemed to me that I'd that easyest with python
> and mod_python.
>
> A bit of context.
> WebDav uses several HTTP methods, but we can generally separate them
> in two classes: GET&HEAD are public, every other can be considered
> restricted. My idea is that a user has full rw access to his own part
> of DAV storage (for ex. '$DAVROOT/username'), everything stored there
> is publically readable unless stored in the special folder
> '$DAVROOT/username/private'.
>
> Now, the question is what handler to use.
>
> I tried the accesshandler, but it seems I can't return
> HTTP_UNAUTHORIZED from it (it gets converted to FOBIDDEN somewhere).
>
> I tried authenhandler, but it needs peculiar setup in apache's
> configuration, and it requires authorization no matter what.

You need to use a combination of authenhandler and authzhandler. It
isn't trivial to get right and to do it anything near properly needs
mod_python 3.3.1.

If your authenhandler determines that something is public, it can fake
that a user has logged in by setting req.user, req.ap_auth_type
appropriately and returning OK.

There are some examples that might get you started in the mailing list
archives searchable from the www.modpython.org site. Beyond that you
need to sketch out a bit better what your ideas are for doing it as
far as hooking into user databases and directive options for Require
that you might want to use. Depending on user database source, there
are possibly other modules for Apache available that could also be
used.

Graham

> I also tried PythonHandler (and SetHandler mod_pytohn) but the problem
> is that it doesn't handle requests for methods other than the standard
> GET, POST, etc. (it misses PROPFIND for ex.).
>
> I tried inithandler too, it seemed like it doesn't execute.
>
> So the question is, which handler I can use so that I can allow public
> access in some cases, FORBID access in other casses, and ask for
> authorization in third cases?
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
>


More information about the Mod_python mailing list