You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by gs...@apache.org on 2002/08/24 00:16:06 UTC
cvs commit: httpd-2.0/include http_request.h
gstein 2002/08/23 15:16:06
Modified: include http_request.h
Log:
Clarify the use and sequencing of these three hooks.
Revision Changes Path
1.42 +18 -6 httpd-2.0/include/http_request.h
Index: http_request.h
===================================================================
RCS file: /home/cvs/httpd-2.0/include/http_request.h,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- http_request.h 22 Jun 2002 19:39:45 -0000 1.41
+++ http_request.h 23 Aug 2002 22:16:05 -0000 1.42
@@ -340,8 +340,13 @@
AP_DECLARE_HOOK(int,map_to_storage,(request_rec *r))
/**
- * This hook allows modules to check the authentication information sent with
- * the request.
+ * This hook is used to analyze the request headers, authenticate the user,
+ * and set the user information in the request record (r->user and
+ * r->ap_auth_type). This hook is only run when Apache determines that
+ * authentication/authorization is required for this resource (as determined
+ * by the 'Require' directive). It runs after the access_checker hook, and
+ * before the auth_checker hook.
+ *
* @param r The current request
* @return OK, DECLINED, or HTTP_...
* @ingroup hooks
@@ -368,8 +373,11 @@
AP_DECLARE_HOOK(int,type_checker,(request_rec *r))
/**
- * This routine is called to check for any module-specific restrictions placed
- * upon the requested resource.
+ * This hook is used to apply additional access control to this resource.
+ * It runs *before* a user is authenticated, so this hook is really to
+ * apply additional restrictions independent of a user. It also runs
+ * independent of 'Require' directive usage.
+ *
* @param r the current request
* @return OK, DECLINED, or HTTP_...
* @ingroup hooks
@@ -377,8 +385,12 @@
AP_DECLARE_HOOK(int,access_checker,(request_rec *r))
/**
- * This routine is called to check to see if the resource being requested
- * requires authorisation.
+ * This hook is used to check to see if the resource being requested
+ * is available for the authenticated user (r->user and r->ap_auth_type).
+ * It runs after the access_checker and check_user_id hooks. Note that
+ * it will *only* be called if Apache determines that access control has
+ * been applied to this resource (through a 'Require' directive).
+ *
* @param r the current request
* @return OK, DECLINED, or HTTP_...
* @ingroup hooks