I am finding that if I have a runmode that is protected via authentication and authorization, the authen doesn't happen before the authz is validated.
In otherwords, I want a authen to happen first; if it fails, redirect to the login. If authen is okay, proceseed to authz. Right now I have this unsettling bit of code in my authz driver's authorize_user method: sub authorize_user { my $self = shift; my ($username, $required_permission) = @_; return 1 if (!$username or $required_permission); .... I figure that if there is no $username, then authen has failed. But, because of the ordering of calls, it appears that if this is the case, I have to succeed authorize_user and rely on authen to redirect the login - this seems backwards. Authen should fail before anything is checked with authz. What am I doing wrong? Thank you, Brett ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################