Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re^4: mod_perl handler for file downloads: good call or bad

by Errto (Vicar)
on Jun 20, 2007 at 19:29 UTC ( #622368=note: print w/ replies, xml ) Need Help??


in reply to Re^3: mod_perl handler for file downloads: good call or bad
in thread mod_perl handler for file downloads: good call or bad

I've been looking over the link sent by Fletch and it really doesn't look like that's the case. The Authz seems to depend on a successful pass of the Authen pahse, which in turn requires the directory to be protected with either Basic or Digest authentication as configured in httpd.conf My application uses neither Basic nor Digest authentication but rather a third-party authentication module that communicates the user ID in a custom manner. The issue is not showing a login page but rather that I have to reject the request if the user ID (as determined through my custom method) should not have access to the resource.


Comment on Re^4: mod_perl handler for file downloads: good call or bad
Re^5: mod_perl handler for file downloads: good call or bad
by clinton (Priest) on Jun 20, 2007 at 19:37 UTC
    Hmm- it looks like you have a point there. In which case it may be easier to use a standard PerlRequestHandler, and if they are allowed access, use $r->sendfile($filename) to send the file.

    Clint

Re^5: mod_perl handler for file downloads: good call or bad
by perrin (Chancellor) on Jun 20, 2007 at 21:24 UTC
      That's what I thought, but when looking at it, you have three return options:
      • OK - in which case authz has been succesful and apache will continue on to serve the requested file
      • DECLINED - which says: well, I don't know, can somebody else please figure it out (ie run the other authz handlers)
      • HTTP_UNAUTHORIZED - which says, NO. But the browser responds to that with a basic authentication popup, which isn't what he wants

      Short of returning a redirect to a login form, I couldn't figure out how you would override the browser's standard response to a 401 error status.

      Do you have any ideas?

      Thanks

      Clint

        Seriously, you can do whatever you like. This is basic mod_perl functionality. Maybe it would help you to look at a complete example. Check out Apache::AuthCookie. It displays a form by defining a custom response for 401 errors. There are other ways to do it, like a redirect.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://622368]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (6)
As of 2014-12-23 05:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (135 votes), past polls