Cees,
Thank you for your reply.
I have the Authentication portion working properly. If I wanted to break up
the runmodes using different modules depending on the users privileges,
would CGI::Application::Dispatch be the way to handle the different
modules?
Kevin
----- Original Message -----
From: "Cees Hek" <[EMAIL PROTECTED]>
To: "Kevin" <[EMAIL PROTECTED]>
Cc: "CGI::Applicaiton" <[email protected]>
Sent: Sunday, April 02, 2006 3:36 PM
Subject: Re: [cgiapp] CAP::Authentication or CAP::Authorization
On 4/2/06, Kevin <[EMAIL PROTECTED]> wrote:
I am uncertain as to which module I need to use. I want to require login,
upon doing so, you belong to either one of two groups.
admin - Ability to access all runmodes.
associate - Ability to access only certain runmodes.
What I can't determine is do I want to use CAP::Authentication or
CAP::Authorization to achieve this.
You need both.
Authentication is used to figure out who we are dealing with (ie we
present a login and ask for credentials after which we know who the
user at the other end is)
Authorization is used to figure out who has access to what (in this
case, which users have access to which runmodes based on the groups
they belong to).
Start by setting up your authentication, as that will be required
regardless. Now you could just use your webserver to do the
authentication for you, and then just access $ENV{REMOTE_USER} to
figure out who is authenticated. Or you can use the Authentication
plugin to handle the authentication as part of your application.
After that, you need to deal with Authorization. Generally, I just
divide my application up into different pieces, so that certain groups
of people only have access to certain modules. That way you don't
have to worry about specific runmodes. Either you have access to
everything in the module, or you don't have access to anything it all.
In that case, you could use the web servers methods for authorization
as well, by restricting access to your instance scritps based on group
membership (See the Apache authentication and authorization docs for
more info). Or if you want to do this in your app, then use the
Authorization plugin.
Get yourself started and see how things go. Ask again if you run into
trouble, or have more questions.
Cheers,
Cees
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/[email protected]/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
