You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Pat Downey <pa...@gmail.com> on 2009/01/23 11:55:40 UTC

PerlSetVar behaviour within directive

Hi

I am trying to set variables for the Atlassian Crowd PerlAuthzHandler based
upon the type of request that is being received by the apache server.

The chunk from my httpd.conf file looks something like the following:

<LocationMatch ^/path>
  AuthType Basic
  AuthName "Crowd Auth"

  PerlAuthenHandler Apache::CrowdAuth
  PerlAuthzHandler Apache::CrowdAuthz

  PerlSetVar CrowdAppName app
  PerlSetVar CrowdAppPassword *******
  PerlSetVar CrowdSOAPURL
http://crowdhost:8095/crowd/services/SecurityServer

  <Limit GET>
    PerlSetVar CrowdAllowedGroups reader,writer
    Require valid-user
  </Limit>
  <LimitExcept GET>
    PerlSetVar CrowdAllowedGroups writer
    Require valid-user
  </LimitExcept>
</LocationMatch>

What I'd like is for members of the reader or writer groups to have GET
access and only members of the writer group to have everything else (mainly
for POST) access.

The problem seems to be that the 'PerlSetVar CrowdAllowedGroups writer' is
overwriting the
'PerlSetVar CrowdAllowedGroups reader,writer' call for all requests, not
just the method that I'm trying to limit each setting to. The opposite is
the case if I swap the two lines around.

Am I doing anything obviously wrong? or is this just the way it works.

If it's just the way it is then does anyone have any ideas on how to call
PerlSetVar with different values based upon the request type? or suggestions
on a better way to do what I'm trying to do?

Thanks in advance,

Pat

Re: PerlSetVar behaviour within directive

Posted by Michael Ludwig <ml...@as-guides.com>.

Pat Downey schrieb:
>
> I guess I might have to modify the module to recognise another couple
> of variables say CrowdAllowedWriteGroups and CrowdAllowedReadGroups
> and not worry about the <Limit> directives as I think I'm using them
> in a way that wasn't intended.

That's what I think, too. The relevant concept here seems to be the
one of scope. See:

Configuration Sections - Apache HTTP Server
http://httpd.apache.org/docs/2.2/sections.html

| Directives in the configuration files may apply to the entire server,
| or they may be restricted to apply only to particular directories,
| files, hosts, or URLs. This document describes how to use
| configuration section containers or .htaccess files to change the
| *scope* of other configuration directives.

The document then lists directives that do change the scope, and <Limit>
is not among them.

Michael Ludwig

Re: PerlSetVar behaviour within directive

Posted by Pat Downey <pa...@gmail.com>.

2009/1/23 Torsten Foertsch <to...@gmx.net>

>  PerlSetVar CrowdAllowedGroups reader,writer
>  Require valid-user
>   <LimitExcept GET>
>    PerlSetVar CrowdAllowedGroups writer
>   </LimitExcept>
>

Thanks for the response Torsten, unfortunately this still exhibits the
same behaviour that I was experiencing before.
In both your example and the original each seem to behave as if you had

<Location /blah>
...

PerlSetVar CrowdAllowedGroups reader,writer
PerlSetVar CrowdAllowedGroups writer
Require valid-user
</Location>

as your configuration.

I guess I might have to modify the module to recognise another couple of
variables say CrowdAllowedWriteGroups and CrowdAllowedReadGroups and not
worry about the <Limit> directives as I think I'm using them in a way that
wasn't intended.

Pat

Re: PerlSetVar behaviour within directive

Posted by Torsten Foertsch <to...@gmx.net>.

On Fri 23 Jan 2009, Pat Downey wrote:
>   <Limit GET>
>     PerlSetVar CrowdAllowedGroups reader,writer
>     Require valid-user
>   </Limit>
>   <LimitExcept GET>
>     PerlSetVar CrowdAllowedGroups writer
>     Require valid-user
>   </LimitExcept>
> </LocationMatch>
>
> What I'd like is for members of the reader or writer groups to have
> GET access and only members of the writer group to have everything
> else (mainly for POST) access.
>
> The problem seems to be that the 'PerlSetVar CrowdAllowedGroups
> writer' is overwriting the
> 'PerlSetVar CrowdAllowedGroups reader,writer' call for all requests,
> not just the method that I'm trying to limit each setting to.

Then, how about

  PerlSetVar CrowdAllowedGroups reader,writer
  Require valid-user
  <LimitExcept GET>
    PerlSetVar CrowdAllowedGroups writer
  </LimitExcept>


Torsten

-- 
Need professional mod_perl support?
Just hire me: torsten.foertsch@gmx.net