in reply to Re: cgi::application authentication
in thread cgi::application authentication

Okay, thanks .... maybe I'm reading more into this than I should be.

The doc you pointed me to on protected runmodes says "they will be redirected to a login page unless they are properly logged in".

I've been getting redirected to my login page allright, ... I'm just trying to tell the darn subsystem, "Yes, I'm already logged in!"

I think by your example of "my_verify_credentials()" you are telling me that the "secret" of the DRIVER config parameter is that the second argument must return a valid Username (by whatever my definition of that is). If it returns Undef, I am telling the subsystem that the login attempt failed. Am I correct? Or am I still missing the "big picture" here?

Replies are listed 'Best First'.
Re^3: cgi::application authentication
by leocharre (Priest) on Sep 20, 2009 at 04:03 UTC
    I should point out that the argument to authen->protected_runmodes() in this example is a regex, but it could be.. a list of the names of the runmodes that should be protected.

    What this plugin does is.. In setup, you define that for example 'home' is the starting point. You set up that 'home' is also a protected runmode, so when a request comes in, they are automatically redirected to runmode login (that you can choose not to code, there's one put in there for you by the beautiful Authentication plugin).

    The answer to your question is in the docs, I know they are tedious to read, print it out and look it over, it may help (that's what I do from time to time). There are examples of using Authen I believe on cpan also.

    Don't give up on using this module if you are having troubles, it took me a little bit to figure out too, and it's been a real time saver.

[reply]
Re^3: cgi::application authentication
by neptuneray (Sexton) on Sep 20, 2009 at 04:08 UTC
    Thanks again. I think I've got it now.

    My problem was that I thought that somewhere in my mainline code I had to call a "verify_credentials()" sub in order to tell the authent subsystem that "All is okay".

    Now I realize that I don't. As long as I successfully return from the second argument of the DRIVER config parameter, it will remember (in the Session) that this User is logged in, and will stop calling the login_user() runmode before it allows access to a "protected" runmode.

    I knew this had to be straightforward ... I guess I was just expecting that I had to write a bunch of code. Actually, since I'm using Generic with a simple "user=>password" hash, I don't have to write anything!

    All of the cgi::app contributors have done a really great job with this system. There is a LOT of good quality stuff here that will save the web application writer a ton of headaches!

[reply]

In Section Seekers of Perl Wisdom