[mod_python] Apache 2.2 authen/authz and "require" semantics

Arnar Birgisson arnarbi at gmail.com
Sun Sep 23 17:05:10 EDT 2007


Hello there,

I'm having some trouble finding the right docs/examples to solve my problem.

What I want to do is to use a database (a Django model) to control
access to svn and trac (let's just focus on svn to begin with).

My urls are of the form http://svn.domain.tld/projectname/. In the db
I have an entry for each project, and on it a boolean field indicating
if the project should be public-readable or not.

How can I leave it up to the authen- or authzhandler to decide when
username/passwd is required? Seems if I require anything a
login-dialog is popped up, even if the authenhandler never looks at
the username and just return apache.OK if the project is
public-readable. If I have no require lines, no authentication seems
to take place and everything is wide-open regardless of the
public-readable switch.

>From [1] it seems the proper way with apache 2.2. is to provide both
an authen- and authzhandler, but I don't quite see how things should
work in my case.

Ideally, I'd like my config to look something like this:

SetEnv DJANGO_SETTINGS_MODULE projectadmin.settings
PythonHandlerModule projectadmin.authenhandler
Require project-access svn_read
<LimitExcept GET PROPFIND OPTIONS REPORT>
    Require project-access svn_write
</LimitExcept>

Making it work sanely with other auth- or authz handlers is no issue for me.

Arnar

[1] http://www.modpython.org/pipermail/mod_python/2007-July/024055.html


More information about the Mod_python mailing list