Re: [cgiapp] CGI::Application status update from the maintainer
Hi Bill, This is fascinating, but I think you're abusing CGI.pm for something it was never intended for. *** Which is one of the glories of open source. Things keep getting used for stuff that the original writers never envisioned. - Jerry Kaidor # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] app authorization patterns, best practices?
Hello, I just emailed you the source of the MULTI_DBI driver. I do not pretend that this is the best way to do it, or even that it is very good; I am far from expert at object oriented Perl, and sweated blood to get it to work at all. And a month or two ago it stopped working suddenly, and I haven't had time to troubleshoot it. It authenticates against multiple user databases, all with the same format. One is designated as global, and the others are sub-business specific. The driver authenticates by username and password, and records which database it authenticated against in the session-param structure. - Jerry Kaidor On Fri, Mar 23, 2012 at 8:05 PM, Jerry Kaidor je...@tr2.com wrote: I have some questions regarding best practices when implementing role based access control (RBAC). I have been playing with CApp::Authentication and Authorization, and they both do basically what I need. *** Me too. I have three sub-businesses. Let's call them A, B, C. I want to have access to all of it, but I want my managers to only have access to their particular piece. Here's more or less how I did it. BTW, it recently broke for unknown reason, and I havent' gotten around to troubleshooting. CApp:Authentication has a notion of drivers. I wrote a multi-DB driver that can look in a set of authentication databases. I have a users mysql database at my global level, and another users database in each subbusiness. When somebody attempts to log in, the multi-auth driver tries each database in turn. If it successfully authenticates against the global database, that user has privs for all the sub-businesses. Each line in the users database has a set of permissions flags, which correspond to things seeming to permission as I coded. In line with the code are statements in the form if( getpriv( user, business )){}. That way, I have a permissions system with much finer granularity than Capp::Authorization, which I do not use at all. - Jerry Kaidor ( je...@tr2.com ) Jerry, I didn't think about using the driver in this way - thank you for the idea. Another thing I am looking at doing is setting up contexts. What this does is that it allows the user to assume a particular set of roles given what they are doing if they are assigned mutually exclusive roles globally. Basically, each context is a set of compatible roles that are active at any given time. The user is permitted to switch among contexts as they wish, activating and deactivating roles as needed. I know it's another level of complexity, but still part of the RBAC thing - I'll look more at the drivers aspect. Thanks, again. Brett Here's the skeleton I came up with - https://gist.github.com/33d23edf8fa2c0f48dc0 My question is really, what's the best way to go about separating functionality in a CApp based application? A practical case I am looking at right now is that I have form that is used to manage user data. There are 3 roles - User, Manager, and Admin. Each one has the types of permissions you'd expect (User can manage himself, Manager can manage his Users, Admin can do anything). I was thinking of the best way to build this form and control actions cleanly and compose this form using 3 different runmodes that are increasingly restrictive. For example, the User form calls the user runmode, and returns the form content. The manager runmode takes the output of user and adds some stuff to it. The admin runmode might take the result of the manager runmode - which would also include what the user runmode provides...and so on. Ultimately, my goal is to get away from nasty frog boiling if blocks controlling authorization and rely on composable functions (i.e., runmodes or modules) that will cleanly give me what I would like using the runmode level protection that CApp::Authorization provides you. I've searched around and banged my head against this pretty hard, so any thoughts or resources would be appreciated. For all I know, this might be a bad idea. But I am really just looking for the best way to create an access controlled system as cleanly as possible. Thank you, Brett ps: I noticed that even if POST_LOGIN_RUNMODE is protected via CApp::Authentication, the check seems to be ignored immediately after login. I am not sure if this is a known issue or that there are some callbacks happening in the wrong order. This will happen in the gist I linked above. # CGI::Application community mailing list ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net
Re: [cgiapp] app authorization patterns, best practices?
