Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re^3: mod_perl handler for file downloads: good call or bad

by clinton (Priest)
on Jun 20, 2007 at 18:24 UTC ( #622348=note: print w/ replies, xml ) Need Help??


in reply to Re^2: mod_perl handler for file downloads: good call or bad
in thread mod_perl handler for file downloads: good call or bad

You can do anything you like in the PerlAuthzHandler, including returning a login page - HTTP authentication is just how apache implements it by default

Clint


Comment on Re^3: mod_perl handler for file downloads: good call or bad
Re^4: mod_perl handler for file downloads: good call or bad
by Errto (Vicar) on Jun 20, 2007 at 19:29 UTC
    I've been looking over the link sent by Fletch and it really doesn't look like that's the case. The Authz seems to depend on a successful pass of the Authen pahse, which in turn requires the directory to be protected with either Basic or Digest authentication as configured in httpd.conf My application uses neither Basic nor Digest authentication but rather a third-party authentication module that communicates the user ID in a custom manner. The issue is not showing a login page but rather that I have to reject the request if the user ID (as determined through my custom method) should not have access to the resource.
      Hmm- it looks like you have a point there. In which case it may be easier to use a standard PerlRequestHandler, and if they are allowed access, use $r->sendfile($filename) to send the file.

      Clint

        That's what I thought, but when looking at it, you have three return options:
        • OK - in which case authz has been succesful and apache will continue on to serve the requested file
        • DECLINED - which says: well, I don't know, can somebody else please figure it out (ie run the other authz handlers)
        • HTTP_UNAUTHORIZED - which says, NO. But the browser responds to that with a basic authentication popup, which isn't what he wants

        Short of returning a redirect to a login form, I couldn't figure out how you would override the browser's standard response to a 401 error status.

        Do you have any ideas?

        Thanks

        Clint

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://622348]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (8)
As of 2014-11-20 22:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My preferred Perl binaries come from:














    Results (102 votes), past polls