couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Update of "Authentication and Authorization" by CurtArnold
Date Tue, 28 Jul 2009 03:42:58 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The following page has been changed by CurtArnold:
http://wiki.apache.org/couchdb/Authentication_and_Authorization

------------------------------------------------------------------------------
  
  [http://issues.apache.org/jira/browse/COUCHDB-256 COUCHDB-256] : Replicating from a write-protected
server fails
  
+ 
  == Definitions ==
  
-  Authentication:: TBD
-  Authorization:: TBD
+  Authentication:: any process by which you verify that someone is who they claim they are.
+  Authorization:: any process by which someone is allowed to be where they want to go, or
to have information that they want to have.
+ 
+ == References ==
+ 
+ [http://httpd.apache.org/docs/2.2/howto/auth.html Apache 2.2 Authentication, Authorization
and Access Control]
+ [http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html Apache Tomcat 6 Realms and AAA]
+ [http://db.apache.org/derby/docs/10.5/ref/rrefproper13766.html Apache Derby derby.authentication.provider]
+ 
  
  == Authentication use cases ==
  
@@ -61, +69 @@

  [httpd]
  authentication_handler = {modulename, functionname}
  }}}
+ 
+ The module must be available on the code path.  User provided handlers
+ should be placed in ~couchdb (need to confirm that would be the current
+ working directory) or in a subdirectory under ROOT/lib where root is
+ the Erlang/OTP installation directory.
  
  If not specified in local.ini, the authentication handler specified in default.ini, 
  {couch_http, default_authentication_handler}, will be used.
@@ -100, +113 @@

  
  If the http request contains basic authentication, the user name and password are checked

  against a configured user list.  If the user is recognized as an administrator, the user
name and
- _admin role are added to the user context, otherwise, an exception is thrown.
+ <<"_admin">> (bit stream representation of "_admin") role are added to the user
context, 
+ otherwise, an exception is thrown.
  If basic authentication is not present and there are admins defined in the user list,
  an empty context is returned.  If basic authentication is not present and there are no admins
  defined, then the _admin role is added to the context.
@@ -108, +122 @@

  
  === couch_http::null_authentication_handler ===
  
- Any request is granted the _admin role.
+ Any request is granted the <<"_admin">> role.
  
  === couch_http::special_test_authentication_handler ===
  
  If the WWW-Authentication header has a value like "X-Couch-Test-Auth username:password",
  the user name and password are checked against a hard-coded list of username/password
- combinations.  If the request matches, the user name (but not the _admin role) is added,
+ combinations.  If the request matches, the user name (but not the <<"_admin">>
role) is added,
  otherwise an exception is thrown.  If the WWW-Authentication header is not present
- or does not match the pattern, the _admin role is added.
+ or does not match the pattern, the <<"_admin role">> is added.
  
  === couch_httpd_oauth::oauth_authentication_handler ===
  

Mime
View raw message