WAS: A better way to handle multiple client authentication? AND ALSO: Dynamically setting PerlVars in Apache per-request
Sorry for the long subject but I solved the questions I posted about and thought I would share my $solution. The initial problem was: Right now I have an application set up for multiple clients: clientA, clientB, clientC. Each client has their own users. The way I have it setup is clientA goes to http://www.site.com/clientA and is presented with a login screen which is triggered by an .htaccess file in a directory called /clientA. The .htaccess file directs Apache to perform DBI-based authentication using Apache2::AuthCookieDBI. PerlSetVar AuthDBI_DSN DBI:mysql:clientA This works great, but I am aware of the limitations and I would like to set up some rules in the Apache config that accomplish this all without .htaccess files in every directory for every client (gonna get tricky around 100,000 clients for sure!) William T. had an interesting suggestion to use the 'pwd_whereclause' but that wasn't exactly what I needed. So my first go at it resulted in my second question, about setting PerlSetVar on the fly, per-request and do authentication that way. Adam Prime (a Great Canadian) replied with a big hint that lead to my solution, he suggested just subclassing Apache2::AuthCookieDBI And voila! So in case anyone else ever needs to do this hopefully they can save some time, here is my $solution; myAUTH.pm: package myAUTH; use base qw(Apache2::AuthCookieDBI); #$CONFIG_DEFAULT is initialized in the parent (use base ...) $CONFIG_DEFAULT{myAuthDBI_DSN} = DBI:mysql:database=client; sub client { ... do stuff to determine your client ID... } 1; Anything else you need to change WRT the DBI can be done with the $CONFIG_DEFAULT variable. Use your new myAUTH module in the AuthType myAUTH section. If you want to get more fancy you can explore into dir_config. Anyway, I hope that helps somebody. Tosh -- McIntosh Cooey - Twelve Hundred Group LLC - http://www.1200group.com/
Dynamically setting PerlVars in Apache per-request
WAS: A better way to handle multiple client authentication? Yeah I use something similar in another application, but in this application I actually need to change the Auth_DBI_data_source variable since the FROM pwd_table would actually need to be FROM clientA.pwd_table and I can't see how to set this on the fly. I could probably also set the: Auth_DBI_pwd_table variable as well, but again the per-request setting is what's throwing me off. PerlSetVar Auth_DBI_data_source DBI:mysql:clientA or PerlSetVar Auth_DBI_pwd_table clientA.pwd_table Which is why I thought: RewriteRule ^/(.+)/$ PerlSetVar Auth_DBI_data_source DBI:mysql:$1 I was hoping a SetEnvIf or IfDefine would work but after reading more about Apache configuration I see it won't. Anyway, this is straying too far into Apache territory so I guess I will just set those variables within a modified Apache::AuthDBI I guess if anyone already knows an auth module that does that above that would be awesome, or if anyone knows how to easily change PerlVars on the fly within the Apache config/htaccess space that's be great, otherwise it's a small change to the above module. Thanks again! Tosh William T wrote: The documentation alludes to the variable 'pwd_whereclause'. If this variable is set it will be used in the passwd query. I would try and set it per client so that the query gets an additional where clause: SELECT pwd_field FROM pwd_table WHERE uid_field = user AND client = clientA I havn't actually tried this so I don't know if there are any caveats, but from the docs at least it seems possible. The only trick is making sure you can reset the pwd_whereclause with each different client url, and make client an additional column in your pwd_table. -- -wjt -- McIntosh Cooey - Twelve Hundred Group LLC - http://www.1200group.com/
Re: Dynamically setting PerlVars in Apache per-request
My suggestion would be to subclass AuthDBI to make the constructor fiddle with the dir_config entries that AuthDBI uses. See the docs for dir_config (the perl interface to PerlSetVar variables: http://perl.apache.org/docs/2.0/api/Apache2/ServerUtil.html#C_dir_config_ I have no idea how subclass friendly AuthDBI is or isn't. Adam Tosh Cooey wrote: WAS: A better way to handle multiple client authentication? Yeah I use something similar in another application, but in this application I actually need to change the Auth_DBI_data_source variable since the FROM pwd_table would actually need to be FROM clientA.pwd_table and I can't see how to set this on the fly. I could probably also set the: Auth_DBI_pwd_table variable as well, but again the per-request setting is what's throwing me off. PerlSetVar Auth_DBI_data_source DBI:mysql:clientA or PerlSetVar Auth_DBI_pwd_table clientA.pwd_table Which is why I thought: RewriteRule ^/(.+)/$ PerlSetVar Auth_DBI_data_source DBI:mysql:$1 I was hoping a SetEnvIf or IfDefine would work but after reading more about Apache configuration I see it won't. Anyway, this is straying too far into Apache territory so I guess I will just set those variables within a modified Apache::AuthDBI I guess if anyone already knows an auth module that does that above that would be awesome, or if anyone knows how to easily change PerlVars on the fly within the Apache config/htaccess space that's be great, otherwise it's a small change to the above module. Thanks again! Tosh William T wrote: The documentation alludes to the variable 'pwd_whereclause'. If this variable is set it will be used in the passwd query. I would try and set it per client so that the query gets an additional where clause: SELECT pwd_field FROM pwd_table WHERE uid_field = user AND client = clientA I havn't actually tried this so I don't know if there are any caveats, but from the docs at least it seems possible. The only trick is making sure you can reset the pwd_whereclause with each different client url, and make client an additional column in your pwd_table. -- -wjt