Re: [Catalyst] 5.80005: $c->req->remote_user and apache: excluding actions from authentication

Tue, 09 Jun 2009 11:52:18 -0700 

On Tue, Jun 9, 2009 at 7:53 PM, Tomas Doran <[email protected]> wrote:

> Francesc Romà i Frigolé wrote:
>
>> This is more of an apache question than a Catalyst one, but I'd appreciate
>> some help.
>>
>> I'm trying the new feature $c->req->remote_user introduced in 5.80005. I'd
>> like to know if it is possible to tell apache, in a .htaccess file, to not
>> ask authentication for a certain set of URIs (for example matching /public/)
>>
>
> Yes, it is.
>
> <Location /public>
>   Satisfy Any
>   Allow from All
> </Location>
>
> should do what you want.
>


Thanks Tomas, but I get the error:  .htaccess: <Location not allowed here

This is because <Location> is not an "htaccess directive". See
http://httpd.apache.org/docs/1.3/mod/core.html#location

I also tried with <FilesMatch> which it is allowed, but it doesn't seem to
work (which makes sense because I'm not actually matching any file but a
catalyst action )



>
> Also, if you haven't seen it yet:
>
> http://search.cpan.org/~bobtfish/Catalyst-Plugin-Authentication-0.10012/lib/Catalyst/Authentication/Credential/Remote.pm<http://search.cpan.org/%7Ebobtfish/Catalyst-Plugin-Authentication-0.10012/lib/Catalyst/Authentication/Credential/Remote.pm>
>


It looks very interesting. From your explanation

    # in your Controller/Root.pm you can implement "auto-login" in this way
    sub begin : Private {
        my ( $self, $c ) = @_;

        unless ($c->user_exists) {
            # authenticate() for this module does not need any user info
            # as the username is taken from $c->req->remote_user and
            # password is not needed

            unless ($c->authenticate( {} )) {
              # return 403 forbidden or kick out the user in other way
            };
        }
    }


it seems that it should be possible to tell apache that authentication is
optional, but I don't know how to do that. How can I make apache ask for a
username/password but not return a 401 Authorization Required error?

Thanks,
Francesc

_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/

Reply via email to