* docs/manual/developer/request.xml
  (security): Replace raw code snippets with a basic description of each
   hook involved in the security phase.

Index: docs/manual/developer/request.xml
===================================================================
--- docs/manual/developer/request.xml   (revision 280694)
+++ docs/manual/developer/request.xml   (working copy)
@@ -146,60 +146,56 @@
 </section>
 
 <section id="security"><title>The Security Phase</title>
-    <p>Needs Documentation. Code is:</p>
+    <section id="access_checker"><title>Hook: access_checker</title>
 
-    <example><pre>
-switch (ap_satisfies(r)) {
-case SATISFY_ALL:
-case SATISFY_NOSPEC:
-    if ((access_status = ap_run_access_checker(r)) != 0) {
-        return decl_die(access_status, "check access", r);
-    }
+      <p>The modules have an opportunity to test whether server
+      configuration allows access to the requested resource.
+      Directives such as <directive
+      module="mod_authz_host">Allow</directive>, <directive
+      module="mod_authz_host">Deny</directive>, and <directive
+      module="mod_authz_host">Order</directive> come into play.</p>
 
-    if (ap_some_auth_required(r)) {
-        if (((access_status = ap_run_check_user_id(r)) != 0)
-            || !ap_auth_type(r)) {
-            return decl_die(access_status, ap_auth_type(r)
-                          ? "check user.  No user file?"
-                          : "perform authentication. AuthType not set!",
-                          r);
-        }
+      <p>If all modules <code>DECLINE</code> this phase, an error 500
+      is returned to the browser, and a "couldn't check access" error
+      is logged automatically.</p>
+    </section>
 
-        if (((access_status = ap_run_auth_checker(r)) != 0)
-            || !ap_auth_type(r)) {
-            return decl_die(access_status, ap_auth_type(r)
-                          ? "check access.  No groups file?"
-                          : "perform authentication. AuthType not set!",
-                          r);
-        }
-    }
-    break;
+    <section id="check_user_id"><title>Hook: check_user_id</title>
+      <p>The modules have an opportunity to authenticate the client
+      credentials supplied for the request (usually by analyzing the
+      request headers).  Successful authentication makes a note of the
+      user and authentication type.  This hook runs only when Apache
+      determines that authentication (and possibly authorization) is
+      required for the requested resource (as determined by the
+      presence of the <directive module="core">Require</directive>
+      directive).  mod_auth_mysql uses this phase to compare the HTTP
+      basic auth user name provided by the client to the configured
+      user database.</p>
 
-case SATISFY_ANY:
-    if (((access_status = ap_run_access_checker(r)) != 0)) {
-        if (!ap_some_auth_required(r)) {
-            return decl_die(access_status, "check access", r);
-        }
+      <p>If all modules <code>DECLINE</code> this phase, an error 500
+      is returned to the browser, and a "couldn't check user.  No user
+      file?" or "couldn't perform authentication. AuthType not set!"
+      error is logged automatically (depending upon whether <directive
+      module="core">AuthType</directive> is set for the <directive
+      type="section" module="core">Location</directive>).</p>
+    </section>
 
-        if (((access_status = ap_run_check_user_id(r)) != 0)
-            || !ap_auth_type(r)) {
-            return decl_die(access_status, ap_auth_type(r)
-                          ? "check user.  No user file?"
-                          : "perform authentication. AuthType not set!",
-                          r);
-        }
+    <section id="auth_checker"><title>Hook: auth_checker</title>
+      <p>The modules have an opportunity to authorize access to the
+      requested resource based on an authenticated user's credentials.
+      This hook runs only when Apache determines that authorization is
+      required for the requested resource (as determined by the
+      presence of the <directive module="core">Require</directive>
+      directive).</p>
 
-        if (((access_status = ap_run_auth_checker(r)) != 0)
-            || !ap_auth_type(r)) {
-            return decl_die(access_status, ap_auth_type(r)
-                          ? "check access.  No groups file?"
-                          : "perform authentication. AuthType not set!",
-                          r);
-        }
-    }
-    break;
-}</pre>
-    </example>
+      <p>If all modules <code>DECLINE</code> this phase, an error 500
+      is returned to the browser, and a "couldn't check access.  No
+      groups file?"  or "couldn't perform authentication. AuthType not
+      set!"  error is logged automatically (depending upon whether
+      <directive module="core">AuthType</directive> is set for the
+      <directive type="section"
+      module="core">Location</directive>).</p>
+    </section>
 </section>
 
 <section id="preparation"><title>The Preparation Phase</title>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to