Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re^5: mod_perl handler for file downloads: good call or bad

by perrin (Chancellor)
on Jun 20, 2007 at 21:24 UTC ( #622398=note: print w/ replies, xml ) Need Help??


in reply to Re^4: mod_perl handler for file downloads: good call or bad
in thread mod_perl handler for file downloads: good call or bad

No, you really can use any kind of auth you like. There are many examples in the mod_perl docs and books, and on CPAN. For example, try the sample chapter from mod_perl Developer's Cookbook or Writing Apache Modules.


Comment on Re^5: mod_perl handler for file downloads: good call or bad
Re^6: mod_perl handler for file downloads: good call or bad
by clinton (Priest) on Jun 21, 2007 at 07:17 UTC
    That's what I thought, but when looking at it, you have three return options:
    • OK - in which case authz has been succesful and apache will continue on to serve the requested file
    • DECLINED - which says: well, I don't know, can somebody else please figure it out (ie run the other authz handlers)
    • HTTP_UNAUTHORIZED - which says, NO. But the browser responds to that with a basic authentication popup, which isn't what he wants

    Short of returning a redirect to a login form, I couldn't figure out how you would override the browser's standard response to a 401 error status.

    Do you have any ideas?

    Thanks

    Clint

      Seriously, you can do whatever you like. This is basic mod_perl functionality. Maybe it would help you to look at a complete example. Check out Apache::AuthCookie. It displays a form by defining a custom response for 401 errors. There are other ways to do it, like a redirect.
        OK, after a bit of research (RFC 2617 - HTTP Authentication), I've figured it out.

        The browser only pops up the basic authentication dialog if it receives an HTTP_UNAUTHORISED(401) return status and a WWW-Authenticate header.

        So instead, you can do what Apache::Cookie does:

        • Unauthenticated user:

          return an HTTP_FORBIDDEN (403) status and use $r->custom_response() to send them the HTML of your login form

        • Authenticated user:

          return OK, and apache will send them the file

        Clint

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://622398]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (5)
As of 2015-07-04 09:28 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (59 votes), past polls