httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Javier Sagrera" <>
Subject Re: Clarification on how check_user_id hook works
Date Wed, 11 Oct 2006 10:45:42 GMT
I think i got a clear picture now, it is true that by saying MIDDLE you 
really can expect any specific to be followed.
I guess that the new directives in 2.2 would help me to have a little more 
control over the sequence of execution.

Thanks to all for taking some time in responding my emails.


"Brad Nicholes" <> wrote in message
>>>> On 10/10/2006 at 8:58 AM, in message
> <>, "Eric 
> Covener"
> <> wrote:
>> On 10/10/06, Javier Sagrera <> wrote:
>>> So, i can write my modules, based on modules that i know will have a
>>> "conflict" with mine using the "if ..."
>>> but that is a little limited, i just find strange that you dont have 
>>> control
>>> of the order in which the functions are call,
>> Your example is a little contrived because an auth module already
>> checked and accepted the userid.
>>> And even more strange, that the inclusion of a function registered with
>>> FIRST, will change the order too.
>> You're sorting a list and have specified that you don't care about the
>> position of two things relative to eachother.  Seems reasonable that
>> their position would change as the overall contents of the list
>> changes based on implementation of the sort.
>> Don't get me wrong, being able to influence the hook ordering with
>> configuration directives sounds cool (e.g. DirectiveXYZ  hook_name
>> mod_homegrown.c after mod_thirdparty.c) but it doesn't look like
>> there's a practical problem.
> The order in which the check_user_id hooks are called, isn't as big of an 
> issue as you might think.  In most cases, even if another module is called 
> before yours, the first thing that it will do is check to make sure that 
> it is configured for that <Directory> or <Location> and DECLINE to handle

> the request if not.  Keep in mind that this is an Apache 2.0 and before 
> issue.  Apache 2.2 has solved this problem with providers.  Using the 
> AuthBasicProvider or AuthdigestProvider directives, you can specify which 
> authentication providers will be called for a specific <directory> or 
> <location> and in what order.  Apache 2.3 goes even further to allow the 
> same type of thing for authorization.
> Brad

View raw message