You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by "Michael L. Artz" <dr...@october29.net> on 2003/04/09 22:04:36 UTC
[mp2] CGI::Cookie inside of PerlAuthenHandler
Is it possible to use CGI::Cookie in an Auth* handler to retrieve
cookies? I know that I am doing something stupid, but the neither of
the following handlers seem to work for me for the PerlAuthenHandler.
Basically I am just trying to print something about the cookie to the
log for the moment, but I can't seem to get ahold of them using CGI.pm.
I have turned on Mozilla's LiveHeaders, so I see the cookie being sent
from the browser. My other option is to use:
%cookies = parse CGI::Cookie($r->header('Cookie'));
which seems to work ok. I guess my question is what is the "best" way
to do it at the moment?
Similarly for setting cookies ... is the
$r->err_header_out('Set-cookie' => $c);
(for redirects) or
$r->header_out('Set-cookie' => $c);
(for normal usage) the best way to do things? At least until libapreq
for mp2 is done?
-Mike
using mp 1.99_08, apache 2.0.44, and CGI.pm 2.91
sub handler {
my $r = shift;
Apache->request($r);
my ($status, $password) = $r->get_basic_auth_pw;
return $status unless $status == Apache::OK;
my %cookies = fetch CGI::Cookie;
$r->server->log->error(join '::', keys %cookies);
$r->note_basic_auth_failure;
return Apache::FORBIDDEN;
}
or
sub handler {
my $r = shift;
Apache->request($r);
my ($status, $password) = $r->get_basic_auth_pw;
return $status unless $status == Apache::OK;
my $q = new CGI;
my $cookie = $q->cookie('MyCookie');
$r->server->log->error($cookie);
$r->note_basic_auth_failure;
return Apache::FORBIDDEN;
}
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler (Docs nit)
Posted by Stas Bekman <st...@stason.org>.
Hey Rob,
> You accidentally mentioned the wrong header in your "Sending HTTP
> Response Headers" docs:
>
> SB> For example if the handler needs to perform a relatively long-running
> SB> operation (e.g. a slow db lookup) and the client may timeout if it
> SB> receives nothing right away, you may want to start the handler by
> SB> setting the I<Content-Length> header, following by an immediate
> ^^^^^^^^^^^^^^^^^
> I<Content-Type>
> SB> flushing:
> (and shouldn't this be "flush"? :-)
Both fixed, thanks for the proofreading!
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re[2]: [mp2] CGI::Cookie inside of PerlAuthenHandler (Docs nit)
Posted by Rob Bloodgood <ro...@empire2.com>.
Hi Stas!
You accidentally mentioned the wrong header in your "Sending HTTP
Response Headers" docs:
SB> For example if the handler needs to perform a relatively long-running
SB> operation (e.g. a slow db lookup) and the client may timeout if it
SB> receives nothing right away, you may want to start the handler by
SB> setting the I<Content-Length> header, following by an immediate
^^^^^^^^^^^^^^^^^
I<Content-Type>
SB> flushing:
(and shouldn't this be "flush"? :-)
This is only the right 'correction' if the code below is correct...
but I gather from the context that it is.
SB> sub handler {
SB> my $r = shift;
SB> $r->content_type('text/html');
SB> $r->rflush; # send the headers out
SB> $r->print(long_operation());
SB> return Apache::OK;
SB> }
Take care!
L8r,
Rob
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by Stas Bekman <st...@stason.org>.
Stas Bekman wrote:
> This is an architectural change in Apache, and $r->rflush will cause the
> headers to be sent before any response is sent. I'll add a section on
> this at:
> http://perl.apache.org/docs/2.0/user/coding/coding.html
Here is the new section that I've just committed:
=head2 Sending HTTP Response Headers
Apache 2.0 doesn't provide a method to force HTTP response headers
sending (what used to be done by C<send_http_header()> in Apache
1.3). HTTP response headers are sent as soon as the first bits of the
response body are seen by the special core output filter that
generates these headers. When the response handler send the first
chunks of body it may be cached by the mod_perl internal buffer or
even by some of the output filters. The response handler needs to
flush in order to tell all the components participating in the sending
of the response to pass the data out.
