RE: Convert Cookies--HTTP Request Headers?

2003-04-06 Thread Kruse, Matt 
Title: RE: Convert Cookies--HTTP Request Headers?





From: Brian Reichert
Ok, I'm confused: the cookies are already in the request header,
and you want to 'convert' them into a request header?


Well, yes. Two reasons:
1) In the real production environment, the cookie is encrypted and validated against a database with each request. My app knows nothing about the cookie. All it ever sees is the request headers.

2) I wanted to use a cookie simply because it's the easiest way to dynamically control the contents of the headers to be sent, and the easiest way I could think of that would work with a login page.

I assumed people would think it was an odd request, but it does make sense :)


From: Juha-Mikko Ahonen
Why name NAME to HTTP_NAME? Or do you want the cookie content to appear
in subprocess environment (which has similar naming convention), like
other server variables?


Actually, this was an oversight, I'm used to CGI!!


 2. Writing some sample code :)
package Your::SSOHandler;


Thank you! This is exactly the kind of example I needed. Will test ASAP, and adjust to fit my specific needs. I'm quite familiar with Perl, it's mainly the API's that I'm clueless about. Your code makes sense and at least points me in exactly the right direction.

For testing you could make the handler module stat and evaluate contents
of an external Perl file. Put your code on the file to be evaluated,
and avoid restarts.


True, that would work also, but it would still require modifying a file each time. 
With this cookie solution, I can create a fake login page which will set the appropriate cookies in _javascript_ and also allow for simulating logout by clearing the cookie.

Matt

Re: Convert Cookies--HTTP Request Headers?

2003-04-05 Thread Juha-Mikko Ahonen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Saturday 05 April 2003 00:10, Kruse, Matt wrote:
 For every request to Apache:
   1. Parse the cookie coming in via the request header
   2. Pull out each value (ex: NAME=bob;TITLE=boss)
   3. Convert them to HTTP Request Headers
   4. Pass the request on to the requested resource (a script of some
 sort)

You'd need to write PerlHeaderParserHandler for that.

 So, if I have a cookie like: NAME=bob;TITLE=boss
 My program would then see the following headers in the request:
   HTTP_NAME=bob
   HTTP_TITLE=boss

Why name NAME to HTTP_NAME? Or do you want the cookie content to appear 
in subprocess environment (which has similar naming convention), like 
other server variables?

 This will help me simulate a Single-Sign-On situation where the
 authentication handler passes all authenticated user information to
 the resource via headers.

 Can anyone help me by either:
   1. Giving an outline of what handlers I would want to use, and how
 I can write request headers with them
 or

The header parse phase would be ideal, since you're parsing headers. 
PerlInitHandler is an alias PerlHeaderParserHandler in .htaccess files.

   2. Writing some sample code :)

package Your::SSOHandler;

use strict;
use Apache::Constants qw(:common);
use Apache::Cookie;

sub handler {
my $r = shift;
my $in = $r-headers_in;
return DECLINED unless $in-{'Cookie'};
my $cookies = Apache::Cookie-parse($in-{'Cookie'});
return DECLINED unless $cookies{'YourAuthenticationCookie'};

my %values = $cookies{'YourAuthenticationCookie'}-value;
my $env = $r-subprocess_env;

while (my ($key, $value) = each %values) {
my $h_key = 'HTTP_' . uc($key);
$in-{$h_key} = $value;
$env-{$h_key} = $value;
}

return OK;
}

1;

in httpd.conf (or .htaccess), put the following line where approppriate:

PerlModule Your::SSOHandler
PerlHeaderParserHandler Your::SSOHandler

Or something like that. Cutting and pasting may cause parse errors on 
incompatible windowing environments :)

 NOTES:
   1. I'm running Apache 2.0 and mod_perl 2 right now, but I can bump
 it down if required

I don't know much about the differences in mod_perl 1 vs 2. These 
handlers work at least for Apache/mod_perl 1.

   2. I've already used mod_headers to simulate this, but
 unfortunately that isn't dynamic enough for testing, ie, I need to
 change httpd.conf and re-start the server to test different header
 scenarios.

For testing you could make the handler module stat and evaluate contents 
of an external Perl file. Put your code on the file to be evaluated, 
and avoid restarts.

Or simply sending SIGUSR1 to the Apache parent process should be enough 
for it to restart child processes and reread configuration.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+jp7eWD8Ca88cV68RAuBAAJ9u0KWd2bAsHrYes/DXtareCYi00gCgkIEC
o8OTRNmghIHRUhJZAqX+gbs=
=YCIq
-END PGP SIGNATURE-

Re: Convert Cookies--HTTP Request Headers?

