package AC::Centry::Access;
$AC::Centry::Access::VERSION = qw$Revision: 1.2 $[1];
use strict;
use Apache::Constants qw(:common);
use AC::Centry::Tool();
# handler()
# Process requests to protected URI's
sub handler {
my $r = shift;
my $uri = $r->the_request;
return OK unless $r->is_initial_req; # stops dbl execution
$r->log->warn("Centry::Access triggered for $uri");
my $group = int $r->dir_config('AccessGroup');
# Create Config, Centry::Tool and verify_ticket
my $centry_tool = AC::Centry::Tool->new($r);
$r->log_reason("Bad Centry::Tool",$r->filename) unless $centry_tool;
my ($result, $msg) = $centry_tool->verify_ticket($r,$group);
# Return FORBIDDEN or short circuit with group
unless ($result) {
$r->log_reason($msg, $r->filename);
$centry_tool->expire_cookie($r); # Expire cookie from browser
unless ($group==0) {
my $cookie = $centry_tool->make_return_address($r);
$r->err_header_out('Set-Cookie' => $cookie->as_string);
return FORBIDDEN;
}
}
# Ticket is verified, Refresh ticket
$r->log->warn("Reissuing ticket with ",join ':',@$msg);
my $ticket = $centry_tool->make_ticket($r,@$msg);
$r->err_header_out('Set-Cookie', $ticket->as_string);
return OK;
}
