After re-reading Jeff's solution (and getting some sleep) I tried it out and it worked perfectly! Thanks!
On Oct 28, 11:21 pm, Ken <[email protected]> wrote: > I think that this might be what I'm looking for, but I don't think > I've quite figured it out. I've followed the steps you've outlined, > but I'm unclear on how to implement the last beforeFilter function > since I'm using another authenticate function. I think I'm probably > missing something simple, but any help would be appreciated. This > works well on other servers, but not on a server with php as cgi. > > function beforeFilter() { > > $this->Auth->allow('feed'); > $this->Security->loginOptions = array( > 'type'=>'basic', > 'login'=>'authenticate', > 'realm'=>'CaseMojo iCal Feed', > ); > > $this->Security->loginUsers = array(); > $this->Security->requireLogin('feed'); > > parent::beforeFilter(); > > } > > function authenticate($args) { > > $data[ $this->Auth->fields['username'] ] = $args > ['PHP_AUTH_USER']; > $data[ $this->Auth->fields['password'] ] = $this->Auth->password > ($args['PHP_AUTH_PW']); > if ( $this->Auth->login($data) ) { > return true; > } else { > $this->Security->blackHole($this, 'login'); > > return false; > } > } > > On Sep 5, 5:57 pm, Jeff Deroshia <[email protected]> wrote: > > > > > I was able to find a workaround using mod_rewrite (a module that continues > > to amaze me with its usefulness). So for anyone else who needs to use the > >httpauthenticationmethods of the Security Component while running php > > through cgi, here's what I did to get it working: > > > In the .htaccess file in the webroot dir, I modified the default rewrite > > rule by removing the 'last' flag: > > > old: RewriteRule ^(.*)$ index.php?url=$1 [QSA,L] > > new: RewriteRule ^(.*)$ index.php?url=$1 [QSA] > > > Then I added another RewriteRule below that one, giving it the 'last' flag I > > took away from the previous rule: > > > RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L] > > > This new rule sets the environment variable REMOTE_USER to the value of the > >HTTPAuthorization header. With basicauthentication, which is what I am > > using since I'm behind an SSL connection, the Authorization string consists > > of the word 'Basic', a space, and a base64 encoded string of the supplied > > username and password separated by a colon (:). > > > Php adds this new environment variable to the $_SERVER superglobal array > > with the key 'REDIRECT_REMOTE_USER'. So, in my beforeFilter callback I've > > added the following code: > > > if(Configure::read('in_production') { > > list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , > > base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6))); > > > } > > > Now the variables that the Security Component (and php) use forHTTP > >Authenticationare set, which makes functionality that was only explicitly > > available in the apache php module also available in sites that have to use > > php through CGI/FastCGI > > > mod_rewrite rocks. > > > J3ffy > > > On Fri, Sep 4, 2009 at 10:23 AM, J3ffy <[email protected]> wrote: > > > I've been developing a system that does server-to-server communication > > > using BasicHTTPAuth forauthenticationbehind an SSL connection. > > > The requests are created and sent with the HttpSocket class. The > > > component that receives the requests uses the Security component to > > > force and checkauthentication. > > > > Everything has been working great on multiple test systems, but on the > > > production host, none of theAuthenticationcredentials were being > > > seen by the app. After a few hours of testing I discovered that on > > > all my test systems I'm using the Apache php module, but on the > > > production server, the php api is access through FastCGI. According > > > to the php documentation forHTTPauthenticationhere: > > >http://us3.php.net/manual/en/features.http-auth.phptheHTTP > > >authenticationhooks are only available when using the apache module > > > and not for php through cgi. > > > > It seems that I'm going to have to change my approach to > > > authenticating, but I have no idea what to change it to. Do you folks > > > have any suggestions? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
