[cgiapp] Authz with Authen, something is backwards here...
B. Estrade
estrabd at gmail.com
Wed Jun 13 15:58:28 EDT 2012
I am finding that if I have a runmode that is protected via
authentication and authorization, the authen doesn't happen before the
authz is validated.
In otherwords, I want a authen to happen first; if it fails, redirect
to the login. If authen is okay, proceseed to authz.
Right now I have this unsettling bit of code in my authz driver's
authorize_user method:
sub authorize_user {
my $self = shift; my ($username, $required_permission) = @_;
return 1 if (!$username or $required_permission);
....
I figure that if there is no $username, then authen has failed. But,
because of the ordering of calls, it appears that if this is the case,
I have to succeed authorize_user and rely on authen to redirect the
login - this seems backwards. Authen should fail before anything is
checked with authz. What am I doing wrong?
Thank you,
Brett
More information about the cgiapp
mailing list