You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by John D Groenveld <jd...@elvis.arl.psu.edu> on 2004/04/15 21:40:13 UTC
Re: [mp2] changing PerlAuthenHandler to RUN_ALL
In message <40...@stason.org>, Stas Bekman writes:
>Why can't you return DECLINED?
The compelling part of AuthenCache under MP1 was that you got caching
for existing authentication modules w/o code modification.
John
groenveld@acm.org
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: [mp2] changing PerlAuthenHandler to RUN_ALL
Posted by Geoffrey Young <ge...@modperlcookbook.org>.
> thus AuthenCache (and others that relied on the incorrect RUN_ALL meme in
> authentication and translation) will need to be rewritten. I'm really sorry
> about that, but mp2 finally gets it right, which is better for everyone in
> the long run. in particular it should make the logic in AuthenCache that
> much simpler :)
I should add that as a temporary measure you may be able to play around with
adding Apache::AuthenCache::cache_manager as a PerlFixupHandler where it can
still manage the cache and will only be hit if the user passes authentication.
HTH
--Geoff
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: [mp2] changing PerlAuthenHandler to RUN_ALL
Posted by Geoffrey Young <ge...@modperlcookbook.org>.
John D Groenveld wrote:
> In message <40...@stason.org>, Stas Bekman writes:
>
>>Why can't you return DECLINED?
>
>
> The compelling part of AuthenCache under MP1 was that you got caching
> for existing authentication modules w/o code modification.
the auth phases are RUN_FIRST now for a reason, specifically because modules
like AuthenCache needed to jump through hoops to work around the fact that
mp1 was RUN_ALL when it shouldn't have been. there's lots of code in
AuthenCache that tries to remove authen handlers later in the handler stack
precisely because returning OK does not properly terminate the
authentication chain.
thus AuthenCache (and others that relied on the incorrect RUN_ALL meme in
authentication and translation) will need to be rewritten. I'm really sorry
about that, but mp2 finally gets it right, which is better for everyone in
the long run. in particular it should make the logic in AuthenCache that
much simpler :)
--Geoff
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html