[mod_python] Apache 2.2 authen/authz and "require" semantics

Graham Dumpleton graham.dumpleton at gmail.com
Mon Sep 24 06:46:47 EDT 2007


On 24/09/2007, Arnar Birgisson <arnarbi at gmail.com> wrote:
> Hello Graham,
>
> On 9/24/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote:
> > Does it have to be configurable from Apache configuration, could you
> > just do it all in the Python script?
>
> Yes, I could do it all from a python script - any way that works :)
>
> > So, we don't even use auth/authz for this bit, but just use a fixup handler.
>
> *goes to read about fixup-handlers*
>
> Can I return apache.HTTP_UNAUTHORIZED from a fixup-handler to make the
> browser request username/passwd?

Technically you can. The issue will be that if you have defined
AuthType etc then the earlier auth handler phase may result in it not
getting that far.

When reading about fixup handlers, the main point to realise is that
for a authen handler you have:

*  Where multiple handlers are specified, if any handler in the
sequence returns a value other than apache.DECLINED, then execution of
all subsequent handlers for this phase are aborted.

For a fixup handler you instead have:

* Where multiple handlers are specified, if any handler in the
sequence returns a value other than apache.OK or apache.DECLINED, then
execution of all subsequent handlers for this phase are aborted.

This is referred to as RUN_FIRST as opposed to RUN_ALL. Ie., run until
first one returns and says it has done something, versus run all until
an error.

The other difference is purely the ordering of the phases and the
notional purpose of each phase.

If you really want to go deeply into understanding the difference, read:

  http://www.fmc-modeling.org/category/projects/apache/amp/4_4Request_Response_Loop.html

Graham


More information about the Mod_python mailing list