You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Cris Shupp <cs...@gmail.com> on 2017/06/16 17:44:40 UTC
Fwd: modperl Digest 16 Jun 2017 08:02:57 -0000 Issue 3266
André,
Thank you for your response! I had to read your post multiple times (your
magic sentences):
---
No further "response generator" will be called for this request (such as
any "Ruby on Rails" module which might then have seen these response
headers).
(In other words : I think that your headers /are/ being set; but that there
is nothing that runs afterward to show you that they are set.)
---
I couldn't figure out why you would think I couldn't tell if my Rails code
was being hit. I mean I am dense, but... He thinks I know what I am doing
in my perl...
OK, I did this:
$r->headers_out->set('prisme-roles'=> $role_string );
Should of done:
$r->headers_in->set('prisme-roles'=> $role_string );
I also put in more logging in my Rails controller, and it is a good thing I
did (I never would have seen my header on the web page)...
"prisme-roles" is transformed to "HTTP_PRISME_ROLES"
BTW, I am configured as a PerlFixupHandler, and it has always allowed a
return of FORBIDEN.
I tried (per your suggestion) using: PerlAuthenHandler
but that doesn't work. My mod perl module seems to not even run in that
case.
Thanks,
Cris
On Fri, Jun 16, 2017 at 4:02 AM, <mo...@perl.apache.org>
wrote:
>
> modperl Digest 16 Jun 2017 08:02:57 -0000 Issue 3266
>
> Topics (messages 64692 through 64693)
>
> Re: lost headers
> 64692 by: Cris Shupp
> 64693 by: André Warnier (tomcat)
>
> Administrivia:
>
> ---------------------------------------------------------------------
> To post to the list, e-mail: modperl@perl.apache.org
> To unsubscribe, e-mail: modperl-digest-unsubscribe@perl.apache.org
> For additional commands, e-mail: modperl-digest-help@perl.apache.org
>
> ----------------------------------------------------------------------
>
>
>
> ---------- Forwarded message ----------
> From: Cris Shupp <cs...@gmail.com>
> To: modperl@perl.apache.org
> Cc:
> Bcc:
> Date: Tue, 13 Jun 2017 12:54:14 -0400
> Subject: Re: lost headers
> Hello all...
>
> I have a simple mod_perl program that does some custom role based
> authentication before granting access to certain resources. That part does
> work, but for a new feature I need to be able to embed roles into my
> headers. Try as may, try as I might, those roles never show up...
>
>
> consider a portion of my mod_perl program:
>
> #####################
> sub handler {
> ...
> if($user) {
> my $val = rest_call($user,$context, $r->log);
> my $roles = $cache_hash{'roles'}->{$user};
> my $role_string = join(',', @$roles);
> $r->headers_out->set('prisme-roles'=> $role_string );
> #$r->headers_out->add('prisme.roles'=> $role_string );
> $r->err_headers_out->add('prisme-roles2', $role_string);
> #$|++;
> $r->rflush();# $r->rflush can't be called before the response
> phase if using PerlFixupHandler Prisme::ValidateHeader
> $r->log->info("Request end on pid $$: The user for this request is
> $user, the roles are $role_string, returning $val");
> return $val; #OK or FORBIDDEN
> }
> ###################################
>
> With either config in http.conf:
> ##############################
> <Location /rails_prisme/>
> SetHandler perl-script
> PerlResponseHandler Prisme::ValidateHeader
> #PerlFixupHandler Prisme::ValidateHeader
> </Location>
> ####################
>
>
> My Ruby on Rails controller:
> #######################
> def warmup
> @headers = {}
> @warmup_count = $PROPS['PRISME.warmup_apache'].to_i
> request.headers.each do |elem|
> @headers[elem.first.to_s] = elem.last.to_s
> end
> response.headers.each do |elem|
> @headers[elem.first.to_s] = elem.last.to_s
> end
> respond_to do |format|
> format.html # list_headers.html.erb
> format.json { render :json => params['counter'] }
> end
> end
> #######################
>
>
> Never sees those headers! Help!
>
> Thanks,
>
> Cris
>
>
> On Tue, Jun 13, 2017 at 12:52 PM, Cris Shupp <cs...@gmail.com> wrote:
>
>> Hello all...
>>
>> I have a simple mod_perl program that does some custom role based
>> authentication before granting access to certain resources. That part does
>> work, but for a new feature I need to be able to embed roles into my
>> headers. Try as may, try as I might, those roles never show up...
>>
>>
>> consider a portion of my mod_perl program:
>>
>> sub handler {
>> ...
>> if($user) {
>> my $val = rest_call($user,$context, $r->log);
>> my $roles = $cache_hash{'roles'}->{$user};
>> my $role_string = join(',', @$roles);
>> $r->headers_out->set('prisme-roles'=> $role_string );
>> #$r->headers_out->add('prisme.roles'=> $role_string );
>> $r->err_headers_out->add('prisme-roles2', $role_string);
>> #$|++;
>> $r->rflush();# $r->rflush can't be called before the response
>> phase if using PerlFixupHandler Prisme::ValidateHeader
>> $r->log->info("Request end on pid $$: The user for this request
>> is $user, the roles are $role_string, returning $val");
>> return $val; #OK or FORBIDDEN
>> }
>>
>> With either config in http.conf:
>>
>> <Location /rails_prisme/>
>> SetHandler perl-script
>> PerlResponseHandler Prisme::ValidateHeader
>> #PerlFixupHandler Prisme::ValidateHeader
>> </Location>
>>
>> My Ruby on Rails controller:
>>
>>
>>
>>
>
>
> ---------- Forwarded message ----------
> From: "André Warnier (tomcat)" <aw...@ice-sa.com>
> To: modperl@perl.apache.org
> Cc:
> Bcc:
> Date: Wed, 14 Jun 2017 11:32:58 +0200
> Subject: Re: lost headers
> Hi.
