Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 85330 invoked from network); 2 Feb 2010 14:58:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 2 Feb 2010 14:58:19 -0000 Received: (qmail 28952 invoked by uid 500); 2 Feb 2010 14:58:18 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 28878 invoked by uid 500); 2 Feb 2010 14:58:18 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 28868 invoked by uid 99); 2 Feb 2010 14:58:18 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Feb 2010 14:58:18 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of bchesneau@gmail.com designates 209.85.216.180 as permitted sender) Received: from [209.85.216.180] (HELO mail-px0-f180.google.com) (209.85.216.180) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Feb 2010 14:58:10 +0000 Received: by pxi10 with SMTP id 10so124696pxi.13 for ; Tue, 02 Feb 2010 06:57:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=GtLLbsX6uJCw6sKLndcA3gORVUR+gnBPMgYOaDZfccE=; b=t9WoMQriEmvy9Xg7PA+uXvKTUtLbP1HQF80vQ18U/BUMsaA4AfOBdFIb4O80UgdHfx aqUQZpxDhPIFGmQTBAKCHD1k1p59I2wsMVqaO3oZ4rufLB1gkrFJ6DL/DDVUps5Uq20/ W/CSWKO/lHdA/ptJAU/rUsgLJpJWwak5tKVQ0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=G/28o0xqTFnAid6KJu7SjrXelzi/UuwMhXfoMEe//gIcRxijxOVl2EXXiKTczoSova rUmxniQf1FLd7b87RmCywxGc5y9PyfU85RQPfutwEC/BHNZrhQ3Womvgg+ppr8dY0265 zDDNLwRIaj5NyUFm4ijWlmtOMe0Aza6BG2Crs= MIME-Version: 1.0 Received: by 10.141.90.12 with SMTP id s12mr4217500rvl.123.1265122670187; Tue, 02 Feb 2010 06:57:50 -0800 (PST) Date: Tue, 2 Feb 2010 15:57:50 +0100 Message-ID: Subject: [patch] proxy authentificationn handler From: Benoit Chesneau To: dev@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi all, I've just pushed on jira my proxy authentification handler. This code is used behind aimpl.org and works well. https://issues.apache.org/jira/browse/COUCHDB-636 This handler allows creation of a userCtx objec from a user authenticated remotly. The client just pass specific headers to CouchDB and the handler create the userCtx. Headers name can be defined in local.ini. By thefault they are : * X-Auth-CouchDB-UserName : username, (x_auth_username in couch_httpd_auth section) * X-Auth-CouchDB-Roles : user roles, list of roles separated by a comma (x_auth_roles in couch_httpd_auth section) * X-Auth-CouchDB-Token : token to authenticate the authorization (x_auth_token in couch_httpd_auth section). This token is an hmac-sha1 created from secret key and username. The secret key should be the same in the client and couchdb node. secret key is the secret key in couch_httpd_auth section of ini. This token is optional if secret key isn't defined. What do you think about including it in 0.11 ? - beno=EEt