[Catalyst] Setting an environment variable with the value of a header
I've not gotten replies to my posts regarding HTTP authentication, so I'm starting a separate thread. I am running a Catalyst app as a separate server with a reverse proxy. If I pass the REMOTE_USER to the Catalyst app via a header such as X-Proxy-REMOTE_USER, how do I set the REMOTE_USER value for in the Catalyst app? I've tried looking at Plack settings, but haven't figured out how to do this. (Another, perhaps easier alternative, is to write a Catalyst::Authentication::Credential plugin that does this, but I assume this isn't so unusual that it's already been done. Has it?) ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst with HTTP authentication
On 22/03/13 11:46 Robert Rothenberg wrote: > I understand how to have an Apache reverse proxy send the REMOTE_USER as a > header, with something like > > RequestHeader set X-Proxy-REMOTE-USER %{REMOTE_USER} > > but how to I get Authentication::Credential::Remote to use the header > instead of the environment variable? Do I need an auto method in Root.pm > that checks for the header and sets $c->req->remote_user()? I have code such as if (my $user = $c->req->header('X-Proxy-REMOTE-USER')) { $c->engine->env({ REMOTE_USER => $user }); $c->authenticate({}); } which works, but I get a warning "env as a writer is deprecated, you probably need to upgrade Catalyst::Engine::PSGI". I'm unsure what to do here. Should I write a Plack::Middleware plugin that translates the X-Proxy-REMOTE_USER header to an env->{REMOTE_USER}? ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst with HTTP authentication
On 14/03/13 08:51 Tomas Doran wrote: > > On 12 Mar 2013, at 17:10, Robert Rothenberg wrote: > >>> (Unless you mean you want to do the authentication on the proxy, >>> rather than the app servers). >> >> I want to do the latter. > > You should still be able to use Authentication::Credential::Remote, > you'll just need to re-configure your web server and proxy to do the > right thing with headers (i.e. the proxy needs to send the username along > in a header, and then the web server needs to pass that down into the > environment. > > Have a go and post some configs for your proxy / web server if it isn't > working for you. I understand how to have an Apache reverse proxy send the REMOTE_USER as a header, with something like RequestHeader set X-Proxy-REMOTE-USER %{REMOTE_USER} but how to I get Authentication::Credential::Remote to use the header instead of the environment variable? Do I need an auto method in Root.pm that checks for the header and sets $c->req->remote_user()? ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/