Re^4: mod_perl handler for file downloads: good call or bad

in reply to Re^3: mod_perl handler for file downloads: good call or bad
in thread mod_perl handler for file downloads: good call or bad

I've been looking over the link sent by Fletch and it really doesn't look like that's the case. The Authz seems to depend on a successful pass of the Authen pahse, which in turn requires the directory to be protected with either Basic or Digest authentication as configured in httpd.conf My application uses neither Basic nor Digest authentication but rather a third-party authentication module that communicates the user ID in a custom manner. The issue is not showing a login page but rather that I have to reject the request if the user ID (as determined through my custom method) should not have access to the resource.

Comment on Re^4: mod_perl handler for file downloads: good call or bad

Replies are listed 'Best First'.
Re^5: mod_perl handler for file downloads: good call or bad by perrin (Chancellor) on Jun 20, 2007 at 21:24 UTC
No, you really can use any kind of auth you like. There are many examples in the mod_perl docs and books, and on CPAN. For example, try the sample chapter from mod_perl Developer's Cookbook or Writing Apache Modules.	[reply]
Re^6: mod_perl handler for file downloads: good call or bad by clinton (Priest) on Jun 21, 2007 at 07:17 UTC
That's what I thought, but when looking at it, you have three return options: `OK` - in which case authz has been succesful and apache will continue on to serve the requested file `DECLINED` - which says: well, I don't know, can somebody else please figure it out (ie run the other authz handlers) `HTTP_UNAUTHORIZED` - which says, NO. But the browser responds to that with a basic authentication popup, which isn't what he wants Short of returning a redirect to a login form, I couldn't figure out how you would override the browser's standard response to a 401 error status. Do you have any ideas? Thanks Clint	[reply] [d/l] [select]
Re^7: mod_perl handler for file downloads: good call or bad by perrin (Chancellor) on Jun 21, 2007 at 13:39 UTC
Seriously, you can do whatever you like. This is basic mod_perl functionality. Maybe it would help you to look at a complete example. Check out Apache::AuthCookie. It displays a form by defining a custom response for 401 errors. There are other ways to do it, like a redirect.	[reply]
Re^8: mod_perl handler for file downloads: good call or bad by clinton (Priest) on Jun 21, 2007 at 16:02 UTC
Re^5: mod_perl handler for file downloads: good call or bad by clinton (Priest) on Jun 20, 2007 at 19:37 UTC
Hmm- it looks like you have a point there. In which case it may be easier to use a standard `PerlRequestHandler`, and if they are allowed access, use `$r->sendfile($filename)` to send the file. Clint	[reply] [d/l] [select]

In Section Seekers of Perl Wisdom