This seems to be working well but my question is is there a better way?
Hi Jaldhar,
In my experiences with Perl and C::A, I've discovered that there's always a better way. The question is whether it's worth the effort to pursue. Against the advice of the C::A creator, I and many others on the list have successfully used this method of authenticating and authorizing access to runmodes.
However, I have begun to take Jesse's advice to use Apache's (or whatever webserver you are using) built-in support for authen/authz phases to reduce the amount of code I write. I use Apache::Cookie which works fine for authentication (determining that a user is who s/he says s/he is) but I have not used it to do authorization (granting access to pages based on rights).
I usually do the same thing. And like you said, it usually reduces the amount of code that I write as well. But I do both authentication and authorization.
In some respects, the method you've described seems easier to me for handling authorization. Cees suggestion from the Wiki[1] is to break out runmodes into separate modules to handle authorization. It's workable but sometimes seems a bit redundant.
I try to combine these two approaches. For instance, by using CGI::Application::Dispatch I have urls that look like this:
/app/admin_users/search
Which translates into using the Admin::Users application module (in which I place all functionality relating to users that an admin would use) with the run mode 'search'.
I can then do something like this in my httpd.conf file to protect access to that module:
<LocationMatch "/app/admin_.*">
Require group admin
</LocationMatch>This would mean that all of my application modules in the Admin::* namespace would be protected without having to do anything else. Now all I would have to do is right the PerlAuthenHandler and PerlAuthzHandler to determine who the user is and then if they are in the 'admin' group.
And if I wanted to protect some method, or group of methods in a different application module, then I could do the following:
<LocationMatch "/app/public_stuff/admin_.*">
Require group admin
</LocationMatch>This would mean that all run modes in the Public::Stuff application module that begin with 'admin_' would also be protected.
Hope that gives you even more ideas.
-- Michael Peters Developer Plus Three, LP
--------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/cgiapp@lists.erlbaum.net/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
