Re: [OT] Optional HTTP Authentication ?
> In one of the earlier stages of processing - maybe a FixupHandler or ? a
> AuthenHandler might be appropriate - you can do something like this:
>
> my $a = $r->header_in('Authorization');
> $a =~ s/^Basic (.*)/$1/;
> my( $user, $pass ) = split(':', decode_base64( $a ) );
>
> if( ) {
> $ENV{REMOTE_USER} = $user;
> }
OK, I got this working using a fixup handler BUT there is a nasty trap.
It happens that the environment variables which you set from Perl aren't
inherited from sub-processes... which means that this technique is fine
if the script that comes after authentication runs under
Apache::Registry.
Unfortunately, I might need the script to run under mod_cgi... I
couldn't find how to tell the apache server to set environmental
variables in the mod_perl pocket reference, anyone has got an idea?
Cheers,
--
IT'S TIME FOR A DIFFERENT KIND OF WEB
Jean-Michel Hiver - Software Director
[EMAIL PROTECTED]
+44 (0)114 255 8097
VISIT HTTP://WWW.MKDOC.COM
Re: [OT] Optional HTTP Authentication ?
> Oh, I don't know, I think the poster was asking about how to produce this
> effect with mod_perl. He wants to know *whether* a login was provided, even
> on a *non-protected* page. That would let you say (while serving any old
> page):
>
> if( $ENV{REMOTE_USER} eq 'admin' ) {
> $r->print('Yo, you can do extra kewl stuff here.');
> }
Yes, that is quite the case.
> In one of the earlier stages of processing - maybe a FixupHandler or ? a
> AuthenHandler might be appropriate - you can do something like this:
>
> my $a = $r->header_in('Authorization');
> $a =~ s/^Basic (.*)/$1/;
> my( $user, $pass ) = split(':', decode_base64( $a ) );
>
> if( ) {
> $ENV{REMOTE_USER} = $user;
> }
>
> So, now you can tell later during the request with a username/password was
> offered (and you know it was a valid login/pass combo).
That's very interesting! I don't think I can use an auth handler because
then I would have to password protect the whole site (which I don't want
to).
I want to have just ONE page which is password protected (i.e.
/login.html). The page would just be a redirect, but once the user
entered his credentials then the browser should send them on the whole
site and then I could do the following:
/foo/properties.html
IF authenticated
IF authorized => trigger /foo/properties.html
ELSE => send custom error page
ELSE
redirect to /login.html?from=
Anyway I'm going to try that fixup handler thingie and I'll tell you how
it goes :-)
Cheers,
--
IT'S TIME FOR A DIFFERENT KIND OF WEB
Jean-Michel Hiver - Software Director
[EMAIL PROTECTED]
+44 (0)114 255 8097
VISIT HTTP://WWW.MKDOC.COM
Re: [OT] Optional HTTP Authentication ?
> This seems a little off topic. I think this is an architecture question, not > a mod perl question. Well, a bit of both I guess. > Basically, you want all you protected files to be located in /protected or > some other directory... No that is not possible. I am running a web application, there are no such things as 'files' (everything is done using PATH_INFO), only locations. Users can create as many locations as they want (i.e. /foo/bar/) and administrate them using URIs such as /foo/bar/properties.html, /foo/bar/contents.html, etc. There are some locations which do not need to be protected, i.e. /foo/bar/ /foo/bar/print.html /foo/bar/dc.xml /foo/bar/rss100.rdf But some others need to, like: /foo/bar/properties.html /foo/bar/contents.html /foo/bar/move.html etc. I want to use HTTP authentication for that, but of course I cannot password protect the whole site, because public users would not be so happy! Any ideas? -- IT'S TIME FOR A DIFFERENT KIND OF WEB Jean-Michel Hiver - Software Director [EMAIL PROTECTED] +44 (0)114 255 8097 VISIT HTTP://WWW.MKDOC.COM
