Apache2-AuthCASpbh
view release on metacpan or search on metacpan
},
"configure" : {
"requires" : {
"ExtUtils::MakeMaker" : "0"
}
},
"runtime" : {
"requires" : {
"Apache::Session::Browseable" : "0",
"DBD::SQLite" : "0",
"HTTP::Cookies" : "v6.40.0",
"mod_perl2" : "0"
}
}
},
"release_status" : "stable",
"version" : "0.30",
"x_serialization_backend" : "JSON::PP version 2.27300_01"
}
url: http://module-build.sourceforge.net/META-spec-v1.4.html
version: '1.4'
name: Apache2-AuthCASpbh
no_index:
directory:
- t
- inc
requires:
Apache::Session::Browseable: '0'
DBD::SQLite: '0'
HTTP::Cookies: v6.40.0
mod_perl2: '0'
version: '0.30'
x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
Makefile.PL view on Meta::CPAN
AUTHOR => q{Paul B. Henson <henson@acm.org>},
VERSION_FROM => 'lib/Apache2/AuthCASpbh.pm',
LICENSE => 'GPL_3',
CONFIGURE_REQUIRES => {
'ExtUtils::MakeMaker' => 0,
},
PREREQ_PM => {
'mod_perl2' => 0,
'Apache::Session::Browseable' => 0,
'DBD::SQLite' => 0,
'HTTP::Cookies' => 6.40.0
},
dist => { COMPRESS => 'gzip -9f', SUFFIX => 'gz', },
);
lib/Apache2/AuthCASpbh.pm view on Meta::CPAN
default => '/serviceValidate'
},
{ name => 'SessionCleanupInterval',
func => __PACKAGE__ . '::StoreConfig',
cmd_data => '^[1-9]\d*$',
req_override => Apache2::Const::OR_ALL,
args_how => Apache2::Const::TAKE1,
errmsg => '<seconds>',
default => '3600'
},
{ name => 'SessionCookieName',
func => __PACKAGE__ . '::StoreConfig',
cmd_data => '^[a-zA-z0-9_-]+$',
req_override => Apache2::Const::OR_ALL,
args_how => Apache2::Const::TAKE1,
errmsg => '<[a-zA-z0-9_-]+>',
default => 'AuthCAS_Session'
},
{ name => 'SessionCookiePath',
func => __PACKAGE__ . '::StoreConfig',
cmd_data => '^/([^?#]+)$',
req_override => Apache2::Const::OR_ALL,
args_how => Apache2::Const::TAKE1,
errmsg => '<URL path>',
},
{ name => 'SessionCookieSecure',
func => __PACKAGE__ . '::StoreConfigFlag',
req_override => Apache2::Const::OR_ALL,
args_how => Apache2::Const::FLAG,
default => '1'
},
{ name => 'SessionDBName',
func => __PACKAGE__ . '::StoreConfig',
cmd_data => '^[^/\x00]+$',
req_override => Apache2::Const::OR_ALL,
args_how => Apache2::Const::TAKE1,
lib/Apache2/AuthCASpbh.pm view on Meta::CPAN
The URL component added after the AuthCAS_ServerURL value to access the CAS
ticket validation service; by default "/serviceValidate".
=item C<AuthCAS_SessionCleanupInterval>
How frequently (in seconds) to remove expired authentication sessions and
examine the global session to remove orphaned expired proxy ticket mappings; by
default 3600 seconds.
=item C<AuthCAS_SessionCookieName>
The name of the cookie sent to the client to store the AuthCASpbh session
identifier; by default "AuthCAS_Session".
=item C<AuthCAS_SessionCookiePath>
An optional path to include in the session cookie.
=item C<AuthCAS_SessionCookieSecure>
Whether or not to set the secure flag on the session cookie; by default
enabled.
=item C<AuthCAS_SessionDBName>
The filename of the sqlite database used to store session information; by
default "authcas_sessions.db". Prior to use of AuthCASpbh, the database must be
created and the schema created using the following command within sqlite:
lib/Apache2/AuthCASpbh/Authn.pm view on Meta::CPAN
use Apache2::Const -compile => qw(OK DECLINED SERVER_ERROR
HTTP_MOVED_TEMPORARILY FORBIDDEN);
use Apache2::Log qw();
use Apache2::Module qw();
use Apache2::RequestRec qw();
use Apache2::RequestUtil qw();
use Apache2::ServerRec qw();
use Apache2::URI qw();
use Apache2::Util qw();
use CGI qw ();
use CGI::Cookie qw ();
use LWP::UserAgent qw ();
use Storable qw();
use XML::Simple qw();
our $VERSION = '0.30';
sub handler {
my ($r) = shift;
my $now = time();
my $_log = new Apache2::AuthCASpbh::Log(__PACKAGE__, $r->log);
lib/Apache2/AuthCASpbh/Authn.pm view on Meta::CPAN
$_log->l($debug_level, "$r->auth_type not our auth type, declining");
return Apache2::Const::DECLINED;
}
$r->push_handlers(PerlCleanupHandler => \&cleanup);
my $session_db = cfg_value($dir_cfg, 'SessionDBPath') . '/' .
