Re: [Catalyst] how to authenticate using database users
* On Thu, Mar 19 2009, Adam Witney wrote: > Hi Bill, > > This is using PostgreSQL. The other apps are fat clients that can pull > data from external sources, it was therefore necessary to have the > security levels built into the database. Actually, there is really no reason to rely on the database for this. You can always put some sort of app in front of the database that does this. In the case of a fat client and a Catalyst app, the design would be something like this. You write a library that handles users, access levels, and so on. Then, you write a thin RPC server that sits between the database and fat client that uses this library to control access to the database. You speak SQL between the RPC server and the database, and something else between the fat client and the RPC server. (This is preferable to talking directly to the database for a number of reasons -- you can change the structure of the database, add transparent caching, and so on without the fat client ever knowing.) For the Cat app, you do the same thing -- when talking to the database, use the library that the RPC server uses, or just use the RPC server. (Both approaches have advantages.) There is a little bit more code to write, but you increase the flexibility of the system. All your rules are now written in easily-testable Perl instead of some variant of SQL. You can change the backend, and the frontend won't care. You can add caching, you can add your own master/slave replication, whatever -- everything is abstracted. Loose coupling is good! Tight coupling is bad! Anyway, there is no reason to throw away good software engineering principles simply because someone mentioned the word "database". Using the database for anything other than storing and querying data is a waste of effort. It's like writing all your software in CPU microcode, simply because it's the lowest level possible. You *can* do this, but why not use something higher-level? Everything is easier that way. Regards, Jonathan Rockway -- print just => another => perl => hacker => if $,=$" ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] how to authenticate using database users
Hi,
I have implemented such an authentication sheme. I'm rather new to catalyst
so I do not pretend it si the best way.
Anyway what I've done is :
1) add the session and authentication plugins to catalyst app:
use Catalyst qw/...
Authentication
Session
Session::Store::FastMmap
Session:State::Cookie
...
2) write a custom Authentication plugin, the your specific code is in
_authenticate_against_SGDB
package Serono::Gecko::Business::CredentialVerifier;
use Catalyst::Plugin::Authentication::User::Hash;
sub authenticate {
my ( $self, $c, $realm, $authinfo ) = @_;
my $schema = $c->model('DB') or confess "unable to get schema";
my $username = $authinfo->{username} || "";
my $password = $authinfo->{password} || "";
my $user = $self->_authenticate_against_SGDB($schema, $username,
$password );
if ($user) {
$c->log->debug( "authentication successful in " . __PACKAGE__ );
my $user_store = Catalyst::Plugin::Authentication::User::Hash->new(
id => $user->user_id, username => $username,
password => $password);
return $user_store;
}
$c->log->debug(
"Unable to locate user matching user info provided in " .
__PACKAGE__ );
return;
}
3) configure it through the catalyst config file
default_realm dbic
class +Serono::Gecko::Business::CredentialVerifier
class DBIx::Class
user_class DB::GeckoUserInfo
4) I use Root::auto to implement pass-through login and DB reconnection on
authenticated user if needed.
The only problem is that I encountered a bug with DBD::Oracle (I think),
that do not allow me to disconnect then reconnect, even DBI->connect (see my
previous post on this list).
On Wed, Mar 18, 2009 at 4:51 PM, Adam Witney wrote:
>
> Hi,
>
> Our database uses actual database users rather than a table containing
> usernames and password. How would I authenticate against the database
> itself? The examples I have come across in the Tutorial and various
> Catalyst::Authentication::* modules all seem to require the presence of a
> table containing username and password fields.
>
> I guess I could write my own authenticate method that performed a manual
> dbh connection somehow... but I was wondering if there was a more
> standard/recommended way to do this?
>
> thanks for any help
>
> adam
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] how to authenticate using database users
> > > Actually, there is really no reason to rely on the database for this. I absolutely disagree. There's an authentication mechanism already implemented in SGBD so why on earth not use it. Moreover if you want to benefit for logging features of SGBD like Oracle, your users have to be logged using their own account, so the the connection to the DB not only implement the authentication, but also provide this user connection. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] how to authenticate using database users
Karl Forner wrote:
2) write a custom Authentication plugin, the your specific code is in
_authenticate_against_SGDB
package Serono::Gecko::Business::CredentialVerifier;
use Catalyst::Plugin::Authentication::User::Hash;
sub authenticate {
my ( $self, $c, $realm, $authinfo ) = @_;
You know Catalyst::Plugin::Authentication::User::Hash is a deprecated
compatibility shim, right? And that you shouldn't be writing
authentication plugins (i.e. auth plugins as Catalyst plugins are
deprecated)
You seem to be confused by old auth (where the auth credential and store
were plugins, and therefore composed onto MyApp's @ISA), and new auth
(where the auth credential, realm and store are separate instances, and
not part of MyApp.
Your credential should be an instance, and should be sub authenticate {
my ( $self, $authinfo, $c ) = @_;
3) configure it through the catalyst config file
This is a config for new style auth..
Other than this confusion, this seems like a totally reasonable
approach, and could / should be a reuseable and generic solution.
I'd be happy to help you get this to CPANable if you'd like to/you're
able to volunteer. :_)
Cheers
t0m
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
[Catalyst] UTF8 Characters in Chained Arguments
I've found that URI parameters (?foo=bar) function fine but unicode characters in Chain() arguments do not survive from one page to the next. Specifically, this does not work for a chain involving captured unicode based arguments: $uri = $c->uri_for( $c->controller($controller)->action_for($action), $c->req->captures ); Unicode characters get split into individual bytes. If you reparse the path, however, it works perfectly: $uri = $c->uri_for( $c->controller($controller)->action_for($action), $c->req->captures ); $uri->path( $uri->path ); I'm using the Catalyst::Plugin::Unicode 0.8 on Catalyst 5.7015. Nothing in the release notes indicates it may have been corrected in newer versions and I do not have the luxury to upgrade at the moment. Thanks, Rod ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] UTF8 Characters in Chained Arguments
On 21 Mar 2009, at 00:02, Rod Taylor wrote: I've found that URI parameters (?foo=bar) function fine but unicode characters in Chain() arguments do not survive from one page to the next. This is almost certainly a bug. Can you try and work up a test case, either against C::P::U, or against core? Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