I have some questions regarding best practices when implementing role based access control (RBAC). I have been playing with CApp::Authentication and Authorization, and they both do basically what I need. *** Me too. I have three sub-businesses. Let's call them A, B, C. I want to have access to all of it, but I want my managers to only have access to their particular piece. Here's more or less how I did it. BTW, it recently broke for unknown reason, and I havent' gotten around to troubleshooting. CApp:Authentication has a notion of drivers. I wrote a multi-DB driver that can look in a set of authentication databases. I have a users mysql database at my global level, and another users database in each subbusiness. When somebody attempts to log in, the multi-auth driver tries each database in turn. If it successfully authenticates against the global database, that user has privs for all the sub-businesses. Each line in the users database has a set of permissions flags, which correspond to things seeming to permission as I coded. In line with the code are statements in the form if( getpriv( user, business )){}. That way, I have a permissions system with much finer granularity than Capp::Authorization, which I do not use at all. - Jerry Kaidor ( je...@tr2.com ) Here's the skeleton I came up with - https://gist.github.com/33d23edf8fa2c0f48dc0 My question is really, what's the best way to go about separating functionality in a CApp based application? A practical case I am looking at right now is that I have form that is used to manage user data. There are 3 roles - User, Manager, and Admin. Each one has the types of permissions you'd expect (User can manage himself, Manager can manage his Users, Admin can do anything). I was thinking of the best way to build this form and control actions cleanly and compose this form using 3 different runmodes that are increasingly restrictive. For example, the User form calls the user runmode, and returns the form content. The manager runmode takes the output of user and adds some stuff to it. The admin runmode might take the result of the manager runmode - which would also include what the user runmode provides...and so on. Ultimately, my goal is to get away from nasty frog boiling if blocks controlling authorization and rely on composable functions (i.e., runmodes or modules) that will cleanly give me what I would like using the runmode level protection that CApp::Authorization provides you. I've searched around and banged my head against this pretty hard, so any thoughts or resources would be appreciated. For all I know, this might be a bad idea. But I am really just looking for the best way to create an access controlled system as cleanly as possible. Thank you, Brett ps: I noticed that even if POST_LOGIN_RUNMODE is protected via CApp::Authentication, the check seems to be ignored immediately after login. I am not sure if this is a known issue or that there are some callbacks happening in the wrong order. This will happen in the gist I linked above. # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## #### # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] CGI::Application wiki page ArticlesAndTutorials updated by Dave
Does Wiki editing require a captcha? If not, maybe it should. Automated spam will stop when you require that a human being enter it. Because that costs the spammers money. - Jerry Kaidor Hi Dave On Sat, 2011-08-06 at 21:54 -0400, cgi...@erlbaum.net wrote: CGI::Application page http://cgi-app.org/index.cgi?ArticlesAndTutorials edited by Dave Thanx for the cleanup. Likewise to all the other who help out. As always, I simply can't see the point of these hacks, in that the potential audience will be small. Perhaps it's more a case of: Just because I can. -- Ron Savage http://savage.net.au/ Ph: 0421 920 622 # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## #### # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] Debugging Performance with CGI::Application Using Firebug and Time::HiRes
I have also noticed that CGI::Application is slow. When I recoded my business software ( which was originally a set of Perl/CGI/mysql scripts, each one with a big messy dispatch table ) my page load times went up from under a second to about 2 seconds. It's still tolerable, and I figured it was just the price of civilized programming. - Jerry Kaidor # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] Progress Bar
There was a brief discussion of something vaguely related at http://www.erlbaum.net/pipermail/cgiapp/2010q2/002160.html *** Thanks, Nic! They're using a caching library to feed chunks to a browser. I'm leaning more toward using an SQL table with unique download IDs and progress numbers. My main script would update the table as it did the upload, and the javascript on the browser would make periodic requests to a small standalone CGI script that reads the table, and just upchucks the current percentage. The table entry would be deleted when the download is done - that way, the table wouldn't get huge. Meanwhile, if the CGI gets a request for a nonexistant entry, the answer is 100% :). I need to work out the details of starting up the upload. I found a really simple javascript progress bar at: http://www.redips.net/javascript/ajax-progress-bar/. - Jerry Kaidor # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] Weird Perl Internal Errors
