Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re^5: mod_perl handler for file downloads: good call or bad

by perrin (Chancellor)
on Jun 20, 2007 at 21:24 UTC ( #622398=note: print w/ replies, xml ) Need Help??


in reply to Re^4: mod_perl handler for file downloads: good call or bad
in thread mod_perl handler for file downloads: good call or bad

No, you really can use any kind of auth you like. There are many examples in the mod_perl docs and books, and on CPAN. For example, try the sample chapter from mod_perl Developer's Cookbook or Writing Apache Modules.


Comment on Re^5: mod_perl handler for file downloads: good call or bad
Re^6: mod_perl handler for file downloads: good call or bad
by clinton (Priest) on Jun 21, 2007 at 07:17 UTC
    That's what I thought, but when looking at it, you have three return options:
    • OK - in which case authz has been succesful and apache will continue on to serve the requested file
    • DECLINED - which says: well, I don't know, can somebody else please figure it out (ie run the other authz handlers)
    • HTTP_UNAUTHORIZED - which says, NO. But the browser responds to that with a basic authentication popup, which isn't what he wants

    Short of returning a redirect to a login form, I couldn't figure out how you would override the browser's standard response to a 401 error status.

    Do you have any ideas?

    Thanks

    Clint

      Seriously, you can do whatever you like. This is basic mod_perl functionality. Maybe it would help you to look at a complete example. Check out Apache::AuthCookie. It displays a form by defining a custom response for 401 errors. There are other ways to do it, like a redirect.
        OK, after a bit of research (RFC 2617 - HTTP Authentication), I've figured it out.

        The browser only pops up the basic authentication dialog if it receives an HTTP_UNAUTHORISED(401) return status and a WWW-Authenticate header.

        So instead, you can do what Apache::Cookie does:

        • Unauthenticated user:

          return an HTTP_FORBIDDEN (403) status and use $r->custom_response() to send them the HTML of your login form

        • Authenticated user:

          return OK, and apache will send them the file

        Clint

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://622398]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (14)
As of 2014-07-23 16:08 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (146 votes), past polls