Aaron Ross wrote: > > shouldn't stacked handlers be the right solution here? are stacked auth > handlers not allowed or something? >
yes, you can stack multiple auth handlers. the only problem is that, for the PerlAuthenHandler and PerlAuthzHandler the first handler to return an Apache error code (anything other than OK, DECLINED, or DONE) terminates the chain. which is generally fine, except when you want to return AUTH_REQUIRED and note_basic_auth_failure(). when writing your own auth modules, you could return DECLINED (and not call note_basic_auth_failure()) instead of AUTH_REQUIRED and let mod_auth take care of setting AUTH_REQUIRED for you (since the perl handlers generally run before the Apache C modules). however, with Apache::AuthFoo, the AUTH_REQUIRED stuff is generally compiled in, which means that the authentication chain is terminated prematurely. the solution darren posted is kinda nifty and is along the lines of what you would need to have in order to use the shrink-wrapped Apache:: solutions - one controlling handler that traps the return code of the other handlers, keeping them from Apache so that Apache doesn't end the handler chain before you're ready. HTH --Geoff