couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Update of "Authentication and Authorization" by CurtArnold
Date Mon, 27 Jul 2009 21:25:07 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The following page has been changed by CurtArnold:
http://wiki.apache.org/couchdb/Authentication_and_Authorization

------------------------------------------------------------------------------
  
  == Authentication hooks ==
  
- Descriptions of how to connect a authentication system to couchdb.
+ CouchDB currently (0.9.x and SVN HEAD as of 2009-07-24) allows the user to configure
+ an authentication handler in local.ini like: 
+ 
+ {{{
+ [httpd]
+ authentication_handler = {modulename, functionname}
+ }}}
+ 
+ If not specified in local.ini, the authentication handler specified in default.ini, 
+ {couch_http, default_authentication_handler}, will be used.
+ 
+ The specified handler is called in couch_httpd::handle_request:
+ 
+ {{{
+ handle_request(MochiReq, DefaultFun,
+         UrlHandlers, DbUrlHandlers, DesignUrlHandlers) ->
+ ...
+     AuthenticationFun = make_arity_1_fun(
+             couch_config:get("httpd", "authentication_handler")),
+ ...
+ 
+     {ok, Resp} =
+     try
+         HandlerFun(HttpReq#httpd{user_ctx=AuthenticationFun(HttpReq)})
+     catch
+ }}}
+ 
+ The handler takes an httpd record and returns an user_ctx record.  The return value replaces
+ the existing user_ctx member of the httpd record and is passed to a handler for the current
+ request.
+ 
+ 
+ user_ctx is defined in src/couch_db.hrl as:
+ {{{
+ -record(user_ctx,
+     {name=null,
+     roles=[]
+     }).
+ }}}
+ 
  
  == Authorization use cases ==
  
@@ -64, +103 @@

  
  == Authorization hooks ==
  
- Descriptions of how to connect a authentication system to couchdb.
+ Authorization is not configurable in CouchDB 0.9.x or the current SVN HEAD.
+ The user_ctx record is examined in couch_db::check_is_admin/1 and 
+ couch_db::validate_doc_update/3.
+ 
+ The user_ctx record can be displayed using http://localhost:5984/_whoami on the SVN HEAD.
+ 
  
  == Proposals ==
  

Mime
View raw message