[mod_python] Apache 2.2 authen/authz and "require" semantics

Graham Dumpleton graham.dumpleton at gmail.com
Mon Sep 24 07:58:46 EDT 2007


On 24/09/2007, Arnar Birgisson <arnarbi at gmail.com> wrote:
> Hi Graham,
>
> On 9/24/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote:
> > In the mean time, I'll try and find some time to explain how to do it
> > for mod_python properly. Cant promise anything though as starting to
> > get backlogged as it is.
>
> I very much appreciate the time you spent on this, thank you. Looking
> forward to mod_wsgi 2.0 :)
>
> My main problem remains that depending on the project (identified by
> the first part of the url), I might want to skip authentication and
> authorization all together since some projects allow anonymous access.
> I don't know how to make that decision, whether to request a login
> from the user, in python code.

Have an authenhandler which identifies the URL you need to let through
and simply do:

  req.user = 'anonymous'
  return apache.OK

Setting req.user should be sufficient to prevent complaints from
Apache and would satisfy 'Require valid-user' check.

Graham


More information about the Mod_python mailing list