[Catalyst] Setting an environment variable with the value of a header
I've not gotten replies to my posts regarding HTTP authentication, so I'm starting a separate thread. I am running a Catalyst app as a separate server with a reverse proxy. If I pass the REMOTE_USER to the Catalyst app via a header such as X-Proxy-REMOTE_USER, how do I set the REMOTE_USER value for in the Catalyst app? I've tried looking at Plack settings, but haven't figured out how to do this. (Another, perhaps easier alternative, is to write a Catalyst::Authentication::Credential plugin that does this, but I assume this isn't so unusual that it's already been done. Has it?) ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst with HTTP authentication
On 22/03/13 11:46 Robert Rothenberg wrote:
> I understand how to have an Apache reverse proxy send the REMOTE_USER as a
> header, with something like
>
> RequestHeader set X-Proxy-REMOTE-USER %{REMOTE_USER}
>
> but how to I get Authentication::Credential::Remote to use the header
> instead of the environment variable? Do I need an auto method in Root.pm
> that checks for the header and sets $c->req->remote_user()?
I have code such as
if (my $user = $c->req->header('X-Proxy-REMOTE-USER')) {
$c->engine->env({ REMOTE_USER => $user });
$c->authenticate({});
}
which works, but I get a warning "env as a writer is deprecated, you
probably need to upgrade Catalyst::Engine::PSGI".
I'm unsure what to do here. Should I write a Plack::Middleware plugin that
translates the X-Proxy-REMOTE_USER header to an env->{REMOTE_USER}?
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst with HTTP authentication
On 14/03/13 08:51 Tomas Doran wrote:
>
> On 12 Mar 2013, at 17:10, Robert Rothenberg wrote:
>
>>> (Unless you mean you want to do the authentication on the proxy,
>>> rather than the app servers).
>>
>> I want to do the latter.
>
> You should still be able to use Authentication::Credential::Remote,
> you'll just need to re-configure your web server and proxy to do the
> right thing with headers (i.e. the proxy needs to send the username along
> in a header, and then the web server needs to pass that down into the
> environment.
>
> Have a go and post some configs for your proxy / web server if it isn't
> working for you.
I understand how to have an Apache reverse proxy send the REMOTE_USER as a
header, with something like
RequestHeader set X-Proxy-REMOTE-USER %{REMOTE_USER}
but how to I get Authentication::Credential::Remote to use the header
instead of the environment variable? Do I need an auto method in Root.pm
that checks for the header and sets $c->req->remote_user()?
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
