Hi.
To avoid another round of questions/answers, it would be better to provide some versions
of what you are using, right away.
One quick way of doing this, is to insert here the line which appears in your Apache
webserver main error logfile at startup.
It shows the Apache httpd version, the version of perl, and the version of
mod_perl.
Secondly, in your explanation below, it is not very clear when/if your "Ruby on Rails
controller" is even called.
You are seting this in the Apache httpd configuration :
<Location /rails_prisme/>
SetHandler perl-script
PerlResponseHandler Prisme::ValidateHeader
</Location>
That means that mod_perl (and the Prisme::ValidateHeader mod_perl module) are effectively,
for Apache, the code which generates the HTTP response to this request.
No further "response generator" will be called for this request (such as any "Ruby on
Rails" module which might then have seen these response headers).
(In other words : I think that your headers /are/ being set; but that there is nothing
that runs afterward to show you that they are set.)
Configuring your module as a PerlFixupHandler (*and* dropping the "SetHandler
perl-script") would avoid this. But in such a handler, you can only return "OK" or
"DECLINED" (and not "FORBIDDEN"), see :
http://perl.apache.org/docs/2.0/user/handlers/intro.html#Stacked_Handlers
Personally however, considering that this seems to be a part of an AAA phase, I would make
adding this header as either a part of the already-existing Perl Authentication module, or
configure your perl module as a PerlAuthenHandler.
(In that case also, you /can/ return FORBIDDEN).
On 13.06.2017 18:54, Cris Shupp wrote:
Hello all...
I have a simple mod_perl program that does some custom role based
authentication before
granting access to certain resources. That part does work, but for a new
feature I need
to be able to embed roles into my headers. Try as may, try as I might, those
roles never
show up...
consider a portion of my mod_perl program:
#####################
sub handler {
...
if($user) {
my $val = rest_call($user,$context, $r->log);
my $roles = $cache_hash{'roles'}->{$user};
my $role_string = join(',', @$roles);
$r->headers_out->set('prisme-roles'=> $role_string );
#$r->headers_out->add('prisme.roles'=> $role_string );
$r->err_headers_out->add('prisme-roles2', $role_string);
#$|++;
$r->rflush();# $r->rflush can't be called before the response phase if
using
PerlFixupHandler Prisme::ValidateHeader
$r->log->info("Request end on pid $$: The user for this request is
$user, the
roles are $role_string, returning $val");
return $val; #OK or FORBIDDEN
}
###################################
With either config in http.conf:
##############################
<Location /rails_prisme/>
SetHandler perl-script
PerlResponseHandler Prisme::ValidateHeader
#PerlFixupHandler Prisme::ValidateHeader
</Location>
####################
My Ruby on Rails controller:
#######################
def warmup
@headers = {}
@warmup_count = $PROPS['PRISME.warmup_apache'].to_i
request.headers.each do |elem|
@headers[elem.first.to_s] = elem.last.to_s
end
response.headers.each do |elem|
@headers[elem.first.to_s] = elem.last.to_s
end
respond_to do |format|
format.html # list_headers.html.erb
format.json { render :json => params['counter'] }
end
end
#######################
Never sees those headers! Help!
Thanks,
Cris
On Tue, Jun 13, 2017 at 12:52 PM, Cris Shupp <csh...@gmail.com
<mailto:csh...@gmail.com>>
wrote:
Hello all...
I have a simple mod_perl program that does some custom role based
authentication
before granting access to certain resources. That part does work, but for
a new
feature I need to be able to embed roles into my headers. Try as may, try
as I might,
those roles never show up...
consider a portion of my mod_perl program:
sub handler {
...
if($user) {
my $val = rest_call($user,$context, $r->log);
my $roles = $cache_hash{'roles'}->{$user};
my $role_string = join(',', @$roles);
$r->headers_out->set('prisme-roles'=> $role_string );
#$r->headers_out->add('prisme.roles'=> $role_string );
$r->err_headers_out->add('prisme-roles2', $role_string);
#$|++;
$r->rflush();# $r->rflush can't be called before the response
phase if using
PerlFixupHandler Prisme::ValidateHeader
$r->log->info("Request end on pid $$: The user for this request is
$user, the
roles are $role_string, returning $val");
return $val; #OK or FORBIDDEN
}
With either config in http.conf:
<Location /rails_prisme/>
SetHandler perl-script
PerlResponseHandler Prisme::ValidateHeader
#PerlFixupHandler Prisme::ValidateHeader
</Location>
My Ruby on Rails controller: