Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ModPerl>
  3. ModPerl
lost headers
cshupp at gmail
Jun 13, 2017, 9:52 AM
Post #1 of 3 (1122 views)
Permalink
Hello all...

I have a simple mod_perl program that does some custom role based
authentication before granting access to certain resources. That part does
work, but for a new feature I need to be able to embed roles into my
headers. Try as may, try as I might, those roles never show up...


consider a portion of my mod_perl program:

sub handler {
...
if($user) {
my $val = rest_call($user,$context, $r->log);
my $roles = $cache_hash{'roles'}->{$user};
my $role_string = join(',', @$roles);
$r->headers_out->set('prisme-roles'=> $role_string );
#$r->headers_out->add('prisme.roles'=> $role_string );
$r->err_headers_out->add('prisme-roles2', $role_string);
#$|++;
$r->rflush();# $r->rflush can't be called before the response phase
if using PerlFixupHandler Prisme::ValidateHeader
$r->log->info("Request end on pid $$: The user for this request is
$user, the roles are $role_string, returning $val");
return $val; #OK or FORBIDDEN
}

With either config in http.conf:

<Location /rails_prisme/>
SetHandler perl-script
PerlResponseHandler Prisme::ValidateHeader
#PerlFixupHandler Prisme::ValidateHeader
</Location>

My Ruby on Rails controller:
Re: lost headers [ In reply to ]
cshupp at gmail
Jun 13, 2017, 9:54 AM
Post #2 of 3 (1122 views)
Permalink
Hello all...

I have a simple mod_perl program that does some custom role based
authentication before granting access to certain resources. That part does
work, but for a new feature I need to be able to embed roles into my
headers. Try as may, try as I might, those roles never show up...


consider a portion of my mod_perl program:

#####################
sub handler {
...
if($user) {
my $val = rest_call($user,$context, $r->log);
my $roles = $cache_hash{'roles'}->{$user};
my $role_string = join(',', @$roles);
$r->headers_out->set('prisme-roles'=> $role_string );
#$r->headers_out->add('prisme.roles'=> $role_string );
$r->err_headers_out->add('prisme-roles2', $role_string);
#$|++;
$r->rflush();# $r->rflush can't be called before the response phase
if using PerlFixupHandler Prisme::ValidateHeader
$r->log->info("Request end on pid $$: The user for this request is
$user, the roles are $role_string, returning $val");
return $val; #OK or FORBIDDEN
}
###################################

With either config in http.conf:
##############################
<Location /rails_prisme/>
SetHandler perl-script
PerlResponseHandler Prisme::ValidateHeader
#PerlFixupHandler Prisme::ValidateHeader
</Location>
####################


My Ruby on Rails controller:
#######################
def warmup
@headers = {}
@warmup_count = $PROPS['PRISME.warmup_apache'].to_i
request.headers.each do |elem|
@headers[elem.first.to_s] = elem.last.to_s
end
response.headers.each do |elem|
@headers[elem.first.to_s] = elem.last.to_s
end
respond_to do |format|
format.html # list_headers.html.erb
format.json { render :json => params['counter'] }
end
end
#######################


Never sees those headers! Help!

Thanks,

Cris


On Tue, Jun 13, 2017 at 12:52 PM, Cris Shupp <cshupp@gmail.com> wrote:

> Hello all...
>
> I have a simple mod_perl program that does some custom role based
> authentication before granting access to certain resources. That part does
> work, but for a new feature I need to be able to embed roles into my
> headers. Try as may, try as I might, those roles never show up...
>
>
> consider a portion of my mod_perl program:
>
> sub handler {
> ...
> if($user) {
> my $val = rest_call($user,$context, $r->log);
> my $roles = $cache_hash{'roles'}->{$user};
> my $role_string = join(',', @$roles);
> $r->headers_out->set('prisme-roles'=> $role_string );
> #$r->headers_out->add('prisme.roles'=> $role_string );
> $r->err_headers_out->add('prisme-roles2', $role_string);
> #$|++;
> $r->rflush();# $r->rflush can't be called before the response
> phase if using PerlFixupHandler Prisme::ValidateHeader
> $r->log->info("Request end on pid $$: The user for this request is
> $user, the roles are $role_string, returning $val");
> return $val; #OK or FORBIDDEN
> }
>
> With either config in http.conf:
>
> <Location /rails_prisme/>
> SetHandler perl-script
> PerlResponseHandler Prisme::ValidateHeader
> #PerlFixupHandler Prisme::ValidateHeader
> </Location>
>
> My Ruby on Rails controller:
>
>
>
>
Re: lost headers [ In reply to ]
aw at ice-sa
Jun 14, 2017, 2:32 AM
Post #3 of 3 (1118 views)
Permalink
Hi.
To avoid another round of questions/answers, it would be better to provide some versions
of what you are using, right away.
One quick way of doing this, is to insert here the line which appears in your Apache
webserver main error logfile at startup.
It shows the Apache httpd version, the version of perl, and the version of mod_perl.

