views:

172

answers:

0

Hi all,

I've a web application that accesses multiple controller classes based on the parameters it is passed. For some of the controllers, I want users to authenticate themselves (by simple HTTP authentication), and for some I want public access.

Is there a way to make this happen? In my .htaccess file, I now have

AddHandler mod_python .py
PythonHandler handler
PythonAuthenHandler handler
PythonDebug On

AuthType Basic
AuthName "My Realm"
AuthBasicAuthoritative Off
require valid-user

The authenhandler is called correctly, but even when I just do

def authenhandler(req): 
    return apache.OK

the user is asked for a password (though any password that is entered is accepted)

I tried removing the Auth* stuff (and the require directive) from the .htaccess entirely, and just did the following in the normal handler for those cases where I do want authentication (and it was not found):

request.err_headers_out.add('WWW-Authenticate', 'Basic realm="My Realm")
return apache.HTTP_UNAUTHORIZED

which is what I understand what the server should do when not receiving correct authentication. That did not work either, however.

I come from a PHP background and I know that the latter is how it's done in PHP - but PHP sometimes does extra little pieces of undocumented magic to make this stuff actually work. Is this one of those cases?

Is there any way to optionally request authentication, depending on the URL passed, from the same handler?