[cgiapp] Authz with Authen, something is backwards here...
B. Estrade
estrabd at gmail.com
Thu Jun 14 10:44:32 EDT 2012
On Thu, Jun 14, 2012 at 10:12:40AM +1000, Cees Hek wrote:
> Hi Brett,
>
> Authorization is not purely related to authentication. For example
> you could authorize access based on an IP Address, or based on the
> time of the day. So we can't automatically decline a request just
> because they are not logged in.
You're right. I know there is integration on the level that the
default call for a $username to the
Authorization::Driver::X::authorize_user will look for an
authenticated username.
>
> But as you say, your authentication checks should have caught this
> before it got this far. Perhaps there is a problem with the order in
> which you configured things which will influence the order in which
> the authen and authz callbacks get triggered.
I guess this is where I need to look. Thank you,
Brett
>
> Cheers,
>
> Cees
>
> On Thu, Jun 14, 2012 at 6:03 AM, B. Estrade <estrabd at gmail.com> wrote:
> > On Wed, Jun 13, 2012 at 02:58:28PM -0500, B. Estrade wrote:
> >> I am finding that if I have a runmode that is protected via
> >> authentication and authorization, the authen doesn't happen before the
> >> authz is validated.
> >>
> >> In otherwords, I want a authen to happen first; if it fails, redirect
> >> to the login. If authen is okay, proceseed to authz.
> >>
> >> Right now I have this unsettling bit of code in my authz driver's
> >> authorize_user method:
> >>
> >> sub authorize_user {
> >> my $self = shift; my ($username, $required_permission) = @_;
> >> return 1 if (!$username or $required_permission);
> >>
> >
> > I mean:
> >
> > sub authorize_user {
> > my $self = shift;
> > my ($username, $required_permission) = @_;
> > return 1 if (!$username);
> >
> > ....
> >
> >> ....
> >>
> >> I figure that if there is no $username, then authen has failed. But,
> >> because of the ordering of calls, it appears that if this is the case,
> >> I have to succeed authorize_user and rely on authen to redirect the
> >> login - this seems backwards. Authen should fail before anything is
> >> checked with authz. What am I doing wrong?
> >>
> >> Thank you,
> >> Brett
> >>
> >> ##### CGI::Application community mailing list ################
> >> ## ##
> >> ## To unsubscribe, or change your message delivery options, ##
> >> ## visit: http://lists.openlib.org/mailman/listinfo/cgiapp ##
> >> ## ##
> >> ## Web archive: http://lists.openlib.org/pipermail/cgiapp/ ##
> >> ## Wiki: http://cgiapp.erlbaum.net/ ##
> >> ## ##
> >> ################################################################
> >>
> >
> > ##### CGI::Application community mailing list ################
> > ## ##
> > ## To unsubscribe, or change your message delivery options, ##
> > ## visit: http://lists.openlib.org/mailman/listinfo/cgiapp ##
> > ## ##
> > ## Web archive: http://lists.openlib.org/pipermail/cgiapp/ ##
> > ## Wiki: http://cgiapp.erlbaum.net/ ##
> > ## ##
> > ################################################################
> >
>
> ##### CGI::Application community mailing list ################
> ## ##
> ## To unsubscribe, or change your message delivery options, ##
> ## visit: http://lists.openlib.org/mailman/listinfo/cgiapp ##
> ## ##
> ## Web archive: http://lists.openlib.org/pipermail/cgiapp/ ##
> ## Wiki: http://cgiapp.erlbaum.net/ ##
> ## ##
> ################################################################
>
>
More information about the cgiapp
mailing list