[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: How to allow anonymous access, but not everyone access in path-based authorization?

From: Johan Corveleyn <jcorvel_at_gmail.com>
Date: Thu, 29 Apr 2010 12:41:47 +0200

On Thu, Apr 29, 2010 at 11:53 AM, vishwajeet singh <dextrous85_at_gmail.com> wrote:
>
>
> On Thu, Apr 29, 2010 at 3:09 PM, Didier Trosset <didier_trosset_at_agilent.com>
> wrote:
>>
>>  I have a subversion server running with apache. It authenticates users
>> using LDAP configuration and uses SVN path-based authorizations to limit
>> user access to certain repositories. This works perfectly.
>>
>> Now, I have a service I want to setup (rietveld, for code reviews) that
>> needs to have an anonymous access to the repository. As this is a web
>> service, accesses are always done from the same server. Thus I added an
>> apache configuration to allow accesses from this machine. without user
>> authentication.
>>
>> |    <Limit GET PROPFIND OPTIONS REPORT>
>>     Order allow,deny
>>     Allow from # private IP address
>>     Satisfy Any
>>   </Limit>
>> |
>>
>> This did not work until I add an additional line "* = r" in the
>> authorization file to allow read access to all users.
>>
>> For instance, before I add the authorization from a specific IP, all users
>> were authenticated, and thus had a name. Now, some accesses are done without
>> a user name! I found the |"-|" user name in the apache log files, but the
>> line "|- = r"| does not work, neither do |"anonymous = r"|. I'd like not to
>> allow read access to everyone in SVN authorization. How can I do this?
>>
>> (More details in stackoverflow question
>> http://stackoverflow.com/questions/2728021/how-to-allow-unamed-user-in-svn-authz-file
>
> IMHO there is no way to do it other than creating a dummy user and giving it
> access to all repositories in authorization file as we had similar issues
> integrating Subversion repositories with JIRA.

You can do this if you set up a separate Location block (referring to
the same svn repo) for this anonymous access. Then they can each have
their own authz file (or no authz file if it's not needed). I don't
see another way.

We do something like that:
<Location /svn>
      DAV svn
      SVNPath /path/to/repos
    ... auth & possible authz stuff
</Location>

<Location /svn_anon>
    DAV svn
    SVNPath /path/to/repos
    ... auth & authz stuff, Limit, ... for anonymous access within
certain limits
</Location>

Cheers, 

-- 
Johan
Received on 2010-04-29 12:42:20 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.