Secondly, in your explanation below, it is not very clear when/if your "Ruby on Rails
controller" is even called.

You are seting this in the Apache httpd configuration :

<Location /rails_prisme/>
SetHandler perl-script
PerlResponseHandler Prisme::ValidateHeader
</Location>

That means that mod_perl (and the Prisme::ValidateHeader mod_perl module) are effectively,
for Apache, the code which generates the HTTP response to this request.
No further "response generator" will be called for this request (such as any "Ruby on
Rails" module which might then have seen these response headers).

(In other words : I think that your headers /are/ being set; but that there is nothing
that runs afterward to show you that they are set.)

Configuring your module as a PerlFixupHandler (*and* dropping the "SetHandler
perl-script") would avoid this. But in such a handler, you can only return "OK" or
"DECLINED" (and not "FORBIDDEN"), see :
http://perl.apache.org/docs/2.0/user/handlers/intro.html#Stacked_Handlers

Personally however, considering that this seems to be a part of an AAA phase, I would make
adding this header as either a part of the already-existing Perl Authentication module, or
configure your perl module as a PerlAuthenHandler.
(In that case also, you /can/ return FORBIDDEN).



On 13.06.2017 18:54, Cris Shupp wrote:
> Hello all...
>
> I have a simple mod_perl program that does some custom role based authentication before
> granting access to certain resources. That part does work, but for a new feature I need
> to be able to embed roles into my headers. Try as may, try as I might, those roles never
> show up...
>
>
> consider a portion of my mod_perl program:
>
> #####################
> sub handler {
> ...
> if($user) {
> my $val = rest_call($user,$context, $r->log);
> my $roles = $cache_hash{'roles'}->{$user};
> my $role_string = join(',', @$roles);
> $r->headers_out->set('prisme-roles'=> $role_string );
> #$r->headers_out->add('prisme.roles'=> $role_string );
> $r->err_headers_out->add('prisme-roles2', $role_string);
> #$|++;
> $r->rflush();# $r->rflush can't be called before the response phase if using
> PerlFixupHandler Prisme::ValidateHeader
> $r->log->info("Request end on pid $$: The user for this request is $user, the
> roles are $role_string, returning $val");
> return $val; #OK or FORBIDDEN
> }
> ###################################
>
> With either config in http.conf:
> ##############################
> <Location /rails_prisme/>
> SetHandler perl-script
> PerlResponseHandler Prisme::ValidateHeader
> #PerlFixupHandler Prisme::ValidateHeader
> </Location>
> ####################
>
>
> My Ruby on Rails controller:
> #######################
> def warmup
> @headers = {}
> @warmup_count = $PROPS['PRISME.warmup_apache'].to_i
> request.headers.each do |elem|
> @headers[elem.first.to_s] = elem.last.to_s
> end
> response.headers.each do |elem|
> @headers[elem.first.to_s] = elem.last.to_s
> end
> respond_to do |format|
> format.html # list_headers.html.erb
> format.json { render :json => params['counter'] }
> end
> end
> #######################
>
>
> Never sees those headers! Help!
>
> Thanks,
>
> Cris
>
>
> On Tue, Jun 13, 2017 at 12:52 PM, Cris Shupp <cshupp@gmail.com <mailto:cshupp@gmail.com>>
> wrote:
>
> Hello all...
>
> I have a simple mod_perl program that does some custom role based authentication
> before granting access to certain resources. That part does work, but for a new
> feature I need to be able to embed roles into my headers. Try as may, try as I might,
> those roles never show up...
>
>
> consider a portion of my mod_perl program:
>
> sub handler {
> ...
> if($user) {
> my $val = rest_call($user,$context, $r->log);
> my $roles = $cache_hash{'roles'}->{$user};
> my $role_string = join(',', @$roles);
> $r->headers_out->set('prisme-roles'=> $role_string );
> #$r->headers_out->add('prisme.roles'=> $role_string );
> $r->err_headers_out->add('prisme-roles2', $role_string);
> #$|++;
> $r->rflush();# $r->rflush can't be called before the response phase if using
> PerlFixupHandler Prisme::ValidateHeader
> $r->log->info("Request end on pid $$: The user for this request is $user, the
> roles are $role_string, returning $val");
> return $val; #OK or FORBIDDEN
> }
>
> With either config in http.conf:
>
> <Location /rails_prisme/>
> SetHandler perl-script
> PerlResponseHandler Prisme::ValidateHeader
> #PerlFixupHandler Prisme::ValidateHeader
> </Location>
>
> My Ruby on Rails controller:
>
>
>
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal