httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <bnicho...@novell.com>
Subject Re: Clarification on how check_user_id hook works
Date Tue, 10 Oct 2006 21:40:29 GMT
>>> On 10/10/2006 at 8:58 AM, in message
<1404e5910610100758l3795c593gfe6968d9e01d89bb@mail.gmail.com>, "Eric Covener"
<covener@gmail.com> wrote:
> On 10/10/06, Javier Sagrera <sagrera@lycos.com> wrote:
>> So, i can write my modules, based on modules that i know will have a
>> "conflict" with mine using the "if ..."
>> but that is a little limited, i just find strange that you dont have control
>> of the order in which the functions are call,
> 
> Your example is a little contrived because an auth module already
> checked and accepted the userid.
> 
>> And even more strange, that the inclusion of a function registered with
>> FIRST, will change the order too.
> 
> You're sorting a list and have specified that you don't care about the
> position of two things relative to eachother.  Seems reasonable that
> their position would change as the overall contents of the list
> changes based on implementation of the sort.
> 
> Don't get me wrong, being able to influence the hook ordering with
> configuration directives sounds cool (e.g. DirectiveXYZ  hook_name
> mod_homegrown.c after mod_thirdparty.c) but it doesn't look like
> there's a practical problem.


The order in which the check_user_id hooks are called, isn't as big of an issue as you might
think.  In most cases, even if another module is called before yours, the first thing that
it will do is check to make sure that it is configured for that <Directory> or <Location>
and DECLINE to handle the request if not.  Keep in mind that this is an Apache 2.0 and before
issue.  Apache 2.2 has solved this problem with providers.  Using the AuthBasicProvider or
AuthdigestProvider directives, you can specify which authentication providers will be called
for a specific <directory> or <location> and in what order.  Apache 2.3 goes even
further to allow the same type of thing for authorization.

Brad 

Mime
View raw message