In case an authentication handler can't authenticate a user, it should return the request record unmodified, that is, it shouldn't return a new request record with a user_ctx in it.
Throwing an exception is not the way to signal that the auth handler didn't succeed. Does this answer your question? On Tue, Sep 7, 2010 at 1:51 PM, James Jackson <[email protected]> wrote: > Hi all, > > I'm just writing some custom auth handlers for a CouchDB cluster we are > setting up. To do what we need to do, in the security context we require, I > need to run two such custom handlers. I believe that I should be able to do > this with the following syntax: > > [httpd] > authentication_handlers = {couch_cms_auth, > cms_backend_authentication_handler},{couch_cms_auth, > cms_host_authentication_hander} > > Now, each of these handlers on their own work just fine, but I have > problems when attempting to use both. My understanding is that if one throws > an unauthorized exception, then the next handler in the list should be > tried. However, I see a throw in the first handler kill the request there > and then with a 401, without trying the second handler. > > Have I misunderstood this behaviour, or do I need to modify how I write my > custom handlers so they behave with each other? > > Best regards, > James Jackson. -- Filipe David Manana, [email protected], [email protected] "Reasonable men adapt themselves to the world. Unreasonable men adapt the world to themselves. That's why all progress depends on unreasonable men."
