package AC::Centry::Access; $AC::Centry::Access::VERSION = qw$Revision: 1.2 $[1];
use strict; use Apache::Constants qw(:common); use AC::Centry::Tool(); # handler() # Process requests to protected URI's sub handler { my $r = shift; my $uri = $r->the_request; return OK unless $r->is_initial_req; # stops dbl execution $r->log->warn("Centry::Access triggered for $uri"); my $group = int $r->dir_config('AccessGroup'); # Create Config, Centry::Tool and verify_ticket my $centry_tool = AC::Centry::Tool->new($r); $r->log_reason("Bad Centry::Tool",$r->filename) unless $centry_tool; my ($result, $msg) = $centry_tool->verify_ticket($r,$group); # Return FORBIDDEN or short circuit with group unless ($result) { $r->log_reason($msg, $r->filename); $centry_tool->expire_cookie($r); # Expire cookie from browser unless ($group==0) { my $cookie = $centry_tool->make_return_address($r); $r->err_header_out('Set-Cookie' => $cookie->as_string); return FORBIDDEN; } } # Ticket is verified, Refresh ticket $r->log->warn("Reissuing ticket with ",join ':',@$msg); my $ticket = $centry_tool->make_ticket($r,@$msg); $r->err_header_out('Set-Cookie', $ticket->as_string); return OK; }