Have you tried `WSGIAuthGroupScript` yet? That seems to provide a way to list "groups" and then a "group" can be checked with a `Require` directive which is a normal httpd directive. And it seems both 401 and 403 statuses are options then. https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#authzsendforbiddenonfailure
As for other ideas, the two URL solution obviously would work and be simple, but I feel like it is not very user-friendly and elegant. But maybe an option if the other choices are hard. The reverse-proxy idea sounds like it could work. Would we have to write a little proxy ourselves? Hopefully not. If we used an existing proxy (like an httpd module or wsgi package) it would have to be configurable enough that we could hook our access checks into it somehow? Looking around a little bit: - using `mod_proxy` would involve `require` directives again http://httpd.apache.org/docs/current/mod/mod_proxy.html#access - https://pypi.org/project/wsgiprox/ or https://pypi.org/project/WSGIProxy2/ seem like fairly mature projects, but I didn't look further to see how easy it'd be to customize their behavior --- ** [tickets:#8352] Convert ApacheAccessHandler.py from mod_python to mod_wsgi** **Status:** open **Milestone:** unreleased **Labels:** py3 **Created:** Wed Feb 26, 2020 07:54 PM UTC by Dave Brondsema **Last Updated:** Thu Feb 04, 2021 04:27 PM UTC **Owner:** nobody mod_wsgi is how we run the main app, mod_python is very old school and we shouldn't be using it. Recent versions of Ubunut look like they drop support for mod_python anyway rather than supporting it on python3: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-python/+bug/1735368 Although mod_python does work with python 3, it'd just have to be built manually. --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.