For example if the handler needs to perform a relatively long-running
operation (e.g. a slow db lookup) and the client may timeout if it
receives nothing right away, you may want to start the handler by
setting the I<Content-Length> header, following by an immediate
flushing:
sub handler {
my $r = shift;
$r->content_type('text/html');
$r->rflush; # send the headers out
$r->print(long_operation());
return Apache::OK;
}
If this doesn't work, check whether you have configured any
third-party output filters for the resource in question. Improperly
written filter may ignore the orders to flush the data.
META: add a link to the notes on how to write well-behaved filters
at handlers/filters
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by Stas Bekman <st...@stason.org>.
[keep the thread on the list, please!]
Michael L. Artz wrote:
>>
>>
>>> Guess it was just me misunderstanding what was in the Eagle book.
>>> LDS mentions that the following is an optimization when placed near
>>> the beginning of a script/handler:
>>>
>>> $r->send_http_header;
>>> return Apache::OK if $r->header_only;
>>>
>>> I took it to mean that $r->send_http_header was necessary, but it was
>>> really the 'if $r->header_only' line that was the performance
>>> optimization. Thanks for helping me clear that up.
>>
>>
>>
>> BTW, this shouldn't be done in apache2. Apache expects the whole body
>> normally and will discard the body if the request method is HEAD. It
>> wants the whole body so it can properly handle caching.
>
>
> Hmmm, you lost me again. If you have a very dynamic website (i.e. each
> page is completely generated on the fly for user preferences or some
> such) wouldn't it be useful to use the above idiom before you do
> expensive operations like connect to a database and issue queries?
You must haven't had read my reply thoroughly. Here it is again:
<QUOTE>
The send_http_header method is no longer exists in Apache 2.0 API, hence it's
not supported by mp2. Currently setting $r->content_type() serves the same
purpose, though the header is not sent immediately, but only when the response
body sending is started (e.g. you could force the header sending early by
doing $r->rflush).
</QUOTE>
This is an architectural change in Apache, and $r->rflush will cause the
headers to be sent before any response is sent. I'll add a section on this at:
http://perl.apache.org/docs/2.0/user/coding/coding.html
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by Stas Bekman <st...@stason.org>.
Michael L. Artz wrote:
>>
>>
>>> Also, why is the send_http_header method unnecessary with mp2
>>> (according to the mp1-2 porting docs)? I thought that it was more of
>>> a performance optimization than a necessity in mp1, i.e. don't do
>>> more stuff like connecting to DBs if all they want is the header. Is
>>> this still the case in mp2?
>>
>>
>>
>> Sorry, I'm not following your note regarding the performance
>> optimization.
>
>
> Guess it was just me misunderstanding what was in the Eagle book. LDS
> mentions that the following is an optimization when placed near the
> beginning of a script/handler:
>
> $r->send_http_header;
> return Apache::OK if $r->header_only;
>
> I took it to mean that $r->send_http_header was necessary, but it was
> really the 'if $r->header_only' line that was the performance
> optimization. Thanks for helping me clear that up.
BTW, this shouldn't be done in apache2. Apache expects the whole body normally
and will discard the body if the request method is HEAD. It wants the whole
body so it can properly handle caching.
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by "Michael L. Artz" <dr...@october29.net>.
>
>
>> Also, why is the send_http_header method unnecessary with mp2
>> (according to the mp1-2 porting docs)? I thought that it was more of
>> a performance optimization than a necessity in mp1, i.e. don't do
>> more stuff like connecting to DBs if all they want is the header. Is
>> this still the case in mp2?
>
>
> Sorry, I'm not following your note regarding the performance
> optimization.
Guess it was just me misunderstanding what was in the Eagle book. LDS
mentions that the following is an optimization when placed near the
beginning of a script/handler:
$r->send_http_header;
return Apache::OK if $r->header_only;
I took it to mean that $r->send_http_header was necessary, but it was
really the 'if $r->header_only' line that was the performance
optimization. Thanks for helping me clear that up.
-Mike
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by Stas Bekman <st...@stason.org>.
Michael L. Artz wrote:
> Sorry for all the n00b questions, but I have two more.
[it's the best to start a new thread when you ask a different question. This
makes the archives more useful for those who use them.]
> How do I get the
> request record from within a ModPerl::Registry script if Apache->request
> is deprecated in mp2?
