[users@httpd] How to integrate Apache's authentication with my app's?

[Colin 't Hart <co...@gmail.com>]

Hi,

We have a web app written in PL/SQL (stored procedures in an Oracle
database). We use Apache and mod_owa (a variant on the mod_plsql theme) as
HTTP glue. Currently we're on Apache 2.2, but upgrading to 2.4 would be an
option.

Our app handles security itself (our own tables of users and roles); like
all web apps, logged in users get a cookie. For the sake of this
discussion, let's assume our app runs under www.my.com/app

Now we want to be able to serve some ordinary files using Apache to
authenticated users (registration of downloads basically). Again, for the
sake of discussion, assume that files are served from www.my.com/file

How can we integrate this with Apache's authentication? Functionally, a
user logged in to our app should be able to download a file without logging
in again elsewhere. Conversely, someone who isn't logged in trying to
download the file should be prompted to log in.

What's the best way to achieve this? The easiest way?
Thanks for any tips!

Cheers,

Colin

Re: [users@httpd] How to integrate Apache's authentication with my app's?

[Colin 't Hart <co...@gmail.com>]

Thanks Eric!

I wasn't aware of this module, this could work for us. The roundtrip into
our app won't be a problem.

Cheers,

Colin


On 6 September 2013 17:12, Eric Covener <co...@gmail.com> wrote:

> On Fri, Sep 6, 2013 at 10:21 AM, Colin 't Hart <co...@gmail.com>
> wrote:
> > Hi,
> >
> > We have a web app written in PL/SQL (stored procedures in an Oracle
> > database). We use Apache and mod_owa (a variant on the mod_plsql theme)
> as
> > HTTP glue. Currently we're on Apache 2.2, but upgrading to 2.4 would be
> an
> > option.
> >
> > Our app handles security itself (our own tables of users and roles); like
> > all web apps, logged in users get a cookie. For the sake of this
> discussion,
> > let's assume our app runs under www.my.com/app
> >
> > Now we want to be able to serve some ordinary files using Apache to
> > authenticated users (registration of downloads basically). Again, for the
> > sake of discussion, assume that files are served from www.my.com/file
> >
> > How can we integrate this with Apache's authentication? Functionally, a
> user
> > logged in to our app should be able to download a file without logging in
> > again elsewhere. Conversely, someone who isn't logged in trying to
> download
> > the file should be prompted to log in.
> >
> > What's the best way to achieve this? The easiest way?
>
> Maybe mod_xsendfile or similar?  You'll still have the roundtrip into your
> app.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Re: [users@httpd] How to integrate Apache's authentication with my app's?

[Eric Covener <co...@gmail.com>]

On Fri, Sep 6, 2013 at 10:21 AM, Colin 't Hart <co...@gmail.com> wrote:
> Hi,
>
> We have a web app written in PL/SQL (stored procedures in an Oracle
> database). We use Apache and mod_owa (a variant on the mod_plsql theme) as
> HTTP glue. Currently we're on Apache 2.2, but upgrading to 2.4 would be an
> option.
>
> Our app handles security itself (our own tables of users and roles); like
> all web apps, logged in users get a cookie. For the sake of this discussion,
> let's assume our app runs under www.my.com/app
>
> Now we want to be able to serve some ordinary files using Apache to
> authenticated users (registration of downloads basically). Again, for the
> sake of discussion, assume that files are served from www.my.com/file
>
> How can we integrate this with Apache's authentication? Functionally, a user
> logged in to our app should be able to download a file without logging in
> again elsewhere. Conversely, someone who isn't logged in trying to download
> the file should be prompted to log in.
>
> What's the best way to achieve this? The easiest way?

Maybe mod_xsendfile or similar?  You'll still have the roundtrip into your app.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org