ns_requestauthorize method URL authuser
authpassword ?ipaddr?
Ask the server to check permissions using nsperm.
This function does the same permission check that the AOLserver does before
serving a URL. If the nsperm module is loaded, the algorithm is as follows.
- 1.
- If the authuser is "nsadmin", the password is correct, and the IP address
of the client is allowed nsadmin access, then access is authorized.
- 2.
- Find
the relevant permission record. If an exact match for the method and URL
combination is not found, the end of the URL is pared down until a match
is found. For example, if there is no match for ‘/products/cereals/raisin_bran.html,’
then the server looks for a permission record for the URL ‘/products/cereals.’
If that permission record is specified as "Exact URL match is NOT required",
then that permission record is used.
- By default, the server comes with
a row that says GET on ‘/’ is open to the world. If no relevant permission
record is found, access is denied (forbidden).
- 1.
- If the authuser is in the
"Allow Users" list, access is permitted. If the authuser is a member of
a group in the "Allow Groups" list and not in the "Deny Users" list, access
is permitted.
- 2.
- If the host is in the "Hosts to allow" list, access is permitted.
If the host is in the "Hosts to deny" list, access is denied.
- 3.
- If the request
does not come in with authorization data, access is denied.
- 4.
- The user and
password are verified. If there is no password specified in the database,
any password is accepted.
- 5.
- Otherwise, access is denied. Return Values: The
following values can be returned by ns_requestauthorize.
- OK
- The user has
permission to execute this URL and method.
- DENIED
- The user does not have
permission to execute this URL and method.
- FORBIDDEN
- There is no possible
user/password/IP Address combination that would give authorization.
- ERROR
- There
was an error.