Same as in mp1. You get $r passed as the first argument to your script wrapped
inside a sub handler:
If you had a script:
print "Content-type: text/plain";
print "Foo";
it becomes:
sub handler {
print "Content-type: text/plain";
print "Foo";
}
so to use $r you make your script start with:
my $r = shift;
print "Content-type: text/plain";
print "Foo";
which the registry handler turns into:
sub handler {
my $r = shift;
print "Content-type: text/plain";
print "Foo";
}
> Also, why is the send_http_header method unnecessary with mp2 (according
> to the mp1-2 porting docs)? I thought that it was more of a performance
> optimization than a necessity in mp1, i.e. don't do more stuff like
> connecting to DBs if all they want is the header. Is this still the
> case in mp2?
Sorry, I'm not following your note regarding the performance optimization.
The send_http_header method is no longer exists in Apache 2.0 API, hence it's
not supported by mp2. Currently setting $r->content_type() serves the same
purpose, though the header is not sent immediately, but only when the response
body sending is started (e.g. you could force the header sending early by
doing $r->rflush).
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by "Michael L. Artz" <dr...@october29.net>.
Sorry for all the n00b questions, but I have two more. How do I get the
request record from within a ModPerl::Registry script if Apache->request
is deprecated in mp2?
Also, why is the send_http_header method unnecessary with mp2 (according
to the mp1-2 porting docs)? I thought that it was more of a performance
optimization than a necessity in mp1, i.e. don't do more stuff like
connecting to DBs if all they want is the header. Is this still the
case in mp2?
Thanks
-Mike
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by "Michael L. Artz" <dr...@october29.net>.
Stas Bekman wrote:
> Does CGI.pm works at all for you? Does CGI.pm's param() work? (this
> should test whether env vars are set) Make sure that you run under
> 'SetHandler perl-script'.
> http://perl.apache.org/docs/2.0/user/config/config.html#C_SetHandler_
CGI.pm seems to work fine from within my ModPerl::Registry script, but
not in my own PerlAuthenHandler. I am sure that I am doing something
stupid.
I am running under SetHandler perl-script. Here is my .htaccess:
# .htaccess
SetHandler perl-script
PerlAuthenHandler Apache::MyAuthen
AuthType Basic
AuthName MyAuth
require valid-user
PerlResponseHandler ModPerl::Registry
Options +ExecCGI
# end .htaccess
and the test handler
# Apache::MyAuthen
sub handler {
my $r = shift;
my $q = new CGI;
my @params = $q->param();
$r->log_error(join ':', @params);
return Apache::OK;
}
# end Apache::MyAuthen
> These methods are deprecated in mp1 and mp2. You should be using the
> ones with the 's' suffix err_headers_out, headers_out, see:
> http://perl.apache.org/docs/2.0/user/compat/compat.html#C__r_E_gt_err_header_out_
>
> http://perl.apache.org/docs/2.0/user/compat/compat.html#C__r_E_gt_header_out_
>
Thanks for the heads up on those methods. I had not got that far in the
mp2 docs.
-Mike
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by Stas Bekman <st...@stason.org>.
Michael L. Artz wrote:
>> So, does it work now?
>
>
> hmm, not exactly
> [Wed Apr 09 23:26:46 2003] [error] [client 192.168.0.2] Can't call
> method "args" on an undefined value at /usr/lib/perl5/5.8.0/CGI.pm line
> 470.
>
> which happens to be:
>
> if ($meth=~/^(GET|HEAD)$/) {
> if ($MOD_PERL) {
> $query_string = Apache->request->args;
> ...
>
> However when I add Apache->request($r) to it, it seems to work like a
> champ.
The latest mod_perl (cvs) asserts when Apache->request is not available.
> sub handler {
> my $r = shift;
> $r->subprocess_env;
> Apache->request($r);
> my $q = new CGI;
> ...
> }
>
> Is this a valid use of the deprecated Apache->request, or is there
> something better?
That's correct. The same issue as Apache->request is currently set only for
the response phase... I'll soon post a write up regarding this confusion/change.
The better thing is to modify /CGI(?:::Cookie)?.pm/'s interface to optionally
accept $r as an argument rather than relying on setting the global
Apache->request.
I know that Lincoln said, he is not going to work on this till he gets
involved with mp2, so if you can change the API to accept $r and send it to
Lincoln, you'll do a great service for us all.
