openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #25264
Re: Improved browser-based access to Swift
On Thu, Jul 18, 2013 at 2:20 PM, Koert van der Veer <koert@xxxxxxxxxxxx> wrote:
> Both middleware projects are released under the Apache 2.0 licence, and can
> be found on our github page:
> https://github.com/CloudVPS/better-staticweb
> https://github.com/CloudVPS/swift-basicauth
Nice! You probably want to use the swift.authorize mechanism instead
of doing authorization in __call__ eg :
https://github.com/openstack/swift/blob/master/swift/common/middleware/keystoneauth.py#L106
see http://docs.openstack.org/developer/swift/development_auth.html :
Authorization is performed through callbacks by the Swift Proxy server
to the WSGI environment’s swift.authorize value, if one is set. The
swift.authorize value should simply be a function that takes a Request
as an argument and returns None if access is granted or returns a
callable(environ, start_response) if access is denied. This callable
is a standard WSGI callable. Generally, you should return 403
Forbidden for requests by an authenticated user and 401 Unauthorized
for an unauthenticated request. For example, here’s an authorize
function that only allows GETs (in this case you’d probably return 405
Method Not Allowed, but ignore that for the moment).:
Chmouel.
Chmouel.
Follow ups
References