Apache-AuthTicket
view release on metacpan - search on metacpan
view release on metacpan or search on metacpan
lib/Apache/AuthTicket.pm view on Meta::CPAN
use Apache::Log;
use MRO::Compat;
sub push_handler {
my ($class, $phase, $handler) = @_;
return Apache->push_handlers($phase, $handler);
}
sub logout ($$) {
my ($class, $r) = @_;
if (lc $r->dir_config('Filter') eq 'on') {
$r->filter_register;
}
return $class->next::method($r);
}
sub set_user {
my ($self, $user) = @_;
$self->request->connection->user($user);
}
sub apache_const {
my ($self, $const) = @_;
no strict 'refs';
return *{"Apache::Constants::$const"}->();
}
1;
__END__
=pod
=head1 NAME
Apache::AuthTicket - Cookie Based Access and Authorization Module
=head1 VERSION
version 0.94
=head1 SYNOPSIS
# in httpd.conf
PerlModule Apache::AuthTicket
PerlSetVar FooTicketDB DBI:mysql:database=mschout;host=testbed
PerlSetVar FooTicketDBUser test
PerlSetVar FooTicketDBPassword secret
PerlSetVar FooTicketTable tickets:ticket_hash:ts
PerlSetVar FooTicketUserTable myusers:usename:passwd
PerlSetVar FooTicketPasswordStyle cleartext
PerlSetVar FooTicketSecretTable ticket_secrets:sec_data:sec_version
PerlSetVar FooTicketExpires 15
PerlSetVar FooTicketLogoutURI /foo/index.html
PerlSetVar FooTicketLoginHandler /foologin
PerlSetVar FooTicketIdleTimeout 1
PerlSetVar FooPath /
PerlSetVar FooDomain .foo.com
PerlSetVar FooSecure 1
PerlSetVar FooLoginScript /foologinform
<Location /foo>
AuthType Apache::AuthTicket
AuthName Foo
PerlAuthenHandler Apache::AuthTicket->authenticate
PerlAuthzHandler Apache::AuthTicket->authorize
require valid-user
</Location>
<Location /foologinform>
AuthType Apache::AuthTicket
AuthName Foo
SetHandler perl-script
Perlhandler Apache::AuthTicket->login_screen
</Location>
<Location /foologin>
AuthType Apache::AuthTicket
AuthName Foo
SetHandler perl-script
PerlHandler Apache::AuthTicket->login
</Location>
<Location /foo/logout>
AuthType Apache::AuthTicket
AuthName Foo
SetHandler perl-script
PerlHandler Apache::AuthTicket->logout
</Location>
=head1 DESCRIPTION
This module provides ticket based access control. The theory behind this is
similar to the system described in the eagle book.
This module works using HTTP cookies to check if a user is authorized to view a
page. I<Apache::AuthCookie> is used as the underlying mechanism for managing
cookies.
This module was designed to be as extensible as possible. Its quite likely
that you will want to create your own subclass of I<Apache::AuthTicket> in
order to customize various aspects of this module (show your own versions of
the forms, override database methods etc).
This system uses cookies to authenticate users. When a user is authenticated
through this system, they are issued a cookie consisting of the time, the
username of the user, the expriation time of the cookie, a "secret" version
(described later), and a cryptographic signature. The cryptographic signature
is generated using the MD5 algorithm on the cookie data and a "secret" key that
is read from a database. Each secret key also has a version number associated
with it. This allows the site administrator to issue a new secret periodically
without invalidating the current valid tickets. For example, the site
administrator might periodically insert a new secret key into the databse
periodically, and flush secrets that are more than 2 days old. Since the
ticket issued to the user contains the secret version, the authentication
process will still allow tickets to be authorized as long as the corresponding
view all matches for this distributionview release on metacpan - search on metacpan
( run in 5.147 seconds using v1.00-cache-2.02-grep-82fe00e-cpan-d29e8ade9f55 )