Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Re^5: mod_perl handler for file downloads: good call or bad

by perrin (Chancellor)
on Jun 20, 2007 at 21:24 UTC ( #622398=note: print w/replies, xml ) Need Help??

in reply to Re^4: mod_perl handler for file downloads: good call or bad
in thread mod_perl handler for file downloads: good call or bad

No, you really can use any kind of auth you like. There are many examples in the mod_perl docs and books, and on CPAN. For example, try the sample chapter from mod_perl Developer's Cookbook or Writing Apache Modules.
  • Comment on Re^5: mod_perl handler for file downloads: good call or bad

Replies are listed 'Best First'.
Re^6: mod_perl handler for file downloads: good call or bad
by clinton (Priest) on Jun 21, 2007 at 07:17 UTC
    That's what I thought, but when looking at it, you have three return options:
    • OK - in which case authz has been succesful and apache will continue on to serve the requested file
    • DECLINED - which says: well, I don't know, can somebody else please figure it out (ie run the other authz handlers)
    • HTTP_UNAUTHORIZED - which says, NO. But the browser responds to that with a basic authentication popup, which isn't what he wants

    Short of returning a redirect to a login form, I couldn't figure out how you would override the browser's standard response to a 401 error status.

    Do you have any ideas?



      Seriously, you can do whatever you like. This is basic mod_perl functionality. Maybe it would help you to look at a complete example. Check out Apache::AuthCookie. It displays a form by defining a custom response for 401 errors. There are other ways to do it, like a redirect.
        OK, after a bit of research (RFC 2617 - HTTP Authentication), I've figured it out.

        The browser only pops up the basic authentication dialog if it receives an HTTP_UNAUTHORISED(401) return status and a WWW-Authenticate header.

        So instead, you can do what Apache::Cookie does:

        • Unauthenticated user:

          return an HTTP_FORBIDDEN (403) status and use $r->custom_response() to send them the HTML of your login form

        • Authenticated user:

          return OK, and apache will send them the file


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://622398]
[Discipulus]: no no seriously, redss posed a good question in the right moment, and you gave as always wonderful answers
[Discipulus]: Tanktalus my comment was about how to fork & join in tk?
[marioroy]: Oh, I've might of missed Discipulus's earlier response. I had gone to bed.
[Tanktalus]: ah, I don't even have the perlmonks site open in my browser :)
Tanktalus is chatting through his cbstats application :)
[marioroy]: Perl is so much fun.
[Discipulus]: Tanktalus i recently started a Meditation about marioroy's MCE suit of modules, but is even better to see a practical question answered than responses to my meditation
[Discipulus]: good night mario!
[Tanktalus]: yeah, I saw you post about MCE - the concept looks really really cool. I wonder how well it plays with Coro :)
[Lady_Aleena]: Hi guys. I asked this earlier but got no answer. Why is this dying at -exec: my @music_times = qx(find ~/Music/Albums/ -type f -iname '*.mp3' -exec mp3info -p "%S\n" {} \;);

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (6)
As of 2017-04-23 19:47 GMT
Find Nodes?
    Voting Booth?
    I'm a fool:

    Results (432 votes). Check out past polls.