Hi Jerry, Though off-topic for this list -- DBI appears to be the culprit -- since DBD::* modules usually have XS parts, that's probably where these errors are coming from. *** I have asked on dbi-users this morning. Meanwhile, I'd like to attack this from a time angle. Anybody know how to propogate errors back into the Apache webserver? I'd like to create my own errors that would wind up in /var/log/httpd/error_log, and thusly bracket the problem in time. Thanks in advance, - Jerry Kaidor ( je...@tr2.com ) You might ask on a DBI mailing list or the appropriate DB Driver list (mysql-devel?) and be sure to include your operating system type and version, perl version, database type and version and the versions of DBI and the DBD driver you're running, and what triggers the error (apache restart? db reads, db writes?? something else?) Most likely you just have to re-install or upgrade your db drivers (e.g. DBD::mysql) hth, -dave On 8/28/2010 11:26 AM, Jerry Kaidor wrote: Hello, I'm getting some errors in my cgiapp-based application that seem to be related to Perl internals. They are produced by the Apache webserver, and are ending up in /var/log/httpd/error_log. There's one of them tacked onto the end of this message. I have no clue as how to even approach this stuff. I did find some mention of such items in the perlguts man page. The first one seems to be saying: There exists a scalar of unknown value. There is a reference pointing to 0x8c64f64 located at 0x8c64f58. (etc) Is there some way for me to get at the symbol table and find out what's at 0x8c64f58? I sure would like to troubleshoot this in some other way than just removing pieces of the app until it goes away Is there a usual cause for such distress in the cgiapp environment? BTW, the app seems to work fine. Thanks in advance, - Jerry Kaidor --- snip - [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] SV = [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] RV(0x8c64f64) at 0x8c64f58 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] REFCNT = 1 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] FLAGS = (ROK,READONLY) [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] RV = 0x8c64d28 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] SV = [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] PVHV(0x8a0a51c) at 0x8c64d28 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] REFCNT = 1 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] FLAGS = (OBJECT,OOK,SHAREKEYS) [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] STASH = 0x8703ef8 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] \tDBI::db [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] ARRAY = 0x8c68680 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] KEYS = 0 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] FILL = 0 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] MAX = 7 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] RITER = -1 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] EITER = 0x0 -- endsnip - # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## #### # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net
[cgiapp] Weird Perl Internal Errors
Hello, I'm getting some errors in my cgiapp-based application that seem to be related to Perl internals. They are produced by the Apache webserver, and are ending up in /var/log/httpd/error_log. There's one of them tacked onto the end of this message. I have no clue as how to even approach this stuff. I did find some mention of such items in the perlguts man page. The first one seems to be saying: There exists a scalar of unknown value. There is a reference pointing to 0x8c64f64 located at 0x8c64f58. (etc) Is there some way for me to get at the symbol table and find out what's at 0x8c64f58? I sure would like to troubleshoot this in some other way than just removing pieces of the app until it goes away Is there a usual cause for such distress in the cgiapp environment? BTW, the app seems to work fine. Thanks in advance, - Jerry Kaidor --- snip - [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] SV = [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] RV(0x8c64f64) at 0x8c64f58 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] REFCNT = 1 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] FLAGS = (ROK,READONLY) [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] RV = 0x8c64d28 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] SV = [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] PVHV(0x8a0a51c) at 0x8c64d28 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] REFCNT = 1 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] FLAGS = (OBJECT,OOK,SHAREKEYS) [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] STASH = 0x8703ef8 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] \tDBI::db [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] ARRAY = 0x8c68680 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] KEYS = 0 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] FILL = 0 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] MAX = 7 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] RITER = -1 [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] [Sat Aug 28 07:37:21 2010] [error] [client 10.120.102.6] EITER = 0x0 -- endsnip - # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
