Apache HTTP Server Version 2.4
Apache HTTP Server Version 2.4
Available Languages: fr
| Description: | Group Authorization and using SQL |
|---|---|
| Status: | Extension |
| Module Identifier: | authz_dbd_module |
| Source File: | mod_authz_dbd.c |
| Compatibility: | Available in Apache 2.4 and later |
This module provides authorization capabilities so that authenticated s can be allowed or denied access to portions of the web site by group hip. Similar functionality is provided by mod_authz_dbm, with the exception that this module queries a SQL database to determine whether a is a member of a group.
This module can also provide database-backed / capabilities. These are likely to be of most value when used in conjunction with mod_authn_dbd.
This module relies on mod_dbd to specify the backend database driver and connection parameters, and manage the database connections.
Apache's Require directives are used during the authorization phase to ensure that a is allowed to access a resource. mod_authz_dbd extends the authorization types with dbd-group, dbd- and dbd-.
Since v2.4.8, expressions are ed within the DBD require directives.
This directive specifies group hip that is required for the to gain access.
Require dbd-group team AuthzDBDQuery "SELECT group FROM authz WHERE = %s"
This directive specifies a query to be run indicating the has logged in.
Require dbd- AuthzDBDQuery "UPDATE authn SET = 'true' WHERE = %s"
This directive specifies a query to be run indicating the has logged out.
Require dbd- AuthzDBDQuery "UPDATE authn SET = 'false' WHERE = %s"
In addition to the standard authorization function of checking group hip, this module can also provide server-side session management via database-backed / capabilities. Specifically, it can update a 's session status in the database whenever the visits designated URLs (subject of course to s supplying the necessary credentials).
This works by defining two special Require types: Require dbd- and Require dbd-. For usage details, see the configuration example below.
Some s may wish to implement client-side session management that works in concert with the server-side / capabilities offered by this module, for example, by setting or unsetting an HTTP cookie or other such token when a logs in or out.
To such integration, mod_authz_dbd exports an optional hook that will be run whenever a 's status is updated in the database. Other session management modules can then use the hook to implement functions that start and end client-side sessions.
# mod_dbd configuration
DBDriver pgsql
DBDParams "dbname=apacheauth =apache =xxxxxx"
DBDMin 4
DBDKeep 8
DBDMax 20
DBDExptime 300
<Directory "/usr/www/my.site/team-private/">
# mod_authn_core and mod_auth_basic configuration
# for mod_authn_dbd
AuthType Basic
AuthName Team
AuthBasirovider dbd
# mod_authn_dbd SQL query to authenticate a logged-in
AuthDBDPWQuery \
"SELECT FROM authn WHERE = %s AND = 'true'"
# mod_authz_core configuration for mod_authz_dbd
Require dbd-group team
# mod_authz_dbd configuration
AuthzDBDQuery "SELECT group FROM authz WHERE = %s"
# when a fails to be authenticated or authorized,
# invite them to ; this page should provide a link
# to /team-private/.html
ErrorDocument 401 "/-info.html"
<Files ".html">
# don't require to already be logged in!
AuthDBDPWQuery "SELECT FROM authn WHERE = %s"
# dbd- action executes a statement to log in
Require dbd-
AuthzDBDQuery "UPDATE authn SET = 'true' WHERE = %s"
# return to referring page (if any) after
# successful
AuthzDBDToReferer On
</Files>
<Files ".html">
# dbd- action executes a statement to log out
Require dbd-
AuthzDBDQuery "UPDATE authn SET = 'false' WHERE = %s"
</Files>
</Directory>
| Description: | Determines whether to redirect the Client to the Referring page on successful or if a Referer request header is present |
|---|---|
| Syntax: | AuthzDBDToReferer On|Off |
| Default: | AuthzDBDToReferer Off |
| Context: | directory |
| Status: | Extension |
| Module: | mod_authz_dbd |
In conjunction with Require dbd- or Require dbd-, this provides the option to redirect the client back to the Referring page (the URL in the Referer HTTP request header, if present). When there is no Referer header, AuthzDBDToReferer On will be ignored.
| Description: | Specify the SQL Query for the required operation |
|---|---|
| Syntax: | AuthzDBDQuery query |
| Context: | directory |
| Status: | Extension |
| Module: | mod_authz_dbd |
The AuthzDBDQuery specifies an SQL query to run. The purpose of the query depends on the Require directive in effect.
Require dbd-group directive, it specifies a query to look up groups for the current . This is the standard functionality of other authorization modules such as mod_authz_dbm. The first column value of each row returned by the query statement should be a string containing a group name. Zero, one, or more rows may be returned. Require dbd-group AuthzDBDQuery "SELECT group FROM groups WHERE = %s"
Require dbd- or Require dbd- directive, it will never deny access, but will instead execute a SQL statement designed to log the in or out. The must already be authenticated with mod_authn_dbd. Require dbd- AuthzDBDQuery "UPDATE authn SET = 'true' WHERE = %s"
In all cases, the 's ID will be ed as a single string parameter when the SQL query is executed. It may be referenced within the query statement using a %s format specifier.
| Description: | Specify a query to look up a page for the |
|---|---|
| Syntax: | AuthzDBDRedirectQuery query |
| Context: | directory |
| Status: | Extension |
| Module: | mod_authz_dbd |
Specifies an optional SQL query to use after successful (or ) to redirect the to a URL, which may be specific to the . The 's ID will be ed as a single string parameter when the SQL query is executed. It may be referenced within the query statement using a %s format specifier.
AuthzDBDRedirectQuery "SELECT page FROM pages WHERE = %s"
The first column value of the first row returned by the query statement should be a string containing a URL to which to redirect the client. Subsequent rows will be ignored. If no rows are returned, the client will not be redirected.
Note that AuthzDBDToReferer takes precedence if both are set.
Available Languages: fr