Re: [OT] Optional HTTP Authentication ?
> In one of the earlier stages of processing - maybe a FixupHandler or ? a > AuthenHandler might be appropriate - you can do something like this: > > my $a = $r->header_in('Authorization'); > $a =~ s/^Basic (.*)/$1/; > my( $user, $pass ) = split(':', decode_base64( $a ) ); > > if( ) { > $ENV{REMOTE_USER} = $user; > } OK, I got this working using a fixup handler BUT there is a nasty trap. It happens that the environment variables which you set from Perl aren't inherited from sub-processes... which means that this technique is fine if the script that comes after authentication runs under Apache::Registry. Unfortunately, I might need the script to run under mod_cgi... I couldn't find how to tell the apache server to set environmental variables in the mod_perl pocket reference, anyone has got an idea? Cheers, -- IT'S TIME FOR A DIFFERENT KIND OF WEB Jean-Michel Hiver - Software Director [EMAIL PROTECTED] +44 (0)114 255 8097 VISIT HTTP://WWW.MKDOC.COM
Re: [OT] Optional HTTP Authentication ?
> Oh, I don't know, I think the poster was asking about how to produce this > effect with mod_perl. He wants to know *whether* a login was provided, even > on a *non-protected* page. That would let you say (while serving any old > page): > > if( $ENV{REMOTE_USER} eq 'admin' ) { > $r->print('Yo, you can do extra kewl stuff here.'); > } Yes, that is quite the case. > In one of the earlier stages of processing - maybe a FixupHandler or ? a > AuthenHandler might be appropriate - you can do something like this: > > my $a = $r->header_in('Authorization'); > $a =~ s/^Basic (.*)/$1/; > my( $user, $pass ) = split(':', decode_base64( $a ) ); > > if( ) { > $ENV{REMOTE_USER} = $user; > } > > So, now you can tell later during the request with a username/password was > offered (and you know it was a valid login/pass combo). That's very interesting! I don't think I can use an auth handler because then I would have to password protect the whole site (which I don't want to). I want to have just ONE page which is password protected (i.e. /login.html). The page would just be a redirect, but once the user entered his credentials then the browser should send them on the whole site and then I could do the following: /foo/properties.html IF authenticated IF authorized => trigger /foo/properties.html ELSE => send custom error page ELSE redirect to /login.html?from= Anyway I'm going to try that fixup handler thingie and I'll tell you how it goes :-) Cheers, -- IT'S TIME FOR A DIFFERENT KIND OF WEB Jean-Michel Hiver - Software Director [EMAIL PROTECTED] +44 (0)114 255 8097 VISIT HTTP://WWW.MKDOC.COM
Re: [OT] Optional HTTP Authentication ?
> This seems a little off topic. I think this is an architecture question, not > a mod perl question. Well, a bit of both I guess. > Basically, you want all you protected files to be located in /protected or > some other directory... No that is not possible. I am running a web application, there are no such things as 'files' (everything is done using PATH_INFO), only locations. Users can create as many locations as they want (i.e. /foo/bar/) and administrate them using URIs such as /foo/bar/properties.html, /foo/bar/contents.html, etc. There are some locations which do not need to be protected, i.e. /foo/bar/ /foo/bar/print.html /foo/bar/dc.xml /foo/bar/rss100.rdf But some others need to, like: /foo/bar/properties.html /foo/bar/contents.html /foo/bar/move.html etc. I want to use HTTP authentication for that, but of course I cannot password protect the whole site, because public users would not be so happy! Any ideas? -- IT'S TIME FOR A DIFFERENT KIND OF WEB Jean-Michel Hiver - Software Director [EMAIL PROTECTED] +44 (0)114 255 8097 VISIT HTTP://WWW.MKDOC.COM