2003-04-05 Thread Michael Robinton 
On Fri, Apr 04, 2003 at 04:10:03PM -0500, Kruse, Matt wrote:
 I have a unique need purely for testing purposes. I'm not very familiar
 (yet) with mod_perl handlers in Apache, so I've had a rough time
getting
 anything going.
 Here is my goal:

 For every request to Apache:
   1. Parse the cookie coming in via the request header
   2. Pull out each value (ex: NAME=bob;TITLE=boss)
   3. Convert them to HTTP Request Headers

Ok, I'm confused: the cookies are already in the request header,
and you want to 'convert' them into a request header?

   4. Pass the request on to the requested resource (a script of some
sort)

 So, if I have a cookie like: NAME=bob;TITLE=boss
 My program would then see the following headers in the request:
   HTTP_NAME=bob
   HTTP_TITLE=boss

If you're using an Apache handler, see Apache::Cookie for unpeeling
cookies.

If you're running a classic CGI program, see CGI::Cookie for unpeeling
cookies.

 This will help me simulate a Single-Sign-On situation where the
 authentication handler passes all authenticated user information to the
 resource via headers.

When you say 'HTTP request headers', did you really mean to say 'CGI
parameters', as the CGI module uses the term?

 Thanks!

 Matt Kruse

Also see:   Apache::FakeCookie on CPAN

for testing cookies without having to load httpd. It replaces the httpd
server for generating cookie responses during development and testing of
Apache-perl modules

Michael

Convert Cookies--HTTP Request Headers?

2003-04-04 Thread Kruse, Matt 
Title: Convert Cookies--HTTP Request Headers?





I have a unique need purely for testing purposes. I'm not very familiar (yet) with mod_perl handlers in Apache, so I've had a rough time getting anything going.

Here is my goal:


For every request to Apache:
 1. Parse the cookie coming in via the request header
 2. Pull out each value (ex: NAME=bob;TITLE=boss)
 3. Convert them to HTTP Request Headers
 4. Pass the request on to the requested resource (a script of some sort)


So, if I have a cookie like: NAME=bob;TITLE=boss
My program would then see the following headers in the request:
 HTTP_NAME=bob
 HTTP_TITLE=boss


This will help me simulate a Single-Sign-On situation where the authentication handler passes all authenticated user information to the resource via headers.

Can anyone help me by either:
 1. Giving an outline of what handlers I would want to use, and how I can write request headers with them
or
 2. Writing some sample code :)


NOTES:
 1. I'm running Apache 2.0 and mod_perl 2 right now, but I can bump it down if required
 2. I've already used mod_headers to simulate this, but unfortunately that isn't dynamic enough for testing, ie, I need to change httpd.conf and re-start the server to test different header scenarios.

Thanks!


Matt Kruse

Re: Convert Cookies--HTTP Request Headers?

2003-04-04 Thread Brian Reichert 
On Fri, Apr 04, 2003 at 04:10:03PM -0500, Kruse, Matt wrote:
 I have a unique need purely for testing purposes. I'm not very familiar
 (yet) with mod_perl handlers in Apache, so I've had a rough time getting
 anything going.
 Here is my goal:
 
 For every request to Apache:
   1. Parse the cookie coming in via the request header
   2. Pull out each value (ex: NAME=bob;TITLE=boss)
   3. Convert them to HTTP Request Headers

Ok, I'm confused: the cookies are already in the request header,
and you want to 'convert' them into a request header?

   4. Pass the request on to the requested resource (a script of some sort)
 
 So, if I have a cookie like: NAME=bob;TITLE=boss
 My program would then see the following headers in the request:
   HTTP_NAME=bob
   HTTP_TITLE=boss

If you're using an Apache handler, see Apache::Cookie for unpeeling
cookies.

If you're running a classic CGI program, see CGI::Cookie for unpeeling
cookies.

 This will help me simulate a Single-Sign-On situation where the
 authentication handler passes all authenticated user information to the
 resource via headers.

When you say 'HTTP request headers', did you really mean to say 'CGI
parameters', as the CGI module uses the term?

 Thanks!
 
 Matt Kruse

-- 
Brian 'you Bastard' Reichert[EMAIL PROTECTED]
37 Crystal Ave. #303Daytime number: (603) 434-6842
Derry NH 03038-1713 USA BSD admin/developer at large