HI,
Users will login via a form.
Users and their passwords are saved to a mysql database. Getting a hadle to teh db and checking is fine.
Expected users about 500.
I understand I must make a
sub authen_cred which creates a session key
and
sub authen_ses_key to find user from session and return it.
is the sub authenticate what looks for a user and if no user returns what?
Then in /systems/achilles/lib/Apache2_4/AuthCookieHandler.pm
I have a sub authenticate but what should I return now in ssl_error_log I get "No authentication done but request not allowed without authentication for "
If I remove sub authenticate then I get a 403 forbidden and none of the other subs get called.
package Apache2_4::AuthCookieHandler;
use strict;
use Apache2::AuthCookieHandler;
use Apache2::Const qw(AUTHZ_DENIED_NO_USER);
use Apache2::RequestRec;
use Apache::AuthCookie::Util qw(is_blank);
use vars qw(@ISA);
@ISA = qw(Apache2::AuthCookieHandler);
my %Dwarves = map { $_ => 1 }
qw(bashful doc dopey grumpy happy sleepy sneezy programmer);
# authz under apache 2.4 is very different from previous versions
sub dwarf {
my ($self, $r) = @_;
$r->server->log_error("dwarf entry");
my $user = $r->user;
if (is_blank($user)) {
$r->server->log_error("No user authenticted yet");
return Apache2::Const::AUTHZ_DENIED_NO_USER;
}
elsif (defined $Dwarves{$user}) {
$r->server->log_error("$user is a dwarf");
return Apache2::Const::AUTHZ_GRANTED;
}
else {
$r->server->log_error("$user is not a dwarf");
return Apache2::Const::AUTHZ_DENIED;
}
}
sub authenticate {
my $self = shift;
my $r = shift;
$r->server->log_error("LINE 42 2.4");
return WHAT HERE ?
}
sub login {
my $self = shift;
my $r = shift;
$r->server->log_error("LINE 53 2.4");
}
1;
Terveisin/Regards
Scott Alexander
scott.alexander@humak.fi<mailto:scott.alexander@humak.fi>
________________________________
From: Andr? Warnier (tomcat/perl) <aw@ice-sa.com>
Sent: 14 May 2020 14:40
To: modperl@perl.apache.org <modperl@perl.apache.org>
Subject: Re: Apache2:AuthCookie With httpd 2.4
Hi.
Just some tips, to simplify the issue, below in the text :
On 14.05.2020 06:09, Scott Alexander wrote:
> Hi,
>
> Thanks for your answer, but for me this is confusing.
>
> I have
>
> Apache2_4::AuthCookie is up to date. (3.30)
> Apache2::AuthCookie is up to date. (3.30) <--- you do not need this with Apache 2.4
> Server version: Apache/2.4.6 (CentOS)
> Server built: Apr 2 2020 13:13:23
>
> at the end of /etc/httpd/conf.d/ssl.conf there is include
> /systems/achilles/config/mine_auth_cookie_mod_perl_server_apache2.conf
>
> my @inc has /systems/achilles/lib
> and I have /systems/achilles/lib/Apache2/AuthCookieHandler.pm
> and /systems/achilles/lib/Apache2_4/AuthCookieHandler.pm
>
> in both AuthCookieHandler.pm I've renamed the package line to eg
> package Apache2_4::AuthCookieHandler;
>
>
> In the directory I want to protect should I have
>
Not with Apache 2.4 :
> AuthType Apache2::AuthCookieHandler
> AuthName WhatEver
> PerlAuthenHandler Apache2::AuthCookieHandler->authenticate
> Require valid-user
>
> or
>
this is what you need with Apache 2.4 :
> AuthType Apache2_4::AuthCookieHandler
> AuthName WhatEver
> PerlAuthenHandler Apache2_4::AuthCookieHandler->authenticate
> Require valid-user
>
> And then what subs/methods I need to add into which AuthCookieHandler.pm ?
>
> in startup.pl should I have both or just one?
