Todd Chapman wrote:
> I need to decide who has access based on the URI. I guess this means I
> can't use Apache's Basic auth module, since I can't dynamically set
> require.
as I was saying, go ahead and set the Require directive on the <Location> (or
whatever)
that you want to protect. if a URI comes in that you want to allow _without_ checking
the
password just call
$r->set_handlers(PerlAuthenHandler => [\&OK]);
which will essentially short-circuit Apache's default authentication mechanism before
mod_auth gets the chance to step in. you could do this from a PerlAccessHandler or (I
suppose) a PerlTransHandler. you could probably even just return OK from a
PerlAuthenHandler if $r->uri =~ m/some_ok_uri/ and skip the previous code (though if
you
use something other than Require valid-user you'll have to skip the Authorization
phase as
well using a similar measure).
basically, mod_perl gives you a hook into authentication that lets you do whatever you
want - returning OK says that you have validated the user using your own criteria, and
mod_auth need not run. returning DECLINED (as you mentioned earlier) allows mod_auth
to run.
> Does the cookbook have a code sample of checking the password for
> basic authentication?
well, not via .htpasswd files, no. in general, it doesn't make much sense to use
mod_perl
to duplicate the same things that Apache already does for you, since the Apache code
is
faster, has had more eyeballs looking at it for longer, etc. in that sense you
wouldn't
want to write your own routine to just check a flat file. where mod_perl really
shines
wrt authentication is with all the other things Perl does well, such as using DBI to
authenticate against a database, or working with other schemes like SMB or Radius -
see
the 25+ Apache::Auth* modules on CPAN for just about anything you could think of.
however, we do describe how to use the mod_perl API to interact with Apache the same
way
mod_auth does using $r->get_basic_auth_pw() and $r->not_basic_auth_failure() in a few
different ways. you will also find those two methods in the eagle book if you have it.
make sense?
--Geoff
