You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by jo...@apache.org on 2014/03/27 18:01:28 UTC

[2/4] git commit: [#7287] Added docs for using ApacheAccessHandler.py for SCM auth

[#7287] Added docs for using ApacheAccessHandler.py for SCM auth

Signed-off-by: Cory Johns <cj...@slashdotmedia.com>


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/f3968357
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/f3968357
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/f3968357

Branch: refs/heads/cj/7277
Commit: f39683572e903f152d0bac28a42d4a34fa9f3699
Parents: 8e88e3a
Author: Cory Johns <cj...@slashdotmedia.com>
Authored: Tue Mar 25 17:14:53 2014 +0000
Committer: Dave Brondsema <da...@brondsema.net>
Committed: Wed Mar 26 15:51:11 2014 -0400

----------------------------------------------------------------------
 Allura/docs/scm_host.rst | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/f3968357/Allura/docs/scm_host.rst
----------------------------------------------------------------------
diff --git a/Allura/docs/scm_host.rst b/Allura/docs/scm_host.rst
index 0e11e8a..82bb6a7 100644
--- a/Allura/docs/scm_host.rst
+++ b/Allura/docs/scm_host.rst
@@ -170,6 +170,47 @@ Then Apache SVN will serve repositories for all Allura projects and subprojects.
 
 
 
+Configuring Git/SVN/Hg to use Allura auth via mod_python and ApacheAccessHandler.py
+===================================================================================
+
+This is the easiest way to integrate authentication for SCM access with Allura.  It uses
+mod_python and the handler in `scripts/ApacheAccessHandler.py` to query Allura directly
+for auth and permissions before allowing access to the SCM.  Of course, this only works
+for SCM access over HTTP(S).
+
+First, you need to ensure that mod_python is installed:
+
+.. code-block:: console
+
+    sudo aptitude install libapache2-mod-python
+
+Then, in the VirtualHost section where you proxy SCM requests to git, SVN, or Hg, add the
+access handler, e.g.:
+
+.. code-block:: apache
+
+    <LocationMatch "^/(git|svn|hg)/">
+        AddHandler mod_python .py
+        PythonAccessHandler /var/local/allura/scripts/ApacheAccessHandler.py
+        AuthType Basic
+        AuthName "SCM Access"
+        AuthBasicAuthoritative off
+        PythonOption ALLURA_VIRTUALENV /var/local/env-allura
+        PythonOption ALLURA_AUTH_URL https://127.0.0.1/auth/do_login
+        PythonOption ALLURA_PERM_URL https://127.0.0.1/auth/repo_permissions
+    </LocationMatch>
+
+If the SCM is hosted seperately from Allura, update the URLs as appropriate.
+Even if using localhost, it is recommended to use HTTPS, since the username
+and password will be otherwise be sent in the clear to Allura.
+
+.. warning::
+
+    Currently, for Mercurial, the handler doesn't correctly distinguish read
+    and write requests and thus requires WRITE permission for every request.
+
+
+
 Configuring Git/SVN/Hg to use Allura auth via LDAP and ssh
 ============================================================