2016-10-15 19:57:04 +02:00
<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:selfmadeapplication< / title >
< meta name = "generator" content = "DokuWiki" / >
2017-02-07 17:35:26 +01:00
< meta name = "robots" content = "noindex,nofollow" / >
2016-10-15 19:57:04 +02:00
< meta name = "keywords" content = "documentation,2.0,selfmadeapplication" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "selfmadeapplication.html" / >
< link rel = "contents" href = "selfmadeapplication.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : s e l f m a d e a p p l i c a t i o n " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/lib/scripts/jquery-ui.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/lib/scripts/jquery-ui.js" > < / script >
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< / head >
< body >
< div class = "dokuwiki export container" >
<!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Presentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#code_snippet" > Code snippet< / a > < / div >
< ul class = "toc" >
< li class = "level2" > < div class = "li" > < a href = "#perl" > Perl< / a > < / div > < / li >
< li class = "level2" > < div class = "li" > < a href = "#php" > PHP< / a > < / div > < / li >
< / ul >
< / li >
< li class = "level1" > < div class = "li" > < a href = "#perl_auto-protected_cgi" > Perl auto-protected CGI< / a > < / div > < / li >
< / ul >
< / div >
< / div >
<!-- TOC END -->
< h1 class = "sectionedit1" id = "protect_your_application" > Protect your application< / h1 >
< div class = "level1" >
< / div >
<!-- EDIT1 SECTION "Protect your application" [1 - 40] -->
< h2 class = "sectionedit2" id = "presentation" > Presentation< / h2 >
< div class = "level2" >
< p >
Your application can know the connected user using:
< / p >
< ul >
< li class = "level1" > < div class = "li" > REMOTE_USER environment variable (with local Handler or SetEnvIf trick)< / div >
< / li >
< li class = "level1" > < div class = "li" > HTTP header (in all cases)< / div >
< / li >
< / ul >
< p >
To get more information on user (name, mail, etc.), you have to read < a href = "writingrulesand_headers.html#headers" class = "wikilink1" title = "documentation:2.0:writingrulesand_headers" > HTTP headers< / a > .
< / p >
< div class = "notetip" > If your application is based on < a href = "http://search.cpan.org/perldoc?CGI" class = "urlextern" title = "http://search.cpan.org/perldoc?CGI" rel = "nofollow" > Perl CGI package< / a > , you can simply replace CGI by < a href = "#perl_auto-protected_cgi" title = "documentation:2.0:selfmadeapplication ↵" class = "wikilink1" > Lemonldap::NG::Handler::CGI< / a >
< / div >
< / div >
<!-- EDIT2 SECTION "Presentation" [41 - 542] -->
< h2 class = "sectionedit3" id = "code_snippet" > Code snippet< / h2 >
< div class = "level2" >
< p >
Examples with a < a href = "writingrulesand_headers.html#headers" class = "wikilink1" title = "documentation:2.0:writingrulesand_headers" > configured header< / a > named ' Auth-User' :
< / p >
< / div >
<!-- EDIT3 SECTION "Code snippet" [543 - 658] -->
< h3 class = "sectionedit4" id = "perl" > Perl< / h3 >
< div class = "level3" >
< pre class = "code file perl" > < a href = "http://perldoc.perl.org/functions/print.html" > < span class = "kw3" > print< / span > < / a > < span class = "st0" > " Connected user: " < / span > < span class = "sy0" > .< / span > < span class = "re0" > $ENV< / span > < span class = "br0" > { < / span > HTTP_AUTH_USER< span class = "br0" > } < / span > < span class = "sy0" > ;< / span > < / pre >
< / div >
<!-- EDIT4 SECTION "Perl" [659 - 742] -->
< h3 class = "sectionedit5" id = "php" > PHP< / h3 >
< div class = "level3" >
2017-02-07 17:35:26 +01:00
< pre class = "code file php" > < span class = "kw1" > print< / span > < span class = "st0" > " Connected user: " < / span > < span class = "sy0" > .< / span > < span class = "re0" > $_SERVER< / span > < span class = "br0" > [ < / span > < span class = "st0" > " HTTP_AUTH_USER" < / span > < span class = "br0" > ] < / span > < span class = "sy0" > ;< / span > < / pre >
2016-10-15 19:57:04 +02:00
< / div >
2017-02-07 17:35:26 +01:00
<!-- EDIT5 SECTION "PHP" [743 - 830] -->
2016-10-15 19:57:04 +02:00
< h2 class = "sectionedit6" id = "perl_auto-protected_cgi" > Perl auto-protected CGI< / h2 >
< div class = "level2" >
< p >
Using this feature, you don' t have to use virtual host protection: protection is embedded in Lemonldap::NG::Handler::CGI.
