HI, Users will login via a form.
Users and their passwords are saved to a mysql database. Getting a hadle to teh db and checking is fine. Expected users about 500. I understand I must make a sub authen_cred which creates a session key and sub authen_ses_key to find user from session and return it. is the sub authenticate what looks for a user and if no user returns what? Then in /systems/achilles/lib/Apache2_4/AuthCookieHandler.pm I have a sub authenticate but what should I return now in ssl_error_log I get "No authentication done but request not allowed without authentication for " If I remove sub authenticate then I get a 403 forbidden and none of the other subs get called. package Apache2_4::AuthCookieHandler; use strict; use Apache2::AuthCookieHandler; use Apache2::Const qw(AUTHZ_DENIED_NO_USER); use Apache2::RequestRec; use Apache::AuthCookie::Util qw(is_blank); use vars qw(@ISA); @ISA = qw(Apache2::AuthCookieHandler); my %Dwarves = map { $_ => 1 } qw(bashful doc dopey grumpy happy sleepy sneezy programmer); # authz under apache 2.4 is very different from previous versions sub dwarf { my ($self, $r) = @_; $r->server->log_error("dwarf entry"); my $user = $r->user; if (is_blank($user)) { $r->server->log_error("No user authenticted yet"); return Apache2::Const::AUTHZ_DENIED_NO_USER; } elsif (defined $Dwarves{$user}) { $r->server->log_error("$user is a dwarf"); return Apache2::Const::AUTHZ_GRANTED; } else { $r->server->log_error("$user is not a dwarf"); return Apache2::Const::AUTHZ_DENIED; } } sub authenticate { my $self = shift; my $r = shift; $r->server->log_error("LINE 42 2.4"); return WHAT HERE ? } sub login { my $self = shift; my $r = shift; $r->server->log_error("LINE 53 2.4"); } 1; Terveisin/Regards Scott Alexander scott.alexan...@humak.fi<mailto:scott.alexan...@humak.fi> ________________________________ From: André Warnier (tomcat/perl) <a...@ice-sa.com> Sent: 14 May 2020 14:40 To: modperl@perl.apache.org <modperl@perl.apache.org> Subject: Re: Apache2:AuthCookie With httpd 2.4 Hi. Just some tips, to simplify the issue, below in the text : On 14.05.2020 06:09, Scott Alexander wrote: > Hi, > > Thanks for your answer, but for me this is confusing. > > I have > > Apache2_4::AuthCookie is up to date. (3.30) > Apache2::AuthCookie is up to date. (3.30) <--- you do not need this with > Apache 2.4 > Server version: Apache/2.4.6 (CentOS) > Server built: Apr 2 2020 13:13:23 > > at the end of /etc/httpd/conf.d/ssl.conf there is include > /systems/achilles/config/mine_auth_cookie_mod_perl_server_apache2.conf > > my @inc has /systems/achilles/lib > and I have /systems/achilles/lib/Apache2/AuthCookieHandler.pm > and /systems/achilles/lib/Apache2_4/AuthCookieHandler.pm > > in both AuthCookieHandler.pm I've renamed the package line to eg > package Apache2_4::AuthCookieHandler; > > > In the directory I want to protect should I have > Not with Apache 2.4 : > AuthType Apache2::AuthCookieHandler > AuthName WhatEver > PerlAuthenHandler Apache2::AuthCookieHandler->authenticate > Require valid-user > > or > this is what you need with Apache 2.4 : > AuthType Apache2_4::AuthCookieHandler > AuthName WhatEver > PerlAuthenHandler Apache2_4::AuthCookieHandler->authenticate > Require valid-user > > And then what subs/methods I need to add into which AuthCookieHandler.pm ? > > in startup.pl should I have both or just one? > > use Apache2::AuthCookie ; <-- you do not need this > use Apache2_4::AuthCookie ; <-- this is correct for Apache 2.4 > > I am not porting from 2.2. I have used Shibboleth until now to protect > directories but > this project I can not use Shibboleth. > And how exactly do you want the user to authenticate ? via a login page where they enter their id and password ? And what is the way in which you are going to check that these id and password are correct ? (in other words : where are the user ids and passwords stored ?) And how many different users are you planning to have ? > > > Terveisin/Regards > ** > *Scott Alexander* > > scott.alexan...@humak.fi <mailto:scott.alexan...@humak.fi> > > ------------------------------------------------------------------------------------------ > *From:* Edward J. Sabol <edwardjsa...@gmail.com> > *Sent:* 12 May 2020 00:58 > *To:* Scott Alexander <scott.alexan...@humak.fi> > *Cc:* mod_perl list <modperl@perl.apache.org> > *Subject:* Re: Apache2:AuthCookie With httpd 2.4 > On May 11, 2020, at 8:58 AM, Scott Alexander <scott.alexan...@humak.fi> wrote: >> I've included using >> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmanpages.debian.org%2Funstable%2Flibapache2-authcookie-perl%2FApache2_4%3A%3AAuthCookie.3pm.en.html&data=02%7C01%7C%7Ccdbbc0aa22f9475f865b08d7f7fbb14a%7Ca30a558eb6084b2c8f39a7fa426fa49d%7C0%7C0%7C637250532694682960&sdata=i%2BubRiml7K8%2B3s8kLtcpY3blwpCmrNkM6Z337p07%2Bi4%3D&reserved=0 > as an example >> >> # In httpd.conf or .htaccess: >> PerlModule Sample::Apache2::AuthCookieHandler >> PerlSetVar WhatEverPath / ..... >> >> to my ssl.conf file >> >> No changes made to httpd.conf or ssl.conf. > > Those two statements seem to be conflicting? I keep my > authentication/authorization > information in httpd.conf, personally. > >> When trying to access the page I get the errors above. > > That sample configuration from the POD assumes that you are subclassing > Apache2::AuthCookie and that the name of your subclass is > Sample::Apache2::AuthCookieHandler. It's meant to be illustrative. I'm > guessing you don't > actually have such a subclass. Try just removing the "Sample::" part. You can > probably > also find working examples in the tests in the "t" subdirectory. > >> I've read this >> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmetacpan.org%2Fpod%2Fdistribution%2FApache-AuthCookie%2FREADME.apache-2.4.pod&data=02%7C01%7C%7Ccdbbc0aa22f9475f865b08d7f7fbb14a%7Ca30a558eb6084b2c8f39a7fa426fa49d%7C0%7C0%7C637250532694682960&sdata=tiVA1Oic5tVnRV7BAaVaGkcCeW7tukWkt1925QBLSdA%3D&reserved=0 >> which unfortunately doesn't make sense to me. > > That POD is meant for people developing (or porting from Apache 2.2.x) their > own Perl > modules for doing authentication and authorization under Apache 2.4.x. > AuthCookie already > handles all of this for you, assuming you only need or use AuthCookie. It > might apply if > you are subclassing from AuthCookie and you get into the gritty details, such > as > implementing your own AuthzProvider. Check out Apache2_4::AuthCookieDBI for > an example of > that. > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmetacpan.org%2Fpod%2FApache2_4%3A%3AAuthCookieDBI&data=02%7C01%7C%7Ccdbbc0aa22f9475f865b08d7f7fbb14a%7Ca30a558eb6084b2c8f39a7fa426fa49d%7C0%7C0%7C637250532694682960&sdata=igwPJCk%2Buknkk4cEuMBGoYljInf2k5zVJf0z5CH8t9c%3D&reserved=0 > > Regards, > Ed >