incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rao Venugopal <ven...@gmail.com>
Subject Re: Couchdb + custom authentication
Date Thu, 19 Jan 2012 20:52:46 GMT
Thanks Benoit.  I am still getting to grips with Couchdb and don't really
know erlang.  So my question was about how to go about doing this.  Can you
send me a link the "proxy_authentification_handler" so I can study the code?

Thanks
-Venu

On Thu, Jan 19, 2012 at 3:34 PM, Benoit Chesneau <bchesneau@gmail.com>wrote:

> On Thu, Jan 19, 2012 at 12:25 PM, Rao Venugopal <venuzr@gmail.com> wrote:
> > Thanks Benoit.  Just to clarify my understanding,
> > a) I have to write a handler in erlang similar to
> >
> https://github.com/YasuhiroABE/CouchDB-WebProxy_Auth_Handler/blob/master/couch_httpd_auth.erl
> >
>
>
> mmm why not using the proxy auth handler in couch ? Is the intention
> different ?
> >
> > b) I have to include my custom handler in the "*authentication_handlers*
> "
> > section of configuration as
> > {couch_httpd_auth, my_company_custom_cookie_authentication_handler}
> >
> > If there is a better sample for custom authentication handler, please
> > recommend
>
> Use the simple one i wrote that is actually in couch named
> `proxy_authentification_handler`  it should help you.
>
> >
> > Thanks
> > -Venu
> >
> > *
> > *
> >
> >
> >
> > On Thu, Jan 19, 2012 at 2:44 PM, Benoit Chesneau <bchesneau@gmail.com
> >wrote:
> >
> >> On Thu, Jan 19, 2012 at 11:41 AM, Rao Venugopal <venuzr@gmail.com>
> wrote:
> >> > Hi
> >> >
> >> > Is it possible to integrate custom authentication/authorization with
> >> > couchdb instead of using the couchdb sessions api.
> >> > At my company, we already have an cookie based authorization service
> >> > and it is unlikely that we can move from it to couchdb's
> >> > authentication.  Hence, I want to do something along the following
> >> > lines
> >> > a) Intercept the GET/POST/PUT/DELETE requests & validate the user's
> >> > cookie (using the authentication service)
> >> > b) decrpt the user's user id/email from cookie
> >> > c) Check against couchdb's "db/_security" to check if the email is in
> >> > the names collection for either dba admin / reader role
> >> >     i) If the ok,
> >> >         - allow the operation to succeed or do a 301 redirect to
> >> > couchdb.
> >> >         - Ideal scenario would be if it is possible userid to
> >> > couchdb
> >> > so couchdb filters can use it in the following fashion.
> >> >      function(doc, req) {
> >> >        if (doc.username) {
> >> >                if (doc.username == req.userCtx.name) {
> >> >                        return true;
> >> >                }
> >> >        }
> >> >        return false;
> >> >
> >> > }
> >> >
> >> >   ii) Else return http 401 not authorized
> >> > Does couchdb provide for ability to plugin support for this or would
> >> > I
> >> > have to write a front end service which serves as  a proxy between my
> >> > remote couchdb server instance and the local couchdb on my
> >> > smartphone?  Has anyone had any success in either of these two
> >> > scenarios?
> >> >
> >> > Thanks
> >> > -Venu
> >> >
> >> > PS : I asked this question at the mobile couchbase group and was
> >> > advised to ask here
> >>
> >> You can indeed add a custom auth handler. Have a look in
> >> couch_httpd_auth for an example. Then add it to the list of auth
> >> handler that couchdb can try in the `authentication_handlers` setting
> >> in your local.ini .
> >>
> >> - benoƮt
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message