I tried to modify the Web agenda/calendar
chronos (http://chronoss.sourceforge.net) in such a way that everyone can
look at the calendar without authentication but changes need basic
authentication. In other words, URLs like
http://.../chronos?action=showday&;....
should go through without authentication and only if an URL like
http://.../chronos?action=editevent&;....
is requested, basic authentication takes place.
The only related think I found googling is
www.gossamer-threads.com/archive/mod_perl_C1/dev_F4/Apache::Test_patch_P25603
where the use of PerlHeaderParserHandler is suggested. The code discussed in
this thread did not work out of the box, I append my version which works
with apache-1.3.27.
My question: Is this a good idea? Is there a better/more canonical way?
Many thanks, Meik
#---------------------------------------------------------------------
package Auth;
#
# from httpd.conf:
#
# PerlHeaderParserHandler Auth
# AuthName "Chronos" # For some reason, this must be set.
# # "AuthType" is not set.
# # "PerlAuthenHandler" is not set
use Apache;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
return OK unless $r->is_initial_req;
# is this URL protected?
return OK unless is_protected($r);
# We got an answer using basic authentication
if ($r->header_in('Authorization')){
my ($res,$password) = $r->get_basic_auth_pw;
my $username = $r->connection->user;
... check ...
if( ... not_authorized .... ) {
$r->note_basic_auth_failure;
return AUTH_REQUIRED;
}
return OK;
}
# switch to basic authentication. This is the realm we really use.
$r->auth_name("Event Calendar");
$r->note_basic_auth_failure;
return AUTH_REQUIRED;
}
sub is_protected {
my $r= shift;
my $meth=$r->method;
my $args = $r->args;
return 1 if $meth =~ /POST/;
return 1 if $args=~ /delfile/;
return 0;
}
1;
--
Meik Hellmund
Institut fuer Mathematik, Uni Leipzig
e-mail: [EMAIL PROTECTED]
http://www.math.uni-leipzig.de/~hellmund
