Thank you for the information. I didnt know that what login and logout scripts were doing was setting/clearing the cookie.
Juan Manuel Parrilla El 21 de enero de 2010 19:15, Ihnen, David <dih...@amazon.com> escribió: > I happen to have just finished debugging my latest authen/authz > cookie-based authentication module last night, so this is **really** fresh > in my head. > > > > So right now you’re using AuthType basic. Change that to something else > specific to your module. The basic auth will no longer respond. > > > > Program an authentication handler (point to with PerlAuthenHandler > directive). It returns Apache2::Const::DECLINED if the ->auth_type doesn’t > match your custom type. Authen handlers set the ->user of the requestrec > object (probably by reading and validating a cookie in this case). If > authorization is required for the request and you didn’t set a username, you > should probably return Apache2::Const::FORBIDDEN. If it succeeded or it > doesn’t matter, you can return Apache2::Const::OK; > > > > Program an authorization handler. (point to with PerlAuthzHandler > directive). This use the Apache2::Access::requires method to get a list of > your authentication requirements from the auth config in apache’s config > file (like Require valid-user). And Apache2::Access::satisfies to determine > how you interpret the list of requirements. > > > > If you want to use a straight login page, If Authorization fails, set error > header ‘Location’ to the location of your login script and return > Apache2::Const::REDIRECT from the handler. > > > > If you want to use an error document, If Authorization fails, return > Apache2::Const::AUTH_REQUIRED or Apache2::Const::FORBIDDEN from the > handler. (configure ErrorDocument 401 or 403 respectively) > > > > If authorization succeeds, simply return Apache2::Const::OK. > > > > I also have handlers functions for LOGIN and LOGOUT which set and clear the > auth cookie. That’s different though – Authen/Authz is the part where you > decide if the user is recognized and is allowed to access, which is what you > asked about. > > > > David > > > > > > > > *From:* Juan Manuel Parrilla Gutiérrez [mailto:joanma...@gmail.com] > *Sent:* Thursday, January 21, 2010 9:26 AM > *To:* mod_perl list > *Subject:* Re: Use form instead of AuthType Basic (pop-up windows) > > > > Hello, I am sorry if I didnt explain me properly. > What I want to know is understand how use a formulary instead of AuthType > Basic. I know there are several modules that are doing this, but it is not > about using one, it is about understanding how. > > I am doing my own Auth module (just to learn about it and mod_perl) and I > would like to use a form instead of pop up window, and using CGI is not an > option because I want to use Authz and Authen handlers. > > What I need are the basic steps to move from AuthType Basic to use a form. > > Thank you very much for all your answers, > Juan Manuel Parrilla Gutierrez > > 2010/1/21 André Warnier <a...@ice-sa.com> > > Juan Manuel Parrilla Gutiérrez wrote: > > Hello, this is my first message to this list and I am also a bit new to > mod_perl. > My question is simple, in all the documentation I have found about mod_perl > and auth (like practical mod perl, or writing apache modules in perl and c) > they are always using AuthType Basic, so when the users tries to acess some > protected content, a pop up windows will appear to ask for name/pass. > > What I want to do is to use a formulary instead of that pop-up window. As > far as I know looking at AuthCookie, for example, there they define > "AuthType Sample::AuthCookie" and they also define a login.pl and > different > configs in the conf files. > > I want to know the different steps to define and use a form instead of > AuthType Basic. > > Have a look here : > http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Apache2/AuthCookie.html > and scroll to the section > THE LOGIN SCRIPT > > If you install that module, it comes along with examples. > AAA is tricky, and maybe not the easiest way to start playing with > mod_perl. But this documentation is well-done, and should get you started, > if you follow it carefully. > > >
