Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 44700 invoked from network); 2 Feb 2010 17:37:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 2 Feb 2010 17:37:14 -0000 Received: (qmail 45433 invoked by uid 500); 2 Feb 2010 17:37:13 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 45364 invoked by uid 500); 2 Feb 2010 17:37:13 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 45354 invoked by uid 99); 2 Feb 2010 17:37:13 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Feb 2010 17:37:13 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jchris@gmail.com designates 209.85.221.181 as permitted sender) Received: from [209.85.221.181] (HELO mail-qy0-f181.google.com) (209.85.221.181) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Feb 2010 17:37:04 +0000 Received: by qyk11 with SMTP id 11so304208qyk.16 for ; Tue, 02 Feb 2010 09:36:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type:content-transfer-encoding; bh=gOjbBny03x3qbhnR1+BCvMoQDius91Oujte2UIuQzIc=; b=JR38xx+TW7ECDGSl9GSGkAUpaSKosrMEJ2bnvisRcW+0rNc2Rx55TbAvHbABjcL/0y 1vFDmkZBagu6SGr9gFxSzLB78ZHWRVLI6oJTxLiLIq6WBfjJDdNMQduBES0O5NmGkAgP vsPBhrAJekskyu682DvUx+A0OFZqJ79Kapi0I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=V8z0TnJDo7QteUlhzD00+dPjg7bXafGv9tSvgxkP8XvejBzudM9+R1BES38z3R67j5 oi59vnPqVGNvAQAkgXzPb+eMbm45rtKDivipUz9BGyQqPGHH/fO04m/Q5mNATck46SQI GvEQn9QdEIQAhVMz2GNilGf4zJBHJjxoR27L0= MIME-Version: 1.0 Sender: jchris@gmail.com Received: by 10.142.2.9 with SMTP id 9mr4146369wfb.290.1265132202264; Tue, 02 Feb 2010 09:36:42 -0800 (PST) In-Reply-To: References: Date: Tue, 2 Feb 2010 09:36:42 -0800 X-Google-Sender-Auth: d7832e168f8f59fe Message-ID: Subject: Re: [patch] proxy authentificationn handler From: Chris Anderson To: dev@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Tue, Feb 2, 2010 at 6:57 AM, Benoit Chesneau wrote= : > Hi all, > > I've just pushed on jira my proxy authentification handler. This code > is used behind aimpl.org and works well. > > https://issues.apache.org/jira/browse/COUCHDB-636 > > This handler allows creation of a userCtx objec from a user > authenticated remotly. The client just pass specific headers to > CouchDB and the handler create the userCtx. Headers name can be > defined in local.ini. By thefault they are : > > * X-Auth-CouchDB-UserName : username, (x_auth_username in > couch_httpd_auth section) > * X-Auth-CouchDB-Roles : user roles, list of roles separated by a > comma (x_auth_roles in couch_httpd_auth section) > * X-Auth-CouchDB-Token : token to authenticate the authorization > (x_auth_token in couch_httpd_auth section). This token is an hmac-sha1 > created from secret key and username. The secret key should be the > same in the client and couchdb node. secret key is the secret key in > couch_httpd_auth section of ini. This token is optional if secret key > isn't defined. This token should be optional even if the secret key is defined (the secret is defined by default but people might want to skip the headers signing stuff if they are in a simple environment.) > > What do you think about including it in 0.11 ? This is fine by me -- the patch is pretty isolated, and disabled by default, so I don't see it causing any instability. > > - beno=EEt > --=20 Chris Anderson http://jchrisa.net http://couch.io