[cgiapp] Multiple Authentications?

Nicholas Bamber nicholas at periapt.co.uk
Thu Jun 10 12:50:01 EDT 2010 

Jerry,
I think the way to make your code future version safe would be as follows:
1.) Derive a driver class from 
CGI::Application::Plugin::Authentication::Driver::DBI
2.) You will need to add an extra config parameter to represent the 
label of the driver.
3.) Override the "verify_credentials" method obviously letting 
SUPER::verify_credentials do its stuff .
You need to capture the output of the SUPER call. On failure just pass 
back failure. On success stash the driver label
using perhaps CGI::Application::param or perhaps 
CGI::Application::Plugin::MessageStack .
4.) You then have the driver label available.

Nicholas

cgiapp-request at lists.openlib.org wrote:
> Send cgiapp mailing list submissions to
> 	cgiapp at lists.openlib.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.openlib.org/mailman/listinfo/cgiapp
> or, via email, send a message with subject or body 'help' to
> 	cgiapp-request at lists.openlib.org
>
> You can reach the person managing the list at
> 	cgiapp-owner at lists.openlib.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of cgiapp digest..."
>
>
> Today's Topics:
>
>    1.  Multiple Authentications? (Nicholas Bamber)
>    2. Re: Multiple Authentications? (Jerry Kaidor)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 09 Jun 2010 19:04:57 +0100
> From: Nicholas Bamber <nicholas at periapt.co.uk>
> Subject: [cgiapp]  Multiple Authentications?
> To: cgiapp at lists.openlib.org
> Message-ID: <4C0FD7C9.9080408 at periapt.co.uk>
> Content-Type: text/plain; charset=us-ascii; format=flowed
>
> Jerry,
>
> The answer to your title question is yes - you can have multiple DBI 
> drivers. There is an example in the main documentation where there are 
> two Generic drivers and that should carry across.
>
>
> However I don't think this will quite do what you want. First of all the 
> authentication module does not handle authorization (i.e. permissions). 
> So according to CAP::Authentication every user is either authenticated 
> or not
> and every page is either protected or unprotected. Authorization should 
> govern access to specific objects which is a much more vague problem. 
> There is a CAP::Authorization module but I have never looked at it.
>
> Secondly the code does not remember which driver finally authenticated 
> the user.
>   
>> Message: 1
>> Date: Tue, 8 Jun 2010 11:50:40 -0700 (PDT)
>> From: "Jerry Kaidor" <jerry at tr2.com>
>> Subject: [cgiapp] Multiple Authentications?
>> To: "CGI Application" <cgiapp at lists.openlib.org>
>> Message-ID:
>> 	<3544e006eabdd6392534177e71aff063.squirrel at www.jm-properties.com>
>> Content-Type: text/plain;charset=iso-8859-1
>>
>> Hello,
>>
>>    I see that CAPAuthentication will let you install multiple drivers.  
>> Can one install multiple instances of the same driver, only with
>> different parameters?
>>
>>    Here's my situation:  My business has three locations - let's call them
>> locA,locB,locC.  The database for each location has a "users" table
>> which contains usernames, MD5 passwords, and a constellation of
>> permissions for each user.
>>
>>   There is also a global "users" table.  Its structure is exactly the same
>> as the users tables for the individual locations. The permissions in
>> this table apply to ALL the locations.
>>
>>   So if user "Bob" appears in the global table and has permission "foo",
>> then inq_can_foo( "Bob" ) returns TRUE for all the locations.  If, OTOH,
>> Bob appears in LocA, then  inq_can_foo("Bob") will only return TRUE if
>> we happen to be in locA's web page.
>>
>>    I'm thinking that I could register four DBI drivers, one for each
>> database.  Then the system would just try each "users" table until it
>> got a match.  I don't think it would scale well, though.  But it would
>> get things going for now, and with all of the authentication stuff
>> buried in one or two files, I could easily change it in the future.
>>
>>    After authentication - for the duration of the session - I would have
>> to remember which database the user authenticated against, because that
>> effects the permissions.
>>
>>                                 - Jerry Kaidor
>>
>> p.s.  I have gotten my entire project under Subversion, generated a branch
>> for this work, and had a great time yesterday removing all the "print"
>> statements from my HTML-generating code.  Svn's method of doing branches -
>> just create a separate directory for each one - seems rather hokey - but
>> as long as it can reliably do merges, I guess I don't care.
>>
>>
>>
>>
>> ------------------------------
>>
>> _______________________________________________
>> cgiapp mailing list
>> cgiapp at lists.openlib.org
>> http://lists.openlib.org/mailman/listinfo/cgiapp
>>
>>
>> End of cgiapp Digest, Vol 33, Issue 8
>> *************************************
>>   
>>     
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 9 Jun 2010 12:51:59 -0700 (PDT)
> From: "Jerry Kaidor" <jerry at tr2.com>
> Subject: Re: [cgiapp] Multiple Authentications?
> To: "CGI Application" <cgiapp at lists.openlib.org>
> Message-ID:
> 	<5cddbe3acca006be196467f0ccefa02a.squirrel at www.jm-properties.com>
> Content-Type: text/plain;charset=iso-8859-1
>
>   
>> Jerry,
>>
>> The answer to your title question is yes - you can have multiple DBI
>> drivers. There is an example in the main documentation where there are
>> two Generic drivers and that should carry across.
>>     
>
> *** Yes, I found the example, and coded my stuff up with four DBI drivers.
> It seemed quite straightforward.  Haven't tried it yet though.
>
>   
>> However I don't think this will quite do what you want. First of all the
>> authentication module does not handle authorization (i.e. permissions).
>>     
>
> *** I am going to use my own authorization stuff.  It's there, it works
> well.  I already have something like 50 different permissions.  I even have
> a command line driven utility for adding permissions - it modifies the
> database and the perl code.
>
>   As for not remembering which driver authenticated - I'm looking at the
> source of CAP:Auth to see about adding it.  I would add an individual name
> to each driver, passed at setup(), a variable to hold it, and a method
> to get it.  Plus something in my application to yell out if I should
> inadvertently upgrade CAP::Auth from my modified version to a new improved
> main line one without the feature :).
>
>                             - Jerry
>
>
>
>
>
> ------------------------------
>
> _______________________________________________
> cgiapp mailing list
> cgiapp at lists.openlib.org
> http://lists.openlib.org/mailman/listinfo/cgiapp
>
>
> End of cgiapp Digest, Vol 33, Issue 9
> *************************************
>

More information about the cgiapp mailing list