> A note: since cookie is involved, why not to implement
> all the access/authentication/authurization functions at
> the access control phase using cookie ?
I've got them split out to match the phase in which they'd be invoked.
That, and the fact that the access handler will be invoked everywhere, but
the authorization handler may be different based on the application being
protected.
Back to the original problem: it all boils down to the Authz handler. When
it's activated via 'require', directory indexes are not generated. Remove
the require, and *poof*, you get directory indexes.
>
>
> Peter
> > I've got an interesting problem, related to my development of some
> > Authen/Authz handlers.
> >
> > I have a directory on which I've installed an Access, Authen, and Authz
> > handler:
> >
> > - the Access handler makes sure a cookie exists, and redirects the user
to a
> > login page if it doens't. If the cookie does exist, populate
> > $r->connection->user. This works.
> >
> > - Authen handler currently returns OK - it will be used to validate the
user
> > as stored in the cookie
> >
> > If I 'require valid-user' in the directory, my authz handler doesn't get
> > invoked, which I expect. However, If I request the directory (ie.
/test/) I
> > get a directory listing instead of index.html. If I take out the
require,
> > thereby bypassing authen/authz, I get index.html. If I also put in
custom
> > 'requires', my authz handler is invoked, and the same thing happens.
> >
> > So, it seems that when OK is returned from an authz handler, the
> > DirectoryIndex is not being read.
> >
> > I've been unsucessful in trying to find a solution.
> >
> > Ideas?
> >
> > -klm.
> >
> > BTW, I understand that what I'm doing does appear to be similar to
> > Apache::AuthCookie, but I have a few different requirements that I need
to
> > incorporate....
> >
> >
> >
>
>
