httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Javier Sagrera" <sagr...@lycos.com>
Subject Re: Clarification on how check_user_id hook works
Date Wed, 11 Oct 2006 10:45:42 GMT
Hi,
I think i got a clear picture now, it is true that by saying MIDDLE you 
really can expect any specific to be followed.
I guess that the new directives in 2.2 would help me to have a little more 
control over the sequence of execution.

Thanks to all for taking some time in responding my emails.

Cheers,
Javier

"Brad Nicholes" <bnicholes@novell.com> wrote in message 
news:452BBEEE.3235.00AC.0@novell.com...
>>>> On 10/10/2006 at 8:58 AM, in message
> <1404e5910610100758l3795c593gfe6968d9e01d89bb@mail.gmail.com>, "Eric 
> Covener"
> <covener@gmail.com> wrote:
>> On 10/10/06, Javier Sagrera <sagrera@lycos.com> wrote:
>>> So, i can write my modules, based on modules that i know will have a
>>> "conflict" with mine using the "if ..."
>>> but that is a little limited, i just find strange that you dont have 
>>> control
>>> of the order in which the functions are call,
>>
>> Your example is a little contrived because an auth module already
>> checked and accepted the userid.
>>
>>> And even more strange, that the inclusion of a function registered with
>>> FIRST, will change the order too.
>>
>> You're sorting a list and have specified that you don't care about the
>> position of two things relative to eachother.  Seems reasonable that
>> their position would change as the overall contents of the list
>> changes based on implementation of the sort.
>>
>> Don't get me wrong, being able to influence the hook ordering with
>> configuration directives sounds cool (e.g. DirectiveXYZ  hook_name
>> mod_homegrown.c after mod_thirdparty.c) but it doesn't look like
>> there's a practical problem.
>
>
> The order in which the check_user_id hooks are called, isn't as big of an 
> issue as you might think.  In most cases, even if another module is called 
> before yours, the first thing that it will do is check to make sure that 
> it is configured for that <Directory> or <Location> and DECLINE to handle

> the request if not.  Keep in mind that this is an Apache 2.0 and before 
> issue.  Apache 2.2 has solved this problem with providers.  Using the 
> AuthBasicProvider or AuthdigestProvider directives, you can specify which 
> authentication providers will be called for a specific <directory> or 
> <location> and in what order.  Apache 2.3 goes even further to allow the 
> same type of thing for authorization.
>
> Brad
> 




Mime
View raw message