Using multiple auth handlers

[James Jackson <ja...@cern.ch>]

Hi all,

I'm just writing some custom auth handlers for a CouchDB cluster we are setting up. To do what we need to do, in the security context we require, I need to run two such custom handlers. I believe that I should be able to do this with the following syntax:

[httpd]
authentication_handlers = {couch_cms_auth, cms_backend_authentication_handler},{couch_cms_auth, cms_host_authentication_hander}

Now, each of these handlers on their own work just fine, but I have problems when attempting to use both. My understanding is that if one throws an unauthorized exception, then the next handler in the list should be tried. However, I see a throw in the first handler kill the request there and then with a 401, without trying the second handler.

Have I misunderstood this behaviour, or do I need to modify how I write my custom handlers so they behave with each other?

Best regards,
James Jackson.

Re: Using multiple auth handlers

[James Jackson <ja...@cern.ch>]

Just to wrap this up, I've worked out what to do - passing back the original request if I want to passthrough a handler.

Cheers,
James.

On 7 Sep 2010, at 13:51, James Jackson wrote:

> Hi all,
> 
> I'm just writing some custom auth handlers for a CouchDB cluster we are setting up. To do what we need to do, in the security context we require, I need to run two such custom handlers. I believe that I should be able to do this with the following syntax:
> 
> [httpd]
> authentication_handlers = {couch_cms_auth, cms_backend_authentication_handler},{couch_cms_auth, cms_host_authentication_hander}
> 
> Now, each of these handlers on their own work just fine, but I have problems when attempting to use both. My understanding is that if one throws an unauthorized exception, then the next handler in the list should be tried. However, I see a throw in the first handler kill the request there and then with a 401, without trying the second handler.
> 
> Have I misunderstood this behaviour, or do I need to modify how I write my custom handlers so they behave with each other?
> 
> Best regards,
> James Jackson.

Re: Using multiple auth handlers

[Filipe David Manana <fd...@apache.org>]

In case an authentication handler can't authenticate a user, it should
return the request record unmodified, that is, it shouldn't return a new
request record with a user_ctx in it.

Throwing an exception is not the way to signal that the auth handler didn't
succeed.

Does this answer your question?

On Tue, Sep 7, 2010 at 1:51 PM, James Jackson <ja...@cern.ch> wrote:

> Hi all,
>
> I'm just writing some custom auth handlers for a CouchDB cluster we are
> setting up. To do what we need to do, in the security context we require, I
> need to run two such custom handlers. I believe that I should be able to do
> this with the following syntax:
>
> [httpd]
> authentication_handlers = {couch_cms_auth,
> cms_backend_authentication_handler},{couch_cms_auth,
> cms_host_authentication_hander}
>
> Now, each of these handlers on their own work just fine, but I have
> problems when attempting to use both. My understanding is that if one throws
> an unauthorized exception, then the next handler in the list should be
> tried. However, I see a throw in the first handler kill the request there
> and then with a 401, without trying the second handler.
>
> Have I misunderstood this behaviour, or do I need to modify how I write my
> custom handlers so they behave with each other?
>
> Best regards,
> James Jackson.




-- 
Filipe David Manana,
fdmanana@gmail.com, fdmanana@apache.org

"Reasonable men adapt themselves to the world.
 Unreasonable men adapt the world to themselves.
 That's why all progress depends on unreasonable men."