Re: [Catalyst] Catalyst with Twiggy with Pocket.IO (Comet)
I use SSL for authentification only. Rest is plain http. Maybe I might consider using SSL for comet feed Thanks for suggestion. On 29 November 2012 05:35, Bill Moseley mose...@hank.org wrote: On Wed, Nov 28, 2012 at 4:21 AM, Jaro Zajonc jaro.zaj...@gmail.comwrote: But if I direct traffic from Apache directly to Twiggy server I'd bypass Catalyst Authentication/Authorization part for Comet session, right? I'd like to allow only authenticated users to subscribe to comet channel. I am sure I am missing some really simple piece of the puzzle :-\ Are you over SSL by chance? I've done this by constructing a token on the authenticated server and then have the secondary server that can't fully authenticate validate the token which might be a simple digets of secret + timestamp. That is, the server w/o the auth validates that the token is legitimate and the SSL tells me it came from the client I gave it to. -- Bill Moseley mose...@hank.org ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst with Twiggy with Pocket.IO (Comet)
On 27 Nov 2012, at 20:11, Jaroslav Zajonc wrote: Hi all, I'd like to enable my Catalyst based (FastCGI) application to support a Comet (Long polling) service with help of Twiggy - Pocket.IO (or Stardust like) server. Now, for my Comet server I still want to use Catalyst app for Authorization/Authentification and proxy only allowed user to Comet server. I am really struggling to understand how to achieve that. Actually if possible, I'd be more than happy to have pure Catalyst app with Comet support. My current setup is Apache front-end server with 2nd app-server running CatalystFastCGI app. I intend to build Comet server on app-server as well. Any idea how can I achieve that? Just also run Twiggy, and direct comet traffic to the twiggy instance on your front end apache.. The checking authorisation part for one user will block the server - but that's ok really, as this is quick (I mean, it's quick in FCGI, right?) and the comet connections are, by their nature, long lived - so you don't make too many of them (i.e. there are lots of idle connections - which is why you're using an async server, but these connections are long lived - the actual act of connecting is rare). Until you have 1000s of concurrent users, you're unlikely to be doing enough re-connections to notice - and when you are, just balance connections across multiple copies of Twiggy with mod_proxy_balancer. Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst with Twiggy with Pocket.IO (Comet)
But if I direct traffic from Apache directly to Twiggy server I'd bypass Catalyst Authentication/Authorization part for Comet session, right? I'd like to allow only authenticated users to subscribe to comet channel. I am sure I am missing some really simple piece of the puzzle :-\ br, Jaro On 28 November 2012 10:56, Tomas Doran bobtf...@bobtfish.net wrote: On 27 Nov 2012, at 20:11, Jaroslav Zajonc wrote: Hi all, I'd like to enable my Catalyst based (FastCGI) application to support a Comet (Long polling) service with help of Twiggy - Pocket.IO (or Stardust like) server. Now, for my Comet server I still want to use Catalyst app for Authorization/Authentification and proxy only allowed user to Comet server. I am really struggling to understand how to achieve that. Actually if possible, I'd be more than happy to have pure Catalyst app with Comet support. My current setup is Apache front-end server with 2nd app-server running CatalystFastCGI app. I intend to build Comet server on app-server as well. Any idea how can I achieve that? Just also run Twiggy, and direct comet traffic to the twiggy instance on your front end apache.. The checking authorisation part for one user will block the server - but that's ok really, as this is quick (I mean, it's quick in FCGI, right?) and the comet connections are, by their nature, long lived - so you don't make too many of them (i.e. there are lots of idle connections - which is why you're using an async server, but these connections are long lived - the actual act of connecting is rare). Until you have 1000s of concurrent users, you're unlikely to be doing enough re-connections to notice - and when you are, just balance connections across multiple copies of Twiggy with mod_proxy_balancer. Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst with Twiggy with Pocket.IO (Comet)
On Nov 28, 2012, at 9:21 AM, Jaro Zajonc jaro.zaj...@gmail.com wrote:
But if I direct traffic from Apache directly to Twiggy server I'd bypass
Catalyst Authentication/Authorization part for Comet session, right?
I'd like to allow only authenticated users to subscribe to comet channel.
I am sure I am missing some really simple piece of the puzzle :-\
I've been through the same dilemma. Solved it by sharing appropriate
data between Plack and Catalyst using
Catalyst::TraitFor::Request::Plack::Session.
It's clumsy and I haven't thoroughly tested it, though… So, there might be
(serious)
limitations.
Here's how it goes… something along these lines:
builder {
enable 'Session',
store =
Plack::Session::Store::Cache-new( cache = CHI-new( driver = (…) ) );
mount '/' = $catalyst_psgi_app;# auth, etc..
