Thanks Benoit. I am still getting to grips with Couchdb and don't really know erlang. So my question was about how to go about doing this. Can you send me a link the "proxy_authentification_handler" so I can study the code?
Thanks -Venu On Thu, Jan 19, 2012 at 3:34 PM, Benoit Chesneau <[email protected]>wrote: > On Thu, Jan 19, 2012 at 12:25 PM, Rao Venugopal <[email protected]> wrote: > > Thanks Benoit. Just to clarify my understanding, > > a) I have to write a handler in erlang similar to > > > https://github.com/YasuhiroABE/CouchDB-WebProxy_Auth_Handler/blob/master/couch_httpd_auth.erl > > > > > mmm why not using the proxy auth handler in couch ? Is the intention > different ? > > > > b) I have to include my custom handler in the "*authentication_handlers* > " > > section of configuration as > > {couch_httpd_auth, my_company_custom_cookie_authentication_handler} > > > > If there is a better sample for custom authentication handler, please > > recommend > > Use the simple one i wrote that is actually in couch named > `proxy_authentification_handler` it should help you. > > > > > Thanks > > -Venu > > > > * > > * > > > > > > > > On Thu, Jan 19, 2012 at 2:44 PM, Benoit Chesneau <[email protected] > >wrote: > > > >> On Thu, Jan 19, 2012 at 11:41 AM, Rao Venugopal <[email protected]> > wrote: > >> > Hi > >> > > >> > Is it possible to integrate custom authentication/authorization with > >> > couchdb instead of using the couchdb sessions api. > >> > At my company, we already have an cookie based authorization service > >> > and it is unlikely that we can move from it to couchdb's > >> > authentication. Hence, I want to do something along the following > >> > lines > >> > a) Intercept the GET/POST/PUT/DELETE requests & validate the user's > >> > cookie (using the authentication service) > >> > b) decrpt the user's user id/email from cookie > >> > c) Check against couchdb's "db/_security" to check if the email is in > >> > the names collection for either dba admin / reader role > >> > i) If the ok, > >> > - allow the operation to succeed or do a 301 redirect to > >> > couchdb. > >> > - Ideal scenario would be if it is possible userid to > >> > couchdb > >> > so couchdb filters can use it in the following fashion. > >> > function(doc, req) { > >> > if (doc.username) { > >> > if (doc.username == req.userCtx.name) { > >> > return true; > >> > } > >> > } > >> > return false; > >> > > >> > } > >> > > >> > ii) Else return http 401 not authorized > >> > Does couchdb provide for ability to plugin support for this or would > >> > I > >> > have to write a front end service which serves as a proxy between my > >> > remote couchdb server instance and the local couchdb on my > >> > smartphone? Has anyone had any success in either of these two > >> > scenarios? > >> > > >> > Thanks > >> > -Venu > >> > > >> > PS : I asked this question at the mobile couchbase group and was > >> > advised to ask here > >> > >> You can indeed add a custom auth handler. Have a look in > >> couch_httpd_auth for an example. Then add it to the list of auth > >> handler that couchdb can try in the `authentication_handlers` setting > >> in your local.ini . > >> > >> - benoƮt > >> >
