Modified for edits.
-------------This line and the following will be ignored -------------- modified: doc/source/development_auth.rst doc/source/getting_started.rst
This commit is contained in:
Anne Gentle
parent
6c5c1e3071
commit
39a9394751
@ -67,7 +67,7 @@ Example Authentication with DevAuth:
|
|||||||
|
|
||||||
Authorization is performed through callbacks by the Swift Proxy server to the
|
Authorization is performed through callbacks by the Swift Proxy server to the
|
||||||
WSGI environment's swift.authorize value, if one is set. The swift.authorize
|
WSGI environment's swift.authorize value, if one is set. The swift.authorize
|
||||||
value should simply be a function that takes a WebOb. Request as an argument and
|
value should simply be a function that takes a webob. Request as an argument and
|
||||||
returns None if access is granted or returns a callable(environ,
|
returns None if access is granted or returns a callable(environ,
|
||||||
start_response) if access is denied. This callable is a standard WSGI callable.
|
start_response) if access is denied. This callable is a standard WSGI callable.
|
||||||
Generally, you should return 403 Forbidden for requests by an authenticated
|
Generally, you should return 403 Forbidden for requests by an authenticated
|
||||||
@ -131,7 +131,7 @@ then swift.authorize will be called once more. These are called delay_denial
|
|||||||
requests and currently include container read requests and object read and
|
requests and currently include container read requests and object read and
|
||||||
write requests. For these requests, the read or write access control string
|
write requests. For these requests, the read or write access control string
|
||||||
(X-Container-Read and X-Container-Write) will be fetched and set as the 'acl'
|
(X-Container-Read and X-Container-Write) will be fetched and set as the 'acl'
|
||||||
attribute in the WebOb.Request passed to swift.authorize.
|
attribute in the webob.Request passed to swift.authorize.
|
||||||
|
|
||||||
The delay_denial procedures allow skipping possibly expensive access control
|
The delay_denial procedures allow skipping possibly expensive access control
|
||||||
string retrievals for requests that can be approved without that information,
|
string retrievals for requests that can be approved without that information,
|
||||||
@ -179,7 +179,7 @@ The access control string has a standard format included with Swift, though
|
|||||||
this can be overridden if desired. The standard format can be parsed with
|
this can be overridden if desired. The standard format can be parsed with
|
||||||
swift.common.middleware.acl.parse_acl which converts the string into two arrays
|
swift.common.middleware.acl.parse_acl which converts the string into two arrays
|
||||||
of strings: (referrers, groups). The referrers allow comparing the request's
|
of strings: (referrers, groups). The referrers allow comparing the request's
|
||||||
Referrer header to control access. The groups allow comparing the
|
Referer header to control access. The groups allow comparing the
|
||||||
request.remote_user (or other sources of group information) to control access.
|
request.remote_user (or other sources of group information) to control access.
|
||||||
Checking referrer access can be accomplished by using the
|
Checking referrer access can be accomplished by using the
|
||||||
swift.common.middleware.acl.referrer_allowed function. Checking group access is
|
swift.common.middleware.acl.referrer_allowed function. Checking group access is
|
||||||
|
|||||||
@ -15,7 +15,7 @@ most Linux platforms with the following software:
|
|||||||
And the following python libraries:
|
And the following python libraries:
|
||||||
|
|
||||||
* Eventlet 0.9.8
|
* Eventlet 0.9.8
|
||||||
* Webob 0.9.8
|
* WebOb 0.9.8
|
||||||
* Setuptools
|
* Setuptools
|
||||||
* Simplejson
|
* Simplejson
|
||||||
* Xattr
|
* Xattr
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user