# (you're logging in first, aren't you?)
# when you reach here, auth is already made
# and Plack::Session is stuffed
mount '/socket.io' = PocketIO-new(
handler = sub {
$_[1]-{'psgix.session'}-{can_foo};
}
);
};
… and then
plackup -s AnyEvent::FCGI myapp.psgi
Also, here, a message queue suits it well for sharing data and
messaging passing, given you've already pointed the proper queue key
in session.
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst with Twiggy with Pocket.IO (Comet)
I also faced this problem, and what I did to resolve it was move the
authentication piece out to Apache (from my Catalyst application), and then
used the Catalyst::Authentication::Credential::Remote module to 'use' what
Apache is doing for me. Once the auth config is in Apache, you can use it
to authenticate other applications as well (in my case it was a series of
Tomcat servlets). I'm really pleased with the solution.
-Tim
On Wed, Nov 28, 2012 at 9:04 AM, Gabriel Andrade gabi...@gmail.com wrote:
On Nov 28, 2012, at 9:21 AM, Jaro Zajonc jaro.zaj...@gmail.com wrote:
But if I direct traffic from Apache directly to Twiggy server I'd bypass
Catalyst Authentication/Authorization part for Comet session, right?
I'd like to allow only authenticated users to subscribe to comet channel.
I am sure I am missing some really simple piece of the puzzle :-\
I've been through the same dilemma. Solved it by sharing appropriate
data between Plack and Catalyst using
Catalyst::TraitFor::Request::Plack::Session.
It's clumsy and I haven't thoroughly tested it, though… So, there might be
(serious)
limitations.
Here's how it goes… something along these lines:
builder {
enable 'Session',
store =
Plack::Session::Store::Cache-new( cache = CHI-new( driver = (…) )
);
mount '/' = $catalyst_psgi_app;# auth, etc..
# (you're logging in first, aren't
you?)
# when you reach here, auth is already made
# and Plack::Session is stuffed
mount '/socket.io' = PocketIO-new(
handler = sub {
$_[1]-{'psgix.session'}-{can_foo};
}
);
};
… and then
plackup -s AnyEvent::FCGI myapp.psgi
Also, here, a message queue suits it well for sharing data and
messaging passing, given you've already pointed the proper queue key
in session.
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst with Twiggy with Pocket.IO (Comet)
Hi all,
Thanks a lot for all your suggestions. Yu helped me a lot.
thnx,
Jaro
On Nov 28, 2012, at 4:38 PM, Tim Anderson tja...@gmail.com wrote:
I also faced this problem, and what I did to resolve it was move the
authentication piece out to Apache (from my Catalyst application), and then
used the Catalyst::Authentication::Credential::Remote module to 'use' what
Apache is doing for me. Once the auth config is in Apache, you can use it to
authenticate other applications as well (in my case it was a series of Tomcat
servlets). I'm really pleased with the solution.
-Tim
On Wed, Nov 28, 2012 at 9:04 AM, Gabriel Andrade gabi...@gmail.com wrote:
On Nov 28, 2012, at 9:21 AM, Jaro Zajonc jaro.zaj...@gmail.com wrote:
But if I direct traffic from Apache directly to Twiggy server I'd bypass
Catalyst Authentication/Authorization part for Comet session, right?
I'd like to allow only authenticated users to subscribe to comet channel.
I am sure I am missing some really simple piece of the puzzle :-\
I've been through the same dilemma. Solved it by sharing appropriate
data between Plack and Catalyst using
Catalyst::TraitFor::Request::Plack::Session.
It's clumsy and I haven't thoroughly tested it, though… So, there might be
(serious)
limitations.
Here's how it goes… something along these lines:
builder {
enable 'Session',
store =
Plack::Session::Store::Cache-new( cache = CHI-new( driver = (…) ) );
mount '/' = $catalyst_psgi_app;# auth, etc..
# (you're logging in first, aren't you?)
# when you reach here, auth is already made
# and Plack::Session is stuffed
mount '/socket.io' = PocketIO-new(
handler = sub {
$_[1]-{'psgix.session'}-{can_foo};
}
);
};
… and then
plackup -s AnyEvent::FCGI myapp.psgi
Also, here, a message queue suits it well for sharing data and
messaging passing, given you've already pointed the proper queue key
in session.
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst with Twiggy with Pocket.IO (Comet)
On Wed, Nov 28, 2012 at 4:21 AM, Jaro Zajonc jaro.zaj...@gmail.com wrote: But if I direct traffic from Apache directly to Twiggy server I'd bypass Catalyst Authentication/Authorization part for Comet session, right? I'd like to allow only authenticated users to subscribe to comet channel. I am sure I am missing some really simple piece of the puzzle :-\ Are you over SSL by chance? I've done this by constructing a token on the authenticated server and then have the secondary server that can't fully authenticate validate the token which might be a simple digets of secret + timestamp. That is, the server w/o the auth validates that the token is legitimate and the SSL tells me it came from the client I gave it to. -- Bill Moseley mose...@hank.org ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
