You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Rodney Hampton <ha...@comcast.net> on 2002/10/16 19:21:20 UTC

$r->requires

Does anyone have an example of how to use $r->requires?
I cannot find Apache::AuthzAge for an example of its use.
I'm trying to handle all my location directive specific stuff in a 
TransHandler and simply want to
set require valid-user for some specific paths.

Thanks,



Rodney Hampton

Re: $r->requires

Posted by Geoffrey Young <ge...@modperlcookbook.org>.

[snip]
> Despite not having a location tag anywhere, nor a require valid-user 
> directive, the above code
> is able to accomplish my objective: loading an AccessHandler on the fly 
> from the TransHandler for specific urls on my site.  
> Although, I must 
> admit that I'm not sure why it is working.  _check_access is within the 
> same TransHandler module
> so my assumption is that the reference to this sub gets executed 
> immediately and the result (OK DONE or DECLINED) gets shoved into the 
> set_handlers('PerlAccessHandler' => 'result gets shoved here') and then 
> my stacked TransHandler proceeds to the next module 
> (Apache::Control_admin).
> 
> Any explanation of why this actually works would be appreciated.

the PerlAccessHandler runs whether or not there is a Requires 
directive configured - its the PerlAuthenHandler and PerlAuthzHandler 
that will not.  I had assumed that since you wanted $r->requires that 
you were talking about a PerlAuth*Handlers, which is the proper place 
to check for username/password match and/or other user criteria.

HTH

--Geoff

Re: $r->requires

Posted by Rodney Hampton <ha...@comcast.net>.

Geoffrey Young wrote:

>
> $r->requires() is read-only.  conditional authentication is a bit 
> counterintuitive - you can't set up authentication where it doesn't 
> already exist because Apache won't run the authentication phase 
> without a Require directive in your httpd.conf.  the solution is to 
> turn on authentication for everything, then turn it off where you 
> don't need/want it.  see recipe 13.5 in the cookbook for more details. 
>  the code for 13.5 can be found here:
>
Geoffrey,

Thanks for the tip.  Allow me to flesh out this example a bit and the 
solution I employed (thanks to Kip Cranford for having some helpful code 
I was able to look at).  Basically I'm creating a site where /admin and 
/advertiser should have login forms for administrative users and 
advertisers respectively while everything under / should not require any 
type of access control.  

Within the PerlTransHandler:

my $action = $r->uri;
#must strip of the leading slash
$action =~ s/^\///;
my ( $type, @directions ) = (split /\//, $action);

if ($type eq 'admin'){
    my ( $ret, $error_data ) = check_handlers( ['Apache::Control_admin'] );
    if ($ret) {
      $r->set_handlers( 'PerlAccessHandler' => [\&_check_access] );
      $r->push_handlers( 'PerlTransHandler' => 'Apache::Control_admin' );
      $r->filename( $r->server_root_relative . "htdocs" );
      return DECLINED;
    } else {
      $r->pnotes( 'ap_error_data_h', $error_data );
      my $redir = "http://" . $r->pnotes('ap_server_name_s') . "/error";
      $log->debug("Doing internal redirect to /error");
      $r->internal_redirect($redir);
      $r->filename( $r->server_root_relative . "" );
      return DONE;
    } ## end else
    #end type eq ceoadmin
  }elsif ($type eq 'advertiser' ){
....blah blah blah

Despite not having a location tag anywhere, nor a require valid-user 
directive, the above code
is able to accomplish my objective: loading an AccessHandler on the fly 
from the TransHandler for specific urls on my site.  Although, I must 
admit that I'm not sure why it is working.  _check_access is within the 
same TransHandler module
so my assumption is that the reference to this sub gets executed 
immediately and the result (OK DONE or DECLINED) gets shoved into the 
set_handlers('PerlAccessHandler' => 'result gets shoved here') and then 
my stacked TransHandler proceeds to the next module 
(Apache::Control_admin).

Any explanation of why this actually works would be appreciated.

Rodney Hampton

Re: $r->requires

Posted by Geoffrey Young <ge...@modperlcookbook.org>.

Rodney Hampton wrote:
> Does anyone have an example of how to use $r->requires?

see recipe 13.6 in the cookbook, the code for which can be found here:

http://www.modperlcookbook.org/code/ch13/Cookbook/AuthzRole.pm

> I cannot find Apache::AuthzAge for an example of its use.
> I'm trying to handle all my location directive specific stuff in a 
> TransHandler and simply want to
> set require valid-user for some specific paths.

$r->requires() is read-only.  conditional authentication is a bit 
counterintuitive - you can't set up authentication where it doesn't 
already exist because Apache won't run the authentication phase 
without a Require directive in your httpd.conf.  the solution is to 
turn on authentication for everything, then turn it off where you 
don't need/want it.  see recipe 13.5 in the cookbook for more details. 
  the code for 13.5 can be found here:

http://www.modperlcookbook.org/code/ch13/Cookbook/PassLocalIP.pm

see also the Satisfy directive

http://httpd.apache.org/docs/mod/core.html#satisfy

if you're only looking to do conditional authentication based on IP 
addresses/hostnames.

HTH

--Geoff