Hi Brett, Authorization is not purely related to authentication. For example you could authorize access based on an IP Address, or based on the time of the day. So we can't automatically decline a request just because they are not logged in.
But as you say, your authentication checks should have caught this before it got this far. Perhaps there is a problem with the order in which you configured things which will influence the order in which the authen and authz callbacks get triggered. Cheers, Cees On Thu, Jun 14, 2012 at 6:03 AM, B. Estrade <estr...@gmail.com> wrote: > On Wed, Jun 13, 2012 at 02:58:28PM -0500, B. Estrade wrote: >> I am finding that if I have a runmode that is protected via >> authentication and authorization, the authen doesn't happen before the >> authz is validated. >> >> In otherwords, I want a authen to happen first; if it fails, redirect >> to the login. If authen is okay, proceseed to authz. >> >> Right now I have this unsettling bit of code in my authz driver's >> authorize_user method: >> >> sub authorize_user { >> my $self = shift; my ($username, $required_permission) = @_; >> return 1 if (!$username or $required_permission); >> > > I mean: > > sub authorize_user { > my $self = shift; > my ($username, $required_permission) = @_; > return 1 if (!$username); > > .... > >> .... >> >> I figure that if there is no $username, then authen has failed. But, >> because of the ordering of calls, it appears that if this is the case, >> I have to succeed authorize_user and rely on authen to redirect the >> login - this seems backwards. Authen should fail before anything is >> checked with authz. What am I doing wrong? >> >> Thank you, >> Brett >> >> ##### CGI::Application community mailing list ################ >> ## ## >> ## To unsubscribe, or change your message delivery options, ## >> ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## >> ## ## >> ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## >> ## Wiki: http://cgiapp.erlbaum.net/ ## >> ## ## >> ################################################################ >> > > ##### CGI::Application community mailing list ################ > ## ## > ## To unsubscribe, or change your message delivery options, ## > ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## > ## ## > ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## > ## Wiki: http://cgiapp.erlbaum.net/ ## > ## ## > ################################################################ > ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################