[decsec]
# the key to look in the environment for to determine the REMOTE_USER
remote_user_key=REMOTE_USER

# the exception raised when a deny happens
deny_exception=Paste.httpexceptions:HTTPForbidden

# log_filename can be STDOUT, STDERR, or NONE, or a filename
log_filename=%(here)s/decsec.log

# allows log at log_level "debug", denies log at log_level "info",
log_level=info

# if no acl matches the principals implied by the request, the default
# behavior is to deny, set nomatch_allow to true to invert
nomatch_allow=false

# hooks
initialize_hook=decsec.sample:initialize
before_check_hook=decsec.sample:before_check
request_principals_hook=decsec.sample:request_principals
request_acl_hook=decsec.sample:request_acl
request_permission_hook=decsec.sample:request_permission
after_check_hook=decsec.sample:after_check