Re: [cgiapp] user authentication / rights management

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cgiapp] user authentication / rights management

Subject: Re: [cgiapp] user authentication / rights management
Date: Thu, 16 Feb 2006 17:36:54 -0500
From: Michael Graham <suppressed>

> Question concerning user authentication with CAF:
>
> After installing CAF, we modified the example app to authenticate
> against our LDAP in lieu of a local database.  This was not too tough,
> but then we turned our thoughts to app-level rights management for
> users.
>
> Before we got too far, we wanted to ask if there has been any effort to
> abstract either user authentication or rights management within CAF.  Is
> there a recommended approach?

Because CAP::Config::Context gives you location-specific configuration
data, it's pretty simple to do authorization with practically no code.
I have something like the following in my configuration file:

    <Location /user-area>
        auth_protected = 1
        auth_groups    = user admin
    </Location>

    <Location /customer-area>
        auth_protected = 1
        auth_groups    = user customer admin
    </Location>

    <Location /admin-area>
        auth_protected = 1
        auth_groups    = admin
    </Location>


Then somewhere in prerun I do something like this:

    my $config = $self->conf->context;

    return unless $config->{'auth_protected'};

    my %valid_groups = map { $_ => 1 } split /\s+/, $config->{'auth_groups'};

    my $current_group = $self->current_user->ugroup;

    unless ($valid_groups{$current_group}) {
        $self->prerun_mode('forbidden');
    }


Mind you, this this is not actually in CAF, but in a C::A project that
uses most of the same plugins as CAF.  It would probably work in CAF too.

On the Authentication side, we've been planning for awhile now to
integrate Cees's CAP::Authentication module into the CAF, but it hasn't
happened yet mainly due to lack of developer time.

There are also some stumbling blocks holding us up:

   a) adding hashref style access to CAP::Session: i.e.
      $self->session->{some_val} in addition to
      $self->session->param('some_val').

   b) converting CAF from Apache::SessionX to CAP::Session

   c) converting CAF from its homegrown auth system to CAP::Auth*


If you're interested in seeing this happen, we'd greatly appreciate the
help and we'll do our best to provide you with any assistance you need.


Michael



---
Michael Graham <suppressed>


---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

Follow-Ups:
- [cgiapp] Re: user authentication / rights management
  - From: Mark Stosberg

References:
- [cgiapp] user authentication / rights management
  - From: Del Greco, Marcus

Prev by Date: [cgiapp] user authentication / rights management
Next by Date: [cgiapp] Re: user authentication / rights management
Previous by thread: [cgiapp] user authentication / rights management
Next by thread: [cgiapp] Re: user authentication / rights management
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.