Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: AccessHandler and AuthenHandler in one <RequireAny> (S |
|
| Author |
|
violo
Joined: 17 Jul 2018
Posts: 1
Location: USA, Providence
|
 Posted: Tue 17 Jul '18 16:35 Post subject: AccessHandler and AuthenHandler in one <RequireAny> (S |
 |
|
ADDED AFTER TRYING A FEW MORE THINGS:
I have found a solution to my problem. It seems that a solution to this is to combine all of the functionality into a single handler, call it the AccessHandler, give it an AuthName (even though it isn't an AuthenHandler, the AuthName will be needed if the handler ends up prompting for username/password), and leave out all of the <Require*> tags completely.
----------------------
ORIGINAL POST FOLLOWS:
----------------------
In older versions of apache, we had this, which worked fine:
| Code: | <LocationMatch "foo">
PerlAccessHandler MyStuff::DoYouBelongHere
AuthName "We do not want everyone coming here"
AuthType Basic
PerlAuthenHandler MyStuff::PasswordAuth
Require valid-user
Satisfy any
SetHandler modperl
PerlResponseHandler MyStuff::CoolContentHandler
</LocationMatch> |
If the AccessHandler returned OK, then the user was permitted access, and the AuthenHandler was not consulted. If the AccessHandler returned something else (such as DECLINED), then the AuthenHandler took over.
In converting this to Apache 2.4 syntax, I tried this:
| Code: | <LocationMatch "foo">
<SatisfyAny>
PerlAccessHandler MyStuff::DoYouBelongHere
AuthName "We do not want everyone coming here"
AuthType Basic
PerlAuthenHandler MyStuff::PasswordAuth
Require valid-user
</SatisfyAny>
SetHandler modperl
PerlResponseHandler MyStuff::CoolContentHandler
</LocationMatch> |
but even when the AccessHandler returns OK, processing is passed on to the AuthenHandler and the user is prompted for a password (which the AccessHandler is intended to avoid when appropriate).
So, I tried this:
| Code: | <LocationMatch "foo">
<SatisfyAny>
<SatisfyAll>
PerlAccessHandler MyStuff::DoYouBelongHere
</SatisfyAll>
<SatisfyAll>
AuthName "We do not want everyone coming here"
AuthType Basic
PerlAuthenHandler MyStuff::PasswordAuth
Require valid-user
</SatisfyAll>
</SatisfyAny>
SetHandler modperl
PerlResponseHandler MyStuff::CoolContentHandler
</LocationMatch> |
but that resulted in a syntax error when restarting apache:
<RequireAll> directive contains no authorization directives
(and it referenced the line where the first "RequireAll" appeared)
So, clearly, the AccessHandler is not considered to be the same species of directive as the AuthenHandler or other directives which participate in "Satisfy" groupings.
Since this worked wonderfully in older versions of Apache, there must be a way to tell Apache 2.4,
"I want to use an AccessHandler to test conditions which might grant access without any input from the user. If that succeeds, let them in and forget any other authentication. If it does not succeed, then I have an AuthenHandler that I'd like to use to prompt them for a password."
How can this be achieved in Apache 2.4? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
|
| Back to top |
|
|
|
|
|
|
