Hi everyone,
I have a WSGI application running in a vhost, and I'd like to setup
authorisations based on path.
As I want to avoid to have to modify the vhost each time a new
resource/user is added or modified I wish to use the "require group" to
grant access.
The idea is to delegate authorisation to a script thanks to the WSGI
directive "WSGIAuthGroupScript".
I read the documentation of the Require directive and something is not
clear for me, as I'm not a native english speaker :
"Access controls which are applied in this way are effective for *all*
methods. *This is what is normally desired*. If you wish to apply access
controls only to specific methods, while leaving other methods
unprotected, then place the Require statement into a <Limit> section."
What is a "method" in this context ?
As the authn and authz directives will be implemented in a global
directory section including all the fqdn, if someone is authorised on
path "/test1", will it be authorised to "/test2" ?
The script can't give this access, but will apache ask the script at
each GET request, or will it cache something ?
This is what I fear because I don't understand clearly what a "method"
is here.
I hope the question is clear enough.
The best solution would be to delegate all the authn & authz to the
application, and to avoid apache, but this is out of the scope of my
limitations.
Thanks for your help,
Bastien Semene
