Hello,
Yes! There is one very magic line in your code, which solved my problem. It is
this line:
$r->err_headers_out->set("WWW-Authenticate" => 'Basic realm="My Site"’);
I always used:
$r->headers_out->set("WWW-Authenticate" => 'Basic realm="My Site"’);
When digging into the documentation one can read: "The difference between
headers_out and err_headers_out, is that the latter are printed even on error,
and persist across internal redirects (so the headers printed for ErrorDocument
handlers will have them).”
When using Apache 2.2 with mod_perl 2.0.6 using “headers_out” was enough. When
using Apache 2.4 with mod_perl 2.0.9 seems to be more correct. :-)
Thank you!!!
> On 08 Mar 2016, at 15:03, Thomas den Braber <tho...@delos.nl> wrote:
>
> If the resource is not public and the user is not authenticated yet,
> you can add the 'WWW-Authenticate' http header and return the
> Apache2::Const::HTTP_UNAUTHORIZED status.
> This will trigger the browser to show the login dialog.
> You can also create a cookie and a session table in a database and check with
> this session.
>
> Example:
>
> my $authheader = $r->headers_in->{Authorization};
> $r->err_headers_out->set("WWW-Authenticate" => 'Basic realm="My Site"');
>
> # user did not enter credentials yet
> unless ($authheader){
> return Apache2::Const::HTTP_UNAUTHORIZED
> }
>
> # get the user and password
> my ($user, $passwd) = getBasicAuth(($authheader);
>
> # check your user and password
> unless (checkUserInDB($user, $passwd)){
> return Apache2::Const::HTTP_UNAUTHORIZED
> }
>
> return Apache2::Const::OK
>
> ########################## sub getBasicAuth ##########################
>
> sub getBasicAuth {
>
> my $authheader = shift;
> return unless $authheader;
>
> my ($cram) = $authheader =~ /^Basic (.*)/;
> return unless $cram;
> $cram = MIME::Base64::decode_base64 ($cram);
> return split (/:/, $cram, 2);
>
> }
Best regards
Matthias Schmitt
magic moving pixel s.a.
23, Avenue Grande-Duchesse Charlotte
L-3441 Dudelange
Luxembourg
Phone: +352 54 75 75
http://www.mmp.lu
