Name
Check User ID
Synopsis
int module_check_user_id(request_rec *pReq)
This function is responsible for acquiring and
checking a user ID. The user ID should be stored in
pReq->connection->user
. The function should
return OK
, DECLINED
, or a
status code. Of particular interest is
HTTP_UNAUTHORIZED
(formerly known as
AUTH_REQUIRED
), which should be returned if the
authorization fails (either because the user agent presented no
credentials or because those presented were not correct). All modules
are polled until one returns something other than
DECLINED
. If all decline, a configuration error is
logged, and an error is returned to the user agent. When
HTTP_UNAUTHORIZED
is returned, an appropriate
header should be set to inform the user agent of the type of
credentials to present when it retries. Currently, the appropriate
header is WWW-Authenticate
(see the HTTP 1.1
specification for details). Unfortunately, Apache’s
modularity is not quite as good as it might be in this area. So this
hook usually provides alternate ways of accessing the user/password
database, rather than changing the way authorization is actually
done, as evidenced by the fact that the protocol side of
authorization is currently dealt with in
http_protocol.c, rather than in the module. Note
that this function checks the validity of the username and password
and not whether the particular user has permission to access the URL.
An obvious user of this hook is mod_auth.c, as shown in Example 21-18.
Example
Get Apache: The Definitive Guide, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.