I am finding that if I have a runmode that is protected via
authentication and authorization, the authen doesn't happen before the
authz is validated.
In otherwords, I want a authen to happen first; if it fails, redirect
to the login. If authen is okay, proceseed to authz.
Right now I have this unsettling bit of code in my authz driver's
authorize_user method:
sub authorize_user {
my $self = shift; my ($username, $required_permission) = @_;
return 1 if (!$username or $required_permission);
....
I figure that if there is no $username, then authen has failed. But,
because of the ordering of calls, it appears that if this is the case,
I have to succeed authorize_user and rely on authen to redirect the
login - this seems backwards. Authen should fail before anything is
checked with authz. What am I doing wrong?
Thank you,
Brett
##### CGI::Application community mailing list ################
## ##
## To unsubscribe, or change your message delivery options, ##
## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ##
## ##
## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ##
## Wiki: http://cgiapp.erlbaum.net/ ##
## ##
################################################################