cfg_value($dir_cfg, 'SessionDBName');
$_log->l($debug_level, "using session db $session_db");
my $cookie_name = cfg_value($dir_cfg, 'SessionCookieName');
my %cookies = CGI::Cookie->fetch($r);
if (exists($cookies{$cookie_name})) {
$_log->l($debug_level, "found $cookie_name cookie " . $cookies{$cookie_name}->value());
my $session = open_session($session_db, $cookies{$cookie_name}->value());
if (ref($session)) {
if (defined($session->{expiration}) && $session->{expiration} > $now) {
$_log->l($debug_level, 'valid cookie for ' . $session->{user} .
' expires ' . $session->{expiration});
lib/Apache2/AuthCASpbh/Authn.pm view on Meta::CPAN
$r->pnotes(cas_session => $session->{_session_id});
$session->{user} = $user;
$session->{expiration} = time() + cfg_value($dir_cfg, 'SessionTTL');
$session->{cas_attributes} = $cas_attributes;
$session->{cas_pgt} = $pgt if $pgt;
$session->{cas_proxy} = $cas_proxy if $cas_proxy;
$_log->l($debug_level, 'created session ' . $session->{_session_id} .
' expiration ' . $session->{expiration});
my $cookie = new CGI::Cookie(-name => $cookie_name,
-value => $session->{_session_id},
-secure => cfg_value($dir_cfg,
'SessionCookieSecure'),
-path => defined(cfg_value($dir_cfg,
'SessionCookiePath')) ?
cfg_value($dir_cfg,
'SessionCookiePath') : undef);
$cookie->bake($r);
untie(%{$session});
if (cfg_value($dir_cfg, 'RemoveServiceTicket')) {
$_log->l($debug_level, "removing ticket parameter from request args");
# if $r->args is passed undef, it whines; but can't pass '' as that
# sets args to empty string instead of undef 8-/
no warnings 'uninitialized';
lib/Apache2/AuthCASpbh/UserAgent.pm view on Meta::CPAN
$self->cookie_jar({}) unless exists($self->{cookie_jar});
}
my $dir_cfg = Apache2::Module::get_config('Apache2::AuthCASpbh',
$r->server, $r->per_dir_config);
my $cas_login_url = cfg_value($dir_cfg, 'ServerURL') .
cfg_value($dir_cfg, 'LoginPath');
$self->{debug_level} = cfg_value($dir_cfg, 'DebugLevel');
$self->{cas_login_url} = qr/^$cas_login_url/;
$self->{cas_cookie_name} = cfg_value($dir_cfg, 'SessionCookieName');
$self->{cas_proxy_url} = cfg_value($dir_cfg, 'ServerURL') .
cfg_value($dir_cfg, 'ProxyPath');
$self->{cas_session_db} = cfg_value($dir_cfg, 'SessionDBPath') . '/' .
cfg_value($dir_cfg, 'SessionDBName');
return $self;
}
sub redirect_ok {
my ($self, $new_request, $response) = @_;
lib/Apache2/AuthCASpbh/UserAgent.pm view on Meta::CPAN
AuthCASpbh::UserAgent - CAS proxy authentication client for Apache/mod_perl
=head1 SYNOPSIS
use Apache2::AuthCASpbh::UserAgent;
my $ua = Apache2::AuthCASpbh::UserAgent->new(
apache_r => $r,
cas_cookie_map => [ { URL_re => '^https://my\.server/cas' },
{ URL_re => '^https://other\.server/ssoapp',
cookie_name => 'CAS_Cookie' } ]);
my $req = HTTP::Request->new('GET', 'https://my.server/');
=head1 DESCRIPTION
AuthCASpbh::UserAgent is a derivative of L<LWP::UserAgent> that adds
transparent support for proxy CAS authentication. All of the documentation for
L<LWP::UserAgent> applies, and any method or configuration described in that
documentation is supported by an Apache2::AuthCASpbh::UserAgent object.
lib/Apache2/AuthCASpbh/UserAgent.pm view on Meta::CPAN
=item URL_re
A regular expression compared against the request being made to determine
whether or not this entry applies to the request. Comparisons are made are in
order beginning with the first hash reference in the array, and the first match
ends the search.
=item cookie_name
An optional value defining the name of the session cookie used by the remote
application. If no value is supplied, the value of the SessionCookieName
parameter for the calling request is used.
=back
If no C<cas_cookie_map> is supplied, no automated session management will be
performed and your application is responsible for implementing a mechanism such
that all requests made after the initial successful authentication access that
session, or else authentication will be performed on every request.
Note that if no cookie_jar was supplied and this option exists, a default
( run in 0.442 second using v1.01-cache-2.11-cpan-e9199f4ba4c )