[cgiapp] Progress with my code
Hello, When we last left our intrepid hero, he was struggling with CGI::Authentication... OK, I got it working. Multiple authentication databases, and a single global one that awards global permissions. And timeouts depending on the IP address of the browser - long for the localnet, and short for the Internet. I used NetAddr::IP to find out if the browser address was inside the network defined by one of my interfaces. That's not perfect: The localnet is 10.xx.xx.xx, but there are routers on it that route to wireless networks starting with 192.168. I'm thinking maybe to just call ANY RFC1918 compliant local address local. Internet gateways generally don't pass such addresses, and my firewall specifically drops them on the external interface, both for input and output. Thinking about it I have made good progress refactoring my code. It is now much cleaner. I'm not sure what's more important: CGI::Application or HTML::Template. It was especially satisfying to see all that messy HTML vanish out of my Perl code. And the HTML in the templates is much cleaner too, because I don't have to do any quote-escaping. I think the designer's decision to make HTML::Template look like HTML was a good one. I discovered that it's possible to have multiple templates open at the same time. So I was able to use templates for individual areas on the pages, individual rows in the data displays, even individual columns. I abandoned that last, though, because it just made things too slow, probably because of the cost of all the template file open()s. In general, the new code is slower than the old. The initial screen ( after login ) used to come up in about a second, now it takes two. I can tolerate that as long as the individual screens inside the application are reasonably fast. So thank you all for your help! - Jerry Kaidor # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] Graceful Error Handling in CGI::App (compile / init stages)
On 07/07/2010 05:16 AM, Mike Tonks wrote: It's verbose, but the only thing I know of is: Btw, it's not a good idea to show detailed error messages on your website. *** Concur. I get a lot of mileage out of Sys::Syslog. It's easy to get your logging done to a separate file just for your webapp. Just choose a facility that nobody else is using ( I use local0 ) and put a line in /etc/syslog.conf for it. When things get totally hosed and I can't figure out what's going on, I even resort to one-letter syslogs in strategic places - OK, it got here. if( $bumbersnoot ) { syslog( 'debug', A ); # do the usual useful bumbersnoot stuff... } else { syslog( 'debug', B ); # Don't need no steenkin bumbersnoot! } I generally have a couple of terminals running: + one tailing -f the server error file, and the other one looking at my webapp log file. - Jerry Kaidor # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
[cgiapp] CAP::Authentication Multi-Driver
Hello, Continuing to try to get my multiple DBI's driver working. As you may remember, I needed my application to know which database my user authenticated against. With Nicholas Bamber's advice, I was off to a good start. I created a driver ( MULTI_DBI.pm ) which subclasses the DBI driver using use base. My driver iterates through a hash of labels and dhb's, sending each dbh to the DBI driver. Right now, after calling __SUPER__::verify_credentials with $super_output = $self-SUPER::verify_credentials( $self, @creds ); I get the following error: Error executing class callback in prerun stage: must call dbh_config() before calling dbh(). What this seems to mean is that $options{DBH} is undefined. Using Data::Dumper - before calling the superclass: dumper says $VAR1 = 'DBH'; $VAR2 = bless( {}, 'DBI::db' ); $VAR3 = 'DBHS'; $VAR4 = {'ST' = $VAR2,'IP' = bless({},'DBI::db' ),'GLOBAL' = bless( {}, 'DBI::db' ),'QR' = bless( {}, 'DBI::db' )}; $VAR5 = 'TABLE'; $VAR6 = 'users'; ...The important part is $VAR1 and $VAR2, which together are a hash element defining DBH as some meaningful number ( that I got from the DBI library when opening the database ). My MULTI_DBI driver added the DBH hash member so that the DBI driver would recognize it and verify against that database. HOWEVER, after calling the superclass I get: dumper says $VAR1 = 'DBHS'; $VAR2 = { 'ST' = bless( {}, 