Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much

Re^5: mod_perl handler for file downloads: good call or bad

by perrin (Chancellor)
on Jun 20, 2007 at 21:24 UTC ( #622398=note: print w/replies, xml ) Need Help??

in reply to Re^4: mod_perl handler for file downloads: good call or bad
in thread mod_perl handler for file downloads: good call or bad

No, you really can use any kind of auth you like. There are many examples in the mod_perl docs and books, and on CPAN. For example, try the sample chapter from mod_perl Developer's Cookbook or Writing Apache Modules.
  • Comment on Re^5: mod_perl handler for file downloads: good call or bad

Replies are listed 'Best First'.
Re^6: mod_perl handler for file downloads: good call or bad
by clinton (Priest) on Jun 21, 2007 at 07:17 UTC
    That's what I thought, but when looking at it, you have three return options:
    • OK - in which case authz has been succesful and apache will continue on to serve the requested file
    • DECLINED - which says: well, I don't know, can somebody else please figure it out (ie run the other authz handlers)
    • HTTP_UNAUTHORIZED - which says, NO. But the browser responds to that with a basic authentication popup, which isn't what he wants

    Short of returning a redirect to a login form, I couldn't figure out how you would override the browser's standard response to a 401 error status.

    Do you have any ideas?



      Seriously, you can do whatever you like. This is basic mod_perl functionality. Maybe it would help you to look at a complete example. Check out Apache::AuthCookie. It displays a form by defining a custom response for 401 errors. There are other ways to do it, like a redirect.
        OK, after a bit of research (RFC 2617 - HTTP Authentication), I've figured it out.

        The browser only pops up the basic authentication dialog if it receives an HTTP_UNAUTHORISED(401) return status and a WWW-Authenticate header.

        So instead, you can do what Apache::Cookie does:

        • Unauthenticated user:

          return an HTTP_FORBIDDEN (403) status and use $r->custom_response() to send them the HTML of your login form

        • Authenticated user:

          return OK, and apache will send them the file


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://622398]
[stevieb]: I just received full professional license for ALL of JetBrains software due to requesting their opensource request form! I wanted only CLion, but they give them all
[stevieb]: I stated I use IDEA for Perl work, and at work, licensed version of PyCharm

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (7)
As of 2017-02-20 20:11 GMT
Find Nodes?
    Voting Booth?
    Before electricity was invented, what was the Electric Eel called?

    Results (302 votes). Check out past polls.