You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by James Jackson <ja...@cern.ch> on 2010/09/07 14:51:24 UTC
Using multiple auth handlers
Hi all,
I'm just writing some custom auth handlers for a CouchDB cluster we are setting up. To do what we need to do, in the security context we require, I need to run two such custom handlers. I believe that I should be able to do this with the following syntax:
[httpd]
authentication_handlers = {couch_cms_auth, cms_backend_authentication_handler},{couch_cms_auth, cms_host_authentication_hander}
Now, each of these handlers on their own work just fine, but I have problems when attempting to use both. My understanding is that if one throws an unauthorized exception, then the next handler in the list should be tried. However, I see a throw in the first handler kill the request there and then with a 401, without trying the second handler.
Have I misunderstood this behaviour, or do I need to modify how I write my custom handlers so they behave with each other?
Best regards,
James Jackson.
Re: Using multiple auth handlers
Posted by James Jackson <ja...@cern.ch>.
Just to wrap this up, I've worked out what to do - passing back the original request if I want to passthrough a handler.
Cheers,
James.
On 7 Sep 2010, at 13:51, James Jackson wrote:
> Hi all,
>
> I'm just writing some custom auth handlers for a CouchDB cluster we are setting up. To do what we need to do, in the security context we require, I need to run two such custom handlers. I believe that I should be able to do this with the following syntax:
>
> [httpd]
> authentication_handlers = {couch_cms_auth, cms_backend_authentication_handler},{couch_cms_auth, cms_host_authentication_hander}
>
> Now, each of these handlers on their own work just fine, but I have problems when attempting to use both. My understanding is that if one throws an unauthorized exception, then the next handler in the list should be tried. However, I see a throw in the first handler kill the request there and then with a 401, without trying the second handler.
>
> Have I misunderstood this behaviour, or do I need to modify how I write my custom handlers so they behave with each other?
>
> Best regards,
> James Jackson.
Re: Using multiple auth handlers
Posted by Filipe David Manana <fd...@apache.org>.
In case an authentication handler can't authenticate a user, it should
return the request record unmodified, that is, it shouldn't return a new
request record with a user_ctx in it.
Throwing an exception is not the way to signal that the auth handler didn't
succeed.
Does this answer your question?
On Tue, Sep 7, 2010 at 1:51 PM, James Jackson <ja...@cern.ch> wrote:
> Hi all,
>
> I'm just writing some custom auth handlers for a CouchDB cluster we are
> setting up. To do what we need to do, in the security context we require, I
> need to run two such custom handlers. I believe that I should be able to do
> this with the following syntax:
>
> [httpd]
> authentication_handlers = {couch_cms_auth,
> cms_backend_authentication_handler},{couch_cms_auth,
> cms_host_authentication_hander}
>
> Now, each of these handlers on their own work just fine, but I have
> problems when attempting to use both. My understanding is that if one throws
> an unauthorized exception, then the next handler in the list should be
> tried. However, I see a throw in the first handler kill the request there
> and then with a 401, without trying the second handler.
>
> Have I misunderstood this behaviour, or do I need to modify how I write my
> custom handlers so they behave with each other?
>
> Best regards,
> James Jackson.
--
Filipe David Manana,
fdmanana@gmail.com, fdmanana@apache.org
"Reasonable men adapt themselves to the world.
Unreasonable men adapt the world to themselves.
That's why all progress depends on unreasonable men."