'DBI::db' ), 'IP' = bless( {}, 'DBI::db' ),'GLOBAL' = bless( {}, 'DBI::db' ),'QR' = bless( {}, 'DBI::db' )}; $VAR3 = 'TABLE'; $VAR4 = 'users'; ...Note that there are only 4 VARs. And there is no DBH hash. Apparently, Perl has kindly removed any changes that I made to the options hash/array. One thought I had was that $self had somehow changed. But no: (top of MULTI_DBI::verify_credentials ) CGI::Application::Plugin::Authentication::Driver::MULTI_DBI=HASH(0x89be0a8) (top of DBI::verify_credentials CGI::Application::Plugin::Authentication::Driver::MULTI_DBI=HASH(0x89be0a8) looks like the same number to me Anybody know the magic to get new stuff to stick in $self-options? (Mostly fighting my own ignorance here, I know ) Thanks in advance, - Jerry # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
[cgiapp] Authentication cant find my driver
Hello, Really stuck here I'm trying to create a new driver for CAP::Authentication. When I run my program, it says: --- snip -- Error executing class callback in prerun stage: Driver MULTI_DBI can not be found at /usr/lib/perl5/site_perl/5.10.0/CGI/Application/Plugin/Authentication.pm line 1096. - endsnip --- I put my driver ( MULTI_DBI.pm ) in the same directory as the existing drivers. It has the same ownership and permissions as the existing drivers. It has the same structure as the existing drivers, with the exception that instead of subclassing Driver, it subclasses Driver::DBI. I tried to change it to subclassing Driver instead, but no luck. I changed MULTI_DBI to MULTIDBI on the off chance that it didn't like the underscore, no luck. Grepping around, I can't find any list of drivers in Authentication.pm or Driver.pm. Is there some giant perl-wide list ( besides @INC ) of all the files that are available to require()? - Jerry Kaidor # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] Authentication cant find my driver
And just for yuks, I said: require '/usr/lib/perl5/site_perl/5.10.0/CGI/Application/Plugin/Authentication/Driver/DBI.pm' ...at the top of my application and it found it. Then I changed it to require '/usr/lib/perl5/site_perl/5.10.0/CGI/Application/Plugin/Authentication/Driver/MULTIDBI.pm' and it DIDN'T find it. So apparently there IS some sort of Perl system-wide list of files and packages besides @INC. Can't be @INC because my file is in the same directory. Right? - Jerry Kaidor Hello, Really stuck here I'm trying to create a new driver for CAP::Authentication. When I run my program, it says: --- snip -- Error executing class callback in prerun stage: Driver MULTI_DBI can not be found at /usr/lib/perl5/site_perl/5.10.0/CGI/Application/Plugin/Authentication.pm line 1096. - endsnip --- I put my driver ( MULTI_DBI.pm ) in the same directory as the existing drivers. It has the same ownership and permissions as the existing drivers. It has the same structure as the existing drivers, with the exception that instead of subclassing Driver, it subclasses Driver::DBI. I tried to change it to subclassing Driver instead, but no luck. I changed MULTI_DBI to MULTIDBI on the off chance that it didn't like the underscore, no luck. Grepping around, I can't find any list of drivers in Authentication.pm or Driver.pm. Is there some giant perl-wide list ( besides @INC ) of all the files that are available to require()? - Jerry Kaidor # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## #### # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] Authentication cant find my driver
What does your 'package' line at the top of your module look like? It should be: package CGI::Application::Plugin::Authentication::Driver::MULTI_DBI; *** Yes, it is exactly that. - Jerry # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] Authentication cant find my driver
Hi Jerry Correct. The '_' is missing from MULTI_DBI. *** Yes, I was back and forth on that underscore. I just put it back in, because it didn't make any difference. So apparently there IS some sort of Perl system-wide list I don't think that's the problem... *** I don't think so, either. I tried the following experiment: 1. Saved MULTI_DBI.pm somewhere else. 2. Copied DBI.pm to MULTI_DBI.pm Then it worked! Well, didn't really work, because DBI.pm doesn't have to code to do what I wanted. But it got past the can't find the driver error. I think that there is a subtlety in this line of MULTI_DBI.pm: --- snip use base qw(CGI::Application::Plugin::Authentication::Driver::DBI); --- endsnip Either it is not finding the DBI driver, or the DBI driver is unable to find something that IT needs. I've seen similar before in other systems: file A needs library B, it can't find it, and the system complains that it can't find file A, even though it's right in front of your face. I had to leave it for now and get some real work done for my business. - Jerry Kaidor -- Ron Savage http://savage.net.au/ Ph: 0421 920 622 # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## #### # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] Multiple Authentications?