>
> use Apache2::AuthCookie ; <-- you do not need this
> use Apache2_4::AuthCookie ; <-- this is correct for Apache 2.4
>
> I am not porting from 2.2. I have used Shibboleth until now to protect directories but
> this project I can not use Shibboleth.
>
And how exactly do you want the user to authenticate ? via a login page where they enter
their id and password ?
And what is the way in which you are going to check that these id and password are correct ?
(in other words : where are the user ids and passwords stored ?)
And how many different users are you planning to have ?
>
>
> Terveisin/Regards
> **
> *Scott Alexander*
>
> scott.alexander@humak.fi <mailto:scott.alexander@humak.fi>
>
> ------------------------------------------------------------------------------------------
> *From:* Edward J. Sabol <edwardjsabol@gmail.com>
> *Sent:* 12 May 2020 00:58
> *To:* Scott Alexander <Scott.Alexander@humak.fi>
> *Cc:* mod_perl list <modperl@perl.apache.org>
> *Subject:* Re: Apache2:AuthCookie With httpd 2.4
> On May 11, 2020, at 8:58 AM, Scott Alexander <Scott.Alexander@humak.fi> wrote:
>> I've included using https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmanpages.debian.org%2Funstable%2Flibapache2-authcookie-perl%2FApache2_4%3A%3AAuthCookie.3pm.en.html&data=02%7C01%7C%7Ccdbbc0aa22f9475f865b08d7f7fbb14a%7Ca30a558eb6084b2c8f39a7fa426fa49d%7C0%7C0%7C637250532694682960&sdata=i%2BubRiml7K8%2B3s8kLtcpY3blwpCmrNkM6Z337p07%2Bi4%3D&reserved=0
> as an example
>>
>> # In httpd.conf or .htaccess:
>> PerlModule Sample::Apache2::AuthCookieHandler
>> PerlSetVar WhatEverPath / .....
>>
>> to my ssl.conf file
>>
>> No changes made to httpd.conf or ssl.conf.
>
> Those two statements seem to be conflicting? I keep my authentication/authorization
> information in httpd.conf, personally.
>
>> When trying to access the page I get the errors above.
>
> That sample configuration from the POD assumes that you are subclassing
> Apache2::AuthCookie and that the name of your subclass is
> Sample::Apache2::AuthCookieHandler. It's meant to be illustrative. I'm guessing you don't
> actually have such a subclass. Try just removing the "Sample::" part. You can probably
> also find working examples in the tests in the "t" subdirectory.
>
>> I've read this https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmetacpan.org%2Fpod%2Fdistribution%2FApache-AuthCookie%2FREADME.apache-2.4.pod&data=02%7C01%7C%7Ccdbbc0aa22f9475f865b08d7f7fbb14a%7Ca30a558eb6084b2c8f39a7fa426fa49d%7C0%7C0%7C637250532694682960&sdata=tiVA1Oic5tVnRV7BAaVaGkcCeW7tukWkt1925QBLSdA%3D&reserved=0
>> which unfortunately doesn't make sense to me.
>
> That POD is meant for people developing (or porting from Apache 2.2.x) their own Perl
> modules for doing authentication and authorization under Apache 2.4.x. AuthCookie already
> handles all of this for you, assuming you only need or use AuthCookie. It might apply if
> you are subclassing from AuthCookie and you get into the gritty details, such as
> implementing your own AuthzProvider. Check out Apache2_4::AuthCookieDBI for an example of
> that.
>
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmetacpan.org%2Fpod%2FApache2_4%3A%3AAuthCookieDBI&data=02%7C01%7C%7Ccdbbc0aa22f9475f865b08d7f7fbb14a%7Ca30a558eb6084b2c8f39a7fa426fa49d%7C0%7C0%7C637250532694682960&sdata=igwPJCk%2Buknkk4cEuMBGoYljInf2k5zVJf0z5CH8t9c%3D&reserved=0
>
> Regards,
> Ed
>