I believe a simple interface will do:
For non-OO API:
CGI::r($r);
For OO API:
$q->r($r)
and the same for CGI::Cookie and other packages that ever call
Apache->request. Of course this has to be optional.
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by "Michael L. Artz" <dr...@october29.net>.
> So, does it work now?
hmm, not exactly
[Wed Apr 09 23:26:46 2003] [error] [client 192.168.0.2] Can't call
method "args" on an undefined value at /usr/lib/perl5/5.8.0/CGI.pm line 470.
which happens to be:
if ($meth=~/^(GET|HEAD)$/) {
if ($MOD_PERL) {
$query_string = Apache->request->args;
...
However when I add Apache->request($r) to it, it seems to work like a champ.
sub handler {
my $r = shift;
$r->subprocess_env;
Apache->request($r);
my $q = new CGI;
...
}
Is this a valid use of the deprecated Apache->request, or is there
something better?
-Mike
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by Stas Bekman <st...@stason.org>.
Michael L. Artz wrote:
>> Ah, I know why. The env is not set up yet. Currently it's set only for
>> the response phase, which is obviously not so obvious ;)
>>
>> $r->subprocess_env should help:
>>
>> sub handler {
>> my $r = shift;
>> $r->subprocess_env;
>> my $q = new CGI;
>> ...
>> }
>>
>> This is all due to the split into 'SetHandler modperl' vs. 'SetHandler
>> perl-script' to get more performance, but the selected handler is not
>> known till the response phase.
>
>
>
> Sweet. Thanks a ton for all of the remote debugging.
So, does it work now?
> Do you think that
> this is currently the "best" way to process form variables and cookies,
> at least until libapreq?
AFAIK, without Apache::Request, CGI/CGI::Cookie is the best way to go with.
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by Stas Bekman <st...@stason.org>.
Nick Tonkin wrote:
[...]
> I made my own package that subclasses CGI::Cookie since the only
> problem CGI::Cookie has (under mp2) is that it tries to get the
> cookies from the ENV instead of from the incoming headers.
>
> I believe this may have performance benefits over using
> $r->subprocess_env();
Yes, indeed. Can you patch CGI/Cookie.pm to use incoming headers when mod_perl
is used and send it to Lincoln?
[...]
> my $raw_cookie = $r->headers_in->{'Cookie'};
more over, since we are already have all this mp-specific functionality in
CGI.pm, we should stop relying on env vars altogether, move to use incoming
headers and stop requiring subprocess_env for CGI/CGI::Cookie to work.
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by Nick Tonkin <ni...@tonkinresolutions.com>.
On Wed, 9 Apr 2003, Michael L. Artz wrote:
> > Ah, I know why. The env is not set up yet. Currently it's set only for
> > the response phase, which is obviously not so obvious ;)
> >
> > $r->subprocess_env should help:
> >
> > sub handler {
> > my $r = shift;
> > $r->subprocess_env;
> > my $q = new CGI;
> > ...
> > }
> >
> > This is all due to the split into 'SetHandler modperl' vs. 'SetHandler
> > perl-script' to get more performance, but the selected handler is not
> > known till the response phase.
>
>
> Sweet. Thanks a ton for all of the remote debugging. Do you think that
> this is currently the "best" way to process form variables and cookies,
> at least until libapreq?
>
> -Mike
>
>
Well, I did it another way:
I made my own package that subclasses CGI::Cookie since the only
problem CGI::Cookie has (under mp2) is that it tries to get the
cookies from the ENV instead of from the incoming headers.
I believe this may have performance benefits over using
$r->subprocess_env();
here's the entire mdoule:
## File: /home/nick/perl/NPT/MyCookie.pm
package NPT::Cookie;
use strict;
use warnings;
use CGI::Cookie;
@NPT::Cookie::ISA = qw/CGI::Cookie/;
sub fetch {
my $class = shift;
my $r = shift;
my $raw_cookie = $r->headers_in->{'Cookie'};
return () unless $raw_cookie;
return $class->parse($raw_cookie);
}
1;
HTH,
- nick
--
~~~~~~~~~~~~~~~~~~~~
Nick Tonkin {|8^)>
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by "Michael L. Artz" <dr...@october29.net>.
> Ah, I know why. The env is not set up yet. Currently it's set only for
> the response phase, which is obviously not so obvious ;)
>
> $r->subprocess_env should help:
>
> sub handler {
> my $r = shift;
> $r->subprocess_env;
> my $q = new CGI;
> ...
> }
>
> This is all due to the split into 'SetHandler modperl' vs. 'SetHandler
> perl-script' to get more performance, but the selected handler is not
> known till the response phase.
Sweet. Thanks a ton for all of the remote debugging. Do you think that
this is currently the "best" way to process form variables and cookies,
at least until libapreq?
-Mike
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by Stas Bekman <st...@stason.org>.
Michael L. Artz wrote:
>> But do you send any params in first place? I mean do you issue a GET
>> request with ?foo=bar or a POST request via a form/script?
>
>
> yup:
>
> $ nc www 80
> GET /~dragon/webapp/cookie.pl?help=me HTTP/1.1
> Host: www
>
> HTTP/1.1 401 Authorization Required
> Date: Thu, 10 Apr 2003 02:05:37 GMT
> Server: Apache/2.0.44 (Gentoo/Linux) mod_perl/1.99_08 Perl/v5.8.0
> WWW-Authenticate: Basic realm="MyAuth"
> Content-Length: 522
> Content-Type: text/html; charset=iso-8859-1
>
>
> and in the logs, and empty entry:
>
> [Wed Apr 09 22:05:42 2003] [error]
Ah, I know why. The env is not set up yet. Currently it's set only for the
response phase, which is obviously not so obvious ;)
$r->subprocess_env should help:
sub handler {
my $r = shift;
$r->subprocess_env;
my $q = new CGI;
...
}
This is all due to the split into 'SetHandler modperl' vs. 'SetHandler
perl-script' to get more performance, but the selected handler is not known
till the response phase.
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by "Michael L. Artz" <dr...@october29.net>.
> But do you send any params in first place? I mean do you issue a GET
> request with ?foo=bar or a POST request via a form/script?
yup:
$ nc www 80
GET /~dragon/webapp/cookie.pl?help=me HTTP/1.1
Host: www
HTTP/1.1 401 Authorization Required
Date: Thu, 10 Apr 2003 02:05:37 GMT
Server: Apache/2.0.44 (Gentoo/Linux) mod_perl/1.99_08 Perl/v5.8.0
WWW-Authenticate: Basic realm="MyAuth"
Content-Length: 522
Content-Type: text/html; charset=iso-8859-1
and in the logs, and empty entry:
[Wed Apr 09 22:05:42 2003] [error]
-Mike
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by Stas Bekman <st...@stason.org>.
Michael L. Artz wrote:
>> Ah, .htaccess... Does it work if you use it in httpd.conf? The
>> .htaccess is not fully working yet for certain features (e.g.
>> PerlModule/PerlRequire aren't executed yet).
>
>
>
> I thought about that and put a directory listing in my httpd.conf to see
> if that worked. Same results with the following:
Good.
[...]
> I was trying to make the smallest handler possible just to test out
> whether CGI actually worked within it. Here is the handler that you
> pointed to modified to log the list of params retrieved by CGI.pm
> ($query->param()) before it does any work. An empty log entry is
> printed to the logs, and I get an error about using an undefined value
> (@params), which I take to mean that CGI.pm isn't working within the
> PerlAuthenHandler.
But do you send any params in first place? I mean do you issue a GET request
with ?foo=bar or a POST request via a form/script?
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by "Michael L. Artz" <dr...@october29.net>.
> Ah, .htaccess... Does it work if you use it in httpd.conf? The
> .htaccess is not fully working yet for certain features (e.g.
> PerlModule/PerlRequire aren't executed yet).
I thought about that and put a directory listing in my httpd.conf to see
if that worked. Same results with the following:
<Directory /home/*/public_html/webapp>
AllowOverride None
Options +ExecCGI
SetHandler perl-script
PerlAuthenHandler Apache::MyAuthen
AuthType Basic
AuthName MyAuth
require valid-user
PerlResponseHandler ModPerl::Registry
</Directory>
> Hmm, you configure to use base auth but you don't use it in the
> handler? See an example here:
> http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAuthenHandler
I was trying to make the smallest handler possible just to test out
whether CGI actually worked within it. Here is the handler that you
pointed to modified to log the list of params retrieved by CGI.pm
($query->param()) before it does any work. An empty log entry is
printed to the logs, and I get an error about using an undefined value
(@params), which I take to mean that CGI.pm isn't working within the
PerlAuthenHandler.
package Apache::SecretLengthAuthen;
use strict;
use warnings;
use Apache::Access ();
use Apache::RequestUtil ();
use Apache::Const -compile => qw(OK DECLINED AUTH_REQUIRED);
use Apache::Access();
use constant SECRET_LENGTH => 14;
use CGI;
sub handler {
my $r = shift;
my $q = new CGI;
my @params = $q->param();
$r->log_error(join ':', @params);
my ($status, $password) = $r->get_basic_auth_pw;
return $status unless $status == Apache::OK;
return Apache::OK
if SECRET_LENGTH == length join " ", $r->user, $password;
$r->note_basic_auth_failure;
return Apache::AUTH_REQUIRED;
}
1;
__END__
and the httpd.conf
<Directory /home/*/public_html/webapp>
AllowOverride None
Options +ExecCGI
SetHandler perl-script
PerlAuthenHandler Apache::SecretLengthAuthen
AuthType Basic
AuthName MyAuth
require valid-user
PerlResponseHandler ModPerl::Registry
</Directory>
-Mike
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by Stas Bekman <st...@stason.org>.
[ please *always* reply to the list]
Michael L. Artz wrote:
> Stas Bekman wrote:
>
>> Does CGI.pm works at all for you? Does CGI.pm's param() work? (this
>> should test whether env vars are set) Make sure that you run under
>> 'SetHandler perl-script'.
>> http://perl.apache.org/docs/2.0/user/config/config.html#C_SetHandler_
>
>
> CGI.pm seems to work fine from within my ModPerl::Registry script, but
> not in my own PerlAuthenHandler. I am sure that I am doing something
> stupid.
>
> I am running under SetHandler perl-script. Here is my .htaccess:
Ah, .htaccess... Does it work if you use it in httpd.conf? The .htaccess is
not fully working yet for certain features (e.g. PerlModule/PerlRequire aren't
executed yet).
> # .htaccess
> SetHandler perl-script
> PerlAuthenHandler Apache::MyAuthen
> AuthType Basic
> AuthName MyAuth
> require valid-user
>
> PerlResponseHandler ModPerl::Registry
> Options +ExecCGI
> # end .htaccess
>
> and the test handler
>
> # Apache::MyAuthen
> sub handler {
> my $r = shift;
> my $q = new CGI;
>
> my @params = $q->param();
>
> $r->log_error(join ':', @params);
>
> return Apache::OK;
> }
> # end Apache::MyAuthen
Hmm, you configure to use base auth but you don't use it in the handler? See
an example here:
http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAuthenHandler
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [mp2] CGI::Cookie inside of PerlAuthenHandler
Posted by Stas Bekman <st...@stason.org>.
Michael L. Artz wrote:
> Is it possible to use CGI::Cookie in an Auth* handler to retrieve
> cookies? I know that I am doing something stupid, but the neither of
> the following handlers seem to work for me for the PerlAuthenHandler.
> Basically I am just trying to print something about the cookie to the
> log for the moment, but I can't seem to get ahold of them using CGI.pm.
> I have turned on Mozilla's LiveHeaders, so I see the cookie being sent
> from the browser. My other option is to use:
Does CGI.pm works at all for you? Does CGI.pm's param() work? (this should
test whether env vars are set) Make sure that you run under 'SetHandler
perl-script'.
http://perl.apache.org/docs/2.0/user/config/config.html#C_SetHandler_
> %cookies = parse CGI::Cookie($r->header('Cookie'));
>
> which seems to work ok. I guess my question is what is the "best" way
> to do it at the moment?
>
> Similarly for setting cookies ... is the
> $r->err_header_out('Set-cookie' => $c);
> (for redirects) or
> $r->header_out('Set-cookie' => $c);
> (for normal usage) the best way to do things? At least until libapreq
> for mp2 is done?
These methods are deprecated in mp1 and mp2. You should be using the ones with
the 's' suffix err_headers_out, headers_out, see:
http://perl.apache.org/docs/2.0/user/compat/compat.html#C__r_E_gt_err_header_out_
http://perl.apache.org/docs/2.0/user/compat/compat.html#C__r_E_gt_header_out_
However I suppose that you are using Apache::compat, so they should work all
the same.
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com