OK so it's not quite my idea of a fun bank holliday weekend, but this thing
has been getting at me for such a long time now that I just had to get it
working.
So I'm going to do now what apparently noone else has done before... - I
have a working A:A:P:S setup (although it is a bit of a bodge).. here it is:
Basically, the whole thing works fine just by using it as the API sugests,
apart from the redirect bit. What iis supposed to happen is that, if you
acccess a page that is restricted you will get an error 403 (a sandard 'you
don't have permission' error message). So the API suggests that in
httpd.conf you add a line which reads:
ErrorDocument 403 /redirect?url=/login.xsp
A:A:P:S is spposed to build the redirect page on the fly, but it doesn't
seem to work, so no redirect happens and you are left with a standard 'you
dont have permission' page rather than a login page. One way around this is
th change that line to:
ErrorDocument 403 /login.xsp
This gets the redirect working, but the resulting login page will not
actually work (you cant log in). As far as I can tell, this is because that
redirect is an internal redirect rather than an external one. Looking at the
source code for the plugin, I can see that the redirect page that is
supposed to get build on the fly, is just a very basic html page with a meta
refresh.
So, the fix:
create your own /redirect.xsp page... one that looks like this:
<?xml version="1.0" encoding="ISO-8859-1"?>
<xsp:page language="Perl" xmlns:xsp="http://www.apache.org/1999/XSP/Core";>
<page>
<xsp:logic>
my $location = Apache::Request->instance($r)->param('url');
$r->header_out(Location => $location);
Apache::AxKit::Plugin::Session::->fixup_redirect($r);
</xsp:logic>
</page>
</xsp:page>
now, if you add the line to httpd.conf: ErrorDocument 403
/redirect?url=/login.xsp, the redirect works just fine, and you can log in
in the resulting page. However there is still one slight problem. After a
sucessful login, you should be taken back to the restricted page that you
requested in the first place. The way this is supposed to work according to
the example login page that came with the plugin is like so:
first you work out where the redirect should take you:
my $dest = Apache::Request->instance($r)->param->{'destination'} ||
<auth:get-location/>
(which on your first visit to the login page (after a 403 redirect) will set
$dest to the value of <auth:get-location/> - the restricted page you
requested)
then you add a hidden form to store that value.
<input type="hidden" name="destination">
<xsp:attribute name="value"><xsp:expr>$dest</xsp:expr></xsp:attribute>
</input>
The <auth:login> tag is supposed to use the value of the 'destination'
parameter to issue the final redirect... but it doesn't work. So, the fiix:
We use our redirect.xsp page again to issue the correct redirect. We can
force <auth:login> to issue a redirect by adding a <auth:destination> with
the desired page location (which we pull directly from our 'destination'
parameter.
<auth:login>
<auth:destination>/redirect?url=<xsp:expr>Apache::Request->instance($r)->param->{'destination'}</xsp:expr></auth:destination>
<auth:access
type="user"><xsp:expr>$form_username</xsp:expr></auth:access>
<auth:access type="level"><xsp:expr>$level</xsp:expr></auth:access>
<xsp:logic>
foreach my $group (@groups) {
<auth:access
type="group"><xsp:expr>$group</xsp:expr></auth:access>
}
</xsp:logic>
</auth:login>
One more thing: you must change the line which set the value of the hidden
'destination' form field to read:
my $dest = Apache::Request->instance($r)->param->{'destination'} ||
<auth:get-location/> || '/mysite';
where '/mysite' is the default page to redirect to (if we have accessed
/login.xsp directly).
I'll admit, this method is not perfect, but it does work. It would be great
to have A:A:P:S build a redirection page on the fly, but it just does't
work.
If anyone dissagrees, and they have A:A:P:S building redirection pages on
the fly, I'd love to know how you did it... But for now, here is a method
that works.
Any questions, please ask.
Any suggestions, please suggest.
Tom
_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger 7.0 today!
http://messenger.msn.co.uk
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
