Re: [cgiapp] CA::Plugin::Authentication and CA::Plugin::Forward

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cgiapp] CA::Plugin::Authentication and CA::Plugin::Forward

Subject: Re: [cgiapp] CA::Plugin::Authentication and CA::Plugin::Forward
Date: Wed, 21 Dec 2005 08:21:54 -0500
From: Cees Hek <suppressed>

On 12/21/05, Michael Gwin <suppressed> wrote:
> Hi,
>
> I'm using CA::Plugin::Authentication to protect my runmodes. When I
> enter a runmode based on the value of a hidden field in a form, no
> problem, I get sent to the login runmode.
> However, if I enter a runmode by calling :
>
>  return $self->forward('runmode_that_should_be_protected');
>
> I do not get prompted for authentication. This also seems to be the
> case when using :
>
>  return $self->runmode_that_should_be_protected_method();
>
> I can conceive that this behaviour is to be expected in the second
> case, since I guess I am calling a method, not actually a runmode, but
> what about the first case (with CA::Plugin::Forward, which uses the
> runmode name, and not the associated method)?

The authentication tests are performed at the 'cgiapp_prerun' stage
which is only executed once before the first runmode that is called. 
So the Authentication plugin does not get the chance to authenticate
any subsequent redirects to other runmodes.

It looks like the 'forward_prerun' that CAP::Forward provides may help
here, but that hook has the limitation that you can not change the
runmode that is to be called.  So it doesn't really help either.  If
the 'forward_prerun' hook did allow you to change the runmode, then
the following should work for you:

__PACKAGE__->add_callback(
  'forward_prerun' =>
\&CGI::Application::Plugin::Authentication::prerun_callback
);

Perhaps someone can patch CAP::Forward so that the runmode can be
changed much like the cgiapp_prerun stage.

I usually don't run into this problem, since I either protect all
runmodes in an app module, or I don't protect any.  By separating out
the runmodes into modules according to their task this becomes pretty
easy.

Cheers,

Cees

---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

Follow-Ups:
- Re: [cgiapp] CA::Plugin::Authentication and CA::Plugin::Forward
  - From: Michael Peters

References:
- [cgiapp] CA::Plugin::Authentication and CA::Plugin::Forward
  - From: Michael Gwin

Prev by Date: [cgiapp] CA::Plugin::Authentication and CA::Plugin::Forward
Next by Date: Re: [cgiapp] CA::Plugin::Authentication and CA::Plugin::Forward
Previous by thread: [cgiapp] CA::Plugin::Authentication and CA::Plugin::Forward
Next by thread: Re: [cgiapp] CA::Plugin::Authentication and CA::Plugin::Forward
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.