perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoffrey Young <ge...@modperlcookbook.org>
Subject Re: [MP2]: setting group for a request (require group ...)
Date Thu, 19 Jun 2008 13:28:54 GMT

> I would like to use my module in another configuration where group is
> checked
> 
> <Location /test_group>
> PerlAuthHandler  My::Auth
> Require group group1
> ....
> </Location>
> 
> I can not find any mod_perl API method (Apache2::RequestRec::group ?) to set
> the group. 

that's right.

you have control over the user via the httpd (and thus mod_perl) API, 
just as the user does via a dialogue box in their browser.  but 
mod_authz_owner maps that user to a group via standard unix gid methods.

I have no idea how this works on win32 ;)

> I only found Apache2::RequestRec::require method, but this method
> only read the require configuration.
> 
> One way to solve the problem is the modify the My::Auth::handler method :
> 
> package My::Auth;
> sub {
>  ....
>  $r->user('getting the user in my module internal structure');
>  my $requires = $r->requires;
> 
>  # here the code to verify authorization
> 
>  return OK;
> }
> 
> but I think this is a workaround:
>  . My::Auth::handler is an AUTHENTICATION handler

yes - is the user who they say they are.

>  . the code to verify the AUTHORIZATION should have to be executed by the
> httpd core.

exactly :)

your wanting to do something with group is an authz function, not an 
authen function.

> 
> How can I manage authorization in this case ?

the 'Require group foo' directive explicity means you want unix user -> 
unix group mapping done in the authz phase.  if you want something from 
this different write your own PerlAuthzHandler.  see recipe 3.16 here

   http://www.modperlcookbook.org/chapters/ch13.pdf

it's mod_perl 1.0 based, but the ideas are the same, and the techniques 
and API nearly identical.

HTH

--Geoff

Mime
View raw message