< / p >
< p >
Lemonldap::NG::Handler::CGI adds some functions to < a href = "http://search.cpan.org/perldoc?CGI" class = "urlextern" title = "http://search.cpan.org/perldoc?CGI" rel = "nofollow" > CGI< / a > :
< / p >
< ul >
< li class = "level1" > < div class = "li" > authenticate: check if user is authenticated; if not, redirect it to the portal< / div >
< / li >
< li class = "level1" > < div class = "li" > authorize: check if user is authorizated to access to this < abbr title = "Uniform Resource Locator" > URL< / abbr > < / div >
< / li >
< / ul >
< p >
Example:
< / p >
< ul >
< li class = "level1" > < div class = "li" > Code to replace:< / div >
< / li >
< / ul >
< pre class = "code perl" > < span class = "kw1" > my< / span > < span class = "re0" > $cgi< / span > < span class = "sy0" > =< / span > < span class = "kw2" > new< / span > CGI< span class = "sy0" > ;< / span >
< span class = "sy0" > ...< / span > < / pre >
< ul >
< li class = "level1" > < div class = "li" > New code:< / div >
< / li >
< / ul >
< pre class = "code perl" > < span class = "kw1" > my< / span > < span class = "re0" > $cgi< / span > < span class = "sy0" > =< / span > Lemonldap< span class = "sy0" > ::< / span > < span class = "me2" > NG< / span > < span class = "sy0" > ::< / span > < span class = "me2" > Handler< / span > < span class = "sy0" > ::< / span > < span class = "me2" > CGI< / span > < span class = "sy0" > -> < / span > < span class = "kw2" > new< / span > < span class = "br0" > ( < / span > < span class = "br0" > { < / span > < span class = "br0" > } < / span > < span class = "br0" > ) < / span > < span class = "sy0" > ;< / span >
< span class = "re0" > $cgi< / span > < span class = "sy0" > -> < / span > < span class = "me1" > authenticate< / span > < span class = "br0" > ( < / span > < span class = "br0" > ) < / span > < span class = "sy0" > ;< / span >
< span class = "re0" > $cgi< / span > < span class = "sy0" > -> < / span > < span class = "me1" > authorize< / span > < span class = "br0" > ( < / span > < span class = "br0" > ) < / span > < span class = "sy0" > ;< / span >
< span class = "sy0" > ...< / span > < / pre >
< p >
Then you can access to user datas
< / p >
< pre class = "code perl" > < span class = "co1" > # Get attributes (or macros)< / span >
< span class = "kw1" > my< / span > < span class = "re0" > $cn< / span > < span class = "sy0" > =< / span > < span class = "re0" > $cgi< / span > < span class = "sy0" > -> < / span > < span class = "me1" > user< / span > < span class = "sy0" > -> < / span > < span class = "br0" > { < / span > cn< span class = "br0" > } < / span >
< span class = "co1" > # Test if user is member of a Lemonldap::NG group (or LDAP mapped group)< / span >
< span class = "kw1" > if< / span > < span class = "br0" > ( < / span > < span class = "re0" > $cgi< / span > < span class = "sy0" > -> < / span > < span class = "me1" > group< / span > < span class = "br0" > ( < / span > < span class = "st_h" > 'admin'< / span > < span class = "br0" > ) < / span > < span class = "br0" > ) < / span > < span class = "br0" > { < / span >
< span class = "co1" > # special html code for admins< / span >
< span class = "br0" > } < / span >
< span class = "kw1" > else< / span > < span class = "br0" > { < / span >
< span class = "co1" > # another HTML code< / span >
< span class = "br0" > } < / span > < / pre >
< p >
You can test any < abbr title = "Uniform Resource Locator" > URL< / abbr > to see if it' s protected using testUri(). It returns:
< / p >
< ul >
< li class = "level1" > < div class = "li" > 1 if user is authorizated to access to it< / div >
< / li >
< li class = "level1" > < div class = "li" > 0 if not< / div >
< / li >
< li class = "level1" > < div class = "li" > -1 if this < abbr title = "Uniform Resource Locator" > URL< / abbr > is not known by < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > configuration< / div >
< / li >
< / ul >
< pre class = "code perl" > < span class = "kw1" > if< / span > < span class = "br0" > ( < / span > < span class = "re0" > $cgi< / span > < span class = "sy0" > -> < / span > < span class = "me1" > testUri< / span > < span class = "br0" > ( < / span > < span class = "st_h" > 'http://test3.example.com/'< / span > < span class = "br0" > ) < / span > < span class = "br0" > { < / span >
< a href = "http://perldoc.perl.org/functions/print.html" > < span class = "kw3" > print< / span > < / a > < span class = "st_h" > '< a href=" http://test3.example.com/" > click here< /a> '< / span > < span class = "sy0" > ;< / span >
< span class = "br0" > } < / span > < / pre >
< / div >
2017-02-07 17:35:26 +01:00
<!-- EDIT6 SECTION "Perl auto - protected CGI" [831 - ] --> < / div >
2016-10-15 19:57:04 +02:00
< / body >
< / html >