Hi Nicholas, Jerry, I think the way to make your code future version safe would be as follows: *** OK, I'm working on it. 1.) Derive a driver class from CGI::Application::Plugin::Authentication::Driver::DBI *** I created a file inside the same directory as DBI called MULTI_DBI.pm. At the top it says: --- snip package CGI::Application::Plugin::Authentication::Driver::MULTI_DBI; use strict; use warnings; use base qw(CGI::Application::Plugin::Authentication::Driver::DBI); --- endsnip --- 2.) You will need to add an extra config parameter to represent the label of the driver. snip =head1 SYNOPSIS use base qw(CGI::Application); use CGI::Application::Plugin::Authentication; __PACKAGE__-authen-config( DRIVER = [ 'MULTI_DBI', DBHS= [ 'DBH_JOE' = $self-global_dbh, 'DBH_BOB' = $self-dbh1, 'DBH_BILL' = $self-dbh2, #( etc for all DBHs ) ] TABLE = 'user', CONSTRAINTS = { 'user.name' = '__CREDENTIAL_1__', 'MD5:user.password' = '__CREDENTIAL_2__' }, ], ); endsnip 3.) Override the verify_credentials method obviously letting SUPER::verify_credentials do its stuff . *** I iterate through my anonymous hash of names and dbh's. For each one, I stuff the dbh into %options{ DBH } and call __SUPER__-verify_credentials. You need to capture the output of the SUPER call. On failure just pass back failure. On success stash the driver label using perhaps CGI::Application::param or perhaps CGI::Application::Plugin::MessageStack . *** How about I just stuff the matched label back into the options hash? It's accessible from both the driver and the application. And it wouldn't affect your code at all. - Jerry Kaidor # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
[cgiapp] Multiple Authentications?
Hello, I see that CAPAuthentication will let you install multiple drivers. Can one install multiple instances of the same driver, only with different parameters? Here's my situation: My business has three locations - let's call them locA,locB,locC. The database for each location has a users table which contains usernames, MD5 passwords, and a constellation of permissions for each user. There is also a global users table. Its structure is exactly the same as the users tables for the individual locations. The permissions in this table apply to ALL the locations. So if user Bob appears in the global table and has permission foo, then inq_can_foo( Bob ) returns TRUE for all the locations. If, OTOH, Bob appears in LocA, then inq_can_foo(Bob) will only return TRUE if we happen to be in locA's web page. I'm thinking that I could register four DBI drivers, one for each database. Then the system would just try each users table until it got a match. I don't think it would scale well, though. But it would get things going for now, and with all of the authentication stuff buried in one or two files, I could easily change it in the future. After authentication - for the duration of the session - I would have to remember which database the user authenticated against, because that effects the permissions. - Jerry Kaidor p.s. I have gotten my entire project under Subversion, generated a branch for this work, and had a great time yesterday removing all the print statements from my HTML-generating code. Svn's method of doing branches - just create a separate directory for each one - seems rather hokey - but as long as it can reliably do merges, I guess I don't care. # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####