That's what I thought, but when looking at it, you have three return options:
- OK - in which case authz has been succesful and apache will continue on to serve the requested file
- DECLINED - which says: well, I don't know, can somebody else please figure it out (ie run the other authz handlers)
- HTTP_UNAUTHORIZED - which says, NO. But the browser responds to that with a basic authentication popup, which isn't what he wants
Short of returning a redirect to a login form, I couldn't figure out how you would override the browser's standard response to a 401 error status.
Do you have any ideas?Thanks Clint | [reply]
[d/l]
[select] |
Seriously, you can do whatever you like. This is basic mod_perl functionality. Maybe it would help you to look at a complete example. Check out Apache::AuthCookie. It displays a form by defining a custom response for 401 errors. There are other ways to do it, like a redirect.
| [reply] |
OK, after a bit of research (RFC 2617 - HTTP Authentication), I've figured it out.
The browser only pops up the basic authentication dialog if it receives an HTTP_UNAUTHORISED(401) return status and a WWW-Authenticate header.
So instead, you can do what Apache::Cookie does:
- Unauthenticated user:
return an HTTP_FORBIDDEN (403) status and use $r->custom_response() to send them the HTML of your login form
- Authenticated user:
return OK, and apache will send them the file
Clint
| [reply]
[d/l]
[select] |