Hi List,
I wrote a PerlAuthenHandler to authenticate users that access a webservice.
I supposed that by returning either "OK" or "HTTP_UNAUTHORIZED" back to
apache2 it will allow or deny acces due to the "require valid-user"
directive that I set.
My problem is, that apache executes my handler, but it does not take care of
my return-values. Instead it always serves the request and grants access.
Any ideas?
Thanks in advance,
Moritz
Section of my apache-configuration:
--- BEGIN ---
PerlModule FOO::Auth
<Location /bar>
# do authentication:
PerlAuthenHandler FOO::Auth::authen_handler
AuthName "experimental server"
AuthType Basic
Require valid-user
</Location>
--- END ---
Code of my handler-module:
--- BEGIN ---
package FOO::Auth;
use Data::Dumper;
use Apache::RequestRec;
use Apache::Access;
use Apache::Log;
use Apache::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED FORBIDDEN);
use Apache::RequestUtil ();
sub authen_handler {
my $r = shift;
# get user's authentication credentials
my ($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != Apache::Const::OK;
my $user = $r->user;
print STDERR "$user -> $sent_pw\n";
if ($user eq "mytestuser") {
return OK;
} else {
$r->note_basic_auth_failure;
$r->log_reason("wrong login", $r->uri);
return HTTP_UNAUTHORIZED;
}
}
1;
--- END ---
extract of apache2 error-log:
--- BEGIN ---
notmytestuser -> sad
[Tue May 15 15:53:34 2007] [error] access to /bar/index.php failed for
xxx.xxx.xxx.xxx, reason: wrong login
--- END ---
