|
Hi everyone, I have a WSGI application running in a vhost, and I'd like to setup authorisations based on path. As I want to avoid to have to modify the vhost each time a new resource/user is added or modified I wish to use the "require group" to grant access. The idea is to delegate authorisation to a script thanks to the WSGI directive "WSGIAuthGroupScript". I read the documentation of the Require directive and something is not clear for me, as I'm not a native english speaker : "Access controls which are applied in this way are effective for all methods. This is what is normally desired. If you wish to apply access controls only to specific methods, while leaving other methods unprotected, then place the Require statement into a <Limit> section." What is a "method" in this context ? As the authn and authz directives will be implemented in a global directory section including all the fqdn, if someone is authorised on path "/test1", will it be authorised to "/test2" ? The script can't give this access, but will apache ask the script at each GET request, or will it cache something ? This is what I fear because I don't understand clearly what a "method" is here. I hope the question is clear enough. The best solution would be to delegate all the authn & authz to the application, and to avoid apache, but this is out of the scope of my limitations. Thanks for your help, Bastien Semene |
|