> To avoid another round of questions/answers, it would be better to provide
> some versions of what you are using, right away.
> One quick way of doing this, is to insert here the line which appears in
> your Apache webserver main error logfile at startup.
> It shows the Apache httpd version, the version of perl, and the version of
> mod_perl.
>
> Secondly, in your explanation below, it is not very clear when/if your
> "Ruby on Rails controller" is even called.
>
> You are seting this in the Apache httpd configuration :
>
> <Location /rails_prisme/>
> SetHandler perl-script
> PerlResponseHandler Prisme::ValidateHeader
> </Location>
>
> That means that mod_perl (and the Prisme::ValidateHeader mod_perl module)
> are effectively, for Apache, the code which generates the HTTP response to
> this request.
> No further "response generator" will be called for this request (such as
> any "Ruby on Rails" module which might then have seen these response
> headers).
>
> (In other words : I think that your headers /are/ being set; but that
> there is nothing that runs afterward to show you that they are set.)
>
> Configuring your module as a PerlFixupHandler (*and* dropping the
> "SetHandler perl-script") would avoid this. But in such a handler, you can
> only return "OK" or "DECLINED" (and not "FORBIDDEN"), see :
> http://perl.apache.org/docs/2.0/user/handlers/intro.html#Stacked_Handlers
>
> Personally however, considering that this seems to be a part of an AAA
> phase, I would make adding this header as either a part of the
> already-existing Perl Authentication module, or configure your perl module
> as a PerlAuthenHandler.
> (In that case also, you /can/ return FORBIDDEN).
>
>
>
> On 13.06.2017 18:54, Cris Shupp wrote:
>
>> Hello all...
>>
>> I have a simple mod_perl program that does some custom role based
>> authentication before
>> granting access to certain resources. That part does work, but for a new
>> feature I need
>> to be able to embed roles into my headers. Try as may, try as I might,
>> those roles never
>> show up...
>>
>>
>> consider a portion of my mod_perl program:
>>
>> #####################
>> sub handler {
>> ...
>> if($user) {
>> my $val = rest_call($user,$context, $r->log);
>> my $roles = $cache_hash{'roles'}->{$user};
>> my $role_string = join(',', @$roles);
>> $r->headers_out->set('prisme-roles'=> $role_string );
>> #$r->headers_out->add('prisme.roles'=> $role_string );
>> $r->err_headers_out->add('prisme-roles2', $role_string);
>> #$|++;
>> $r->rflush();# $r->rflush can't be called before the response
>> phase if using
>> PerlFixupHandler Prisme::ValidateHeader
>> $r->log->info("Request end on pid $$: The user for this request
>> is $user, the
>> roles are $role_string, returning $val");
>> return $val; #OK or FORBIDDEN
>> }
>> ###################################
>>
>> With either config in http.conf:
>> ##############################
>> <Location /rails_prisme/>
>> SetHandler perl-script
>> PerlResponseHandler Prisme::ValidateHeader
>> #PerlFixupHandler Prisme::ValidateHeader
>> </Location>
>> ####################
>>
>>
>> My Ruby on Rails controller:
>> #######################
>> def warmup
>> @headers = {}
>> @warmup_count = $PROPS['PRISME.warmup_apache'].to_i
>> request.headers.each do |elem|
>> @headers[elem.first.to_s] = elem.last.to_s
>> end
>> response.headers.each do |elem|
>> @headers[elem.first.to_s] = elem.last.to_s
>> end
>> respond_to do |format|
>> format.html # list_headers.html.erb
>> format.json { render :json => params['counter'] }
>> end
>> end
>> #######################
>>
>>
>> Never sees those headers! Help!
>>
>> Thanks,
>>
>> Cris
>>
>>
>> On Tue, Jun 13, 2017 at 12:52 PM, Cris Shupp <cshupp@gmail.com <mailto:
>> cshupp@gmail.com>>
>> wrote:
>>
>> Hello all...
>>
>> I have a simple mod_perl program that does some custom role based
>> authentication
>> before granting access to certain resources. That part does work,
>> but for a new
>> feature I need to be able to embed roles into my headers. Try as
>> may, try as I might,
>> those roles never show up...
>>
>>
>> consider a portion of my mod_perl program:
>>
>> sub handler {
>> ...
>> if($user) {
>> my $val = rest_call($user,$context, $r->log);
>> my $roles = $cache_hash{'roles'}->{$user};
>> my $role_string = join(',', @$roles);
>> $r->headers_out->set('prisme-roles'=> $role_string );
>> #$r->headers_out->add('prisme.roles'=> $role_string );
>> $r->err_headers_out->add('prisme-roles2', $role_string);
>> #$|++;
>> $r->rflush();# $r->rflush can't be called before the
>> response phase if using
>> PerlFixupHandler Prisme::ValidateHeader
>> $r->log->info("Request end on pid $$: The user for this
>> request is $user, the
>> roles are $role_string, returning $val");
>> return $val; #OK or FORBIDDEN
>> }
>>
>> With either config in http.conf:
>>
>> <Location /rails_prisme/>
>> SetHandler perl-script
>> PerlResponseHandler Prisme::ValidateHeader
>> #PerlFixupHandler Prisme::ValidateHeader
>> </Location>
>>
>> My Ruby on Rails controller:
>>
>>
>>
>>
>>
>
>
>