NaviServer - programmable web server

[ Main Table Of Contents | Table Of Contents | Keyword Index ]

ns_requestauthorize(n) 5.0.0a naviserver "NaviServer Built-in Commands"

Name

ns_requestauthorize - Perform authorization check

Table Of Contents

Synopsis

Description

This function does the same permission check that the NaviServer does before serving a URL via the nsperm module. If the nsperm module is loaded, the algorithm is as follows. See Chapter 6 in the NaviServer Administrator's Guide for information on access control, including permissions.

COMMANDS

ns_requestauthorize method url authuser authpasswd ?ipaddr?
  1. If the authuser is "nsadmin", the password is correct, and the IP address of the client is allowed nsadmin access, then access is authorized.

  2. Find the relevant permission record. If an exact match for the method and URL combination is not found, the end of the URL is pared down until a match is found. For example, if there is no match for "/products/cereals/raisin_bran.html," then the server looks for a permission record for the URL "/products/cereals." If that permission record is specified as "Exact URL match is NOT required," then that permission record is used.

By default, the modules is predefined with an entry that says GET on "/" is open to the world. If no relevant permission record is found, access is denied (forbidden).

  1. If the authuser is in the "Allow Users" list, access is permitted. If the authuser is a member of a group in the "Allow Groups" list and not in the "Deny Users" list, access is permitted.

  2. If the host is in the "Hosts to allow" list, access is permitted. If the host is in the "Hosts to deny" list, access is denied.

  3. If the request does not come in with authorization data, access is denied.

  4. The user and password are verified. If there is no password specified in the database, any password is accepted.

  5. Otherwise, access is denied.

RETURN VALUES

The following values can be returned by ns_requestauthorize.

See Also

nsd

Keywords

ns_checkurl, nsperm, server built-in