Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight

Re^5: mod_perl handler for file downloads: good call or bad

by perrin (Chancellor)
on Jun 20, 2007 at 21:24 UTC ( #622398=note: print w/replies, xml ) Need Help??

in reply to Re^4: mod_perl handler for file downloads: good call or bad
in thread mod_perl handler for file downloads: good call or bad

No, you really can use any kind of auth you like. There are many examples in the mod_perl docs and books, and on CPAN. For example, try the sample chapter from mod_perl Developer's Cookbook or Writing Apache Modules.
  • Comment on Re^5: mod_perl handler for file downloads: good call or bad

Replies are listed 'Best First'.
Re^6: mod_perl handler for file downloads: good call or bad
by clinton (Priest) on Jun 21, 2007 at 07:17 UTC
    That's what I thought, but when looking at it, you have three return options:
    • OK - in which case authz has been succesful and apache will continue on to serve the requested file
    • DECLINED - which says: well, I don't know, can somebody else please figure it out (ie run the other authz handlers)
    • HTTP_UNAUTHORIZED - which says, NO. But the browser responds to that with a basic authentication popup, which isn't what he wants

    Short of returning a redirect to a login form, I couldn't figure out how you would override the browser's standard response to a 401 error status.

    Do you have any ideas?



      Seriously, you can do whatever you like. This is basic mod_perl functionality. Maybe it would help you to look at a complete example. Check out Apache::AuthCookie. It displays a form by defining a custom response for 401 errors. There are other ways to do it, like a redirect.
        OK, after a bit of research (RFC 2617 - HTTP Authentication), I've figured it out.

        The browser only pops up the basic authentication dialog if it receives an HTTP_UNAUTHORISED(401) return status and a WWW-Authenticate header.

        So instead, you can do what Apache::Cookie does:

        • Unauthenticated user:

          return an HTTP_FORBIDDEN (403) status and use $r->custom_response() to send them the HTML of your login form

        • Authenticated user:

          return OK, and apache will send them the file


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://622398]
erix only sees fallen angels
erix if it weren't for bad luck, I'd have no luck at all
Discipulus Windiows the OS of native americans..
[karlgoethebier]: marioroy: Next step: Write the ultimate book. "Parallel Programming With Perl. Yet Another Missing Manual" ;-)
[marioroy]: karlgoethebier I do not do Racket ball anymore. That was from gym class long ago.
[karlgoethebier]: marioroy ;Men need a challenge
Lady_Aleena remembers winning dodgeball and wonders why parents who played it will not let their kids play it.
[marioroy]: Disciplus My wife and I went on vacation. At work, I was stuck polling SNMP from 20 million devices. It would hang at 80,000. On the mist boat, hear a voice to enable grace in the design that 10x and more performance awaits.
[Lady_Aleena]: Women need challenges too karlgoethebier. 8)
[marioroy]: s/hear/heard/

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (8)
As of 2017-05-29 08:48 GMT
Find Nodes?
    Voting Booth?