pgollucci at p6m7g8
May 21, 2008, 7:26 AM
Post #7 of 8
(798 views)
Permalink
|
|
Re: PerlAuthenHandler and ErrorDocument 401
[In reply to]
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| I have uploaded my MyAuthenHandler.pm and the modules it relies on for
| configuration perhaps if you have time you could peruse the code and let me
| know if I am doing anything wrong for this type of operation.
|
| Thanks again for your help on this.
|
| http://www.nabble.com/file/p17356582/MyAuthenHandler.pm MyAuthenHandler.pm
| http://www.nabble.com/file/p17356582/MyModPerlUtility.pm MyModPerlUtility.pm
| http://www.nabble.com/file/p17356582/MyModPerlDBUtility.pm
| MyModPerlDBUtility.pm
In my experience and a few others on the list if you search the archives, its
almost never worth it to override <Location /> with something unless you don't
have any 'assets' being served from this server which is an advisable idea.
Anyway, I think what you are after might be a fully baked AAA (3 httpd phases)
More examples are on perl.apache.org
Everything below is a snippet of a live site.
vhosts-ssl/site.conf:
- ---------------------
<Location /timeline/login>
~ SetHandler modperl
~ AuthType Basic
~ AuthName "ISST"
~ Require valid-user
~ PerlAccessHandler ISST::Access
~ PerlAuthenHandler ISST::Authen
~ PerlResponseHandler ISST::Login
</Location>
vhosts/site.conf:
- -----------------
RewriteEngine On
RewriteRule ^/timeline/login https://%{SERVER_NAME}/timeline/login [L,R]
PerlMapToStorageHandler ISST::MapToStorage
### AAA
<Location /timeline>
~ AuthType Basic
~ AuthName "ISST"
~ Require valid-user
~ PerlAccessHandler ISST::Access
~ PerlAuthenHandler ISST::Authen
~ PerlAuthzHandler ISST::Authz
</Location>
<Location /timeline/login>
~ SetHandler modperl
~ PerlResponseHandler ISST::Login
</Location>
ISST/Access.pm:
- ---------------
package ISST::Access;
use Apache2::RequestRec ();
use Apache2::Const -compile => qw(DECLINED REDIRECT OK);
use Apache2::Cookie ();
sub handler {
~ my $r = shift;
~ return Apache2::Const::DECLINED
if $r->uri =~ m#/timeline/(privacy|register)#;
~ ....
~ return Apache2::Const::OK;
}
ISST/Authen.pm:
- ---------------
package ISST::Authen;
use Apache2::RequestRec ();
use Apache2::Const -compile => qw(OK REDIRECT);
use Apache2::Cookie ();
sub handler {
~ my $r = shift;
~ ## can't used DECLINED or you get the REALM popup
~ return Apache2::Const::OK
if $r->uri =~ m#/timeline/(login|logout|register|privacy)#;
~ if (ISST::User->getLoggedIn($r)) {
~ return Apache2::Const::OK;
~ }
~ else {
~ $r->note_basic_auth_failure;
~ $r->headers_out->set(Location => ISST::Const::URL_LOGIN);
~ return Apache2::Const::REDIRECT;
~ }
}
ISST/Authz.pm:
- --------------
package ISST::Authz;
use Apache2::RequestRec ();
use Apache2::Const -compile => qw(DECLINED OK HTTP_UNAUTHORIZED);
sub handler {
~ my $r = shift;
~ return Apache2::Const::DECLINED
unless $r->uri =~ m#/timeline/(foo)#;
~ my $resource = $1;
~ my $user = ISST::User->getLoggedIn($r);
~ if ($user->isAllowed($resource)) {
~ return Apache2::Const::OK;
~ }
~ else {
~ return Apache2::Const::HTTP_UNAUTHORIZED;
~ }
}
ISST/MapToStorage.pm:
- ---------------------
package ISST::MapToStorage;
use Apache2::RequestRec ();
use Apache2::Const -compile => qw(DECLINED OK);
sub handler {
~ my $r = shift;
~ return Apache2::Const::OK if $r->uri =~ m|/timeline|;
~ return Apache2::Const::DECLINED;
}
- --
- ------------------------------------------------------------------------
Philip M. Gollucci (philip [at] ridecharge)
o:703.549.2050x206
Senior System Admin - Riderway, Inc.
http://riderway.com / http://ridecharge.com
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C
Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFINDEIdbiP+9ubjBwRAq31AJ9y7tGTBEvCdNWP11mWthol5RRTVQCdEvym
w8yXkT7TpPCm81kKfDBrv1Q=
=6jT8
-----END PGP SIGNATURE-----
|
