Re^6: mod_perl handler for file downloads: good call or bad

Unauthenticated user: return an HTTP_FORBIDDEN (403) status and use $r-&gt;custom_response() to send them the HTML of your login form
Authenticated user: return OK , and apache will send them the file

That's what I thought, but when looking at it, you have three return options:

OK - in which case authz has been succesful and apache will continue on to serve the requested file
DECLINED - which says: well, I don't know, can somebody else please figure it out (ie run the other authz handlers)
HTTP_UNAUTHORIZED - which says, NO. But the browser responds to that with a basic authentication popup, which isn't what he wants

Short of returning a redirect to a login form, I couldn't figure out how you would override the browser's standard response to a 401 error status.

Do you have any ideas?

Thanks

Clint

Comment on Re^6: mod_perl handler for file downloads: good call or bad Select or Download Code

Replies are listed 'Best First'.
Re^7: mod_perl handler for file downloads: good call or bad by perrin (Chancellor) on Jun 21, 2007 at 13:39 UTC
Seriously, you can do whatever you like. This is basic mod_perl functionality. Maybe it would help you to look at a complete example. Check out Apache::AuthCookie. It displays a form by defining a custom response for 401 errors. There are other ways to do it, like a redirect.	[reply]
Re^8: mod_perl handler for file downloads: good call or bad by clinton (Priest) on Jun 21, 2007 at 16:02 UTC
OK, after a bit of research (RFC 2617 - HTTP Authentication), I've figured it out. The browser only pops up the basic authentication dialog if it receives an `HTTP_UNAUTHORISED`(401) return status and a `WWW-Authenticate` header. So instead, you can do what Apache::Cookie does: Unauthenticated user: return an `HTTP_FORBIDDEN` (403) status and use `$r->custom_response()` to send them the HTML of your login form Authenticated user: return `OK`, and apache will send them the file Clint	[reply] [d/l] [select]